Personal Health Records and Personal Health Record Systems

A Report Recommendation
from the National Committee

on Vital and Health Statistics
Personal Health Records

and Personal Health
Record Systems
U.S. Department of
Health and Human Services
National Institutes of Health
National Cancer Institute
National Center for Health Statistics

Centers for Disease Control and Prevention
Personal Health Records and
Personal Health Record Systems
A Report and Recommendations from

the National Committee on Vital and Health Statistics
U.S. Department of Health and Human Services
National Cancer Institute

National Institutes of Health
National Center for Health Statistics

Centers for Disease Control and Prevention
Washington, D.C.
February 2006
Contents
Acknowledgements
Executive Summary
Background
Personal Health Records are Evolving

in Concept and Practice
Recommendations 1-2
Personal Health Record Systems’ Value

Depends on Users, Sponsors, and Functionality
Privacy
Recommendations 3-7
Security Requirements
Recommendations 8-9
Interoperability
Recommendations 10-14
Federal Roles in PHR Systems, Internal and External

Advancing Research and Evaluation on PHR Systems


Next Steps for NCVHS
Personal Health Records and Personal Health Record Systems

Acknowledgements
This report was developed by the Workgroup on the National Health Information Infrastructure (NHII) of the National
Committee on Vital and Health Statistics (NCVHS), the statutory public advisory body on health information policy to
the Secretary of Health and Human Services. All the members of the full National Committee, and particularly those
who serve on the Subcommittee on Standards and Security and the Subcommittee on Privacy and Confidentiality,
contributed to the final report. It is based on a letter report that was approved by the full Committee in September
2005 and sent to the Secretary. The letter report is available on the NCVHS Web site (http://ncvhs.hhs.gov/050909lt.
htm). It has been slightly modified (but not substantively changed) to serve the wider audience interested in personal
health records and systems. The Workgroup is grateful to the many experts and organizations whose invaluable
suggestions contributed to the findings and shaped the recommendations.
Development of this report was coordinated and supported by the National Cancer Institute’s Center
for Bioinformatics, which provides the lead staff for the Workgroup. Workgroup staff and staff from
the National Center for Health Statistics, which serves as Executive Secretary to NCVHS, provided
invaluable assistance.
National Committee on Vital and Health Statistics

October 2005
Chairman
Simon P. Cohn, M.D., M.P.H.
Associate Executive Director
The Permanente Federation
Kaiser Permanente
Oakland, Californiaia
HHS Executive Staff Executive Secretary

Director
Marjorie S. Greenberg
James Scanlon Chief
Deputy Assistant Secretary Classifications & Public Health Data Standards Staff
Office of Science and Data Policy Office of the Director
Office of the Assistant Secretary National Center for Health Statistics,
for Planning and Evaluation, HHS Centers for Disease Control and Prevention
Department of Health and Human Hyattsville, Maryland
Services (HHS)
Washington, D.C.

Membership
Jeffrey S. Blair, M.B.A. Justine M. Carr, M.D.
Vice President Director, Clinical Resource Management
Medical Records Institute Health Care Quality
Albuquerque, New Mexico Beth Israel Deaconess Medical Center
Boston, Massachusetts
John P. Houston, J.D.
Director, ISD; Privacy Officer; Assistant Counsel Stanley M. Huff, M.D.
University of Pittsburgh Medical Center Professor, Medical Informatics
Pittsburgh, Pennsylvania University of Utah
College of Medicine
Robert W. Hungate Intermountain Health Care
Principal Salt Lake City, Utah
Physician Patient Partnerships for Health
Wellesley, Massachusetts A. Russell Localio, Esq., M.A., M.P.H., M.S.
Assistant Professor of Biostatistics
Carol J. McCall, F.S.A., M.A.A.A. University of Pennsylvania School of Medicine
Vice President Center for Clinical Epidemiology and Biostatistics
Humana Philadelphia, Pennsylvania
Center for Health Metrics
Louisville, Kentucky Harry Reynolds
Vice President
Mark A. Rothstein, J.D. Blue Cross Blue Shield of North Carolina
Herbert F. Boehl Chair of Law and Medicine Durham, North Carolina
Director, Institute for Bioethics, Health Policy
and Law William J. Scanlon, Ph.D.
University of Louisville School of Medicine Health Policy R&D
Louisville, Kentucky Washington, D.C.
Donald M. Steinwachs, Ph.D. C. Eugene Steuerle, Ph.D.

Professor and Director Senior Fellow
The Johns Hopkins University The Urban Institute
Bloomberg School of Public Health Washington, D.C.
Department of Health Policy and Management
Baltimore, Maryland Kevin C. Vigilante, M.D., M.P.H.
Principal
Paul Tang, M.D. Booz-Allen & Hamilton
Chief Medical Information Officer Rockville, Maryland
Palo Alto Medical Foundation
Palo Alto, California Judith Warren, Ph.D., R.N.
Associate Professor
School of Nursing
University of Kansas
Kansas City, Kansas

Liaison Representatives
Virginia S. Cain, Ph.D. J. Michael Fitzmaurice, Ph.D.
Acting Associate Director for Behavioral and Senior Science Advisor for
Social Sciences Research Information Technology
HHS National Institutes of Health HHS Agency for Healthcare Research and Quality
Bethesda, Maryland Rockville, Maryland
June E. O’Neill, Ph.D Edward J. Sondik, Ph.D.

Co-Chair, NCHS Board of Scientific Counselors Director
Director National Center for Health Statistics
Department of Economics and Finance Centers for Disease Control and Prevention
Zicklin School, Baruch College Hyattsville, Maryland
New York, New York
Karen Trudel
Steven J. Steindel, Ph.D. Deputy Director
Senior Advisor Office of E-Health Standards & Security
Standards and Vocabulary Resource HHS Centers for Medicare and Medicaid Services
Information Resources Management Office Baltimore, Maryland
HHS Centers for Disease Control and Prevention
Atlanta, Georgia
Staff of the Centers for Disease

Control and Prevention,
National Center
for Health Statistics
Debbie Jackson
Katherine Jones
Jeannine Christiani
NCVHS Workgroup on the National

Health Information Infrastructure
Simon P. Cohn, M.D., Chair
Jeffrey S. Blair, M.B.A.
Richard K. Harding, M.D.*
John P. Houston, J.D.
Stanley M. Huff, M.D.
Robert W. Hungate
C. Eugene Steuerle, Ph.D.
Paul Tang, M.D.
Kevin C. Vigilante, M.D., M.P.H.
* Member during Report development

