Since we don’t have enough acronyms in medicine I would like to add a new one to your library. The PHR is something that every person will need to become familiar with as we move to electronic medical records. A PHR is a personal health record. Simply stated it is all the medical records from various providers that is maintained by an individual. Normally this is done electronically and many times it is in a cloud based application.
Many people like the flexibility of having access to all of their medical information. When you visit a new doctor or a specialist you can provide them with copies or access to the information. It is also great for the vacations where you need to visit the doctor. Anyone who travels with children has visited at least one emergency room during their travels.
Leading Up to PHRs
PHRs were made possible after the Health Insurance Portability and Accountability Act (HIPAA) became law in 2003. This allows individuals to request copies of the medical records that their providers maintain. This is a less well known part of the law. Most people are more familiar with the security requirements for patient data. This requires privacy controls for medical record storage and medical records shredding. With the addition of HITECH it also requires the notification of data breaches.
But is important to know that the privacy controls that are mandated by HIPAA do not cover personal health records. HIPAA is for “covered entities.” These are medical providers and people they contract with the maintain medical data. When you take ownership of a PHR it no longer applies. So if you use an application you need to make sure that your information is secure. No one wants to have their information used for marketing purposes or shared with insurance companies that may use the information to change your rates.
This is a time where you need to carefully read the user agreement. Don’t just click through it like the user agreement on your smartphone. Make sure that your information can not be sold or shared unless you specifically allow it. If they have the ability to change the agreement without your explicit approval then you need to pass. A warning sign is a website or application that is free. If they are not making money from subscribers then they are making money off your data. They have to pay for servers and bandwidth in some manner.