Cracking Open the Shell on the Personal Health Record

Posted on November 5, 2014 I Written By

Andy Oram is an editor at O'Reilly Media, a highly respected book publisher and technology information provider. An employee of the company since 1992, Andy currently specializes in open source, software engineering, and health IT, but his editorial output has ranged from a legal guide covering intellectual property to a graphic novel about teenage hackers. His articles have appeared often on EMR & EHR and other blogs in the health IT space. Andy also writes often for O'Reilly's Radar site ( and other publications on policy issues related to the Internet and on trends affecting technical innovation and its effects on society. Print publications where his work has appeared include The Economist, Communications of the ACM, Copyright World, the Journal of Information Technology & Politics, Vanguardia Dossier, and Internet Law and Business. Conferences where he has presented talks include O'Reilly's Open Source Convention, FISL (Brazil), FOSDEM, and DebConf.

The concept of maintaining your own health data enjoyed a brief flurry of activity a few years ago with Google Health (now defunct) and Microsoft HealthVault (still active but not popular). It has gotten a second chance with Apple HealthKit, Google Fit, and other corporate offerings explicitly tied in with the convenience of mobile devices. Microsoft itself has galvanized HealthVault with a Microsoft Health initiative similar to Apple’s HealthKit. Recently I’ve been talking to health care reformers about the business and political prospects for personal health records (PHRs).

Patient access to data was enshrined as a right back when HIPAA was passed and is still championed by the US government through Meaningful Use (whose Stage 3 may well focus on it) and other initiatives, and has been endorsed by the industry as well. But this requirement won’t be satisfied by the limited patient portals that hospitals and clinics are hanging out on the Web. Their limitations include:

  • Many provide only viewing data, not downloading or transmitting it (all of these are mandated by Meaningful Use).
  • Data maintained by providers can’t easily be combined into a holistic, comprehensive view, which is what providers need to provide good care.
  • Data on portals is usually a thin sliver of all the data in the record: perhaps prescriptions, appointments, and a few other bare facts without the rich notes maintained by clinicians.
  • You can’t correct errors in your own data through a portal.
  • Clinicians rarely accept data that you want to put in the record, whether personal observations or output from fitness devices and other technical enhancements.

All these problems could be solved by flexible and well-designed personal health records. But how does the health care field navigate the wrenching transition to giving people full control over their own data?

Dr. Adrian Gropper has investigated PHRs for years and even considered building a simple device to store and serve individual’s health data. Now he says, “I can’t recall any physician in my medical society that has ever said they wished their patient had a PHR. Nor do I, after many years on the Society for Participatory Medicine list, ever recall a patient praising the role of their PHR in their care. Today’s PHRs are clinically irrelevant.”

This is not a condemnation of PHRs, but of the environment in which vendors try to deploy them. Many health reformers feel that several aspects of this care environment must evolve for PHRs to be accepted:

  • PHR data must become appealing to doctors. This means that device manufacturers (and perhaps patients themselves) must demonstrate that the data is accurate. Doctors have to recognize value in receiving at least summaries and alerts. Many benefits can also accrue from collecting vital statistics, behavioral data, and other aspects of patients’ daily lives.
  • The doctor’s EHR must seamlessly provide data to the patient, and (we hope) seamlessly accept data from the patient–data that the doctor acts on. Currently, most manufacturers store the data on their own sites and offer access through APIs. Another programming step is required to get the data into the PHR or the doctor’s EHR.
  • Clinicians have to agree on how to mark and collect the provenance of data. “Provenance” deals with assertions such as, “this data was generated by a Fitbit on October 10, 2014” or “this diagnosis was challenged by the patient and changed on August 13, 2010.”
  • Add-on services must make the data interesting and usable to both patients and physicians. For instance, such apps can alert the patient, clinician, or family members when something seems wrong, let them visualize data taken from the PHR and EHR over time, get useful advice by comparing their data to insights from research, and track progress toward the goals they choose.

“A critical force in increasing consumer engagement in digital health is the development of compelling, easy to use tools that make it simple to collect, understand and use health information to reach the goals consumers define for themselves, whether that’s managing a chronic condition, saving money, or fitting into their ‘skinny jeans’,” writes Lygeia Ricciardi, former director of the Office of Consumer e-Health at the ONC. “In an age of ‘one click purchasing,’ it must become incredibly easy for patients to access and share their own health information digitally–if it’s too complex or time consuming, most people probably won’t do it.”

In addition to sheer inertia, a number of disincentives keep PHRs from congealing.

  • Many doctors are afraid of letting patients see clinical notes, either because the patient will ask too many questions or will be upset by the content.
  • Hospitals and clinics want control over records so that patients will return to them for future treatment.
  • Marketing firms live off of rich data lodes on our health data.
  • Other organizations with dubious goals, commercial and governmental, want to track us so they can deny us insurance or control our lives in other ways.

Wait–what about the patients themselves? Why haven’t they risen up over the past several years to demand control over their data? Well, maintaining your health data is intimidating. The data is highly detailed and full of arcane medical concepts and terminology. Most patients don’t care until they really need to–and then they’re too sick and disabled to form an effective movement for patient control.

Still, several leaders in health care believe that a viable business model can be built on PHRs. The spark of hope comes from the success of apps that make people pay for privacy, notably SnapChat and Whatsapp. Although some sloppy privacy practicies render these services imperfect, their widespread use demonstrates that people care about protecting their personal data.

Private storage can be offered both in the cloud and by personal devices, using standardized services such as Direct and Blue Button. These will start out as high-end services for people who are affluent and have particular concerns about storing their own data and choosing how it is shared. It will then become commoditized and come down in price.

What about people who can’t afford even the modest prices for cloud storage? They can turn patient data into a civil rights issue. There’s a potent argument that everyone has the right to determine who can get access to their health data, and a right to have data generated during their daily lives taken into account by doctors.

We don’t need one big central service–that’s insecure and subject to breaches. Multiple services and distributed storage reduce security risks.

We’ll see change when a substantial group of people start to refuse to fill out those convoluted forms handed to them as them enter a clinic, saying instead, “Get it from my web site before you treat me.” Before that protest begins, there’s a lot of work in store for technologists and businesses to offer patients a usable record system open to the wide range of data now available for health.