Workgroup Staff
Mary Jo Deering, Ph.D., National Center for Bioinformatics,
National Cancer Institute, National Institutes of Health,
U.S. Department of Health and Human Services (HHS),
NHII Workgroup Lead Staff and Project Manager
for the Report
Cynthia Baur, Ph.D., HHS Office of Public Health and Science
Jay Crowley, HHS Food and Drug Administration
Linda Fischetti, RN, MS, Department of Veterans Affairs
Kathleen Fyffe, HHS Office of the National Health

Information Technology Coordinator
Robert Kambic, HHS Centers for Medicare and

Medicaid Services
Eduardo Ortiz, M.D., M.P.H., Department of Veterans Affairs
Anna Poker, HHS Agency for Healthcare Research and Quality
Steven J. Steindel, Ph.D., HHS Centers for Disease Control

and Prevention (CDC)
Cynthia Wark, MSN, RN, HHS Centers for Medicare and

Medicaid Services
Michelle Williamson, HHS/CDC National Center for

Health Statistics
Susan Baird Kanaan, Consultant Writer
NCVHS Web site: www.ncvhs.hhs.gov

Executive Summary
President Bush and Secretary Leavitt have put forward a vision that, in the Secretary’s words, “would create a
personal health record that patients, doctors and other health care providers could securely access through the
Internet no matter where a patient is seeking medical care.” The National Health Information Infrastructure
Workgroup of the National Committee on Vital and Health Statistics (NCVHS) held six hearings on personal health
records (PHRs) and PHR systems in 2002-2005. On the basis of those hearings, the Workgroup developed a letter
report with twenty recommendations that it sent to the Secretary in September 2005. Citing the role PHR systems
could play in improving health and healthcare and furthering the broad health information technology agenda, the
letter report urges the Secretary to exercise leadership and give priority to developing PHRs and PHR systems, con-
sistent with the Committee’s recommendations. The present report is a slightly expanded version of the letter report
sent to the Secretary. Although substantively unchanged, it adds clarifying information for a broader audience.
Currently, PHRs and their associated health The Committee concluded that while this variety
management tools are heterogeneous and evolving. reflects the current stage of innovation, it makes
There is no uniform definition of “personal health collaboration and policy-making difficult. The Com-
record” in industry or government. The following mittee recommended development of a descriptive
attributes can vary: framework to facilitate nuanced discussion and
n the scope or nature of the information/ policy-making in this area, and proposed the attri-
contents butes listed above as a starting point (see page 11).
n the source of the information
n the features and functions offered Although the consumer/patient is the primary ben-
n the custodian of the record eficiary and user of PHRs, other stakeholders stand
n the storage location of the contents to benefit from their use, as well. The table below
n the technical approach summarizes potential benefits from the perspective of
n the party who authorizes access to various roles. (These perceived benefits may not align
the information with any specific PHR or PHR system, and the same
users may play different roles at different times.)
NCVHS is the statutory public advisory Committee on health information policy to the Secretary of Health and Human Services.
http://www.ncvhs.hhs.gov/050909lt.htm

Key Potential Benefits of PHRs and PHR Systems
Roles Benefits
Consumers, Support wellness activities
Patients and their Caregivers Improve understanding of health issues
Increase sense of control over health
Increase control over access to personal health information
Support timely, appropriate preventive services
Support healthcare decisions and responsibility for care
Strengthen communication with providers
Verify accuracy of information in provider records
Support home monitoring for chronic diseases
Support understanding and appropriate use of medications
Support continuity of care across time and providers
Manage insurance benefits and claims
Avoid duplicate tests
Reduce adverse drug interactions and allergic reactions
Reduce hassle through online appointment scheduling and prescription refills
Increase access to providers via e-visits
Healthcare Providers Improve access to data from other providers and the patients themselves
Increase knowledge of potential drug interactions and allergies
Improve medication compliance
Provide information to patients for both healthcare and patient services purposes
Provide patients with convenient access to specific information or services
(e.g., lab results, Rx refills, e-visits)
Improve documentation of communication with patients
Payers Improve customer service (transactions and information)
Promote portability of patient information across plan
Support wellness and preventive care
Provide information and education to beneficiaries
Employers Support wellness and preventive care

Provide convenient service
Improve workforce productivity
Promote empowered healthcare consumers
Use aggregate data to manage employee health
Societal/Population Strengthen health promotion and disease prevention
Health Benefits Improve the health of populations
Expand health education opportunities

These and other benefits are not assured, however. To realize NCVHS Recommendations on PHRs
the potential of PHRs and PHR systems to improve health and PHR Systems
and healthcare, significant steps are needed in the areas
of privacy, security, and interoperability, in particular, as Recommendations on Evolving
recommended in this report. The Committee’s key findings Terms and Practices
include the following:
n It is important to clarify the respective rights, 1: Consensus framework. NCVHS recommends that HHS
obligations, and potential liabilities of consum- support the development of and promote public-private
ers, patients, providers, and other stakeholders in consensus on a framework for characterizing personal health
PHR systems. record systems, building on this initial framework (see p.11).
2: Education. HHS and others should use the agreed-upon
n Consumers should have the right to make an
framework as a basis for education efforts highlighting the
informed choice concerning the uses of their
benefits and risks of various types of PHRs, aimed not only
personal information when signing up to use any
at consumers and patients but also at healthcare providers
personal health record products or services.
(e.g., physicians and nurses) and other stakeholders.
n Security is a critical component of a PHR system,
especially if it is accessible via the Internet. Recommendations on Privacy
n The full potential of PHR systems will not be
realized until they are capable of widespread 3: Education about privacy. In any public education
exchange of information with Electronic Health program about PHR systems, HHS and other parties should
Records (EHRs) and other sources of personal and inform consumers about the importance of understanding the
other health data. privacy policies and practices of PHR system vendors,
including the enumeration of potential secondary uses
The Committee also identified broad areas for research and and disclosures of personally identifiable health information.
evaluation for PHR systems. They include consumer, health 4: Best practices. HHS should identify and promote best
services, and technical research and the development of practices with respect to privacy policies and practices for
metrics to assess the implementation and impact of PHR PHR systems, and models for plain language wording of
systems on multiple dimensions of health and healthcare. notices describing these policies and practices. These best
practices and models should also address translations into
other languages.
Most of the National Committee’s recommendations (which
5: Privacy in HHS-sponsored activities. For any HHS-
are listed below and discussed further in the full report) are
sponsored pilot projects, and any contractual relationship
directed to the U.S. Department of Health and Human
that CMS undertakes with entities intending to utilize CMS
Services (HHS). Some also call for action by other federal
data in PHRs, HHS should require that those PHR systems
agencies, standards development organizations, PHR
provide advance notice to consumers of any uses or disclo-
vendors, health care organizations, and pilot project contrac-
sures of personally identifiable health information. In those
tors. All the recommended steps require coordination among
situations where HIPAA does not apply, uses or disclosures
stakeholders and between the public and private sectors.
of information in PHRs should not be allowed without the
They also require federal leadership. The Committee recom-
express consent of the consumer.
mends that, similar to its role in stimulating EHR adoption,
the Department encourage and actively participate in a 6: Privacy in activities by entities not covered by
public/private partnership that facilitates standards-based HIPAA. Entities not covered by HIPAA that offer PHR systems
approaches to PHR systems in a harmonized legal and should voluntarily adopt strict privacy policies and practices
regulatory environment across geopolitical boundaries. and should provide clear advance notice to consumers of

