PHR Grades


Is someone snooping in your Personal Health Record?

A “PHR” is a Personal Health Record.  PHRs can collect and store official records, labs, tests, and claims data directly deposited by providers. They can also store other health-related data such as heart rate, glucose levels, medications, allergies, exercise habits, lifestyle, sexual history, personal notes and other data you create.The term ‘PHR’ implies you control this type of electronic health record – because its ‘personal,’ it’s yours. But that is simply not true of all PHRs.

How much control do you really have?  Think twice about who you allow to see, use, or control your most sensitive, personal health records, from DNA to prescriptions. Patient Privacy Rights (PPR) did our best to decode PHR privacy policies and spell out what control you have over your information. PPR makes no recommendations on specific PHRs. The Report Card is our opinion based on the information available on these companies’ websites.

PHR Grade FAQs


 Click on each PHR below to see why it received that grade.

CapMed – icePHR C
Google Health D/F
Microsoft HealthVault B/F
No More Clipboard A
PHRs Offered by Employers & Insurers F


Grading System

Letter Grade Numerical Value Explanation
A 4.0-5.0 Excellent: No invasive practices; solid protections; ensuresyour privacy rights; user friendly.
B 3.1-3.9 Fairly comprehensive efforts and protections; room for improvement.
C 2.6-3.0 Some safeguards, a number of key flaws, weak protections
D 2.0-2.5 Few, if any, safeguards and protections, and/or misleading information, and/or very user “un-friendly.”
F 1.0-1.9 Threatens patient privacy and control over personal information either via inaction or actual business practices


Americans have strong rights to control sensitive personal health information. We should never have to give up control over our sensitive health records to get health care.  Many PHRs today do not put you in control of the information in your PHR so it can be used by others you would never want to see it.

NOTE:  Google Health has been permanently discontinued since this report was published.  All data remaining in Google Health user accounts as of January 2013 has been destroyed and Google claims that they are no longer able to recover any Google Health data for any user.

Certain PHRs can allow employers, insurers, researchers, marketing corporations, hospitals, drug companies, and government agencies, etc. to access all the information in your PHR without getting your explicit informed consent. There are no laws today that prevent anyone from designing a PHR that you do not control. That is why it is SO critical to know which PHRs keep you in control of access to your health information.

The Privacy Report Card was made possible by the generous support of the Rose Foundation.