Cracking Open the Shell on the Personal Health Record

The concept of maintaining your own health data enjoyed a brief flurry of activity a few years ago with Google Health (now defunct) and Microsoft HealthVault (still active but not popular). It has gotten a second chance with Apple HealthKit, Google Fit, and other corporate offerings explicitly tied in with the convenience of mobile devices. Microsoft itself has galvanized HealthVault with a Microsoft Health initiative similar to Apple’s HealthKit. Recently I’ve been talking to health care reformers about the business and political prospects for personal health records (PHRs).

Patient access to data was enshrined as a right back when HIPAA was passed and is still championed by the US government through Meaningful Use (whose Stage 3 may well focus on it) and other initiatives, and has been endorsed by the industry as well. But this requirement won’t be satisfied by the limited patient portals that hospitals and clinics are hanging out on the Web. Their limitations include:

  • Many provide only viewing data, not downloading or transmitting it (all of these are mandated by Meaningful Use).
  • Data maintained by providers can’t easily be combined into a holistic, comprehensive view, which is what providers need to provide good care.
  • Data on portals is usually a thin sliver of all the data in the record: perhaps prescriptions, appointments, and a few other bare facts without the rich notes maintained by clinicians.
  • You can’t correct errors in your own data through a portal.
  • Clinicians rarely accept data that you want to put in the record, whether personal observations or output from fitness devices and other technical enhancements.

All these problems could be solved by flexible and well-designed personal health records. But how does the health care field navigate the wrenching transition to giving people full control over their own data?

Dr. Adrian Gropper has investigated PHRs for years and even considered building a simple device to store and serve individual’s health data. Now he says, “I can’t recall any physician in my medical society that has ever said they wished their patient had a PHR. Nor do I, after many years on the Society for Participatory Medicine list, ever recall a patient praising the role of their PHR in their care. Today’s PHRs are clinically irrelevant.”

This is not a condemnation of PHRs, but of the environment in which vendors try to deploy them. Many health reformers feel that several aspects of this care environment must evolve for PHRs to be accepted:

  • PHR data must become appealing to doctors. This means that device manufacturers (and perhaps patients themselves) must demonstrate that the data is accurate. Doctors have to recognize value in receiving at least summaries and alerts. Many benefits can also accrue from collecting vital statistics, behavioral data, and other aspects of patients’ daily lives.
  • The doctor’s EHR must seamlessly provide data to the patient, and (we hope) seamlessly accept data from the patient–data that the doctor acts on. Currently, most manufacturers store the data on their own sites and offer access through APIs. Another programming step is required to get the data into the PHR or the doctor’s EHR.
  • Clinicians have to agree on how to mark and collect the provenance of data. “Provenance” deals with assertions such as, “this data was generated by a Fitbit on October 10, 2014” or “this diagnosis was challenged by the patient and changed on August 13, 2010.”
  • Add-on services must make the data interesting and usable to both patients and physicians. For instance, such apps can alert the patient, clinician, or family members when something seems wrong, let them visualize data taken from the PHR and EHR over time, get useful advice by comparing their data to insights from research, and track progress toward the goals they choose.

“A critical force in increasing consumer engagement in digital health is the development of compelling, easy to use tools that make it simple to collect, understand and use health information to reach the goals consumers define for themselves, whether that’s managing a chronic condition, saving money, or fitting into their ‘skinny jeans’,” writes Lygeia Ricciardi, former director of the Office of Consumer e-Health at the ONC. “In an age of ‘one click purchasing,’ it must become incredibly easy for patients to access and share their own health information digitally–if it’s too complex or time consuming, most people probably won’t do it.”

In addition to sheer inertia, a number of disincentives keep PHRs from congealing.

  • Many doctors are afraid of letting patients see clinical notes, either because the patient will ask too many questions or will be upset by the content.
  • Hospitals and clinics want control over records so that patients will return to them for future treatment.
  • Marketing firms live off of rich data lodes on our health data.
  • Other organizations with dubious goals, commercial and governmental, want to track us so they can deny us insurance or control our lives in other ways.

