Patients wary of employer, plan-sponsored PHRs

Part two of a two-part series (Access part one here)

Consumers, or individuals formerly known as "patients," are being encouraged to "take control" of their own healthcare, and electronic personal healthcare records are being touted as the tool they can use to do this.

So far, the public has yet to embrace PHRs, in part because the main push to promote them appears to be from health plans and employers. The problem with this approach was illustrated by a 2005 California HealthCare Foundation survey, which found that 52% of the respondents were worried about employers using medical information to limit job opportunities (up from 36% in the 1999 survey).

According to Edward Fotsch, chief executive officer of PHR provider Medem, the key is to have a PHR provided by a trusted third party: a patient's physician. Physicians, however, have been wary of PHRs because of uncertainty over their effect on workflow and legal liability.

Nicolas Terry, co-director of the St. Louis University School of Law's Center for Health Law Studies, said today's doctors are becoming familiar with the "online patient," and these patients will become familiar with PHRs. According to Terry, an online patient is one who comes into a doctor's office and says, "This is what I have, I need you to fix it, and I need this drug."

Other issues that Terry and Steven Waldren, director of the American Academy of Family Physicians' Center for Health Information Technology, see being raised are trust in the data and liability concerns related to that data.

Paper records may contain loads of extraneous data and they are harder for patients to edit, Waldren said, while it is easier to hide information from physicians in electronic formats.

"With the current tort system, physicians are very concerned about liability, even when they do the right thing," Waldren said, so along with standardization issues, legal issues concerning privacy have to be worked out before PHRs will get wider use.

"Do patients have the right to delete something from a PHR?" he asks. "If they do, do they have to notify physicians that something is missing?"

Waldren adds, however, that he's not aware of any PHR-specific liability discussions going on right now and, if there are any, they are just a small part of general discussions concerning liability and tort reform.

While Terry acknowledges similarities between the PHR-using patient and the one who comes to a doctor's office armed with manila folders filled with computer printouts and reams of documents, the two aren't the same. "It's certainly new territory for us all," he said. "I can certainly understand why doctors could have some apprehension on a very intuitive level."

Terry said PHRs create new business, technical, clinical and legal issues, and a lot of this is because it upsets the traditional model in which physicians were undisputed owners of patients' health records.

Few policies exist on PHR ownership and control of the data.

The Ann Arbor, Mich.-based Altarum Institute reviewed 30 publicly available PHR privacy and security policies and in January presented a report to the consumer empowerment work group of the American Health Information Community, an HHS advisory panel. The analysis found that PHR providers have little to say about disclosure of secondary uses of data, pay little attention to ownership of data after a business relationship is ended, don't define essential legal terms such as "personal health information" or "de-identified" patient information, and don't have formal mechanisms to enforce written policies.

Some experts have recommended letting market forces work to resolve issues and have counseled against mandating policies and standards because they fear it will stifle innovation.

But Peter Basch, medical director for e-health at MedStar Health system in Washington, thinks a lack of guidance has hurt the market. "Bad policy can be fixed; no policy makes me nervous," he said. "I'm troubled by the idea that 'things will work themselves out.' "

Terry also said federal privacy regulations contained in the Health Insurance Portability and Accountability Act of 1996 have not kept pace with technology, adding that what's needed is a "global privacy standard" that is applicable wherever healthcare information is stored, but "the tricky part is finding the political will to open the HIPAA black box."

Geoffrey Gifford, a partner and founder of the Chicago-based law firm Pavalon, Gifford & Laatsch, said basic legal standards apply whether the patient brings in a box of paper files or a disk filled with irrelevant data. "I think the rules are still the same," said Gifford, an attorney specializing in medical negligence and product liability. "The standard of care is the standard of care whether it's electronic records or paper; you have a duty to look at them if the records are pertinent to the treatment you're rendering."

The records don't need to be memorized, but they should be scanned for information relevant to the purpose of the patient's visit to the doctor’s office, he said.

"Not to do that would be a deviation from the standard of care if the physician needs the information and it's available with a reasonable effort in a reasonable amount of time," Gifford said.

Lonny Reisman, an internist and cardiologist, is the founder and CEO of ActiveHealth Management, a health management and data analysis company that launched its own PHR in January called ActiveHealth PHR. Reisman said that common sense still applies.

"Having information presented in a PHR doesn't present a higher risk than not asking the right question or not checking results of a test that you asked for," he said.

Fotsch said many issues have already been worked out by liability carriers, medical societies and state medical boards who developed the eRisk Guidelines. While the guidelines are comprehensive, they also state that they "are not meant as legal advice and clinicians are encouraged to bring any specific questions or issues related to online communication to their legal counsel."

