Tag Archives: PHR

“Consumer” or “Patient” – Roles We Play

I have been involved in many conversations and listened to numerous presentations that use the words “consumer” and “patient” interchangeably, often in the same sentence!  While I will readily admit that we can get hung up on words at the expense of getting anything done, I think that the inaccuracy in our use of language can actually impede progress.    Such is the case, I suggest, with regard to the words “consumer” and “patient”.

While the debate as to whether the individual who is the subject of care is a “patient” or “consumer” may be heated, both sides of the argument seem to be focused on classifying the individual as either a “patient” or a “consumer”.  I contend that “patient” and “consumer” refer to roles that we play and that we can shift between these roles depending upon the situation.  I define these roles as follows:

  • In the consumer role an individual will make choices of about the services that they need, when they need them and from whom they receive them. In this role, the consumer may engage service providers outside the traditional healthcare system such as a consumer health portal or consult with other individuals in on-line communities of interest.
  • In the patient role an individual has made choices regarding the healthcare services that they wish to receive and are engaged with one or more healthcare providers for these services. Just as banks and courier companies are using ICT to streamline operations and engage their customers in ways and at times that are most convenient to these customers so too can healthcare providers use ICT to engage their patients.

Numerous surveys and studies confirm that Internet users have a strong interest in searching for information related to health and medicine and interacting with others who suffer from the same disease or condition.  Yet, despite this strong interest in using the Internet for health related purposes, many so-called “personal health record” applications have floundered.  Examining these successes and failure reveals a pattern of behavior that is best explained by categorizing the role in which the individual operated when using these applications as either “patient” or “consumer”.   Applications that are designed for the role in which the individual is operating are more likely to garner an active and engaged audience.

I think it is time to better define what we mean by the words “patient” and “consumer” and to be more careful about how we use these words.  The distinction is critically important to understanding how best to use IT to help people manager their health.




Doctors Will Prescribe Mobile Apps

A recent article in Healthcare IT News examines the results of a survey conducted by research2guidance.  The results of this survey suggests that  “in five years the major distribution channel will be doctors prescribing or suggesting applications to patients as a component of treatment.

Respondents to the research2guidance survey felt the most effective mobile app distribution channels today are:

  • App stores – 53%
  • Healthcare websites – 49%
  • Doctors – 34%
  • Hospitals – 31%
  • Pharmacies – 16%

This mix will change dramatically in 5 years according to respondents, with healthcare providers growing importance as follows:

  • Hospitals – 68%
  • Doctors – 65%
  • Healthcare websites – 56%

The survey results support Mark’s and my contention that physicians are a key gateway for many eHealth applications, particularly those that interact with patients.   For example, we believe that the most successful PHR applications will be those that are recommended by the physician.  Since many of these applications will use personal health data collected and managed by the physician, EMR software will play a critical role in the eHealth ecosystem.



Healthvault strategy revisited

A post on a Microsoft Developer network blog points out that “In reality, there is no change in strategy – HealthVault is part of Microsoft overall business, but was never intended to ‘make a profit’ on it as a standalone product in the United States”. Rather, the post goes on to say:

HealthVault is an important  part, together with Amalga of Microsoft  end-to-end strategy for connecting care across the healthcare ecosystem. Together with other Microsoft solutions and partner solutions, it enables  integration of multiple sources of information and knowledge across the continuum of care … HealthVault in the US is Microsoft  “model home” for innovation in the ecosystem.

This view is consistent with Healthvault presentations that I have attended over the past few years.  Microsoft representatives were very clear that they did not see making a profit on Healthvault in the US.   I still find it interesting that they believe that they can generate a profit offering Healtvault in publicly funded healthcare systems but not in the home of “user pay” healthcare.  Or, perhaps I am just being cynical 🙂


US PHR Roundtable

Interested in personal health records (PHRs)?  So is the US Congress.  Section 13424 of the HITECH Act directs the Office of the National Coordinator (ONC) for Health IT to conduct a study and make recommendations related to the application of privacy and security requirements to “non-HIPAA Covered Entities”, with a focus on PHR vendors and related service providers.

To collect information related to the mandated study, the ONC is hosting a PHR Roundtable on December 3rd, 2010. According to the ONC website for this event, the Roundtable will “address the current state and evolving nature of PHRs and related technologies (including mobile technologies and social networking), consumer and industry expectations and attitudes toward privacy and security practices, and the pros and cons of different approaches to the requirements that should apply to non-CE PHRs and related technologies.”

