Pritts Recaps PHR Roundtable with Focus on Privacy and Security

Personal Health Records: A Focus on Privacy and Security
Wednesday, December 29th, 2010 | Posted by: Joy Pritts, HHS Chief Privacy Officer, on ONC’s Health IT Buzz blog and reposted here by e-Healthcare Marketing.

Understanding the Evolving Landscape

Personal health records (PHRs) have the potential to give individuals more control over their health information — collecting, using, and sharing it as they see fit. On December 3, the Office of the National Coordinator for Health Information Technology (ONC), held a PHR Roundtable to gain a better understanding of PHRs as well as other emerging technologies, and the dynamic and evolving market in which they exist, with a focus on privacy and security. The Roundtable will help inform a congressionally mandated study and a report to Congress on entities not covered by the Health Insurance Portability and Accountability Act (HIPAA). ONC expects to deliver the report to Congress in 2011. 

Dr. David Blumenthal, the National Coordinator for Health Information Technology, introduced the Roundtable by noting that PHRs are likely to grow in importance as more health care providers meaningfully use electronic health records (EHRs). A major objective of incentives encouraging the meaningful use of EHRs is to engage patients and their families in their health care. PHRs and related technologies can further this objective.

Usefulness and Trustworthiness of PHRs 

At the PHR Roundtable, four panels of experts and industry representatives explored the growth of PHRs, focusing on the nature and adequacy of privacy and security protections. A key message from the Roundtable was that PHRs grow in value when people find them useful and trustworthy. Their usefulness grows as they are able to readily pull information from EHRs and other sources of clinical information, as well as from monitoring devices and mobile applications. The usefulness increases even more as that information can be organized to help people with their particular health care concerns and can inform clinical decision making. 

The Roundtable confirmed that people care about the trustworthiness of PHRs, which includes considerations of privacy, confidentiality, and security. However, often individuals do not have the ability or information to understand or evaluate the trustworthiness of a particular PHR and related service providers. As PHRs merge health information from health care providers with information from other sources and give individuals choices about how to use or disclose that information, the privacy and security issues associated with PHRs increases.

Privacy and Security Protection

During the PHR Roundtable, representatives of the Federal Trade Commission (FTC), HHS Office for Civil Rights, and California Office of Privacy Protection explained how they are active in oversight of PHRs. They provided attendees with an overview of the primary ways that that the privacy and security of health information in PHRs is protected under current federal law:

  • HIPAA: PHRs offered by or on behalf of most health plans and health care providers (“HIPAA covered-entities”) are protected by the requirements of the HIPAA Privacy and Security Rules. These rules restrict the way that health plans and health care providers can use and disclose identifiable health information in a PHR. They also require covered entities to have administrative, physical, and technical safeguards in place to ensure that information in PHRs remains secure from unauthorized access and use.   
  • Section 5 of the Federal Trade Commission Act: PHRs that are not offered by or on behalf of a HIPAA-covered entity, including those that are employer sponsored or offered by technology companies or other organizations directly to consumers are subject to Section 5 of the Federal Trade Commission Act, which prohibits unfair or deceptive practices. This means that the FTC can hold PHR companies to the statements that they make about privacy and security in their contracts and publicly posted policies (such as privacy notices). The FTC has also used its authority to find that inadequate security practices are unfair to consumers, who expect their information will be adequately protected. The FTC has recently released a staff report, “Protecting Consumer Privacy in an Era of Rapid Change,” which recommends a broad framework for protecting health information in light of new practices and business models that can help inform the discussion of health information privacy and security applicable to non-covered entity PHRs. 
  • HIPAA and the Health Information Technology for Economic and Clinical Health (HITECH) Act require that individuals are notified of a security breach that results in the release of their health information, including information stored in PHRs regardless of the type of organization by which they are offered. 

A second subpanel of legal experts looked ahead to different approaches to legal or private sector oversight and requirements. At the end of the day, however, it was clear that determining which approach best applies to this dynamic industry is subject to continuing debate and refinement.   

Visit the ONC website to view the archived webcast of the PHR Roundtable. Although the comment period associated with the PHR Roundtable closed December 10, we invite you to continue the discussion on PHRs by submitting comments below.

For comments, please go directly to ONC’s Health IT Buzz blog.

For an account of the PHR Roundtable written during the December 3, 2010 session, see post on e-Healthcare Marketing.

