Over time, the American Health Information Management Association has thrown its weight behind the development of personal health records, calling them "a key element in the U.S. transformation to a safe, more efficient, consumer-driven healthcare system." But at least one professional critic, the founder of the Patient Privacy Rights Foundation, has taken exception to this stance, arguing that there are gaping holes in PHR privacy rules which aren't addressed by HIPAA. In its written materials, AHIMA has taken the position that PHRs are owned by the patient, rather than the organization which hosts the data. But PPRF's Deborah Peel, a psychiatrist, is arguing that insurance companies and employers who host PHRs may not take this view, and may in fact use the PHR data against consumers to deny coverage. She also argues that consumers will lose control of their data, which could easily be handed to other companies, sold or used for medical underwriting. "The health data in PHRs is not protected by any laws and will be held in databases owned by corporations not subject to laws or medical ethics that guarantee privacy," Peel said.
Peel suggests that until federal laws are passed stating that consumers own their health records--and have a right to control their contents--consumers should not create PHRs. AHIMA, for its part, argues that at a minimum, the issue of whether PHRs make sense for consumers is far more complicated than Peel suggests. To further its privacy goals, AHIMA would like to see CCHIT establish data standards, a minimum data set, data sourcing and security criteria consistent with HIPAA for all PHR implementations.
To learn more about this issue:
- read this Modern Healthcare item (reg. req.)
- read this AHIMA press release
- read the PPRF press release
- read the AHIMA/AMIA PHR position statement (.pdf)