The roundtable will include “four panels of prominent researchers, legal scholars, and representatives of consumer, patient, and industry organizations.”  These panels will include:

  • PHRs: Origins, Developments, Privacy and Security Practices
  • PHRs and Related Technologies: New Forms, New Audiences, and New Challenges
  • Privacy and Security of Identifiable Health Information in PHRs and Related Technologies: Expectations and Concerns
  • Perspectives on Privacy and Security Requirements for PHRs and Related Technologies

The ONC will begin accepting public comment at the beginning of November.



AMA Updates PHR Policies

At its annual House of Delegates (HOD) meeting last week, the American Medical Association (AMA) amended its current policy regarding Personal Health Records to address concerns about the use of patient supplied data in a PHR:

  • “If the patient is allowed to make annotations to his or her EMR …. the annotation should be indicated as authored by the patient with sourcing information …. A permanent record of all allowed annotations and communications relevant to the ongoing medical care of the patient should be maintained as part of the patient’s record.”
  • “Physicians retain the right to determine which information they do and/or do not import from a PHR into their EHR/EMR and to set parameters based on the clinical relevance of data contained within personal health records.”
  • “Any data imported into a physician’s EMR/EHR from a patient’s personal health record (PHR) must preserve the source information of the original data and be further identified as to the PHR from which it was imported as additional source information to preserve an accurate audit trail.”

In addition, the AMA adopted a new policy to address the physician’s use of information contained in a PHR.  Specifically, this policy includes the following elements:

  • “To the extent that the physician chooses to review a PHR, the physician retains the right to exercise professional judgment in determining the clinical relevance of information contained within a PHR.
  • “The physician is responsible only for the use of PHR data that the physician has actively chosen to incorporate into the patient-physician relationship; conversely, the physician bears no responsibility for PHR data that the physician has not actively and specifically incorporated into the patient’s active medical care.”
  • “All data contained within a PHR must have accurate and verifiable attributions as to the originating source of the data.”

According to an article posted June 18th on ModernHealthcare.com, the delegates decided that “it was too early to call on Congress to pass legislation regulating still-evolving and little-used personal health records.”

The CMA has been quite active in promoting various technologies to digitize healthcare including, not surprisingly, EMRs.  It will be interested to see if they follow their American cousins and approve resolutions related to PHR use.


Australia moves to Personally Controlled Electronic Health Records

Last fall I wrote about a possible dramatic shift in eHealth strategy in Australia.  Today,the Australian Minister for Health and Ageing, Nicola Roxon, announced a $466.7M (AU$) investment in “a secure system of personally controlled electronic health records” that are accessible over the Internet.  Patients will be able to “present for treatment anywhere in the country, and give permission for health professionals to access their relevant history at the touch of a button“.

There are increasing calls across Canada a open and public review of Canada’s eHealth strategy which is heavily oriented on a centralized system of electronic health records.   The Australians had embarked on a similar approach which they have abandoned in favour personally controlled health records.  Perhaps it is time for Canada to at least consider a similar approach.


“…About Your PHR”: A Response

A little over a month ago a post, written by Michael Martineau and Michael Power, was published on this blog (as well as Dot Indicia and ITWorldCanada) entitled “Dear McGill University Health Centre … About Your PHR”.  Shortly after it appeared, the authors were contacted by Philippe Panzini, Chief Technology Officer at MEDICAL.MD EHR INC., the company which developed and operates  unani.  Mr. Panzini  responded with the following letter and we think it merits publication – if only to indicate that the company does indeed take privacy and security very seriously. We weren’t expecting this and Mr. Panzini is to be commended not only for the letter but also the indicated actions.

Dear sirs,

We, Medical.MD EHR INC, would like to extend to you our appreciation for taking the time to look at Unani in detail, and to write this informative letter. As you may know, we are the developers and distributors of Unani as well as the website managers for http://www.unani.ca.

We have put great care into the conception of Unani, and we will continue to do so for the entire lifespan of this service. The core concept of Unani being a PHR designed with the needs of the public in mind, our priorities are entirely governed by the goal of meeting our users’ expectations.