PHR Rountable Archives: Webcast and Meeting Materials

Health IT Special Issue of The American Journal of Managed Care: Dec 2010

AJMC Publishes Health Information Technology Special Issue Online Dec 20, 2010
“Featuring scholarly articles and perspectives from policymakers, payers, providers, pharmaceutical companies, health IT vendors, health services researchers, patients, and medical educators, this [December 2010 special] issue of  The American Journal of Managed Care is a reflection” of  “the  dramatic growth of interest in the potential for HIT to improve health and healthcare delivery,” writes Sachin H. Jain, MD, MBA and David Blumenthal, MD, MPP in their introductory article titled “Health Information Technology Is Leading Multisector Health System Transformation.”  Both Jain and Blumenthal are with the Office of the National Coordinator for Health Information Technology.

Authors of 23 Articles in Special Issue
Sachin H. Jain, MD, MBA; and, David Blumenthal, MD, MPP; Cynthia L. Bero, MPH; and Thomas H. Lee, MD; Aaron McKethan, PhD; and Craig Brammer; John Glaser, PhD; Pete Stark; Newt Gingrich, PhD, MA; and Malik Hasan, MD; James N. Ciriello, MS; and Nalin Kulatilaka, PhD, MS; Seth B. Cohen, MBA, MPA; Kurt D. Grote, MD; Wayne E. Pietraszek, MBA; and Francois Laflamme, MBA; Amol S. Navathe, MD, PhD; and Patrick H. Conway, MD, MSc; Reed V. Tuckson, MD; Denenn Vojta, MD; and Andrew M. Slavitt, MBA; Marc M. Triola, MD; Erica Friedman, MD; Christopher Cimino, MD; Enid M. Geyer, MLS, MBA; Jo Wiederhorn, MSW; and Crystal Mainiero; Nancy L. Davis, PhD; Lloyd Myers, RPh; and Zachary E. Myers; Bryant A. Adibe, BS; and Sachin H. Jain, MD, MBA; Spencer S. Jones, PhD; John L. Adams, PhD; Eric C. Schneider, MD; Jeanne S. Ringel, PhD; and Elizabeth A. McGlynn, PhD; Jeffrey L. Schnipper, MD, MPH; Jeffrey A. Linder, MD, MPH; Matvey B. Palchuk, MD, MS; D. Tony Yu, MD; Kerry E. McColgan, BA; Lynn A. Volk, MHS; Ruslana Tsurikova, MA; Andrea J. Melnikas, BA; Jonathan S. Einbinder, MD, MBA; and Blackford Middleton, MD, MPH, MS;Alexander S. Misono, BA; Sarah L. Cutrona, MD, MPH; Niteesh K. Choudhry, MD, PhD; Michael A. Fischer, MD, MS; Margaret R. Stedman, PhD; Joshua N. Liberman, PhD; Troyen A. Brennan, MD, JD; Sachin H. Jain, MD, MBA; and William H. Shrank, MD, MSHS; Amir Dan Rubin, MBA, MHSA; and Virginia A. McFerran, MA; Fredric E. Blavin, MS; Melinda J. Beeuwkes Buntin, PhD; and Charles P. Friedman, PhD Robert D. Hill, PhD; Marilyn K. Luptak, PhD, MSW; Randall W. Rupper, MD, MPH; Byron Bair, MD; Cherie Peterson, RN, MS; Nancy Dailey, MSN, RN-BC; and Bret L. Hicken, PhD, MSPH; Jeffrey A. Linder, MD, MPH; Jeffrey L. Schnipper, MD, MPH; Ruslana Tsurikova, Msc, MA; D. Tony Yu, MD, MPH; Lynn A. Volk, MHS; Andrea J. Melnikas, MPH; Matvey B. Palchuk, MD, MS; Maya Olsha-Yehiav, MS; and Blackford Middleton, MD, MPH, MSc; Emily Ruth Maxson, BS; Melinda J. Beeuwkes Buntin, PhD; and Farzad Mostashari, MD, ScM; Daniel C. Armijo, MHSA; Eric J. Lammers, MPP; and Dean G. Smith, PhD; Katlyn L. Nemani, BA.

Look for an upcoming post on e-Healthcare Marketing reviewing this special issue of AJMC.

ONC Presents Personal Health Records Roundtable: Report from Washington, DC

Day in Washington, DC at PHR Roundtable
This post was blogged during the meeting, and may be reviewed and corrected in the next few days. Please see links to the videos at the end of this post.

