September 9, 2005
The Honorable Michael O. Leavitt
U.S. Department of Health and Human Services
200 Independence Avenue, S.W.
Washington, D.C. 20201
Dear Secretary Leavitt:
President Bush and you have put forward a vision that, in your words, “would create a personal health record that patients, doctors and other health care providers could securely access through the Internet no matter where a patient is seeking medical care.” The National Committee on Vital and Health Statistics (NCVHS) is pleased to respond to your vision by submitting this letter report on Personal Health Record (PHR) systems. It describes initial findings from national hearings covering the many types of systems referred to as “Personal Health Records,” suggests areas for further exploration, and offers twenty recommendations for your consideration.
In its 2001 report, Information for Health: a Strategy for Building the National Health Information Infrastructure, NCVHS identified three primary areas or dimensions that comprise a national health information infrastructure: information to support the needs of patient care, population health, and personal health. The healthcare provider (patient care) area promotes quality patient care by providing access to more complete and accurate patient data on the spot, around the clock. It includes provider notes, clinical orders, decision-support programs, electronic prescribing programs, and practice guidelines. The second area, population health, makes it possible for public health officials and other data users at local, State, and national levels to identify and track health threats, assess population health, and create and monitor programs and services. It includes information on both the health of the population and influences on it. Finally, the personal health area of the NHII supports individuals in managing their own wellness and healthcare decision making. It includes a personal health record that is created and controlled by the individual or family, plus information and tools such as health status reports, self-care trackers and directories of healthcare and public health service providers.
Each of these three primary areas is considered equally important, and the goal for the infrastructure as a whole is to promote optimum information exchange among them. The heart of the vision is sharing information and knowledge as appropriate so it is available to people when they need it to make the best possible health decisions. Ready access to relevant, reliable information and secure modes of communication will enable consumers, patients, healthcare and public health professionals, public agencies, and others to address personal and community health concerns far more effectively.
The diagram below, from the 2001 NCVHS report, illustrates how the information needs of each area may be either unique or shared.
Source: National Committee on Vital and Health Statistics, Information for Health: a Strategy for Building the National Health Information Infrastructure, Washington, D.C., 2001.
By April 2005, the NCVHS Workgroup on the National Health Information Infrastructure (NHII) had held six open hearings on information needs and activities related to personal health, and personal health records in particular. The Workgroup focused on this area because of its importance for empowering consumers and patients to both manage their health and work in partnership with their healthcare providers.
The hearings covered PHR models, data sets, standards, identification, authentication, barriers to adoption, privacy, policy issues and business issues. The Workgroup heard from consumers, government, health care organizations, nonprofit and commercial sponsors, Federal staff, standards and policy experts, healthcare providers, payers, and economists. The Workgroup was also informed about the work done on personal health records/personal health management tools by the HHS Office of Disease Prevention and Health Promotion and the Markle Foundation’s Connecting for Health Collaborative, as well as about the Veterans Health Administration experience with MyHealtheVet, a personal health record already deployed for veterans.
Personal Health Records are Evolving in Concept and Practice
NCVHS found that there is no uniform definition of “personal health record” in industry or government, and the concept continues to evolve. Experts often use the concept of the PHR to include the patient’s interface to a healthcare provider’s electronic health record. Others consider PHRs to be any consumer/patient-managed health record. This lack of consensus makes collaboration, coordination and policymaking difficult. Below is a summary of the many different perspectives of PHRs that we have observed throughout our process, and a recommendation to promote greater clarity.
The term “record” in “personal health record” may be limiting, as it suggests a singular static repository of personal data. Instead, we found that a critical success factor for PHRs is the provision of software tools that help consumers and patients participate in the management of their own health conditions. A “personal health record system” provides these additional software tools. For that reason, we propose adopting the phrases “personal health record” and “personal health record systems,” which are analogous to the terms “electronic health record” and “electronic health record systems.” The PHR and the PHR system are intended for use by consumers, patients or their informal caregivers, in contrast with EHR systems that are intended for use by healthcare providers.