these policies and practices. This notice should specifically Recommendations on Interoperability
include a full description of all uses of PHR data. In addition,
NCVHS recommends that no health information in a PHR be 10: Addressing standards gaps. Standards development
used without the express consent of the consumer, which efforts should be expanded to address issues related
may be obtained in conjunction with the notice. to authentication, identification of the data source, non-
7: Assessment. HHS should collaborate with other Federal repudiation, communication to/from PHR systems, mapping to
agencies as appropriate to review and assess issues related consumer-oriented concepts and terms, and the enabling of
to privacy and other consumer protections for PHR systems. consumer-controlled access.
Such a review should evaluate existing authorities and 11: Consistency of EHR and PHR standards. HHS should
mechanisms for addressing potential problems; it should also encourage standards development organizations, wherever
identify gaps and recommend appropriate action. possible, to adopt for the PHR those standards that are used
to promote interoperability of EHRs.
Recommendations on Security 12: PHR data sets. HHS should encourage standards
development organizations, wherever possible, to identify
8: Security standards framework. HHS should work data sets for PHR systems that are consistent with those
with relevant stakeholders to develop and promote a stan- used for EHRs.
dards framework for authentication, access control, authori- 13: Standards for HHS-sponsored activities. For any
zation, and auditability based on the following principals: HHS-sponsored pilot projects and any contractual relation-
ship that CMS undertakes with entities intending to
n All PHR systems should provide consumers
utilize CMS data in PHR systems, HHS should require that
with terms and conditions of use.
PHR vendors and health care organizations adopt data
n All PHR systems should provide functionality that content and exchange standards that are based upon
enables a consumer to audit who has accessed the standards accepted for EHRs, as a way of improving the
consumer’s information within the PHR. interoperability of the systems.
n All PHR systems should be based on industry- 14: Standards for private-sector activities. Private sector
standard security and authentication schemes. PHR vendors and health care organizations should voluntarily
This should not preclude vendors from making adopt data content and exchange standards that are based
additional security protections available at the upon standards accepted for EHRs, as a way of improving
option of the consumer. The decision to adopt the interoperability of the systems.
additional security technologies should take into
consideration portability, supportability and cost Recommendations on the Federal Role
of such solutions.
n PHR systems should include functionality that 15: Federal roles. Federal agencies should assess how they
provides a consumer with the ability to control can more fully explore and appropriately promote the benefits
who accesses the consumer’s information within of PHR systems across their respective roles.
the PHR. This would include the ability for the 16: Considerations for underserved populations.
consumer to restrict access to specific subsets of The Federal government should identify and address the
information within the PHR. information technology access and use barriers that limit the
9: Security in HHS activities. For any HHS-sponsored pilot dissemination of PHR systems, particularly to underserved
projects and any HHS contracts to produce PHR systems, populations. HHS also should address health literacy issues
HHS should require that security protections consistent with that could limit the use of PHR systems by the most
the HIPAA Security Rule be implemented. vulnerable populations.

Recommendations on Research
and Evaluation
17: HHS research. The Secretary should request that all

agencies review their research portfolios and program opera-
tions and report to the Secretary the ways they could contrib-
ute to the research and evaluation of PHR systems.
18: OPM pilots. HHS should collaborate with the Office
of Personnel Management to help implement pilot studies
of PHR systems with payers and beneficiaries of the Federal
Employees Health Benefits Plan.
19: AHRQ research. The Agency for Healthcare Research
and Quality (AHRQ) should expand its evolving health
information technology research portfolio to support health
services research and the development of metrics to assess
the impact of PHR systems on quality of care, patient safety,
and patient outcomes.
20: CMS pilots. The Centers for Medicare and Medicaid
Services (CMS) should conduct pilot studies of PHR usage
for chronic diseases to evaluate utility and cost effectiveness
for beneficiaries, providers and payers.

NCVHS will continue to gather information on this dynamic
field. It plans to release additional recommendations on
privacy, confidentiality and the NHIN. In addition, it will
provide a forum for exploring several issues that arose from
the initial hearings:
n The role of CMS
n Ownership and control of data within PHR systems
n The ability of PHR systems to obtain data from
external sources such as provider systems,
claims clearinghouses, health plans
and similar sources
n Non-repudiation (authenticating the integrity of the
contents and exchange of information)
n Potential liability for providers associated with the
use of incomplete or inaccurate data within a PHR
n Privacy policy practices, including notice
10 Personal Health Records and Personal Health Record Systems

Background
President Bush and Secretary Leavitt have put forward a vision that, in the Secretary’s words, “would create
a personal health record that patients, doctors and other health care providers could securely access through the
Internet no matter where a patient is seeking medical care.” Responding to this vision, the National Committee on
Vital and Health Statistics (NCVHS) submitted a letter report on Personal Health Record (PHR) systems in September,
2005. The letter report describes initial findings from national hearings covering the many types of systems referred
to as “Personal Health Records,” suggests areas for further exploration, and offers twenty recommendations. It urges
the Secretary to exercise leadership and to give this area the priority it deserves, in view of the role PHR systems could
play in improving health and healthcare and furthering the broad health information technology agenda. The present
report is a slightly expanded version of the letter report sent to the Secretary. Although substantively unchanged,
it adds clarifying information for a broader audience.
In its 2001 report, Information for Health: A Strategy wellness and healthcare decision making. It includes
for Building the National Health Information a personal health record that is created and con-
Infrastructure, NCVHS identified three primary areas trolled by the individual or family, plus information
or dimensions that comprise a national health infor- and tools such as health status reports, self-care
mation infrastructure (NHII): information to support trackers and directories of healthcare and public
the needs of patient care, population health, and per- health service providers.
sonal health. The healthcare provider (patient care)
area promotes quality patient care by providing ac- In this vision of the NHII, the three primary areas are
cess to more complete and accurate patient data on equally important, and the goal for the infrastruc-
the spot, around the clock. It includes provider notes, ture as a whole is to promote optimum information
clinical orders, decision-support programs, electronic exchange among them. The heart of the vision is
prescribing programs, and practice guidelines. The sharing information and knowledge as appropri-
second area, population health, makes it possible for ate so it is available to people when they need it
public health officials and other data users at local, to make the best possible health decisions. Ready
State, and national levels to identify and track health access to relevant, reliable information and secure
threats, assess population health, and create and modes of communication will enable consumers,
monitor programs and services. This area includes patients, healthcare and public health professionals,
information on both the health of the population and public agencies, and others to address personal and
influences on it. Finally, the personal health area of community health concerns far more effectively.
the NHII supports individuals in managing their own
Personal Health Records and Personal Health Record Systems 11