PHR Roundtable, Washington, DC
PHR Roundtable, Washington, DC

Washington, DC, (December 3, 2010)–The meeting is getting started today with introduction by Joy Pritts, Chief Privacy Officer, HHS/Office of National Coordinator (ONC)  for Health IT, and welcoming remarks by the National Coordinator David Blumenthal, MD. Dr. Blumenthal is speaking about the process of innovation spurred by HITECH, and not directed by ONC. “The patient and consumer come first” is one of the guiding principles for ONC according to Blumenthal, and the consumer’s faith in the privacy and security of their patient information is critical to the HITECH initiatives. Part of the reason for this privacy and security hearing is to encourage innovation and transparency, one of the over 200 open meetings held already by ONC.

Pritts also notes that the Health IT initiatives are focused on patients as the center of healthcare. Now we’re on to role of “Meaningful Use,” providing patients with electronic version of their health records. HITECH Act requires that ONC study privacy and security with regard to those records, in addition to the current requirements. Pritts asks  how are we going to strike right balance of innovation and maintain the use of that information for intended purposes.

First panel will provide some historical perspective and is focused on origins, development, and security practices. Tim McKay, Kaiser Permanente, provides brief on Kaiser’s use of electronic health records and personal health records which began in ’90s as regional Kaiser initiatives, and took on national scope in late 90s. Currently Kaiser has roled out EHR and PHRs. Is this patient portal or PHR? And the answer is “yes.”

Lori Nichols, Director, HInet, is director of Whatcom Health Information Network in Whatcom County, Washington state. Per their Web site, HInet is an inclusive, secure, community-wide, healthcare intranet in Whatcom County. Using various broadband technologies, it connects hospital, payors, physician offices, and community health services.  It also provides connection to the Internet.”

George Steinberg, MD, president and ceo of ActiveHealth Management, a company started with venture capital and now owned as separate company by Aetna. Started as decision support for physicians, and grew to consumer tool. Consumer PHR contains decision support to respond to consumer entering data dynamically.

Colin Evans, CEO of Dossia, a PHR company describes how the firm was founded for employers for use by their employees for safety and care coordination. Use by employees ranges from 10% to 80% based on whether company is offering incentives or not. Evans claims that data is owned by consumers. In some cases there are conflicts between HIPAA regulations and FTC regulations with regard to online protected health information.

George Scriban, Sr. Program Manager, Microsoft HealthVault, speaks about consumer interaction with healthcare as something that goes much beyond interaction with clinicians. HealthVault is cloud-based location for fragments of health information gathered from full-range of entities, improving the boxes of a patient’s information located throughout the house and clinical offices. HealthVault is not a PHR, but a personal health information platform, per Sriban, one of Microsoft’s constant refrains.

McKay of Kaiser Permanente is starting a large initiative to expand Identity Services, to maintain their information even if they leave Kaiser plans.

ONC moderator Kathy Kenyon asks “Do patients ever pay for a PHR?” of those represented. Panel answer is no.

Panel moves on to revenue sources and sustainability of consumers are paying.
Dossia: Support by employers.
Kaiser: From consumer dues. Savings comes from cost savings in employer time saved. In 2006, about 20% of Kaiser patient population used PHR, and risen to 60% in 2010. Patients viewing their patient information alone raises safety of patients.
HInet: no charge for consumers, currently grant-funded, but there will be a  charge for Smartphone use. Employers and payers are noticeably absent from financial support, and this is due in large part because consumers don’t want insurance companies and employers to view their personal health information.
Microsoft: HealthVault is a free service, that is part of the larger health services unit with services offered commercially, the revenue source.
ActiveHealth: Paying customers are the employers, with PHR one of services offered. ActiveHealth is offered to 8 million Aetna members and close to 2 million non-Aetna users, with another 700,ooo non-Aetna users expected to be announced shortly. Non-Aetna users are based on offering to employers (need to confirm who these non-Aetna users are).

Additional discussion on opportunity of health plan or employer viewing health information on PHRs. Dossia says no to employers. HInet users can see who has and has not accessed their share plan PHR  since the last time the consumer viewed their PHR.

Lack of physician support and interoperability of electronic health records appears to be a limiting factor to actual use of PHRs.

New Forms, New Audiences, New Challenges–Second Panel
Wil Yu, Special Assistant of Innovation and Research, ONC, is moderating panel on PHR’s new forms, audiences, and challenges. Stephen Downs, Asst. Vice President, Robert Woods Johnson Foundation, is responsible for Project Health Design, a 4 1/2 year old program to reinvent PHRs; Open Notes, where patients can view their physician’s notes; and Blue Button.  Downs offered three themes: separating apps from data, expanding definition of healthcare–ODL, observations of daily living, and sharing data.