In practice, PHRs and PHR systems are currently very heterogeneous. NCVHS concluded that it is not possible, or even desirable, to attempt a unitary definition at this time. However, the Committee believes it is possible to characterize them by their attributes: the scope or nature of their information/contents, the source of their information, the features and functions they offer, the custodian of the record, the storage location of the content, the technical approach to security, and the party who authorizes access to the information. Some of the approaches to each of these attributes, as heard by the Committee, are listed below.
- Scope and nature of content
- Some PHR systems do not contain any patient clinical data, but just have consumer health information, personal health journals, or information about benefits and/or providers.
- Of those PHR systems that have clinical information, some are populated by EHRs, some are disease specific, some include just specific subsets (e.g., lab reports), and some are comprehensive.
- Source of information
- Data in PHR systems may come from the consumer, patient, caregiver, healthcare provider, payer, or all of these.
- Features and functions
- PHR systems offer a wide variety of features, including the ability to view personal health data, exchange secure messages with providers, schedule appointments, renew prescriptions, and enter personal health data; decision support (such as medication interaction alerts or reminders about needed preventive services); the ability to transfer data to or from an electronic health record; and the ability to track and manage health plan benefits and services.
- Custodian of the record
- The physical record may be operated by a number of parties, including the consumer or patient, an independent third party, a healthcare provider, an insurance company, or an employer.
- Data storage
- Data may be stored in a variety of locations, including an Internet-accessible database, a provider’s EHR, the consumer/patient’s home computer, a portable device such as a smart card or thumb drive, or a privately maintained database.
- Technical approaches
- Current PHRs and PHR systems are generally not interoperable (with the exception of the PHRs that are “views” into the EHR), and they vary in how they handle security, authentication, and other technical issues.
- Party controlling access to the data
- While consumers or patients always have access to their own data, they do not always determine who else may access it. For example, PHRs that are “views” into a provider’s EHR follow the access rules set up by the provider. In some cases, consumers do have exclusive control.
NCVHS believes that establishing a framework for characterizing and describing the attributes of PHRs and PHR systems would be extremely helpful in promoting a better understanding and appropriate use of any given PHR system. The consensus building process around such a framework should take into consideration the work of standards development organizations to define the functional attributes of PHR systems. The Committee offers the above framework as a starting point. A consensus framework would also provide a foundation for public education efforts, which many speakers called for, to highlight the benefits and risks of various types of PHRs, aimed not only at consumers and patients but also at healthcare providers and other stakeholders.
RECOMMENDATION 1: Consensus framework. NCVHS recommends that HHS support the development of and promote public-private consensus on a framework for characterizing personal health record systems, building on this initial framework.
RECOMMENDATION 2: Education. HHS and others should use the agreed-upon framework as a basis for education efforts highlighting the benefits and risks of various types of PHRs, aimed not only at consumers and patients but also at healthcare providers (e.g., physicians and nurses) and other stakeholders.
Personal Health Record Systems’ Value Depends on Users, Sponsors, and Functionality.
Testimony indicated that PHR systems create value for different stakeholders in different ways. The table below summarizes potential benefits from the perspective of various roles. Given the heterogeneity of concepts of PHRs and PHR systems, these perceived benefits may not align with any specific PHR or PHR system.
Key Potential Benefits of PHRs and PHR Systems
|Consumers, Patients and their Caregivers||
|Societal/Population Health Benefits||
Consumers and patients who use PHR systems express strong support for them. They appreciate having access to their personal health information to manage their own health and health care and to share information with their providers. While surveys confirm that most of the general population is unaware of PHR systems, they also show consumer/patient interest in their potential value. Specific areas of interest include access to their health information (e.g., diagnoses, medications, test results), communicating with their physicians, scheduling appointments, renewing prescriptions, tracking immunizations, noting mistakes in the medical record, transferring information to new doctors, and getting test results.
The Committee heard testimony that people with chronic conditions are more likely to use PHR systems, including disease-specific PHR systems. We also heard of growing interest from payers, providers, and employers to sponsor PHR systems for their members, patients, or employees.
Many of our witnesses (consumers, policy analysts, economists, health system executives) observed that PHR systems bring health care in line with electronic and automated services in other consumer sectors. Several witnesses raised the possibility that Health Savings Accounts and other “consumer-driven health plans” may provide a stimulus for PHR systems. However, these insurance approaches are too new to draw conclusions from them.