The diagram below, from the 2001 NCVHS report, shows how shared by all three. The list of information types below is
some information needs are unique to one dimension of intended to be illustrative and is not exhaustive.
activity and users, some are shared by two, and some are
Source: National Committee on Vital and Health Statistics, Information for Health:
a Strategy for Building the National Health Information Infrastructure, Washington, D.C., 2001.
Following publication of the 2001 NCHVS report,

considerable work got underway on many fronts to develop Ready access to relevant, reliable
the provider and population health dimensions of the NHII, information and secure modes of
much of it spurred by federal policy. In these two areas,
infrastructure development has been paired with progress
communication will enable consumers,
toward standards and privacy protection. However, there patients, healthcare and public health
was less federal attention to the development of technolo- professionals, public agencies, and
gies, content, connections and protections for the personal others to address personal and
dimension of the NHII. The NCVHS Workgroup on the
National Health Information Infrastructure (NHII) decided to community health concerns far
hold a series of hearings to learn more about PHRs and PHR more effectively.
systems (described below) because of their importance for

empowering consumers and patients to manage their health
and partner with their healthcare providers.
By April 2005, the Workgroup had held six open hearings on

information needs and activities related to personal health,
and personal health records in particular. The hearings
covered PHR models, data sets, standards, identification,
authentication, barriers to adoption, privacy, policy issues
and business issues. The invited presenters included
consumers, government, health care organizations, nonprofit
and commercial sponsors, Federal staff, standards and policy
experts, healthcare providers, payers, and economists.
The Workgroup was also informed about the work done on
personal health records/personal health management tools
by the HHS Office of Disease Prevention and Health
Promotion and the Markle Foundation’s Connecting for
Health Collaborative,3 as well as about the Veterans Health
Administration experience with MyHealtheVet, a personal
health record already deployed for veterans.
The Workgroup identified seven issues where specific

measures, collaboration and leadership are needed to assure
that stakeholders’ investments yield the desired benefits.
These issues, discussed below, include evolving conceptions
of PHRs; varying perspectives on their benefits; privacy;
security requirements; interoperability requirements; the
federal role; and research evaluation needs.
3 See Lansky, D., Kanaan, S., Lemieux, J. April 15, 2005. Identifying Appropriate Federal Roles in the Development of Electronic Personal Health
Records. Results of a Key Informant Process. Submitted to the Office of Disease Prevention and Health Promotion, OPHS, U.S. Department of
Health and Human Services; and Connecting for Health, July 2004. Connecting Americans to their Healthcare. Final Report. Working Group
on Policies for Electronic Information Sharing Between Doctors and Patients. Markle Foundation and Robert Wood Johnson Foundation.
http://www.connectingforhealth.org/resources/wg_eis_final_report_0704.pdf

Personal Health Records
are Evolving in Concept
and Practice
Personal health records are broadly considered as means by which an individual’s personal health information
can be collected, stored, and used for diverse health management purposes. However, NCVHS found that there
is no uniform definition of “personal health record” in industry or government, and the concept continues to evolve.
In some concepts, the PHR includes the patient’s interface to a healthcare provider’s electronic health record (EHR).
In others, PHRs are any consumer/patient-managed health record. This lack of consensus makes collaboration,
coordination and policymaking difficult. It is quite
possible now for people to talk about PHRs without There is no uniform definition
realizing that their respective notions of them may of “personal health record”
be quite different. Recognizing the variety of attri- in industry or government,
butes and possibilities and being very specific about and the concept continues to
what is being discussed would enable those engaged evolve. This lack of consensus
in collaboration and policymaking to conduct more makes collaboration, coordination
nuanced discussions of PHRs and to collaborate and policymaking difficult.
more effectively.
The first step in this direction is to catalog the its process and recommends a way HHS could
variety of types of PHRs and PHR systems in promote greater clarity.
existence and the varied uses of the terminology.
This section summarizes the different perspectives The term “record” in “personal health record” may
of PHRs that the Workgroup observed throughout itself be limiting, as it suggests a singular static
repository of personal data. The Committee found
The Committee proposes adopting that a critical success factor for PHRs is the provi-
sion of software tools that help consumers and
the term “personal health record”
patients participate in the management of their own
to refer to the health or medical health conditions. A “personal health record system”
record that includes clinical data, provides these additional software tools. The Com-
and the term “personal health mittee proposes adopting the term “personal health
record” to refer to the collection of information
record systems” to refer to the about an individual’s health and health care, stored
multi-function tools that include in electronic format. The term “personal health re-
PHRs among a battery of functions. cord system” refers to the addition of computerized
tools that help an individual understand and manage
the information contained in a PHR. These terms are analogous called for, to highlight the benefits and risks of various types
to the terms “electronic health record” and “electronic health of PHRs, aimed not only at consumers and patients but also
record systems” that have been adopted by the standards at healthcare providers and other stakeholders.
development organization HL7, which is leading the standards
activity in this area. The PHR and the PHR system are intended Initial framework of PHR
for use by consumers, patients or their informal caregivers, and PHR systems attributes
in contrast with EHR systems that are intended for use by
healthcare providers. n Scope and nature of content
Some PHR systems just have consumer
Despite the heterogeneity of PHRs and PHR systems at pres- health information, personal health
ent, NCVHS concluded that it is not possible, or even desir- journals, or information about
able, to attempt a unitary definition at this time. However, the benefits and/or providers, but no
Committee believes it is possible as well as useful to charac- clinical data about the individual.
terize them by their attributes: specifically, the scope or nature Some PHR systems have clinical informa-
of their information/contents, the source of their information, tion. Of these, some are disease specific,
the features and functions they offer, the custodian of the some include subsets of information
record, the storage location of the content, the technical ap- such as lab reports, and some are
proach to security, and the party who authorizes access to the comprehensive.
information.
n Source of information
Data in PHR systems may come from the
NCVHS believes that establishing consumer, patient, caregiver, healthcare
a framework for characterizing and provider, payer, or all of these.
describing the attributes of PHRs and Some PHR systems are populated with
PHR systems would be extremely helpful data by EHRs.
in promoting a better understanding and n Features and functions
appropriate use of any given PHR PHR systems offer a wide variety of
features, including the ability to
system. A consensus framework would
view personal health data, exchange
also provide a foundation for public secure messages with providers, schedule
education efforts. appointments, renew prescriptions, and
enter personal health data; decision support
(such as medication interaction alerts or
NCVHS believes that establishing a framework for char-
reminders about needed preventive
acterizing and describing the attributes of PHRs and PHR
services); the ability to transfer data to or
systems would be extremely helpful in promoting a better
from an electronic health record;
understanding and appropriate use of any given PHR system.
and the ability to track and manage
Some of the approaches to each of the attributes, as heard
health plan benefits and services.
by the Committee, are listed below in a framework that the
Committee offers as a starting point for such an effort. The n Custodian of the record
consensus-building process around such a framework should The physical record may be operated by a
take into consideration the work that standards development number of parties, including the consumer
organizations are doing to define the functional attributes of or patient, an independent third party, a
PHR systems. A consensus framework would also provide a healthcare provider, an insurance
foundation for public education efforts, which many speakers company, or an employer.
n Data storage Recommendation 2:
Data may be stored in a variety of locations,
including an Internet-accessible database, Education.
a provider’s EHR, the consumer/patient’s HHS and others should use the agreed-upon framework
home computer, a portable device such as as a basis for education efforts highlighting the benefits and
a smart card or thumb drive, or a privately risks of various types of PHRs, aimed not only at consumers
maintained database. and patients but also at healthcare providers (e.g., physicians
n Technical approaches and nurses) and other stakeholders.
Current PHRs and PHR systems are
generally not interoperable (with the
exception of the PHRs that are “views”
into the EHR, and they vary in how
they handle security, authentication,
and other technical issues.
n Party controlling access to the data
While consumers or patients always have
access to their own data, they do not
always determine who else may access it.
For example, PHRs that are “views” into
a provider’s EHR follow the access rules
set up by the provider. In some cases,
consumers do have exclusive control.
Recommendations on Evolving
Terminology and Functions:
1. Consensus Framework
2. Education
Recommendation 1:
Consensus framework.
NCVHS recommends that HHS support the development
of and promote public-private consensus on a framework for
characterizing personal health record systems, building on
this initial framework.

