Putting all your health records in one electronic place sounds like a great idea. But how do you control who can see the information?
It’s all too familiar. You’re seeing a new doctor, getting a lab test, consulting a specialist or having your teeth cleaned. And nearly every time, you’re handed a clipboard and asked to answer the same old questions.
Name, address, social security number, health insurance coverage. Check all boxes that apply: Any allergies? Heart disease? Diabetes? Prescription medication? Like the movie in which actor Bill Murray keeps reliving the same day, you’re caught in your own medical version of Groundhog Day.
Your personal health record
Personal health records (PHRs) can help you escape this repetitive process by providing a portable electronic record of your medical history. Information about your health, vaccinations and insurance claims can all be stored within a PHR. Individuals typically create PHRs for themselves, so the convenience of having one requires you to be pro-active about creating it. They can take many electronic forms, including:
- PC-based records creating using special PHR software or simply a word-processing program.
- Internet-based PHRs that are accessed with a Web browser.
- Smart phone-based PHRs.
- CD-ROM-based PHRs, or other portable formats such as iPhones.
But the appeal of this electronic convenience dims a bit when you consider all the sensitive, and possibly embarrassing, information a PHR might contain:
- Blood glucose levels.
- Blood pressure readings.
- Heart rates and treadmill stress tests.
- Emergency room visits.
- Past operations and hospital stays.
- HIV test results.
- Family trees of your relatives’ medical histories.
- Consent forms, advance directives or do-not-resuscitate orders.
- Images such as X-rays, MRIs or multiple-year reference photos of skin blemishes that may or may not be pre-cancerous.
That’s all very useful information. But it’s deeply personal as well.
Some of that warts-and-all information you might want share with your doctor — but not with an ambulance driver or insurance claims processor.
“There is tremendous value in health care information. There are good uses and bad uses,” says Ashley Katz, executive director of the nonprofit watchdog group Patient Privacy Rights. “The bad uses would include making money by selling or using the data, as well as saving money by denying claims or weeding out expensive patients/employees.”
At the moment, the bulk of health records are not created by individual consumers. Instead, there’s a parallel system of records being generated by health providers and insurance firms, which use them to track or pay for patients’ treatments. To distinguish them from PHRs, these corporate data are often called electronic health records (EHRs). Major EHR players include Aetna, Blue Shield, CIGNA, HealthNet, Kaiser, United/Pacificare and WellPoint/Blue Cross.
Online PHR services
A growing number of online services exist online can help you create your own PHR. The services are free or come with a low annual charge. You select the information you want on your record. You can also update the record as your health history changes, then share it with your doctor and others as you wish.
“If patients don’t have 100 percent control over PHRs, then it’s the health care industry, not the patient, that will be the primary beneficiary of PHRs,” says Katz. “Every patient needs to pay close attention to how all of their medical information is being used, stored and transmitted.”
Katz’ privacy group recently released a report card on five of the most popular services for creating your own PHR:
No More Clipboard was the only service to score an “A,” primarily because Katz’s group felt it gave consumers the most control over their personal data. Microsoft garnered a “B” for its HealthVault service but was given an “F” for not having tighter access controls for its many service partners.
Katz reminds consumers that health insurance companies may have very different reasons for championing the use of PHRs.
“Behind every PHR is a desire — be it altruistic or self-serving — to collect as much information as possible and make it useful,” she warns. “Literally millions of individuals can have access to your medical records. When you have that many hands in the pot, how in the world can you expect the information to be ‘secure’?”
Who can see your records?
Do you want your health insurance company to see everything you’ve discussed with your doctor? Probably not. You want a record system where certain “rooms” in your medical house are locked, or at least not open to just anyone. But who has the time needed to answer the electronic door every time a doctor, lab service or insurer needs access to your records?
Another problem in keeping your medical data private is that federal law makes it possible for medical and insurance firms to use your information without getting your express permission. This wrinkle, created by the Health Insurance Portability and Accountability Act of 1996 (HIPAA), largely affects issues involving “treatment, payment and health care operations,” which covers a lot of ground.
The March 2010 overhaul of health care approved by Congress contains sweeping changes in the nation’s medical system. But Katz says it did not address the existing problems with PHRs and patient privacy.
“Our health information can be used in many, many ways without our permission and over our objections. That needs to change at the federal level,” says Katz. “Getting to a true patient-centric system of health care should be the goal.”
A well-designed, secure PHR system could streamline everyone’s health care while possibly saving the nation billions of dollars. And, finally, it wouldn’t matter that you can never remember the date of your last tetanus-diphtheria vaccination. But for now, PHRs remain a work in progress with their full potential still over the horizon.
More from Insure.com:
- 12 ways to lower your health insurance premiums
- How to ask your doctor for price breaks
- 10 things you should know about COBRA