Darcy Gruttadaro, Director, NAMI Child & Adolescent Action Center. NAMI is National Alliance on Mental Illness. Since launch of its social networking site in April 2010, NAMI has gained 1,300 users for social networking site, modeled somewhat after facebook. Realizes there are a lot more security issues than she initially realized. NAMI social networking site:

Description of NAMI’s social networking site:
“StrengthofUs is an online community designed to empower young adults through resource sharing and peer support and to build connections for those navigating the unique challenges and opportunities in the transition-age years.  StrengthofUs provides opportunities for you to connect with your peers and offer support, encouragement and advice and share your real world experiences, personal stories, creativity, resources and ultimately, a little bit of your wonderful and unique self. It is a user-generated and user-driven community; so basically it’s whatever you make it. Everything here has been developed and created by and for young adults with you specifically in mind…because we think you’re worth it! We hope every time you visit, you find hope, encouragement, support and most of all, the strength to live your dreams and goals.”

John Moore, of Chilamrk Research, says the terms EHR and PHR create an artificial barrier. “People could care less” about PHR as file cabinet. Unified or collaborative health records need to be actionable Moore said. Moore made a great segue to Gail Nunlee-Bland, MD, interim chief of Endocrinology and Director of Diabetes Treatment Center, Howard University, referencing his Chilmark post “Smashing Myths & Assumptions: PHR for Urban Diabetes Care.” That post is certainly worth reading, and Nunlee-Bland mentioned that 85% of their inner-city patients have access to computer and Internet, which is not what the “general knowledge” says. While Howard’s PHR users are concerned about privacy, only about 5% of their potential users, have opted not to use it because of privacy issues.

Douglas Trauner, CEO, of, asked what do we need to do for overcoming healthcare, privacy and security issues.’s web site describes  itself: “ provides easy-to-use tools for tracking your life for a variety of topics including health, nutrition, fitness, and medicines—all within a familiar calendar format. Through this free, anonymous service, you gain a comprehensive view of your health that helps you identify areas of improvement and goal-setting.”

There’s a lot of discussion about sharing information among consumer/patient users. Panelists offer range of views about how much consumers are concerned about privacy and security. There’s a great deal of discussion about trust, including Downs’ tale of a teenager being quite willing to share lots of personal information with their 80 friends, but not their parents.

Privacy and Security of Identifiable Health Information in PHRs and Related Technologies: Expectations and Concerns – Panel Three
Joy Pritts is moderating the first afternoon panel session. Tresa Undem, VP, Lake Research Partners, said consumers are generally unaware of PHRs, based on a year-old study when only 7% reported using a PHR. Lee Tien, from West-coast based Electronic Frontier Foundation, specializes in privacy laws, not healthcare privacy. New reports from recent FTC survey shows how little public knows about privacy issues. Josh Lemieux, director of Personal Health Technology, Markle Foundation, based on six surveys, said public likes the idea of personal health records, and also say they want privacy practices.

Robert Gellman, reported on privacy issues and concerns about data leakage based on long experience, starting with working on the Hill. Strong need to define of what we’re trying to do:

Key data research resources for this panel:
Conducted by Lake Research Partners
Consumer surveys of privacy and personal health records

Tien says there is a basic ignorance among consumers and patients of actual privacy policies and implications. Based on work by Microsoft privacy expert, Tien cited the change of attitude or reality of public and private areas.  It used to be that privacy was the default reality for people and it was hard to get known publicly. Currently, public knowledge of details about people is the default reality, while maintaining privacy is a challenge.

Perspectives on Privacy and Security Requirements for PHRs and Related Technologies — Panel 4
Moderator is Leslie Francis, Distinguished Professor of Law and Philosophy at University of Utah.

Adam Greene, JD, Senior Health IT & Privacy Specialist, HHS Office of Civil Rights explained that HIPAA jurisdiction does not follow the data. OCR oversees three kinds of covered entities plus direct jurisdiction of business associates. Greene asked and answered:  Are PHRs covered by HIPAA? Sometimes–yes when furnished by covered entity or provided on behalf of covered entity.

Loretta Garrison, JD, Senior Attorney, Bureau of Consumer Protection, FTC uses unfairness and deceptive prongs to protect consumers. Bureau is claims driven. On December 1, 2010, FTC issued Privacy Report and recommended a privacy framework for consumers, businesses, and policymakers.
Here’s the link on press release.
Here’s link to actual report titled “Protecting Consumer Privacy in an Era of Rapid Change: A Proposed Framework for Businesses and Policymakers.” And it’s a preliminary FTC staff report.