Personal Health Record
Systems’ Value Depends
on Users, Sponsors,
and Functionality
Testimony to NCVHS indicated that PHR systems create

PHR systems create different different kinds of value for a range of individual, institutional
kinds of value for a range of and societal stakeholders. The table below summarizes po-
individual, institutional and tential benefits from the perspective of various roles. Given
societal stakeholders. the heterogeneity of concepts of PHRs and PHR systems,
these perceived benefits may not align with any specific PHR
or PHR system. Also, it is worth pointing out that the same
users may play different roles at different times.

Key Potential Benefits of PHRs and PHR Systems
Roles Benefits
Consumers, Support wellness activities
Patients and their Caregivers Improve understanding of health issues
Increase sense of control over health
Increase control over access to personal health information
Support timely, appropriate preventive services
Support healthcare decisions and responsibility for care
Strengthen communication with providers
Verify accuracy of information in provider records
Support home monitoring for chronic diseases
Support understanding and appropriate use of medications
Support continuity of care across time and providers
Manage insurance benefits and claims
Reduce adverse drug interactions and allergic reactions
Reduce hassle through online appointment scheduling and prescription refills
Increase access to providers via e-visits
Healthcare Providers Improve access to data from other providers and the patients themselves
Increase knowledge of potential drug interactions and allergies
Improve medication compliance
Provide information to patients for both healthcare and patient services purposes
Provide patients with convenient access to specific information or services (e.g., lab
results, Rx refills, e-visits)
Payers Improve customer service (transactions and information)
Promote portability of patient information across plan
Support wellness and preventive care
Provide information and education to beneficiaries
Employers Support wellness and preventive care

Provide convenient service
Improve workforce productivity
Promote empowered healthcare consumers
Use aggregate data to manage employee health
Societal/Population Strengthen health promotion and disease prevention
Health Benefits Improve the health of populations
Expand health education opportunities

NCVHS heard testimony that the market for stand-alone
PHRs offered for sale or subscription as commercial products
Consumers and patients who use or through non-healthcare third party entities is fairly new.
PHR systems express strong While the number of products is growing, sales and usage
support for them. Even those who statistics are limited.
are not familiar with them are
Among the potential market drivers of PHR systems are the
interested in their potential benefits. following: chronic disease management; improved access to
personal health data; improved customer service and con-
venience; strengthened market position through increased
Consumers and patients who use PHR systems express loyalty (to the sponsoring entity); promotion of wellness,
strong support for them. They appreciate having access to prevention and self-care; and improved care delivery and
their personal health information to manage their own health coordination through timely access to information.
and health care and to share information with their provid-
ers. While surveys confirm that most of the general popula-
tion is unaware of PHR systems, they also show that even The Committee believes that the
those who are not familiar with them are interested in their emerging market for PHR systems
potential benefits. Specific areas of interest include access needs to be monitored.
to their health information (e.g., diagnoses, medications, test
results), communicating with their physicians, scheduling ap-
pointments, renewing prescriptions, tracking immunizations, On a cautionary note, the Committee believes that relying
noting mistakes in the medical record, transferring informa- entirely on market forces to determine the nature and direc-
tion to new doctors, and getting test results. tion of PHR systems could cause personal health information
to be exploited for its economic value without adequate
The Committee heard testimony that people with chronic consumer controls. While this is addressed more fully in the
conditions are more likely to use PHR systems, including section below on Privacy, the Committee believes that the
disease-specific PHR systems. It also heard of growing inter- emerging market for PHR systems needs to be monitored.
est from payers, providers, and employers to sponsor PHR As the market evolves, there may be occasions when the
systems for their members, patients, or employees. government needs to set standards or limits that formally
recognize certain consumer rights. Otherwise, a breach of
Many presenters (consumers, policy analysts, economists, confidence in PHRs and PHR systems could harm the con-
health system executives) observed that PHR systems bring sumer and undermine consumers’ trust in electronic health
health care in line with electronic and automated services in records and the National Health Information Network.
other consumer sectors. Several raised the possibility that
Health Savings Accounts and other “consumer-driven health
plans” may provide a stimulus for PHR systems. However,
these insurance approaches are too new to draw conclusions
from them.