We took note of the comments raised in your letter, which was posted on March 24 and 26, 2010 on various websites, and further to such letter, we have decided to implement certain changes in our next releases of Unani, which should be available to the public starting a few days from now. In particular, we will take additional steps to ensure that our Privacy Policy is easily accessible to any person visiting our website.

With respect to our hosting services, we have entered into written agreements with reputable IT suppliers, which contain confidentiality provisions and provisions to ensure that the information collected via Unani is used solely for performing the hosting contracts.

In particular, we have entered into an agreement with a Canadian IT supplier to host and support Unani by the end of this year, in the Province of Québec and in the rest of Canada.
The information relating to Canadian users will be collected and held on servers located in Canada.

Unani will continue to operate as a world-wide service provider, using various hosting facilities throughout the world, in accordance with the applicable legislation. Before releasing our users’ information to any foreign suppliers, we will ensure that such information will receive an equivalent protection as that granted under Canadian privacy laws.

Until the services of our Canadian IT supplier are made available later this year, all accounts of Unani users, regardless of their geographical origin, will be hosted by a well-known, reputable  IT facility located in the Republic of Ireland. Once the Canadian hosting platform is available, all existing and future accounts belonging to Canadian residents will be hosted by the Canadian service, on Canadian territory. The migration of the existing Canadian residents’ accounts will be done transparently, and no trace will remain on the foreign hosting service.

In addition, we would like to share with you the following details regarding Unani:

  • Through a very simple, two-click procedure, our users can delete their account, and all of their data, without any backup copy being kept by us. Deleted accounts are no-longer recognized by our system.
  • Unless otherwise indicated in our Privacy Policy, we do not hold any information about our users that has not been provided to us by our users themselves.
  • To further improve on the confidentiality of data storage, we keep in separate databases the users’ demographic information, from their medical data. Both databases being encrypted.
  • We regularly retain the services of an independent security firm to audit our source code and to conduct database penetration tests.

We hope you will find these precisions satisfactory, and we invite you to maintain your interest in Unani. This project has only begun, and we are planning the release of many exciting features for our users in the course of the upcoming months.

For any additional enquiries, please do not hesitate to contact our Privacy Officer at the following address :
Medical.MD EHR Inc. 1035 Laurier Avenue West, Suite 100, Montreal, QC  H2V 2L1, Canada

Kind regards

Philippe Panzini
Chief Technology Officer

Dear McGill University Health Centre … About your PHR

Michael Martineau, an eHealth consultant and commentator, and Michael Power, a Toronto-based lawyer and noted privacy expert, teamed to write this joint blog post.

North Americans appear ready to interact electronically with their healthcare providers and take a more active role in managing their own health care.   A much talked about tool in this regard is the Personal Health Record (“PHR”). While there is considerable debate about what constitutes a PHR and how best to capture public interest in using a PHR, there seems to be a growing consensus that the privacy of personal health information is a key concern that must be addressed if PHRs are to gain widespread adoption.   “Whether PHRs are developed by the private or public sector, the Commissioners call on all developers to ensure that the applications meet the relevant laws and reflect privacy best practices.”[1]

After months of testing, the McGill University Health Centre (MUHC) recently announced the public launch of unani, “an integrated Wellness Platform” that provides users with the means to “manage and store your personal health information in complete security, from anywhere in the world.”   Given our respective areas of expertise and interests, we were interested to hear about this new, Canadian-based service, and immediately went to unani.ca to check out this new service, including their privacy policy. After discussing what we found, at Michael Power’s suggestion, we decided to present our initial reaction in the form of a letter.

Dear McGill University Health Centre,

We see you’ve begun to offer “Unani” to the world. At this point it appears to be offered to people in Canada and the United States. This web-based “Personal Health Record” is an interesting development and McGill University Health Centre is to be commended for offering it. But, since you’re asking us to store our families’ personal health information “in the cloud”, we’re sure you can appreciate our interest in understanding what you do to protect the privacy and security of that information.

We were interested in the fact that we had to start the registration process in order to view your privacy policy – we would have expected to see a public link to it readily available on your home page. Oh well. We started to register and found it in a corner on your Terms of Use page. Now in keeping with the concepts of openness and transparency, we would have expected a fairly comprehensive statement. Boy, were we surprised.

