Prevention

News about Safe Online Personal Health Records

By Michelle V. Rafter

Once upon a time, a personal health record was the baby book your parents bought to chronicle your first tooth, booster shots and when you were potty trained.

Today, we have a new way of tracking medical milestones for ourselves, our children, and in some cases, aging parents -- in an online personal health record, or PHR. You can set up PHRs on independent web sites such as myHealthFolders or iHealthRecord. Alternatively, you can use PHRs that have been set up by your employer, doctor or health insurer.

But are health records safe in digital form? Are online records vulnerable to people who don’t have authorised access, or to be copied and transmitted without your knowledge? These are all important concerns without easy answers. When it comes to federal regulations, at the moment, they only protect the privacy of personal medical records at hospitals and other medical providers. They don’t apply to non-health care companies offering online PHRs.

Storing medical records digitally can be a very effective and organised way to keep track of health history but you need to be vigilant about protecting this very private information.

The first step is to understand what’s in a personal health record? It can include:

• Childhood immunisation records

• Medical history, including ongoing or chronic conditions

• Lab test results

• Surgeries

• Pregnancies

• Wellness activities, such as gym memberships or exercise regimens

• Allergies, including food allergies

Benefits of digitising health records

One of the best benefits of a PHR is that your health data is in one place, making it easily accessible if you change doctors, are suddenly hospitalised, or move. Jessi Palomo, a married mother of three in Portland, Ore., recently started using HealthVault, an online PHR Microsoft introduced in October 2007. Palomo has typed information about her past surgeries into the service's online record keeper over a secured web site. She's also started files containing the immunisation records of her three sons. “We used to keep our stuff in a filing cabinet and tracking down what’s been done where and what doctor you’ve seen, it gets frustrating,” she says.

Health-care providers favor online records because digital information is easier to store and exchange -- such as when a lab needs to send test results to a doctor’s office -- eliminating the time and expense of faxing or mailing paper files. For those reasons, there’s a big push by health-care providers and technology companies to adopt PHRs. In addition to Microsoft, Google started testing a PHR with the Cleveland Clinic in February. Other major hospitals and health-care institutions have started offering this online record keeping service, too. At Kaiser Permanente, for example, two million members have signed up for the HMO’s three-year-old PHR, called My Health Manager, according to a company release. However, according to health-care technology associations and other groups, the number of people in the United States using online PHRs is still very small. When Aetna, the insurance carrier, and the Financial Planning Association surveyed 2,100 people in July 2007, 64 percent said they didn’t know what a PHR was. Of the number that did, only 11 percent said they were currently using one.

Protect your privacy

A major obstacle that could hold back wider acceptance is security. Federal regulations passed in 2003 established privacy precautions hospitals and other medical providers must take to keep patients’ records safe. But those rules don’t apply to non-health care providers, such as Internet or technology companies that offer online PHRs.

As a result, you should familiarise yourself with the security precautions providers of online PHRs employ to keep records safe, according to the World Privacy Forum, a San Diego, Calif., nonprofit that tracks medical privacy issues. Here's how:

• Read the privacy policy before filling out a PHR.
  Online PHR providers should have privacy policies outlined on their web site. The World Privacy Forum counsels people to read these policies thoroughly to determine whether information will be shared with any third parties.

• Separate demographics from medical data.
  Strip out addresses, phone numbers, Social Security numbers and other information that could be used to match you to your medical records, and therefore provide the basis for identity theft or other fraud, says Jane Horowitz, vice president and chief marketing officer with the National Alliance for Health Information Technology, a health-industry trade group. “A web site will tell you they’re secure and they’ll do everything they can to make sure it’s secure, but I would still try to unlink as much as possible,” Horowitz says.

• Use strong passwords.
  Online PHR providers have controls to make sure only users you authorise can access your medical records. Additionally, you must do your part by choosing passwords and password hints that are unique and hard to guess so identity thieves can’t easily crack them, Horowitz says.

Back in Portland, Palomo is concerned about keeping information in her online PHR safe, and away from insurance companies that might want the information when they calculate policy rates and premiums. But those concerns won’t stop her from using the online records. She’s looking forward to the day when her family’s medical groups and hospitals are part of the system too. “That will tie everything together,” she says.