Privacy
The Committee views privacy and security as closely entwined, with technical security measures being
designed to implement privacy policies and practices. The Committee’s findings on security follow this
section on privacy.
The privacy considerations of PHR systems are complex, yet addressing them adequately is essential if PHR
systems are to become widely accepted and used. Consumers want to be able to control access to their
personal health information. As noted above, all PHR systems are based on consumers having access to
their health information, and some are based on consumers having exclusive control of the information in
their PHR. Some presenters raised the issue of consum-
ers’ ownership of their personal health information. All PHR systems are based on
Some identified a difference between legal control consumers having access to
and ownership of the institutional medical record, their health information, and
on one hand, and consumer control and ownership some are based on consumers
of personal information and of a PHR, on the other.
having exclusive control of the
NCVHS observed that although the issues of health
information in their PHR. It will
record ownership and access control are not new,
be important to clarify the
they take on added dimensions with the emergence
respective rights, obligations,
of PHR systems. Moreover, while ownership per
and potential liabilities of
se may not be as relevant as control, it will nev-
ertheless be important to clarify the respective
consumers, patients, providers,
rights, obligations, and potential liabilities of con-
and other stakeholders
sumers, patients, providers, and other stakeholders in PHR systems.
in PHR systems.
The Committee notes that unique privacy issues arise

Consumers should have the in relation to PHR systems offered by third parties,
right to make an informed choice including some emerging systems that warehouse
and mine personal health data for secondary uses.
concerning the uses of their The Committee is concerned that some business
personal information when models involving third-party data warehouses could
signing up to use any personal be predicated on the secondary use (including sale
health record products or barter) of consumer data. Consumers using these
PHR systems may have little control over second-
or services. ary uses by the PHR vendor. Although there are

beneficial secondary uses of data, such as post-marketing
surveillance of adverse events from prescription drugs Recommendations
or population health monitoring, other secondary uses
on Privacy:
(e.g., targeted marketing) may not be desired by the con-
sumer. Consumers should have the right to make an informed 3. Education about privacy
choice concerning the uses of their personal information 4. Best practices
when signing up to use any of these personal health record 5. Privacy in HHS-sponsored
products or services.
activities
6. Privacy in activities by
Privacy measures at least equal to
entities not covered by HIPAA
those in HIPAA should apply to all
7. Assessment
PHR systems, whether or not they
are managed by covered entities.
Recommendation 3:
While HIPAA compels covered entities to provide notice of Education about privacy. In any public education program
their privacy practices to consumers, not all PHR vendors are about PHR systems, HHS and other parties should inform
“covered entities” as defined under HIPAA. The Committee consumers about the importance of understanding the pri-
is unaware of any requirement that compels PHR vendors vacy policies and practices of PHR system vendors, including
not covered by HIPAA to provide to consumers the terms and the enumeration of potential secondary uses and disclosures
conditions governing the privacy of their personal data. While of personally identifiable health information.
the Committee does not suggest that HIPAA or a HIPAA-like (See Recommendation 2.)
framework is necessarily the most appropriate for
safeguarding privacy in PHR systems, it does believe that Recommendation 4:
privacy measures at least equal to those in HIPAA should
apply to all PHR systems, whether or not they are managed Best practices. HHS should identify and promote best
by covered entities. The Committee also believes that it is practices with respect to privacy policies and practices for
vital for PHR systems vendors to provide clearly stated, PHR systems, and models for plain language wording of
easily understood, up-front privacy notices to consumers of notices describing these policies and practices. These best
their privacy policies and practices, and that these notices practices and models should also address translations into
should be translated into other languages. other languages.
The recommendations below indicate some initial steps that Recommendation 5:

should be undertaken to address these concerns. However,
the Committee believes that these issues are entwined with, Privacy in HHS-sponsored activities. For any HHS-
though not necessarily identical to, the privacy and sponsored pilot projects, and any contractual relationship
confidentiality issues that must be addressed within the that CMS undertakes with entities intending to utilize CMS
context of the National Health Information Network (NHIN). data in PHRs, HHS should require that those PHR systems
The NCVHS Subcommittee on Privacy and Confidentiality provide advance notice to consumers of any uses or disclo-
has been conducting hearings on privacy and confidentiality sures of personally identifiable health information. In those
and the NHIN, and additional recommendations will situations where HIPAA does not apply, uses or disclosures
be forthcoming. of information in PHRs should not be allowed without the
express consent of the consumer.

Recommendation 6:
Privacy in activities by entities not covered

by HIPAA. Entities not covered by HIPAA that offer PHR
systems should voluntarily adopt strict privacy policies and
practices and should provide clear advance notice to con-
sumers of these policies and practices. This notice should
specifically include a full description of all uses of PHR data.
In addition, NCVHS recommends that no health information in
a PHR be used without the express consent of the consumer,
which may be obtained in conjunction with the notice.
Recommendation 7:
Assessment. HHS should collaborate with other Federal

agencies as appropriate to review and assess issues related
to privacy and other consumer protections for PHR systems.
Such a review should evaluate existing authorities and
mechanisms for addressing potential problems; it should also
identify gaps and recommend appropriate action.

Security Requirements
NCVHS noted that security is a critical component of a PHR system, especially if it is accessible via the Internet.
Appropriate security measures must be employed to minimize the risk that an unauthorized person could gain
access to an individual’s information contained within a PHR. Survey and focus group research presented to the
Workgroup indicates that widespread adoption of PHRs is not likely to happen until consumers are confident that
they have adequate security protections. This confidence seems to depend on having the ability to control access
to personal information and to audit who has seen it. As noted, the Committee found that PHR systems may exist
in a variety of forms. Some of these may be within the exclusive control of the individual, such as a smart-card or
thumb-drive based system. The large majority are currently Internet-based, such as those sponsored by healthcare
providers, health insurers, or commercial ventures. New technical approaches may be needed to promote and
achieve personal control over the creation, management, and exchange of personal health information contained
within PHRs. The HIPAA Security Rule, as noted, has limited application. However, there is broad validity to its
observation that specific security requirements will vary
over time based both on threats, available security tech- Security is a critical component
nologies and requirements inherent to a particular PHR. of a PHR system, especially if it is
As noted above, the HIPAA Security Rule only applies to accessible via the Internet.
covered entities.
view and contribute patient information. Ensuring