NCVHS heard testimony that the market for stand-alone PHRs offered for sale or subscription as commercial products or through non-healthcare third party entities is fairly new. While the number of products is growing, sales and usage statistics are limited.
Among the potential market drivers of PHR systems are the following: chronic disease management; improved access to personal health data; improved customer service and convenience; strengthened market position through increased loyalty (to the sponsoring entity); promotion of wellness, prevention and self-care; and improved care delivery and coordination through timely access to information.
On a cautionary note, the Committee believes that relying entirely on market forces to determine the nature and direction of PHR systems could cause personal health information to be exploited for its economic value without adequate consumer controls. While this is addressed more fully in the section below on Privacy, the Committee believes that the emerging market for PHR systems needs to be monitored. As the market evolves, there may be occasions when the government needs to set standards or limits that formally recognize certain consumer rights. Otherwise, a breach of confidence in PHRs and PHR systems could harm the consumer and undermine consumers’ trust in electronic health records and the National Health Information Network.
The privacy considerations of PHR systems are complex, yet addressing them adequately is vital for PHR systems to succeed. Consumers want to be able to control access to their personal health information. As noted above, all PHR systems are based on consumers having access to their health information, and some are based on consumers having exclusive control of the information in their PHR. Some witnesses raised the issue of consumers’ ownership of their personal health information. Some identified a difference between legal control and ownership of the institutional medical record, on one hand, and consumer control and ownership of personal information and of a PHR, on the other. NCVHS observed that although the issues of health record ownership and access control are not new, they take on added dimensions with the emergence of PHR systems. Moreover, while ownership per se may not be as relevant as control, it will nevertheless be important to clarify the respective rights, obligations, and potential liabilities of consumers, patients, providers, and other stakeholders in PHR systems.
The Committee notes that PHR systems offered by third parties, including some emerging systems that warehouse and mine personal health data for secondary uses, pose unique privacy issues. The Committee is concerned that some business models involving third-party data warehouses could be predicated on the secondary use (including sale or barter) of consumer data. Consumers using these PHR systems may have little control over secondary uses by the PHR vendor. Although there are beneficial secondary uses of data, such as post-marketing surveillance of adverse events from prescription drugs or population health monitoring, other secondary uses (e.g.,, targeted marketing) may not be desired by the consumer The consumer should have the right to make an informed choice concerning the uses of his or her personal information when signing up to use any of these personal health record products or services.
While HIPAA compels covered entities to provide notice of their privacy practices to consumers, not all PHR vendors are HIPAA covered entities. The Committee is unaware of any requirement that compels the PHR vendor not covered by HIPAA to provide to consumers the terms and conditions governing the privacy of the consumers’ data. While the Committee does not suggest that HIPAA or a HIPAA-like framework is necessarily the most appropriate for safeguarding privacy in PHR systems, the Committee does believe that privacy measures at least equal to those in HIPAA should apply to all PHR systems, whether or not they are managed by covered entities. The Committee also believes that it is vital for PHR systems vendors to provide clearly stated, easily understood, up-front privacy notices to consumers of their privacy policies and practices, and that these notices should be translated into other languages.
The recommendations below indicate some initial steps that should be undertaken to address these concerns. However, the Committee believes that these issues are entwined with, though not necessarily identical to, the privacy and confidentiality issues that must be addressed within the context of the National Health Information Network (NHIN). The NCVHS Subcommittee on Privacy and Confidentiality has been conducting hearings on privacy and confidentiality and the NHIN, and additional recommendations will be forthcoming.
RECOMMENDATION 3: Education about privacy. In any public education program about PHR systems, HHS and other parties should inform consumers about the importance of understanding the privacy policies and practices of PHR system vendors, including the enumeration of potential secondary uses and disclosures of personally identifiable health information. (See Recommendation 2.)
RECOMMENDATION 4: Best practices. HHS should identify and promote best practices with respect to privacy policies and practices for PHR systems, and models for plain language wording of notices describing these policies and practices. These best practices and models should also address translations into other languages.
RECOMMENDATION 5: Privacy in HHS-sponsored activities. For any HHS-sponsored pilot projects, and any contractual relationship that CMS undertakes with entities intending to utilize CMS data in PHRs, HHS should require that those PHR systems provide advance notice to consumers of any uses or disclosures of personally identifiable health information. In those situations where HIPAA does not apply, uses or disclosures of information in PHRs should not be allowed without the express consent of the consumer.
