Personal Health Records: Conclusion

Report home | Read the report (PDF) | Previous section


PHRs that operate outside of HIPAA can negatively affect the privacy interests of consumers in various ways. The best to hope for is that a PHR will not make privacy significantly worse. However, it is not likely that even that weak standard can be met. The existence of electronically available and centralized health information outside the traditional health care system will attract new users and create new risks. The mere adding of health records to a PHR vendor’s files may undermine existing privacy protections of old records. Security is a concern for any electronic records. A consumer’s ability to control the disclosure of PHR records can easily be compromised. The consumer’s ability to correct errors in PHR records may be problematic. Advertising support may not meet a PHR’s profit goals unless at least some consumer information is available for close targeting of ads. Promised PHR privacy protections may vanish overnight if the privacy policy is changed.

While PHRs may have some laudable goals, they also are a tempting target for companies or others that want to evade whatever privacy protections remain in the health care system in order to make a profit. Whether the benefits of PHRs are sufficient to overcome the real dangers to privacy remains to be seen. It is something that each potential user of a PHR must consider before enrolling. Any consumer worried about the privacy of personal health information should proceed with great caution before agreeing to sign up for a PHR, particularly those operating outside of HIPAA.




Robert Gellman
Robert Gellman is a privacy and information policy consultant based in Washington, D.C. Mr. Gellman prepared this report for the World Privacy Forum.

Publication History

Original publication February 20, 2008 at

Document URL:

© World Privacy Forum.
This information is intended as general information and not as legal advice. This publication should not be used in lieu of legal advice, representation, or counsel.



Roadmap: Personal Health Records – Why Many PHRs Threaten Privacy: II. Discussion – Conclusion


Report home | Read the report (PDF) | Previous section