You were kind enough to tell us the “purposes of collection”:

Information will generally be collected from Individuals through the various forms such as enrolment or account opening forms which, when produced by the Company, shall indicate the purposes of the information collection. The sole objective of the information collected from the Individuals will be to provide the products or services requested and to respond to their needs or the Company’s needs for the duration of their relation with the Company.

We didn’t see any other purposes disclosed to us. We would have thought you might use the information to operate and improve the site. Maybe there aren’t any other purposes but we would have liked you to say something to that effect. And what exactly are the “Company’s “needs” in that last sentence there?

We would have liked some statement as to who actually owns the information we put into your system. In Canada, from case law in the 1990s, the provider owns the record and the patient owns the information. We would have liked some statement that the user, and the user alone, controls the data; that Unani won’t sell, rent or otherwise share the data, even in de-identified form (since re-identification seems to be happening more and more these days) and that the user can delete their information at any time and it will be removed from your servers. We didn’t see anything like that in your Terms of Use or Privacy Statement. If Google Health can put a statement somewhat like that in their Privacy Policy, why can’t you?

Speaking of which, who really is accountable for the protection of our health data? Is it McGill or your IT partners? Is it stored only in Quebec or are the servers located somewhere else? Is there a backup somewhere else? Your privacy statement doesn’t really tell us that.

To be fair, you do say our information will be held “only as long as necessary for the fulfillment of the purposes for which it was collected” and that it will “be destroyed in accordance with the law and Company’s guidelines with respect to the retention of files.” By the way, could you give us a sense of what those Company’s Guidelines are?

And about security – all we got was a statement of “appropriate safeguards”. Now we’re not looking for specific information – the bad guys read these statements too – but a little more detail would be nice. For example, do you restrict access to the information to individuals for particular purposes (e.g. future site development, support) and are those individuals subject to confidentiality obligations? Also, how do you secure our communication with you? Do you protect it through the use of encryption, such as the Secure Sockets Layer (SSL) protocol?

Now access is an important privacy principle and we see you talk about it:

The Company shall respond to an Individual’s request for information within a reasonable time. In addition, the fee charge for processing the request shall also be reasonable.

Wait a minute, here. It’s our data! What other data do you have that we might want to access? And you’re going to charge us a fee for it?

We see that you do address complaints and we appreciate you having that section. You say if we want to make a complaint concerning Unani’s protection of our personal health information, we can contact your Privacy Officer. That’s ok, but what if we’re not satisfied with the outcome of that conversation? Who can we go to? People like us, who aren’t from Quebec, might not know. It would be nice if you could, at least, point us to the web site of the Commission d’accès à l’information du Quebec.

In short, your privacy statement looks like something generic that could be used by any business in Quebec and wasn’t written specifically with your site or our personal health information in mind. That really doesn’t give us any confidence in sharing our health data with you. If PHRs are really going to work we’d appreciate a little more evidence of some thought put into the privacy management of your site.

Yours sincerely,
Michael Martineau – eHealthMusings

Michael Power – dot-indicia

[1] “The Promise of Personal Health Records”, Resolution of Canada’s Privacy Commissioners and Privacy Enforcement Officials, September 9-10, 2009, St. John’s, Newfoundland and Labrador

Patient access to electronic health information

I have been ranting for several years about the need to provide a link between existing electronic health information systems and personal health record applications.  Seems that this issue has hit the attention of the media:


What’s it gonna take to give people electronic copies of their health information so they can  populate their own personal health applications, much as the banks already do with applications like Quicken or Microsoft Money?  As I have said many times before, it is MY data, damn it, and I should be able to use it in any way that I see fit.

Thoughts?  Comments?


Meaningful use and patient information

A hot topic in the US health sector is the “meaningful use” provisions associated with $17B in eHealth related incentive payments.    Two of the meaningful use provision that I found interested related to what one group calls “information therapy”.  Should the provisions remain after the current process, doctors and hospitals who wish to qualify for incentives will have to:

  • provide an electronic copy of medical records to patients who request them within 48 hours (80% of the time).
  • send reminders for preventative care or followup care to at least 50 percent of their patients older than age 50.

More details on these provisions can be found in the following article:


The electronic copy of medical records will have, I think, a profound impact on PHR use and adoption.  Many PHRs now require people to enter information by hand, something most people won’t do.  But, an ability to easily upload an electronic copy of a medical record may make PHRs much more appealing.