RECOMMENDATION 6: Privacy in activities by entities not covered by HIPAA. Entities not covered by HIPAA that offer PHR systems should voluntarily adopt strict privacy policies and practices and should provide clear advance notice to consumers of these policies and practices. This notice should specifically include a full description of all uses of PHR data. In addition, NCVHS recommends that no health information in a PHR be used without the express consent of the consumer, which may be obtained in conjunction with the notice.
RECOMMENDATION 7: Assessment. HHS should collaborate with other Federal agencies as appropriate to review and assess issues related to privacy and other consumer protections for PHR systems. Such a review should evaluate existing authorities and mechanisms for addressing potential problems; it should also identify gaps and recommend appropriate action.
NCVHS noted that security is a critical component of a PHR system, especially when the PHR is accessible via the Internet. Appropriate security measures must be employed to minimize the risk that an unauthorized person could gain access to an individual’s information contained within a PHR. Providing appropriate security is also necessary to garner the consumer confidence required for the wide-scale adoption of PHRs. Consumer confidence appears dependent on providing the individual with the ability to control access to his or her information, as well as the ability to audit who has seen his or her information.
We found that PHR systems may exist in a variety of forms, some of which may be within the exclusive control of the individual, such as a smart-card or thumb-drive based system. The large majority are currently Internet-based, such as those sponsored by healthcare providers, health insurers, or commercial ventures. Promoting and achieving personal control over the creation, management, and exchange of personal health information contained within PHRs may require new technical approaches. As contemplated in the HIPAA Security Rule, specific security requirements will vary over time based both on threats, available security technologies and requirements inherent to a particular PHR. However, as noted above, the HIPAA Security Rule only applies to covered entities.
In a healthcare provider setting, the provider can control its employees’ and affiliated staff’s access to a patient’s information in an EHR. With an Internet-based PHR system, multiple individuals, such as family members and caregivers, may view and contribute patient information. Ensuring authentication and access control in this context represents a major challenge. Further, while healthcare providers can employ a variety of advanced technologies to secure an EHR, there is some question as to whether consumers generally are willing to accept the burdens or costs associated with the use of enhanced security technologies. The wide-scale adoption of such technologies for PHR systems will therefore be problematic, and security for PHR systems will likely be limited to technologies that are generally available for desktop operating systems. Additionally, information on the individual will come from multiple sources, including provider EHRs, external laboratory systems providing results, and so on. Ensuring that the source of the information and the contents are authenticated and can not subsequently be changed (i.e., can not be repudiated) is also a challenge. The Committee plans to explore the issue of non-repudiation as it relates to PHR systems.
RECOMMENDATION 8: Security standards framework. HHS should work with relevant stakeholders to develop and promote a standards framework for authentication, access control, authorization, and auditability based on the following principals:
- All PHR systems should provide consumers with terms and conditions of use.
- All PHR systems should provide functionality that enables a consumer to audit who has accessed the consumer’s information within the PHR.
- All PHR systems should be based on industry-standard security and authentication schemes. This should not preclude vendors from making additional security protections available at the option of the consumer. The decision to adopt additional security technologies should take into consideration portability, supportability and cost of such solutions.
- PHR systems should include functionality that provides a consumer with the ability to control who accesses the consumer’s information within the PHR. This would include the ability for the consumer to restrict access to specific subsets of information within the PHR.
RECOMMENDATION 9: Security in HHS activities. For any HHS-sponsored pilot projects and any HHS contracts to produce PHR systems, HHS should require that security protections consistent with the HIPAA Security Rule be implemented.
As noted at the beginning of this letter, the greatest opportunities for improving health and health care lie in enabling information exchange between the specific dimensions of the national health information infrastructure. Consumers, providers, and those responsible for population health use much of the same information, but they do so for different purposes: to manage personal and family health, to care for patients, and to protect and promote the health of the community and the nation. The overlapping areas shown in the earlier diagram illustrate where interoperability will be required. Until PHR systems are capable of widespread exchange of information with EHRs and other sources of personal and other health data, their full potential will not be realized.
