A personal health record (PHR) is a health record where health data and other information related to the care of a patient is maintained by the patient. This stands in contrast to the more widely used electronic medical record, which is operated by institutions (such as hospitals)
and contains data entered by clinicians (such as billing data) to
support insurance claims. The intention of a PHR is to provide a
complete and accurate summary of an individual's medical history which
is accessible online.
The health data on a PHR might include patient-reported outcome data,
lab results, and data from devices such as wireless electronic weighing
scales or (collected passively) from a smartphone.
Definition
The term "personal health record" is not new. The term was used as early as June 1978, and in 1956, there was a reference was made to a "personal health log." The term "PHR" may be applied to both paper-based and computerized systems; usage in the late 2010s usually implies an electronic application used to collect and store health data.
In the early 2000s, healthcare organizations began to propose formal definitions of the term. For example:
The Personal Health Record (PHR) is an Internet-based set of tools that allows people to access and coordinate their lifelong health information and make appropriate parts of it available to those who need it. PHRs offer an integrated and comprehensive view of health information, including information people generate themselves such as symptoms and medication use, information from doctors such as diagnoses and test results, and information from their pharmacies and insurance companies.
— Markle Foundation's Personal Health Working Group, Connecting for Health (2003)
The personal health record (PHR) is an electronic, universally available, lifelong resource of health information needed by individuals to make health decisions. Individuals own and manage the information in the PHR, which comes from healthcare providers and the individual. The PHR is maintained in a secure and private environment, with the individual determining rights of access. The PHR is separate from and does not replace the legal record of any provider.
— AHIMA e-HIM Personal Health Record Work Group (2005)
The industry model personal health record (PHR) is a private, secure web-based tool maintained by an insurer that contains claims and administrative information. PHRs may also include information that is entered by consumers themselves, as well as data from other sources such as pharmacies, labs, and care providers. PHRs enable individual patients and their designated caregivers to view and manage health information and play a greater role in their own health care.
— America's Health Insurance Plans (2006)
It is important to note that PHRs are not the same as electronic health records (EHRs) or electronic medical records (EMRs), which are software systems designed for use by health care providers.[5]:19–20[6]
Like the data recorded in paper-based medical records, the data in EHRs
are legally mandated notes on the care provided by clinicians to
patients. However, generally there is no mandate requiring patients to
track their own health data. Like EHRs and EMRs, PHRs may still fall
under the regulatory scope of governments, depending on their origin, but rigorous regulatory protection of their data is still lacking in parts of the world.
PHRs can contain a diverse range of data, including but not limited to:
- Allergies and adverse drug reactions,
- Chronic diseases,
- Family medical history,
- Illnesses and hospitalizations,
- Imaging reports (e.g. X-ray),
- Laboratory test results,
- Medications and dosing,
- Prescription record,
- Surgeries and other procedures,
- Vaccinations, and
- Observations of daily living (ODLs)
There are two methods by which data can arrive in a PHR.
A patient may enter it directly, either by typing into fields or
uploading/transmitting data from a file or another website. The second
is when the PHR is tethered to an electronic health record, which
automatically updates the PHR. Not all PHRs have the same capabilities,
and individual PHRs may support one or all of these methods.
In addition to storing an individual's personal health
information, some PHRs provide added-value services such as drug-drug
interaction checking, electronic messaging between patients and
providers, managing appointments, and reminders.
Benefits
PHRs
grant patients access to a wide range of health information sources,
best medical practices, and health knowledge. All of an individual’s
medical records are stored in one place instead of paper-based files in
various doctors’ offices. Upon encountering a medical condition, a
patient can better access test results, communicate with their doctors,
and share information with others suffering similarly.
Moreover, PHRs can benefit clinicians. PHRs offer patients the
opportunity to submit their data to their clinicians' EHRs. This may
help clinicians make better treatment decisions by providing more
continuous data, resulting in improved efficiency in care.
However, some physicians may have concerns about patient-entered
information and its accuracy, as well as whether the added patient
engagement creates more unreimbursable work.
