Personal Health Records: The PHR as a Depository

Report home | Read the report (PDF) | Previous section | Next section

Some PHRs present themselves as a depository of health information under the control of the consumer. The suggestion is that the records have inherent privacy protections because the consumer has some choices or control over the record, including who may see, add to, or change the record. By contrast, covered entities under HIPAA can disclose health records to many institutions for many purposes without consumer consent. That is one of the controversial aspects of HIPAA. HIPAA allows many disclosures without the consent of – and indeed over the objections of – the consumer.

Will a consumer-controlled health record deposited in a PHR add to or protect the privacy of the records? Nothing about the PHR changes the reality of health privacy protection, except that the information is now duplicated in a new location and subject to the rules of a new organization. No matter how much control a consumer may have over his or her PHR records, a PHR depository does nothing to improve the general privacy of health records. Even if the PHR’s privacy and security controls work perfectly, the records now exist in one more location than before and may have additional vulnerabilities.

Suppose that a consumer has a totally secure safe in her home that can only be opened with her express approval. The consumer writes down her Social Security Number (SSN) on a piece of paper and puts that paper in the safe. Is her SSN more protected than before?

Not really. Everyone else who had the SSN before the paper was deposited in the safe still has it. That includes banks, the IRS, credit bureaus, employers, the Social Security Administration, a partner or spouse, and perhaps dozens of other agencies and organizations. The locked safe does nothing to enhance the privacy of the SSN, although the privacy and security of that one piece of paper may well be improved.

For health records, the information in the PHR must originate from somewhere. Prime sources are physicians and insurers, but in some PHRs consumers can also add information about their use of supplements, gyms, and so forth. The health information about consumers held by their physicians, health plans, dentists, laboratories, pharmacies, and others remains exactly where it was before it entered the PHR. That information is subject to the same good or bad rules or practices that applied before the deposit of the information in the PHR.

No one who had the ability to obtain health information before a copy entered the PHR need pay any attention to the PHR or any consumer controls on the PHR. The records that were available before from other sources remains available. For example, health fraud investigators can obtain patient records for their work. Putting a record in the PHR changes nothing because the fraud investigators can still obtain the record from the physician or health plan. The PHR record is a copy but not the only copy. Consumers who see the control promised by PHR vendors may be easily confused about the meaning of that control.

Roadmap: Personal Health Records – Why Many PHRs Threaten Privacy: II. Discussion – The PHR as a Depository

Report home | Read the report (PDF) | Previous section | Next section

Posted February 20, 2008 in Health Privacy, Health Records, HIPAA, Personal Health Record (PHR), Report: Personal Health Records - Why Many PHRs Threaten Privacy, Uncategorized

New Report: Risky Analysis: Assessing and Improving AI Governance Tools

We are pleased to announce the publication of a new WPF report, “Risky Analysis: Assessing and Improving AI Governance Tools.” This report sets out a definition of AI governance tools, documents why and how these tools are critically important for trustworthy AI, and where these tools are around the world. The report also documents problems in some AI governance tools themselves, and suggests pathways to improve AI governance tools and create an evaluative environment to measure their effectiveness. AI systems should not be deployed without simultaneously evaluating the potential adverse impacts of such systems and mitigating their risks, and most of the world agrees about the need to take precautions against the threats posed. The specific tools and techniques that exist to evaluate and measure AI systems for their inclusiveness, fairness, explainability, privacy, safety and other trustworthiness issues — called in the report collectively AI governance tools – can improve such issues. While some AI governance tools provide reassurance to the public and to regulators, the tools too often lack meaningful oversight and quality assessments. Incomplete or ineffective AI governance tools can create a false sense of confidence, cause unintended problems, and generally undermine the promise of AI systems. The report contains rich background details, use cases, potential solutions to the problems discussed in the report, and a global index of AI Governance Tools.
National IDs Around the World — Interactive map

About this Data Visualization: This interactive map displays the presence...
Report: From the Filing Cabinet to the Cloud: Updating the Privacy Act of 1974

This comprehensive report and proposed bill text is focused on the Privacy Act of 1974, an important and early Federal privacy law that applies to the government sector and some contractors. The Privacy Act was written for the 1970s information era -- an era that was characterized by the use of mainframe computers and filing cabinets. Today's digital information era looks much different than the '70s: smart phones are smarter than the old mainframes, and documents are now routinely digitized and stored and perhaps even analyzed in the cloud, among many other changes. The report focuses on why the Privacy Act needs an update that will bring it into this century, and how that could look and work. This work was written by Robert Gellman, and informed by a two-year multi-stakeholder process.