Most PHR systems in use today are integrated with one provider’s EHR system, in effect creating a portal view into the EHR. This provides tight integration between what the patient sees and what the provider sees. However, in the absence of true interoperability of EHR systems, the data are primarily limited to what is stored in the specific provider’s EHR and does not necessarily include data from other providers who care for the patient or other sources. Hence the value to consumers exists only while they have a treatment relationship to that provider.
Currently, most stand-alone PHR systems require consumers to manually enter their health data. None currently exchanges information with EHRs electronically, although some pilot projects are underway in both the Federal and private sectors. While stand-alone PHR systems could potentially contain data from multiple EHRs, the current lack of interoperability standards impedes the flow of information between any one EHR and a stand-alone PHR.
Standards development efforts to date have not focused on certain key areas that would be necessary for optimum PHR implementation. Significant work is needed on the following issues: user authentication, identification of the data source (consumer, family member, caregiver, provider, other), non-repudiation (i.e. authenticating the integrity of the contents and exchange of information), communication to/from PHR systems, mapping of medical jargon to consumer-oriented information and terms, and the enabling of consumer-controlled access. The Committee heard broad agreement that a core or limited set of personal health data is important for PHR utility, although there was no consensus on a particular data set. Agreement on a specific minimum or core data set could help promote interoperability.
Recommendation 10: Addressing standards gaps. Standards development efforts should be expanded to address issues related to authentication, identification of the data source, non-repudiation, communication to/from PHR systems, mapping to consumer-oriented concepts and terms, and the enabling of consumer-controlled access.
RECOMMENDATION 11: Consistency of EHR and PHR standards. HHS should encourage standards development organizations, wherever possible, to adopt for the PHR those standards that are used to promote interoperability of EHRs.
Recommendation 12: PHR data sets. HHS should encourage standards development organizations, wherever possible, to identify data sets for PHR systems that are consistent with those used for EHRs.
RECOMMENDATION 13: Standards for HHS-sponsored activities. For any HHS- sponsored pilot projects and any contractual relationship that CMS undertakes with entities intending to utilize CMS data in PHR systems, HHS should require that PHR vendors and health care organizations adopt data content and exchange standards that are based upon standards accepted for EHRs, as a way of improving the interoperability of the systems.
RECOMMENDATION 14: Standards for private-sector activities. Private sector PHR vendors and health care organizations should voluntarily adopt data content and exchange standards that are based upon standards accepted for EHRs, as a way of improving the interoperability of the systems.
Federal Roles in PHR systems, Internal and External
The Committee heard testimony that the Federal government can offer vision and strategic leadership for PHR development and dissemination across its many roles in the health sector—that is, its roles as policy maker, healthcare provider, payer, employer, and sponsor of research and public education. The Committee notes that a number of existing documents already exist that can help identify specific opportunities, including the report cited on page 3 of this Letter Report. Several Federal agencies are already pursuing the use of or interaction with PHR systems to support their own missions (e.g., CDC and CMS, DoD and VA). Development of harmonized definitions for PHR systems and EHR systems will help coordinate these efforts with other Federal agencies, thereby preventing unwanted duplication and confusion among users and promoting needed interoperability. NCVHS believes that the Department should take a role similar to its approach to EHR adoption by encouraging and actively participating in a public/private partnership that facilitates standards-based approaches in a harmonized legal and regulatory environment across geopolitical boundaries. The Committee heard that the Federal Employee Health Benefits Plan could provide a vehicle for encouraging PHR system use and assessment. An additional federal role is to provide for experimentation and research to facilitate the evolution of PHR systems, as described below.
NCVHS observed that the ability of people to easily connect to their health information source, either by the Internet or other means, will be a determining factor in the widespread success of PHR systems. There are limited examples of PHR systems supporting underserved populations in rural and urban areas.
RECOMMENDATION 15: Federal roles. Federal agencies should assess how they can more fully explore and appropriately promote the benefits of PHR systems across their respective roles.
RECOMMENDATION 16: Considerations for underserved populations. The Federal government should identify and address the information technology access and use barriers that limit the dissemination of PHR systems, particularly to underserved populations. HHS also should address health literacy issues that could limit the use of PHR systems by the most vulnerable populations.