Joanne McNabb, Chief, California Office of Privacy Protection, is “chief cajoler” and not a regulator.

Greene spoke about how HIPAA requirements are not really a check list but dependent upon the particular circumstances and business processes. Greene also wanted to disabuse people of the notion that they have 60 days to report a breach event of Protected Health Information (PHI). In fact, they are required to notify HHS of a breach on 500 individuals or more as quickly as possible, no later than 60 days.

FTC does not have specific rules about breach notification, except in case of PHRs, based on HITECH.

McNabb spoke of prohibition of marketing from data in PHRs, and also be careful about using mobile devices to move PHI. California’s Privacy office Web site is

Garrison said we heard alot about trust today and trustworthiness. Per Ponemon report on security, that there was not enough support for healthcare privacy and issues in hospitals. Security is not a check list; it’s an ongoing process according to Garrison. Garrison also expressed concern about location of PHI on the 18 of 20 PHRs that had gone out of business since John Moore had studied them.

Second subpanel section
New group of panelists consists of three lawyers and law professors.

Robert Hudock, JD, Counsel, EpsteinBeckerGreen sees keysecurity issue is integrity. Sees smart phones as more secure than computers. Suggests that we let mobile devices and security evolve, and don’t restrict it while still developing. Hudock’s biggest privacy issue is for the average person being able to protect the confidentiality of  family’s information.

Frank Pasquale, JD, Schering-Plough Professor in Healthcare Regulation and Enforcement, Seton Hall Law School, lauded Markle Foundation’s emphasis on identification of versioning. There are many issues around research. He really worries when data is collected from various sources, and the digital self created from those sources. Pasquale identified several technological solutions and books.

Nicholas Terry, Chester A. Myers Professor of Law, Saint Louis University School of Law, asked what we mean by security. Data scraping is one of the issues of great concern to him. Trust is big at moment, but Terry said he doesn’t know what trust means.

Session ended with brief period with public comments.

Morning Session:
Morning session video
Afternoon Session:
Afternoon session video
*Please note: Apple QuickTime is required to view the video. To download and install QuickTime, visit

For PHR Roundtable information on ONC site, click here.

Personal Health Records ONC Roundtable: Dec 3 Webcast

Roundtable: Personal Health Records
Understanding the Evolving Landscape
December 3, 2010:
Now available without pre-registration!
See post reporting on roundtable on e-Healthcare Marketing.
Morning Session:
8:30 a.m. to 12:15 p.m. (EST)

Afternoon Session

1:15 p.m. to 5:00 p.m. (EST)
Physician at laptop
December 3, 2010 

Please note that due to an overwhelming response to the PHR Roundtable, pre-registration for in-person attendance has reached its capacity. However, you may still participate in the Roundtable via webcast.  See information on webcast below.
Content excerpted from ONC site on 12/2/2010.  

The Office of National Coordinator for Health Information Technology (ONC) will host a free day-long public Roundtable on “Personal Health Records — Understanding the Evolving Landscape.” The Roundtable is designed to inform ONC’s Congressionally mandated report on privacy and security requirements for non-Covered Entities (non-CEs), with a focus on personal health records (PHRs) and related service providers (Section 13424 of the HITECH Act).The Roundtable will include four panels of prominent researchers, legal scholars, and representatives of consumer, patient, and industry organizations. It will address the current state and evolving nature of PHRs and related technologies (including mobile technologies and social networking), consumer and industry expectations and attitudes toward privacy and security practices, and the pros and cons of different approaches to the requirements that should apply to non-CE PHRs and related technologies.

Public comment is open now through Friday, December 10.

Friday, December 3, 2010
(Must have pre-registered to attend in-person.)

FTC Conference Center
601 New Jersey Avenue, NW
Washington, DC 20001
Where to Eat | Where to Stay | Travel DirectionsMEETING MATERIALS:

Morning Session
8:30 a.m. to 12:15 p.m. (EST) 

The PHR Roundtable agenda includes time for public comments from 4:20 to 4:50 p.m. (EST). To provide comments by phone during this time, call toll-free: 1-866-363-9013 and enter the conference ID number: 28762819. An operator will assist you. 

