Perhaps the biggest single concern about commercial PHRs is the possibility that a consumer’s health information will leak into the marketing system. The terms under which a PHR operates could allow the sale or rental of consumer information in the same way that magazines, catalog companies, magazines, charities, or other merchants and activities share information with limited or no consumer knowledge or consent. Consumers generally have some sense about how readily companies and agencies pass personal information around, but they do not expect the same kind of sharing when it comes to personal health information.
Some PHRs present themselves as a depository of health information under the control of the consumer. The suggestion is that the records have inherent privacy protections because the consumer has some choices or control over the record, including who may see, add to, or change the record. By contrast, covered entities under HIPAA can disclose health records to many institutions for many purposes without consumer consent. That is one of the controversial aspects of HIPAA. HIPAA allows many disclosures without the consent of – and indeed over the objections of – the consumer.
Some privacy protections exist because independent health care providers maintain separate records about consumers. A dentist has one set of records; a family doctor has another set. It will often be the case that the two sets of records are not linked or shared routinely. However, those who obtain health care from a single health maintenance organization may already have centralized records. Linkage of health records offers some advantages, but not all linkages are necessarily welcome to consumers.
Security is an important part of privacy. Are PHR records more secure? The answer depends on who maintains the PHR and whether the security of the PHR is sufficient. Information held by health care vendors and insurers is subject to the HIPAA health record security rule. For what it is worth, the HIPAA security rule has attracted less criticism than the HIPAA privacy rule. Whether any given health record keeper is actually doing a good job of complying is hard to say.
One basic privacy right is the right to seek correction of personal information that is incorrect or incomplete. This is a difficult area for health records because health care providers do not like to change records, and they strongly resist removing information from a record. Often, the resistance is reasonable. For example, a preliminary diagnosis may turn out to be wrong, but the record of the diagnosis must remain in the record to explain a particular test or treatment.