PHRs have the potential to help analyze an individual’s health
profile and identify health threats and improvement opportunities based
on an analysis of drug interaction, current best medical practices, gaps
in current medical care plans, and identification of medical errors.
Patient illnesses can be tracked in conjunction with healthcare
providers, and early interventions can be promoted upon encountering
deviation of health status. PHRs also make it easier for clinicians to
care for their patients by facilitating continuous communication as
opposed to episodic. Eliminating communication barriers and allowing
documentation flow between patients and clinicians in a timely fashion
can save time consumed by face-to-face meetings and telephone
communication. Improved communication can also ease the process for
patients and caregivers to ask questions, to set up appointments, to
request refills and referrals, and to report problems. Additionally, in
the case of an emergency a PHR can quickly provide critical information
to proper diagnosis or treatment.
Architecture
Like other health information technology, PHR architecture can be roughly organized into three main components:
- Data
- The information collected, stored, analyzed, and exchanged by the PHR.
- Examples: medical history, laboratory results, imaging studies, medications
- Infrastructure
- The platform that handles data storage, processing, and exchange.
- Examples: stand-alone software programs or websites, provider- or payer-connected (tethered) websites
- Applications
- The information exchange, data analysis, and content delivery capabilities of the system.
- Examples: scheduling appointments, medication refill or renewal, decision aids, and patient education materials.
Architecture types remain various. However, in 2017, Roehrs et al.
performed a systematic literature review of PHRs and were able to
divide architecture types into two groups: model-based and
coverage-based. Model architectures represent more traditional takes on
PHRs, including health data that is still stored on paper. Coverage
architectures represent more hybrid takes on the PHR, "with the PHR
distributed inside and outside the health care organizations" based on
the data's physical location.
The associated architectural types have different costs and benefits.
Likewise, stand-alone, provider-tethered, and payer-tethered PHRs have
different advantages and disadvantages for patients related to their
individual circumstances. Such differences are among the priority areas
in PHR research. As PHRs may play a key role in advancing health information exchange, interoperability with other health IT systems is an important consideration for PHR architecture.
Additionally, PHR systems requires users to put forth an "'ongoing'
effort to keep their account up to date" (maintain an active role in
managing their own health), which in turn requires further examination
of PHR architecture and adoption models by developers.
Delivery platforms
One
of the principal distinguishing features of a PHR is the platform by
which it is delivered. The types of platforms include: paper, electronic
device, and web.
Paper
Personal
health information is recorded and stored in paper format. Printed
laboratory reports, copies of clinic notes, and health histories created
by the individual may be parts of a paper-based PHR. This method is low
cost, reliable, and accessible without the need for a computer or any
other hardware. Probably the most successful paper PHR is the hand-held
pregnancy record, developed in Milton Keynes in the mid-1980s and now in use throughout the United Kingdom. These include the Scottish Woman-Held Maternity Record, All Wales Maternity Record, and Perinatal Institute notes.
Paper-based PHRs may be difficult to locate, update, and share
with others. Paper-based PHRs are subject to physical loss and damage,
such as can occur during a natural disaster. Paper records can also be
printed from most electronic PHRs. However, Fawdry et al. have shown that paper records are extremely flexible and do have distinct advantages over rigid electronic systems.
Electronic devices
Personal health information is recorded and stored in personal computer-based
software that may have the capability to print, backup, encrypt, and
import data from other sources such as a hospital laboratory. The most
basic form of a PC-based PHR would be a health history created in a
word-processing program. The health history created in this way can be
printed, copied, and shared with anyone with a compatible word processor.
PHR software can provide more sophisticated features such as data encryption, data importation, and data sharing with health care providers. Some PHR products allow the copying of health records to a mass-storage device such as a CD-ROM, DVD, smart card, or USB flash drive.
PC-based PHRs are subject to physical loss and damage of the
personal computer and the data that it contains. Some other methods of
device solution may entail cards with embedded chips containing health
information that may or may not be linked to a personal computer
application or a web solution.
