Opinion: Benefits of personal health records will eclipse privacy concerns

Computerworld - In five years, the privacy debate over personal health records will be over, and you and I will be storing our medical records at a central location. Why? Because the benefits of better care and less paperwork will outweigh our current fears about breaches and inappropriate data-sharing. Whether that central location is Redmond, Mountain View or Boston will depend on whom we trust most with our medical information.

What is an electronic personal health record (PHR), anyway? I recently reviewed the specifications of five key players' platforms, and I'd say the prevailing model will have these six core features:

1. A single repository that integrates files of varying formats from multiple sources.
2. Files that are related in a way that provides cohesive, longitudinal records over time that are easily searchable.
3. The trust of doctors, who will believe the files are accurate and authentic.
4. Records that are understandable to the patient.
5. The ability for patients to add information and flag errors.
6. Patient control over who sees what.

I don't see these records being stored on cards we carry around, because I don't think cards can provide all of these features. These “records” are going to be Web-accessible databases stored on a server somewhere.

What kinds of records will they contain? The sky is really the limit on this question. Promised data sets include the following:

• Prescriptions, food and drug allergies, and immunizations.
• Past illnesses and hospitalizations.
• Results from tests, physical exams and clinical trials.
• Information from implanted medical devices.
• Health insurance information and claims.
• Living wills and organ-donor instructions.
• Exercise and diet records.
• Genomic information.

With this kind of sensitive information concentrated in one place, privacy and security will become mission-critical. Repeated breaches could irreparably undermine confidence in and adoption of the system.

So, what if you took the most hardened privacy advocates, put them in a room, and told them they had to issue the ideal privacy and security requirements for these PHR platforms? What would they say?

Judging from past statements, I think their concerns would mirror the seven EU-U.S. Safe Harbor principles:

1. Notice. Users would need total awareness of what records were being added to their PHRs.
2. Access. Users would need full access to any record in their PHRs, and those records would need to be easily understandable.
3. Data integrity. Users would need to be able to flag and amend any inaccuracies and supplement records with their own input.
4. Security. Not just “reasonable” security, but the best available security would need to be deployed, including encryption of data at rest. All instances of a patient's record being accessed would need to be logged.
5. Choice. Participation would need to be voluntary, and users would need to be able to have granular, field-level control over who gets to see what parts of their records, and for what purpose.
6. Onward transfer. Users would need to be able to restrict how their file is shared and have some recognizable way to know that data recipients had been security-certified.
7. Enforcement. Users would need to see reliable evidence that the privacy and security of the platform had been regularly and independently verified. And they must have an independent way to resolve their privacy concerns.