Wait–what about the patients themselves? Why haven’t they risen up over the past several years to demand control over their data? Well, maintaining your health data is intimidating. The data is highly detailed and full of arcane medical concepts and terminology. Most patients don’t care until they really need to–and then they’re too sick and disabled to form an effective movement for patient control.

Still, several leaders in health care believe that a viable business model can be built on PHRs. The spark of hope comes from the success of apps that make people pay for privacy, notably SnapChat and Whatsapp. Although some sloppy privacy practicies render these services imperfect, their widespread use demonstrates that people care about protecting their personal data.

Private storage can be offered both in the cloud and by personal devices, using standardized services such as Direct and Blue Button. These will start out as high-end services for people who are affluent and have particular concerns about storing their own data and choosing how it is shared. It will then become commoditized and come down in price.

What about people who can’t afford even the modest prices for cloud storage? They can turn patient data into a civil rights issue. There’s a potent argument that everyone has the right to determine who can get access to their health data, and a right to have data generated during their daily lives taken into account by doctors.

We don’t need one big central service–that’s insecure and subject to breaches. Multiple services and distributed storage reduce security risks.

We’ll see change when a substantial group of people start to refuse to fill out those convoluted forms handed to them as them enter a clinic, saying instead, “Get it from my web site before you treat me.” Before that protest begins, there’s a lot of work in store for technologists and businesses to offer patients a usable record system open to the wide range of data now available for health.

About the author

Andy Oram

Andy Oram

Andy Oram writes and edits documents about many aspects of computing, ranging in size from blog postings to full-length books. Topics cover a wide range of computer technologies: data science and machine learning, programming languages, Web performance, Internet of Things, databases, free and open source software, and more. My editorial output at O'Reilly Media included the first books ever published commercially in the United States on Linux, the 2001 title Peer-to-Peer (frequently cited in connection with those technologies), and the 2007 title Beautiful Code. He is a regular correspondent on health IT and health policy for He also contributes to other publications about policy issues related to the Internet and about trends affecting technical innovation and its effects on society. Print publications where his work has appeared include The Economist, Communications of the ACM, Copyright World, the Journal of Information Technology & Politics, Vanguardia Dossier, and Internet Law and Business.


  • Andy, great article. The problem when thinking about PHRs, especially when it comes to data privacy, is that we’re not thinking about patient data in context. Specifically:

    1. Data personally owned by the patient (not used at all by the doctor)
    2. Data personally owned by the patient (but used by the doctor for care)
    3. Data mutually owned by the patient and doctor (transactional data like claims codes, messages between employees of the physician practice, etc.)
    4. Data organizationally owned by the doctor but available to the patient (the doctor’s private “transactional” notes)
    5. Data mutually owned by the patient, doctor, and insurance company (mostly transactional)
    6. Data mutually owned by others that patient didn’t directly intereact with (covered by HIPAA BA)

    When you see how some data is complicated by the fact that data could be mutually owned, organizationally owned, or owned by the patient we’ll begin to understand why business models based on PHRs have a long way to go.

  • EHRs raise the same issues that Shahid points out for PHRs. EHRs are an institutional construct that doesn’t match the way people live and work. We then try to add other institutional constructs such as health information exchanges, data brokers, and registries that are artificial in terms of their business models and governance mechanisms. When these don’t work out, we heap $ Billions in regulations. And when these don’t work, we turn to PHRs.

    Can you think of other industries that have a concept similar to the EHR?

  • Those are really insightful comments, but somewhat ironic when you consider that data has a tendency to expand far beyond its original reason for collection. Supposedly, data that an individual collects may have no use for the physician today but can contribute to a better understanding of the individual (and cohorts) next year. Maybe our data problem is not caused by limitations of data itself, but in impoverished views of how to use data. In fact, I may be circling around to the point Adrian is making.

Click here to post a comment