Web applications
Web-based
PHR solutions are essentially the same as electronic device PHR
solutions, however, web-based solutions have the advantage of being
easily integrated with other services. For example, some solutions allow
for import of medical data from external sources. Solutions including HealthVault, and PatientsLikeMe
allow data to be shared with other applications or specific people.
Mobile solutions often integrate themselves with web solutions and use
the web-based solution as the platform.
A large number of companies have emerged to provide consumers the
opportunity to develop online PHRs. Some have been developed by
non-profit organizations, while others have been developed by commercial
ventures. These web-based applications allow users to directly enter
their information such as diagnosis, medications, laboratory tests,
immunizations and other data associated with their health. They generate
records that can be displayed for review or transmitted to authorized
receivers.
Despite the need for PHRs and the availability of various online
PHR providers, there has not been wide adoption of PHR services. In
fact, Google, being among the most innovative companies in the world, discontinued its PHR service called Google Health
on January 12, 2012. The reason cited for shutting down Google Health
was that the service did not translate from its limited usage into
widespread usage in the daily health routines of millions of people.
Surveys of web-based services have found wide variations in functions
between services and only limited data on efficacy and safety concerns. One analyst, describing the public's reluctance to adopt the services, called PHRs "a technology in search of a market."
An emerging standard from HL7, Fast Healthcare Interoperability Resources (FHIR), is designed to make it easier for developers of personal health record applications to access relevant medical records.
EHRs, PHRs, patient portals and UHRs
The terms electronic health records, personal health records, and patient portals are not always used correctly. The generally agreed upon definition of these terms relates mainly to the ownership
of the data. Once data is in a PHR it usually owned and controlled by
the patient. Most EHRs, however, are the property of the provider,
although the content can be co-created by both the provider and patient.
A patient has a legal right in most states to request their healthcare
data and under recent USA legislation those providers using a certified
EHR will be required to provide an electronic copy as well. In the UK,
according to the governments's information strategy for the NHS every
primary care practice in England will have to offer patients online
access to their care records by 2015. In 2012, only 1% did so. Electronic health records and electronic medical records
contain clinical data created by and for health professionals in the
course of providing care. The data is about the patient but the data
resides in a health care provider's system. The patient portal
is typically defined as a view into the electronic medical records. In
addition, ancillary functions that support a health care provider's
interaction with a patient are also found in those systems e.g.
prescription refill requests, appointment requests, electronic case
management, etc. Finally, PHRs are data that resides with the patient,
in a system of the patient's choosing. This data may have been exported
directly from an EMR, but the point is it now resides in a location of
the patient's choosing. Access to that information is controlled
entirely by the patient.
A new concept being discussed is the UHR or "universal health record",
which would be a patient-centered and patient-controlled body of
information that could be shared in a granular way with particular
health care providers at the patient's discretion in support of the
patient's work with health care providers. This project would enlist open source
contributions and enhancements from developers, with particular
emphasis on supporting patient expectations of privacy and responsible
patient control of private health information (PHI).
While PHRs can help patients keep track of their personal health
information, the value of PHRs to healthcare organizations is still
unclear.
Barriers to adoption
Since the National Academy of Medicine (previously the Institute of Medicine) called for greater adoption of PHRs in 1999,
the software has faced many barriers to adoption, including economic,
technological, regulatory, behavioral, and organizational issues at both
the environmental and individual levels.
A study from 2002 was carried out in an effort to assess the
functionality and utility of the budding online PHR. It found that most
people did not keep record of minute details of their healthcare
experiences and therefore made it difficult to get full value from
web-based PHRs. The PHRs selected for evaluation offered limited
functionality to the general public, with limitations in data entry,
validation, and information display methods.
A 2005 survey found that limited access to computers and the internet
access, as well as low computer literacy levels, known as the digital divide, was a barrier for low-income and aged populations.
A 2010–11 set of interviews of clinicians and patients found "that both
usability concerns and socio-cultural influences are barriers to PHR
adoption and use."
More recent studies and reviews in the mid- to late 2010s have revealed
other issues such as privacy and confidentiality concerns, lack of
motivation, low health literacy, health- and disease-related
disabilities, and even administrative burdens.