With an Internet-based PHR authentication and access control in this context
thus represents a major challenge. Further, while
system, multiple individuals, healthcare providers can use a variety of advanced
such as family members and technologies to secure an EHR, there is some ques-
caregivers, may view and tion as to whether consumers generally are willing
to accept the burdens or costs associated with the
contribute patient information.
use of enhanced security technologies. The wide-
Ensuring authentication and scale adoption of such technologies for PHR systems
access control in this context will therefore be problematic, and security for PHR
represents a major challenge. systems will probably be limited to technologies
that are generally available for desktop operating
systems. Further complexity is added by the multiple
In a healthcare setting, the provider can control sources for information on the individual, includ-
the access of employees and affiliated staff to a ing provider EHRs and external laboratory systems
patient’s information in an EHR. With an Internet- providing test results. Ensuring that the source of
based PHR system, in contrast, multiple individu- the information and the contents are authenticated
als, such as family members and caregivers, may and can not subsequently be changed (i.e., can not

be repudiated) is part of the challenge. The Committee plans Recommendation 9:
to explore the issue of non-repudiation (i.e., authenticating
the integrity of the contents and exchange of information) as Security in HHS activities. For any HHS-sponsored pilot
it relates to PHR systems. Here it offers recommendations projects and any HHS contracts to produce PHR systems,
pertinent to the other issues raised above. HHS should require that security protections consistent with
the HIPAA Security Rule be implemented.
Recommendations
on Security:
8. Security standards framework
9. Security in HHS activities
Recommendation 8:
Security standards framework. HHS should work with

relevant stakeholders to develop and promote a standards
framework for authentication, access control, authorization,
and auditability based on the following principals:
n All PHR systems should provide consumers with
terms and conditions of use.
n All PHR systems should provide functionality
that enables a consumer to audit who has
accessed the consumer’s information
within the PHR.
n All PHR systems should be based on industry-
standard security and authentication schemes.
This should not preclude vendors from making
additional security protections available
at the option of the consumer. The decision to
adopt additional security technologies should take
into consideration portability, supportability and
cost of such solutions.
n PHR systems should include functionality that
provides a consumer with the ability to control
who accesses the consumer’s information
within the PHR. This would include the ability
for the consumer to restrict access to specific
subsets of information within the PHR.

Interoperability
As observed at the beginning of this report, the greatest opportunities for improving health and health care lie
in enabling information exchange between the three dimensions (areas) of the national health information infra-
structure. Consumers, providers, and those responsible
for population health use much of the same informa- The greatest opportunities for
tion, but they do so for different purposes: respectively,
improving health and health care
to manage personal and family health, to care for
lie in enabling information
patients, and to protect and promote the health of
exchange between the three
the community and the nation. The overlapping areas
dimensions (areas) of the national
shown in the diagram on page 12 illustrate the types
health information infrastructure.
of information that will be shared and the need for
interoperability. Interoperability is the term used to
The full potential of PHR systems
describe the technical capacity for this exchange
will not be realized until they are
of data between different information systems. capable of widespread exchange
The full potential of PHR systems will not be realized of information with EHRs and
until they are capable of widespread exchange of other sources of personal and
information with EHRs and other sources of personal other health data.
and other health data.
of their treatment relationship to that provider.

Interoperability is even more limited at present
Interoperability is limited in
for most stand-alone PHR systems, which require
a number of ways. consumers to manually enter their health data.
None currently exchanges information with EHRs
electronically, although some pilot projects to do
Currently, interoperability is limited in a number
so are underway in both the Federal and private
of ways. First, most PHR systems in use today are
sectors. While stand-alone PHR systems could
integrated with one provider’s EHR system, in effect
potentially contain data from multiple EHRs, the
serving as a portal view into the EHR. This provides
current lack of interoperability standards impedes
tight integration between what the patient sees and
the flow of information between any one EHR and
what the provider sees. However, if EHR systems
a stand-alone PHR.
are not interoperable, the content would be primar-
ily limited to what is stored in that provider’s EHR.
In all likelihood, the data from other providers or
other data sources would not be accessible to the
patient’s PHR. Hence under those conditions, the
value to consumers exists only in the narrow context

Recommendation 11:
Standards development efforts to date
have not focused on certain key areas Consistency of EHR and PHR standards. HHS should
encourage standards development organizations, wherever
that would be necessary for optimum
possible, to adopt for the PHR those standards that are used
PHR implementation. to promote interoperability of EHRs.
Standards development efforts to date have not focused on Recommendation 12:

certain key areas that would be necessary for optimum PHR
implementation. Significant work is needed on the following PHR data sets. HHS should encourage standards develop-
issues: user authentication, identification of the data source ment organizations, wherever possible, to identify data
(consumer, family member, caregiver, provider, other), non- sets for PHR systems that are consistent with those used
repudiation, communication to and from PHR systems, for EHRs.
mapping of medical jargon to consumer-oriented information
and terms, and enabling consumer-controlled access.
The Committee heard broad agreement that a core or limited
Recommendation 13:
set of personal health data is important for PHR utility,
Standards for HHS-sponsored activities. For any HHS-
although there was no consensus on a particular data set.
sponsored pilot projects and any contractual relationship that
Agreement on a specific minimum or core data set could
CMS undertakes with entities intending to utilize CMS data
help promote interoperability.
in PHR systems, HHS should require that PHR vendors and
health care organizations adopt data content and exchange
standards that are based upon standards accepted for EHRs,
Recommendations
as a way of improving the interoperability of the systems.
on Interoperability:
10. Addressing standards gaps Recommendation 14:
11. Consistency of EHR and
PHR standards Standards for private-sector activities. Private sector
PHR vendors and health care organizations should voluntarily
12. PHR data sets
adopt data content and exchange standards that are based
13. Standards for HHS- upon standards accepted for EHRs, as a way of improving the
sponsored activities interoperability of the systems.
14. Standards for private-
sector activities
Recommendation 10:
Addressing standards gaps. Standards development

efforts should be expanded to address issues related to
authentication, identification of the data source, non-repu-
diation, communication to/from PHR systems, mapping to
consumer-oriented concepts and terms, and the enabling of
consumer-controlled access.

