The standards development organization Health Level 7 has laid down an extensive set of guidelines on what personal health records should do and how they should do it.
Now, it is the publics turn to read and comment on what an HL7 Electronic Health Record Technical Committee is calling its Personal Health Record System Functional Model, or, PHR-S FM, a 160-page tome released Monday.
The proposed guidelines on PHR functionality are available in five chapters, along with a six-page Readers Guide and spreadsheets for submission of comments. The public comment period, which opened Monday, will run through Sept. 13; it will be followed by balloting through the Ann Arbor, Mich.-based organization.
The PHR model is described as the fraternal twin of an HL7 functional model published in March for electronic health-record systems, according to a written statement by Donald Mon, vice president of practice leadership for the American Health Information Management Association. Drafts of the EHR model became a key source for criteria developed by the federally funded Certification Commission for Healthcare Information Technology to test and certify EHRs, said Mon, who served as co-chairman of the HL7 technical committee that has worked on the PHR model for more than a year.
The pairing of the two (models) provides a framework for standards-based interoperability between the consumer and the provider, Mon said. While the PHR System Functional Model is general in scope and was developed with an eye towards what is achievable today, it contains the flexibility necessary for product innovation and sets a vision for future PHR systems.
Flexibility could be a key consideration during the comment period, since the whole notion of trying to pin down now what a PHR should or should not be in the future is a touchy subject within a segment of the IT community whose members worry that premature regulation of relatively new PHRs might stifle creativity.
In March, several key members of a federally sponsored advisory panel on personal health records (called the Consumer Empowerment Workgroup of the American Health Information Community) dissented from a majority recommendation that work begin on a system of testing and certification for PHRs, a regime similar to the one already in place for EHRs with CCHIT. David Lansky, senior director of the health program at the Markle Foundation, joined fellow Consumer Empowerment Workgroup members from the Robert Wood Johnson Foundation, RxHub, Microsoft Corp. and the not-for-profit National Health Council in a four-page letter of dissent sent to HHS Secretary Mike Leavitt. Leavitt chairs AHIC, a federal advisory panel he created in 2005.
In their letter, the dissident coalition members noted that EHRs and PHRs are dramatically different in two ways; EHRs are older than PHRs by more than a decade and thus are a far more mature technology, and that EHRs are expensive for their end-users, physicians, to buy and operate, while many PHRs are available at little or no cost to patients, thus the raison detre for certification of EHRsto overcome buyers fears to purchase the systemsdoes not apply to PHRs.
The letter, instead, suggests the federal government would do better to focus efforts on broad policies of privacy and security, creating a climate in which patients would trust PHRs and, as a result, use them.
Lansky, in a telephone interview Monday, said after a quick review of the HL7 proposal that it may not run counter to the aims of the dissident coalition.
The language in their document is very cautious in that respect, that none of this is supposed to be used as test criteria, Lansky said. Our concerns are still the same, that we dont think these documents should be turned into test criteria.
CCHIT Chairman Mark Leavitt said a review of the recommendations from HL7 for a PHR model will be added to the commissions workload. Earlier this month, RTI International, a think tank based in Research Triangle Park, N.C., released a report calling on CCHIT to work into its testing criteria more than a dozen recommendations that would oblige IT vendors to build EHR systems equipped with fraud-fighting tools for the benefit of private- and public-sector payers.
Leavitt said that while AHIC approved the recommendation of the majority of the Consumer Empowerment Workgroup, i.e., to begin work on PHR certification, they wanted us to take our time and not rush into it. Leavitt said that there was also a question of whether many of the small PHR companies could support and sustain a certification testing program, a likely federal requirement, since CCHIT is obliged by HHS to wean itself off federal funding and be self-supporting after its three-year contract runs out in 2008.
Leavitt said PHR certification was a topic of discussion by the CCHIT board of trustees at its most recent meeting two weeks ago, but no decision was made on how to proceed. Still, Leavitt said approval of guidelines by an accredited standards development organization like HL7 gives them credibility. It gives us starting points, Leavitt said.
Gary Dickinson, an IT consultant who worked on the HL7 PHR effort, said it was unlikely a formal testing and certification program for PHRs could be put in place before 2009 or 2010, but long term, the HL7 guidelines could shape the direction of the technology.
Obviously, if the impetus for PHR certification turns into reality, it will have a great impact on the PHR industry, similar to the effect the HL7 Electronic Health Record System Functional Model and CCHIT certification has had on ambulatory, and now inpatient EHR systems, their suppliers and users, said Dickinson, who advises CentriHealth, a Nashville-based developer of PHR systems.
Privacy issues were addressed in the guidelines chiefly as a function of patient control through the implementation of security mechanisms.
According to one guideline, Patients privacy and the confidentiality of PHRs are violated if access to PHRs occurs without authorization. Rules for the protection of privacy and confidentiality may vary depending upon the vulnerability of patients and the sensitivity of records. Strongest protections should apply to the records of minors and the records of patients with stigmatized conditions.
The guidelines also provide for break the glass access in the event of an emergency, which does not require action on the part of the account holder to grant access, but even then, access should always be in accordance with the directions of the account holder.
In addition, the systems shall provide the ability for the account holder to set specific access rights to specific portions of the PHR for each actor in a self-contained registry of clinicians, family members and other caregivers who are afforded access to the PHR by its owner.
Thus, in the area of patient control, the HL7 guidelines for PHRs are very different from those for the HL7 EHR model, the recently released document says. This model focuses on consumer knowledge and interaction in managing his/her own healthcare along with the healthcare providers and systems.
And yet, the guidelines do not address the broader policy issue of what privacy advocate Mark Rothstein, chairman of the Privacy and Confidentiality Subcommittee of the National Committee on Vital and Health Statistics, called the greatest threat to privacy, which is coerced permission by government and payers to give access to medical records as a precondition to obtaining government benefits or insurance coverage.
Absent a change in current privacy policies, the HL7 guidelines, which also have extensive interoperability requirements, could facilitate access to potentially damaging personal healthcare information by government and insurance companies. Under the model, PHRs should identify, locate and supply links for retrieval of information related to: patients and providers for healthcare purposes; payers, health plans, sponsors and employers for administrative and financial purposes; public health agencies for healthcare purposes; and healthcare resources and devices for resource management purposes.
In addition, the model envisions a PHR that is far more than an interactive repository of patient data, but rather a powerful healthcare advisory and marketing system. PHR systems should help patients obtain lists of providers within a geographical area acceptable to their health plan who are also specialists in the patients medical conditions by diagnosis. The systems should support the import or retrieval of data necessary to review available quality, performance and cost measurements regarding providers, and list office hours, language capabilities and gender of providers.
PHRs also may come with pre-defined business rules, that may be open to modification by the patient to meet specific needs, including flagging a combination of health behaviors as high risk and providing appropriate guidance to the (patient); sending an update to an immunization registry when a vaccination is administered; alerting a user to competitive price information regarding medications.
What do you think? Write us with your comments at [email protected]. Please include your name, title and hometown.