Debra McBride, vice president of Aon Risk Services of Minnesota, a division of Aon Healthcare that advises hospitals on risk management issues, said she doesn't think a physician's risk is increased when they accept a PHR, and that physicians should not be afraid to ask their patients: "What's important in here and why is it important to you?

"It's the same risk as having a banker's box of medical records from the Mayo Clinic," said McBride, who is also an attorney and a registered nurse. "They shouldn't be afraid of the information—plus they're not receiving it in a vacuum. They're getting it from a patient who's sitting in front of them. Ask for some guideposts."

She said physicians should view a patient's involvement in his or her healthcare as something positive and that "having a patient hand you information" will be happening more frequently.

Fotsch said that was something he rarely experienced during his years as an emergency medicine physician, ending in the early '90s.

"I saw 10,000 ER patients, and I can remember on one hand the number of patients who had any documented information when they came in," he said.

Fotsch said much of the confusion surrounding PHRs stems from a misunderstanding of what they are.

"A disk with a mishmash of information is not a PHR, because I could call my dog a 'Ferrari' if I wanted to, but that doesn't make him one," Fotsch said. "A personal health record is, by definition, an online collection of structured data."

AHIC has recommended that HHS adopt standards on medication history, registration information and technical specifications for moving data, but they have not been adopted yet.

While agreeing that standards are needed, the AAFP's Waldren disagrees that PHRs need to be Web-based. Although he thought that Web-based models will eventually dominate the field, Waldren said there are desktop PHRs available "that are networkable."

But Fotsch wonders if the models mentioned by Waldren allow secured online communication between physicians and patients. Without that, Fotsch said, a PHR is like an automated teller machine with no money in it that only allows you to check your balance.

Fotsch said a PHR should resemble a Continuity of Care Record or Continuity of Care Document—two vetted and accepted formats for transmitting basic patient-care data. The PHRs should have defined fields where particular types of data should be entered and displayed, and they also should feature a secure e-mail connection between patient and physician.

"There's a structure around a personal health record," Fotsch said. "So, if you say you accept a personal health record, you know what you're accepting." Along with all the other clinical, business and liability concerns, Fotsch said, physicians should be concerned about what types of computer viruses could be contained in disks patient bring in, and adds that "our IT department would string us up" if outside disks were routinely introduced to the computer system.

In terms of physicians being liable for information in a PHR, Fotsch said, physicians need to establish ground rules with their patients ahead of time.

"If I'm a physician and I offer you a PHR and you make changes on your own—or you go to some other doctor who makes changes—and I call in a wrong prescription, am I liable?" Fotsch asks. "No, I'm not, but only if—when I issued the personal health record—I set the rules of the road that I need to be notified of changes. You don't say to a patient 'Here's a bottle of medicine. Good luck.' "

What PHRs mainly do, Fotsch explains, is eliminate telephone tag and the waiting room "pop quiz" where patients receive a form attached to a clipboard and attempt to reconstruct their medical history by memory. So, instead of fearing PHRs, Fotsch said physicians should welcome them.

"What they should be frightened of is basing medical care on information that patients happen to remember and scribble down on a piece of paper," he said. "But that's the standard of care."

Medem's iHealthRecord is offered to patients through their doctors. While health plans and employers are offering their members and employees PHRs, Fotsch said the adoption of these products has been low because patients are concerned that the information these PHRs contain may somehow be used against them to either deny medical treatment or a job.

"Do you want to give this information to the people who would raise your rates?" Fotsch asked. "It's like getting a form from your car insurance company saying 'Write down how often you speed.' "

Even when offered by physicians, American Medical Association trustee Joseph Heyman said interest is still low. "I have some patients using it, but not that many," he said, adding that there has not been an overwhelming business case supporting the use of PHRs.

Reisman said part of the problem may lay in the origins of EMRs. When systems were being developed in the '90s, he said the focus was on improving efficiency and not on boosting quality and safety. "I'm not sure there's been much input from physicians on PHRs," he said.

Internist Michael Zaroukian, chief medical information officer at Michigan State University, agreed, noting that a lack of a business case and scant clinical evidence supporting the use of PHRs has led to physician indifference.

"What providers are saying is either nothing, because they don't see it on their horizon, or it's one more thing they have to do that they don't get paid for," he said. "They have the potential, if used correctly, to improve care, but—just because they could doesn't mean they will.

What do you think? Write us with your comments at Please include your name, title and hometown.