Advancing Research and Evaluation on PHR Systems.
The hearings identified numerous PHR systems issues that require further research and evaluation. NCVHS found that much of the currently available information about PHR systems is based on expert opinion and focus groups. The Committee concludes that a variety of research, evaluation, and pilot studies are necessary to answer key questions and allow comparison of PHR system types and approaches. Findings from rigorous research and evaluation studies will increase the evidence base for the effective implementation and use of PHR systems. At least some of the needed research may be conducted as an extension of current and planned research into EHR systems. The Committee estimates that the amount of funding required for PHR systems research would be a modest percentage of ongoing and future health IT and EHR research efforts.
The Committee identified broad areas for research and evaluation for PHR systems. These areas include consumer, health services, and technical research and the development of metrics to assess the implementation and impact of PHR systems on multiple dimensions of health and healthcare.
Consumer research should identify who is adopting PHR systems; how individuals use the systems; barriers to adoption and successful use; and access, pricing and usability issues, among other things. Identification of these factors can inform decisions about the functions and drivers for PHR systems adoption. When overlaid with the different types of PHR systems that we have identified, the health care and technology industries can design successful products that will match consumers’ needs and preferences, and the Federal government can more easily identify the best purposes for any Federally-sponsored or Federally-promoted PHR system.
Health Services Research
Health services research should address issues related to PHR systems’ impact on workflow, particularly its effects on efficiency and utilization. While there are presumptive positive relationships between PHR systems and patient safety, healthcare quality, costs, and individual and population health, the actual impact is unknown. Some areas for further research with respect to patient management include whether and how PHR systems change the way individuals relate to healthcare providers and the healthcare system; whether PHR systems lead to better self-management of chronic conditions; whether PHR systems improve the availability of clinically relevant information before, during and after encounters; and whether PHR systems contribute to modifying unhealthy life-style behaviors such as smoking, lack of exercise, and poor diet.
Technical research would examine methods to optimize the interface between PHR and EHR systems; the optimization of standards for interoperability; approaches to authentication, identification, and role-based permissions; and the ability to execute data-source annotation.
NCVHS concludes that a series of metrics around PHR system usage, processes, outcomes, and impacts should be identified and tested. Metrics should also monitor the quality, validity and reliability of records management of PHR system data, including the concordance of consumer/patient-entered and provider-entered data.
RECOMMENDATION 17: HHS research. The Secretary should request that all agencies review their research portfolios and program operations and report to the Secretary the ways they could contribute to the research and evaluation of PHR systems.
RECOMMENDATION 18: OPM pilots. HHS should collaborate with the Office of Personnel Management to help implement pilot studies of PHR systems with payers and beneficiaries of the Federal Employees Health Benefits Plan.
RECOMMENDATION 19: AHRQ research. The Agency for Healthcare Research and Quality (AHRQ) should expand its evolving health information technology research portfolio to support health services research and the development of metrics to assess the impact of PHR systems on quality of care, patient safety, and patient outcomes.
RECOMMENDATION 20: CMS pilots. The Centers for Medicare and Medicaid Services (CMS) should conduct pilot studies of PHR usage for chronic diseases to evaluate utility and cost effectiveness for beneficiaries, providers and payers.
In view of the potential value of PHR systems to improve health and healthcare and the potential of developments in this field to impact your broader health information technology agenda, NCVHS urges you to exercise leadership and give this area the priority it deserves.
Thank you for the opportunity to make these recommendations.
Simon P. Cohn, M.D., M.P.H., Chairman,
National Committee on Vital and Health Statistics
Cc: HHS Data Council Co-chairs
 See Lansky, D., Kanaan, S., Lemieux, J. April 15, 2005. Identifying Appropriate Federal Roles in the Development of Electronic Personal Health Records. Results of a Key Informant Process. Submitted to the Office of Disease Prevention and Health Promotion, OPHS, U.S. Department of Health and Human Services; and Connecting for Health, July 2004. Connecting Americans to their Healthcare. Final Report. Working Group on Policies for Electronic Information Sharing Between Doctors and Patients. Markle Foundation and Robert Wood Johnson Foundation. http://www.connectingforhealth.org/resources/wg_eis_final_report_0704.pdf