PHR report card is rather meaningless at this point

With much fanfare, the Patient Privacy Rights Foundation on Wednesday unveiled its first "report card" on the privacy protections built into personal health records. "Some PHRs only share your information with your explicit permission. Some allow you to segment 'or lock-up' extra sensitive information, so it can only be seen by those that you permit. Some offer easily accessible reports of who saw and used your information, when and why," the Austin, Texas-based organization said in a statement.

A consumer-centric product called NoMoreClipboard earned the only "A," for having a privacy policy that PPR Executive Director Ashley Katz called simple and straightforward. PHRs offered by employers or insurers received a failing grade. The much-hyped Microsoft HealthVault--which has agreed to submit to privacy testing once the foundation develops a long-stalled certification program--earned a "B" for its platform, but an "F" for programs that can access a user's account. Google, which hasn't exactly been a model of transparency with its Google Health efforts, received a "D" for its platform and an "F" for its myriad partners in terms of privacy protections.

"We're alarmed about the growing use of personal health information without patients' knowledge or explicit permission," Katz said, according to

It's good to know this information. The problem is, it's kind of a red herring. Almost nobody is using PHRs right now. ( chowed down on that red herring, confusing PHRs for "electronic medical records" and erroneously reporting that the federal stimulus is funding $19 billion worth of "electronic personal health records [PHRs]." But the non-healthcare media's failings, particularly in thinking that HealthVault and Google Health are industry leaders, are another story for another time.)

I guess we can call this a pre-emptive strike by PPR, a group founded by privacy guru Dr. Deborah Peel, in case PHRs eventually do take off. I think they will, but not until there are more actual EMRs to feed data to personal health records. - Neil