WATCHDOG ANNOUNCES PERSONAL HEALTH RECORD (PHR) PRIVACY REPORT CARD
FOR IMMEDIATE RELEASE
December 2, 2009
SOME COMPANIES GIVE CONSUMERS CONTROL OVER THEIR
PERSONAL INFORMATION, OTHERS DO NOT.
Austin, TX — Patient Privacy Rights (PPR), the nation’s leading health privacy watchdog released its First Personal Health Record (PHR) Privacy Report Card today. Designed to educate and protect consumers, the Report Card, is available online at www.patientprivacyrights.org/PHR_Report_Card. Our assessment of five different PHRs found a wide range of existing privacy policies; some PHRs protect our rights to control who can see and use health information, and others do not.
“The good news is there are companies that offer meaningful ways to control your private information,” said PPR’s Executive Director, Ashley Katz. Some PHRs only share your information with your explicit permission. Some allow you to segment “or lock-up” extra sensitive information, so it can only be seen by those that you permit. Some offer easily accessible reports of who saw and used your information, when and why.
“The bad news is other companies do not allow patients to control their PHRs. That is a scary thing when you consider that PHRs can store sensitive health information as well as lifestyle habits such as what you eat, how much you drink, and how often you exercise,” said Katz. This information can easily get into the wrong hands, especially if your PHR is offered by an employer or insurer. “All PHRs claim to be ‘patient-centric’ and claim that ‘privacy is important,’ but it’s simply not true.”
PPR makes no recommendations on specific PHRs. The Report Card is our opinion based on the information available on these companies’ websites.
PPR graded the following PHRs:
PPR also graded the following platforms that incorporate PHRs:
Detailed grades and commentary are available on the website, http://www.patientprivacyrights.org/personal-health-records/
Two grades were given to Google Health and Microsoft HealthVault, products we refer to as “Platforms.” Google Health and Microsoft HealthVault’s privacy policies apply only to their Platform, not to any of the companies linked to their Platform. For example, while the Platform, may require the individual’s consent before disclosing any data; any third party such as another PHR, a tracking tool for diabetes or research search engine does not necessarily play by the same rules.
One grade was given to the Platform itself and another grade was given to the programs and partner applications linked to the Platform to highlight the differences between the applicable policies. The programs and partner applications for each Platform were treated as one group. There are simply far too many different programs/partners for PPR to grade each individually. As such, we took a random sampling of these programs/partners. The grade for these groups of companies (an “F” for both Google Health partners and Microsoft HealthVault programs) does not mean that all of the third party companies failed. Rather some of the companies randomly selected scored poorly because they do not allow meaningful patient control over their information. Note that NoMoreClipboard.com is a PHR available on both platforms and it earned an “A”.
We also note that if the Program or Partner application is “HIPAA compliant” it can use any information provided from your account for “treatment, payment and health care operations” without getting your express consent. This does not give the individual control over their private, sensitive information. Most people have no idea how broad those three categories actually are.
A detailed FAQ is available with the Report Card online: http://www.patientprivacyrights.org/phr-faq/
The FAQ covers the following questions:
What is a PHR?
What can be done?
About Patient Privacy Rights:
Patient Privacy Rights is the nation’s leading health privacy watchdog. Our mission is to ensure the right to control your medical privacy to protect jobs and opportunities. Patient Privacy Rights has over 10,000 members in all 50 states. We lead the trans-partisan Coalition for Patient Privacy representing over 10 million Americans.