Business
Privacy framework for personal health records developed
■ Major PHR vendors sign on to the AMA-supported standards.
By Pamela Lewis Dolan — Posted July 14, 2008
- WITH THIS STORY:
- » Related content
Dossia, Microsoft, Intuit, Google and WebMD have joined forces with others in the health care sector to endorse a set of practices for both the technology and the use of personal health records.
A PHR framework was developed by the Markle Foundation-operated Connecting for Health, a public-private collaboration that included several groups, including the American Medical Association. The announcement on June 25 came the same day Markle released a new survey that looked at consumer attitudes toward PHRs.
The framework was developed over the course of 18 months and includes 14 specific technology and policy approaches for vendors and for consumers. Markle said the framework will help vendors create systems that easily can exchange and protect patient data, while also providing consumers with guidelines on how to choose and maintain a PHR system.
The Markle survey found that 79% of the public believes that PHRs would provide major benefits to individuals in managing their health and 46.5% of the public expressed an interest in having a PHR. Nearly 57% of the public express concern over the privacy and security of their data and more than 90% felt that their expressed consent should be required for each use of their information.
David Lansky, PhD, president and CEO of Pacific Business Group on Health and chair of the Connecting for Health work group, said the group did not discuss whether PHRs should be entities covered under the Health Insurance Portability and Accountability Act. They currently are not.
Instead, it focused on remedies to privacy concerns that are not contingent on the service or user being covered under HIPAA laws. The AMA is among those advocating the expansion of HIPAA to include PHRs.
AMA Board of Trustees Chair Joseph M. Heyman, MD, an ob-gyn from Amesbury, Mass., said the AMA supports the Connecting for Health framework because it ensures oversight of PHR users who are not HIPAA-covered entities.
He said it offers comfort to physicians concerned with sharing patient data with non-HIPAA-covered third parties, even those that receive a patient's consent.
Under the new framework, patients would chose with whom to share their data. An audit system will track who has accessed each account.
Steve Finlay, health care analyst for the Consumers Union, said the Connecting for Health documents will enhance public trust of PHRs. The Consumers Union was one of many organizations that endorsed the rules.
Several insurers and large employers were among the endorsers as well. They agreed to the consensus language that prevents private health data being used against the individual either for adverse underwriting or employment purposes.