This is the first in a series of consumer health blogs that looks at the state of personal health records (PHRs) in Canada.

Over the past decade, there have been several public and private initiatives to extend PHRs to patient consumers in Canada. Following an evaluation of the benefits of PHRs, public surveys showed there is an appetite for easier public access to digital health information. Challenges, such as technology vendor offerings, data stewardship, consent models, and privacy and security could slow the widespread adoption of PHRs. Identifying and addressing these challenges will be important for the next generation of PHRs to be successful.

In addition to some of the barriers to wider spread adoption, there have been longstanding attempts by some of the largest global IT vendors to develop technologies suitable for the PHR world. Those efforts have largely come to a halt, demonstrating the level of difficulty in making the PHR technology work in an under-prepared marketplace. As the patient becomes ever more involved in their healthcare, the question must be posed: are there other vendors on the horizon that can capitalize on next generation PHRs for Canadian users? 

PHR data repositories make it possible to hold extensive patient data and personal health information (PHI) electronically. Both non-profit and for-profit businesses have been looking for ways to capitalize on the value of extensive patient data holdings. What type of consent model should be in place to enable a PHR user to restrict access and use of their PHR data holdings from secondary and/or commercial use? Are the legal privacy protections in place in Canada adequate to control this type of secondary use?

When a user is given access to their digital health information in their PHR, such as, the output of a clinical consult episode, is the information they receive self-explanatory? Is it sufficient to instruct the PHR user to perform a Google Search, or is it important to also have trusted source of health knowledge at hand? Google has recently expanded its function, including a feature for the public to flag bad results to improve the quality of future results. With trillions of searches being exercised globally on an annual basis there are significant opportunities for misleading or incomplete results for good health advice.

Some PHR patients have chosen to share their data, in cases where a patient has not permitted sharing of personal health information, what is required for a user to trust that their PHR contents are both secure and private? What factors of authentication are required for an individual to be digitally identified, and how can the individual create a private login? What is the mechanism to ensure that a PHR user has authorized access to patient identified health information? And what are the auditing capabilities for the PHR platform that will track who has touched, opened, read, or updated an individual’s PHR? Trust of a secure and private PHR are absolutely critical for Canadians to adopt and use a PHR in their daily lives.     

Security solutions must also answer the following questions. If a PHR user believes that their health information has been breached by an external party without permission, to whom should they raise a concern? Is there a simple template available online to raise suspected privacy breach concerns to the Information Manager of PHR level, Provincial/Territory level or Federal level? Was information included in the initial user agreement document that the PHR user accepted without fully understanding all the implications, especially related to privacy?   

Beyond privacy and security issues, manual data entry into one’s PHR can be tedious or repetitive. Users may use shortcuts when entering data, which could result partial or incomplete data capturing.  Scanning or upload of clinical reports can relieve the manual burden, but raise a different problem that potentially rich data may not as accessible in scanned or PDF documents. Capturing data in smart phone apps allows for an increase in data entry points, but limits the ability to join this data with other PHI if the data is not subsequently migrating into one's PHR. These human-error factors make the potential for mistakes and unintended errors more likely. 

When clinical information of a PHR user is updated should the prior and perhaps incorrect information be erased? Routinely maintaining and cleaning up data, manually, on a PHR is time consuming and can be imprecise.  Updates should be reconciled (as in medications, problem lists etc.) or carefully stored so the updates are easily viewable, interpretable as updates and/or corrections to an earlier report. 

We remain optimistic that the PHR will play a strong role in patient wellness, preventative health and healthcare. Smarter PHR technological solutions, though, must be coupled with attention from health practitioners, including: framing public policy, to transparency on data stewardship, to collaboration between jurisdictional partners, and to educating and engaging Canadians on the value proposition.   

In a subsequent blog, we will explore PHR strategies with the ability to overcome the above-mentioned challenges.