Promotion and usability
Additionally,
how the PHR is promoted by healthcare organizations, how useful their
features are, and how well the care provider uses it, particularly in
the realm of patient communication, can influence adoption and usage
rates.
Promotion may occur at several steps of the development and
implementation process, from developers talking with providers about a
proposed system, clinics forming patient focus groups, and providers
posting physical and digital news of the PHR to patients.
The features and usability of the system also drive adoption, with
groups such as Kaiser Permanente and Cleveland Clinic seeing substantial
increases in PHR use when adding the features users want.
Provider use and communication has also proved important; "[s]ecure
communication with the physician is important because the patients will
eventually leave (the PHR) if there is no conversation going on with the
physician."
Additional studies have also show that when put to use, PHR's ability
to enhance communication and collaboration can change patient patterns
from sporadic visits to steady visits, and more significant PHR use.
Privacy and security
One
of the most controversial issues for PHRs is how the technology could
threaten the privacy of patient's protected health information (PHI). Network computer break-ins are becoming more common, thus storing medical information online can cause fear of the exposure of health information to unauthorized individuals.
In addition to height, weight, blood pressure and other quantitative
information about a patient's physical body, medical records can reveal
very sensitive information. This includes fertility, surgical
procedures, emotional and psychological disorders, and diseases, which
many patients are reluctant to share even voluntarily.
Various threats exist to patient information confidentiality:
- Accidental disclosure
- During multiple electronic transfers of data to various entities, medical personnel can make innocent mistakes to cause disclosure of data.
- Insider curiosity
- Medical personnel may misuse their access to patient information out of curiosity or for another purpose.
- Insider subordination
- Medical personnel may leak out personal medical information for spite, profit, revenge, or other purposes.
- Uncontrolled secondary usage
- Those who are granted access to patient information solely for the purpose of supporting primary care can exploit that permission for reasons not listed in the contract, such as research.
- Outsider intrusion
- Former employees, network intruders, hackers, or others may access and steal information, steal hardware, damage systems, and disrupt operations.
Technological and regulatory issues play important roles in the
privacy, security, and patient concerns surrounding PHI. On the
technological side, failures occur at numerous points:
- breach of a patient data server connected to other unsecure systems
- phishing and hacks of company email accounts
- breach of a misconfigured public-facing server
- theft of unencrypted computing devices
- malware intentionally or accidentally installed on a server
The state of PHR regulations are also worth mentioning. A 2018 review
and comparison of five legislative jurisdictions around the world found
"considerable variances with regards to legal terminology and the
degree of compliance required from entities offering PHR services across
various jurisdictions." Even in the European Union, which provides some of the most significant protections to PHR data through the General Data Protection Regulation (GDPR), the reviewers found "significant room for interpretation and a degree of ambiguity in key areas."
With further questions arising about the security and privacy of PHI
that makes its ways to expanding platforms such as smartphones and
associated applications, clearer regulations and policies will likely be required.
In public health
PHRs
have the potential to benefit the public health sector in areas such as
health monitoring, outbreak monitoring, empowerment through information
and resources, linking to services, and research.
However, tapping into this potential has been a slow process due to
both the public health sector not fully engaging with adopters and the adopters themselves exhibiting "reticence to share sensitive information."
Several surveys of Americans in the twenty-first century have indicated
that anywhere between 63 to 73% would be willing to share at least some
personal health information with public health officials for detecting
disease outbreaks and other purposes. However, caveats about retaining control of how the information is presented and used remain strong among respondents, with concerns about anonymity, government insensitivity, and discrimination. Given the questionable state of regulatory efforts to protect PHR data from these and other concerns, the standard use of health data from PHRs in public health may still be far away.
The U.S. Centers for Disease Control and Prevention
has taken the idea of PHR integration with public health efforts a step
further, in 2016 suggesting a framework for a community health record
"for integrating and transforming multisector data into actionable
information."
Integration of EHR, PHR, and county health data would allow the
integration and presentation of data across residential blocks to entire
zip codes. However, like PHR, significant social approval would have to
occur, and data use agreements would have to be established.
