Personally controlled online health data--the next big thing in medical care?
This article is a commentary on the efforts by non-health care entities to promote the online storage of personal medical information by consumers to create an electronic personal health record.
The goal is to create a single repository for personal health information that could potentially accept data from and share data with multiple sources including physicians, hospitals, lab vendors, insurance companies, etc. This information would be stored for free in a secure environment with the patient controlling who may access the information, and to what information and when they may have access.
The article provides three examples of organizations that are currently offering this type of service for consumers. The three organizations are Dossia, a nonprofit consortium of major employers, Google via Google Health and Microsoft via Microsoft HealthVault. All intend to create a system to permit web-based storage of personal health information that would be free to the consumer, secure and private.
All have promoted the concept that the consumer will have ultimate control of their information and may limit who has access to it. Unfortunately for consumers, these entities operate outside the traditional health care community, and thus are not subject to the legal restrictions for privacy and security standards imposed on personal health information by the Health Insurance Portability and Accountability Act (HIPAA). Consequently, if there is a breach of security or privacy, the legal recourse for consumers in not yet clear.
Electronic medical record
The author also describes more traditional sources for Internet access to personal health information or health services. Many physicians and hospitals today use an electronic medical record (EMR), and some of the vendors that provide the EMR’s offer patient portals for web-based access to their provider and/or medical chart.
Example of EMR
An example given of an EMR vendor that does this is Epic, which offers MyChart as a patient portal to securely communicate via e-mail with their physician, schedule appointments, request refills, etc. Patients also can access some medical record information, such as immunization records for a child. The ability for patient’s to add information with this type of system would be much more limited than under an open access model that is provider neutral as discussed in the beginning of the article.
The author describes several new options for consumers today to create or access personal health information via the Internet. It is too early in the life cycle of these ventures to determine if consumers will embrace them. There remain some important concerns regarding liability if privacy or security issues are not reliable and consistently adhered to by private entities that offer to store personal health information.
There are potentially some real benefits to consumers to have this type of control and access to their personal health records, but until the legal issues are better defined, I anticipate both medical providers and most consumers will be slow to accept these technologies in the near future.