PHR vendors bypass patients, pitch to business

After several years of mostly striking out with consumers, personal health record vendors are adopting a business-to-business marketing model, courting employers and insurers in hopes of expanding PHR adoption.

A recent study by Cambridge, Mass.-based industry analyst Chilmark Research found that of the more than 200 PHRs on the market, only 20% are Internet-hosted, which is what the study focused on.

Of those, 40% are thriving, 35% are treading water "and the remaining 25% are walking zombies, not quite dead, but not very alive, either," the study said.

Study author John Moore said PHR vendors, until recently, were marketing to consumers. But with the exception of those with a chronic disease or their caregivers, consumers had expressed very little interest.

Now employers and health plans are starting to see the potential for PHRs to reduce health care costs, Moore said, and are offering incentives for their use. So vendors are focusing on strategic alliances.

Who sees the data?

Moore said privacy and security hurdles still need to be cleared before consumers can be sold on offering personal information for any PHR.

"What really surprised me [in doing the survey] is what a terrible job the PHR vendors have done addressing privacy and security as an industry," he said.

Moore believes the entrance of Google and Microsoft into the market could help raise the bar on what consumers will expect.

But the American Medical Association and others aren't waiting for vendors to respond, but would like to see legislation mandating security standards. The AMA is advocating that HIPAA be extended to all entities that have contact with health data, including PHR vendors.

As evidenced by questions asked of Google CEO Eric E. Schmidt when he publicly unveiled Google Health at the Health Information Management Systems Society meeting in Orlando, Fla., in February, many people believe that PHRs are already covered by the federal health privacy law. Schmidt reiterated that Google was not covered by HIPAA, and therefore had no laws to abide by.

But, for the most part, privacy advocates who are often critical of the limitations of HIPAA have been pleased with the security policies laid out by Google and Microsoft.

In search of more functions

Moore said early PHR offerings were lacking in ability to connect and share with other systems and data sources as well as in functionalities that make the systems more "actionable" to consumers. PHRs "that serve simply as an online filing system for medical records will become irrelevant," Moore said.

America's Health Insurance Plans, the insurance industry trade group, has advocated the creation of consumer-controlled and managed systems, but so far most plan-sponsored products have been tethered and allow little more than read-only access to claims data and don't allow portability if the consumer changes jobs or health plans.

AHIP spokesman Robert Zirkelbach said the organization has worked with BlueCross BlueShield Assn. to develop standards to make plan-sponsored PHRs portable to other plans.

But Moore said the trend is moving toward third parties creating and maintaining the systems, similar to what a group of large employers, including Wal-Mart and IBM, did when they created Dossia.

In addition to alleviating privacy fears, third parties are helping make the systems more robust and portable, he said.

In recent weeks Kaiser Permanente announced a partnership with Microsoft. And Google announced a partnership with Blue Cross Blue Shield of Massachusetts.

Moore said because of their leveraging power, Google and Microsoft are able to create partnerships that early PHR vendors could not. And those partnerships will be the key to PHR growth, he said.