Federal Roles in PHR
Systems, Internal
and External
The Committee heard testimony that the Federal government can offer vision and strategic leadership for PHR develop-
ment and dissemination across its many roles in the health sector—that is, its roles as policy maker, healthcare provider,
payer, employer, and sponsor of research and public education. The Committee notes that a number of documents
already exist that can help identify specific opportunities, including the report cited on page 12 of this Report. Several
Federal agencies are already pursuing the use of or interaction with PHR systems to support their own missions (e.g.,
CDC and CMS, DoD and VA). Development of harmonized definitions for PHR systems and EHR systems will help coordi-
nate these efforts with other Federal agencies, thereby
preventing unwanted duplication and confusion among
The Federal government can offer
users and promoting needed interoperability. NCVHS
vision and strategic leadership for
believes that HHS can model its role on the one it plays
PHR development and dissemination
with respect to EHR adoption. That is, it can encourage
and actively participate in a public/private partnership
across its many roles in the health
that facilitates standards-based approaches in a harmo- sector. NCVHS believes that HHS
nized legal and regulatory environment across geopoliti- can encourage and actively participate
cal boundaries. The Committee heard that the Federal in a public/private partnership
Employee Health Benefits Plan could provide a vehicle that facilitates standards-based
for encouraging PHR system use and assessment. An approaches in a harmonized legal
additional federal role is to provide for experimentation and regulatory environment across
and research to facilitate the evolution of PHR systems, geopolitical boundaries.
as described below.

NCVHS observed that the ability of people to easily connect to
their health information source, either by the Internet or other
means, will be a determining factor in the widespread success
of PHR systems. There are limited examples of PHR systems
supporting underserved populations in rural and urban areas.
Recommendations
on the Federal Role:
15. Assess Federal roles
16. Considerations for
underserved populations
Recommendation 15:
Federal roles. Federal agencies should assess how they can

more fully explore and appropriately promote the benefits of
PHR systems across their respective roles.
Recommendation 16:
Considerations for underserved populations.

The Federal government should identify and address the
information technology access and use barriers that limit the
dissemination of PHR systems, particularly to underserved
populations. HHS also should address health literacy issues
that could limit the use of PHR systems by the most vulner-
able populations.

Advancing Research
and Evaluation
on PHR Systems
The hearings identified numerous issues regarding PHR systems that require further research and evaluation—for
example, who uses them and how, interactions with health services, and impacts. NCVHS found that much of the
currently available information about PHR systems is based on expert opinion and focus groups. It concludes that a
variety of research, evaluation, and pilot studies are necessary to answer key questions and allow comparison of PHR
system types and approaches. Findings from rigorous research and evaluation studies will increase the evidence base
for the effective implementation and use of PHR systems. At least some of the needed research may be conducted as
an extension of current and planned research into EHR systems. The Committee estimates that the amount of funding
required for PHR systems research would be a mod-
The Committee identified broad areas for est percentage of ongoing and future health IT and
research and evaluation for PHR systems. EHR research efforts.
These areas include consumer, health
services, and technical research and the The Committee identified broad areas for research
and evaluation for PHR systems. These areas include
development of metrics to assess the consumer, health services, and technical research and
implementation and impact of PHR the development of metrics to assess the implemen-
systems on multiple dimensions of tation and impact of PHR systems on multiple dimen-
sions of health and healthcare.
health and healthcare.
Consumer Research Health Services Research
Consumer research should identify who is adopting PHR Health services research should address issues
systems; how individuals use the systems; barriers to adop- related to PHR systems’ impact on workflow,
tion and successful use; and access, pricing and usability particularly its effects on efficiency and utilization.
issues, among other things. Identification of these factors While there are presumptive positive relationships
can inform decisions about the functions and drivers for between PHR systems and patient safety, healthcare
PHR systems adoption. When overlaid with the different quality, costs, and individual and population health,
types of PHR systems that the Committee has identified, the the actual impact is unknown. Some areas for fur-
health care and technology industries can design successful ther research with respect to patient management
products that will match consumers’ needs and preferences, include whether and how PHR systems change the
and the Federal government can more easily identify the best way individuals relate to healthcare providers and
purposes for any Federally-sponsored or Federally-promoted the healthcare system; whether PHR systems lead
PHR system. to better self-management of chronic conditions;

whether PHR systems improve the availability of clinically Recommendation 18:
relevant information before, during and after encounters;
and whether PHR systems contribute to modifying unhealthy
OPM pilots. HHS should collaborate with the Office of
life-style behaviors such as smoking, lack of exercise, and
Personnel Management to help implement pilot studies of
poor diet.
PHR systems with payers and beneficiaries of the Federal
Employees Health Benefits Plan.
Technical Research
Technical research would examine methods to optimize the Recommendation 19:

interface between PHR and EHR systems; the optimization
of standards for interoperability; approaches to authentica- AHRQ research. The Agency for Healthcare Research and
tion, identification, and role-based permissions; and the Quality (AHRQ) should expand its evolving health information
ability to execute data-source annotation. technology research portfolio to support health services re-
search and the development of metrics to assess the impact
Metrics of PHR systems on quality of care, patient safety, and patient
outcomes.
NCVHS concludes that a series of metrics around PHR
system usage, processes, outcomes, and impacts should
Recommendation 20:
be identified and tested. Metrics should also monitor the
quality, validity and reliability of records management of PHR
system data, including the concordance of consumer/patient- CMS pilots. The Centers for Medicare and Medicaid Ser-
entered and provider-entered data. vices (CMS) should conduct pilot studies of PHR usage for
chronic diseases to evaluate utility and cost effectiveness for
beneficiaries, providers and payers.
Recommendations on Advancing
Research and Evaluation:
17. HHS research
18. OPM pilots
19. AHRQ research
20. CMS pilots
Recommendation 17:
HHS research. The Secretary should request that all agen-

cies review their research portfolios and program operations
and report to the Secretary the ways they could contribute
to the research and evaluation of PHR systems.

The National Committee will continue to gather information on this dynamic field. In particular, it plans to release
additional recommendations on privacy, confidentiality and the NHIN. In addition, it will provide a forum for exploring
the following issues that arose from the initial hearings:
n The role of CMS
n Ownership and control of data within PHR systems
n The ability of PHR systems to obtain data from external sources such as provider systems, claims
clearinghouses, health plans and similar sources
n Non-repudiation (authenticating the integrity of the contents and exchange of information)
n Potential liability for providers associated with the use of incomplete or inaccurate data within a PHR
n Privacy policy practices, including notice

Notes

Personal Health Records and Personal Health Record Systems

Uploaded by

Copyright:

Available Formats

Personal Health Records and Personal Health Record Systems

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Personal Health Records and Personal Health Record Systems

Uploaded by

Copyright:

Available Formats

A Report Recommendation

from the National Committee