Afternoon Session
1:15 p.m. to 5:00 p.m. (EST) 


Empowering Consumers: ONC Reviews Feedback from Health IT Buzz blog

Strategy for Empowering Consumers, Round Two – Continuing the Discussion
Friday, November 19th, 2010 
Posted by: Jodi G. Daniel JD MPH Director of the Office of Policy and Planning of Office of National Coordinator (ONC) for Health IT on ONC’s Health IT Buzz blog and reposted here by e-Healthcare Marketing.

Thank you for the thoughtful discussion in response to my blog post “Strategy for Empowering Consumers.” As has consistently been ONC’s experience with the Health IT Buzz Blog, the points made in your responses have both broadened and sharpened our thinking. The blog itself highlights a lesson that has become clear for our communication efforts: we should take greater advantage of social networking tools (and this means much more than blogging) when bringing our policy conversations outside of the walls of HHS.    

I said in the last post that we would do more thinking about consumers as part of our strategic planning process. We had a workshop-style meeting last week at ONC, with both ONC folks and some leading thinkers on this topic from around the country (many of whom have also posted on the blog). At that meeting, we used the blog as a discussion guide while talking through each of the objectives.

Now, we would like to continue the conversation online. First, a recap of what we learned from you. Second, revisions to the goal and objectives based on feedback, this time with strategies included.

Please comment freely.

An aside: We have been reconsidering the label “consumer” and thinking about using “individual” instead. Calling people consumers implies that they are necessarily consuming something, whereas an individual may not need to consume anything (health care or otherwise) to manage his/her health more effectively. What do you think?


Previous version: Empower consumers to better manage their health through health IT

What we learned from you: It is not just about changing the behavior of consumers. Health IT offers a tremendous opportunity to change the health care system to become more “consumer-centered.” Yes, consumers should be empowered with health IT to better manage their health; but providers, too, should use health IT to become more collaborative with their patients.

New proposal: Empower consumers with health IT to improve their health and the health care system

Objective A

Previous version: Engage consumers in federal health IT policy and programs

What we learned from you: In order to include consumers in the health IT policymaking process, we cannot expect them to come to Washington or to find this blog online (although the ones that do are amazing!). To truly be representative, we must go to consumers’ conversations. These conversations are already taking place, whether it is in online forums serving specific demographics, community-based faith groups, or disease advocacy groups. Our job should be to seek out the existing conversations and participate in them, both to solicit input into our policies and programs, and to communicate our health IT messages to consumers.

New proposal: Engage consumers with health IT

Objective B

Previous version: Accelerate consumer access to electronic health information

What we learned from you: Getting consumers access to their health information is the government’s primary lever in encouraging consumer use of health IT, innovation in the industry, and consumer-centered approaches to care. The meaningful use requirements are a great opportunity to change the incentive structure and make information sharing attractive for providers. Meaningful use requirements, however, need to be complemented by other policies related to consumer information access, such as privacy and security policies (e.g., identification assurance policies). There was also general support for the Blue Button Initiative – a way the government, through the Veterans Health Administration and the Centers for Medicare & Medicaid Services, is providing consumers with access to their information – as a starting point.

New proposal: Accelerate consumers’ and caregivers’ access to their electronic health information in a format they can use and reuse

Objective C

Previous version: Foster innovation in consumer health IT

What we learned from you: Data liquidity, including consumer access to their health information, is the first step to fostering innovation. Innovation is not just about technology; there is also a real need for innovation on implementation, replicating successes, and using data in advanced ways. But it is the industry that will be leading any such innovation, not the government. Besides liberating data, the government should provide clear regulatory direction and focus promotion activities on specific innovation hurdles.

New proposal: Encourage innovation in the capture and usefulness of consumer health information

Objective D

Previous version: Drive consumer-provider electronic communications

What we learned from you: There are a number of established and emerging technologies that take health care beyond the walls of the provider setting. Along with the information access made possible by EHRs, these technologies have real potential for making health care more consumer-centered. In future stages of meaningful use and other efforts that are part of health care reform, the government should be taking advantage of these technologies and the ways they can change patient-provider interactions for the better.

New proposal: Integrate consumer health information and consumer health IT with clinical applications to support consumer-centered care

The overall structure would now look like this:

Goal: Empower consumers with health IT to improve their health and the health care system

  • Objective A: Engage consumers with health IT
    • Strategy A.1: Listen to consumers and implement health IT policies and programs to meet their interests
    • Strategy A.2: Communicate with consumers openly and take advantage of existing communication networks to reach people where they are


  • Objective B: Accelerate consumers’ and caregivers’ access to their electronic health information in a format they can use and reuse
    • Strategy B.1: Through meaningful use incentive payments, encourage providers to give consumers access to their health information in an electronic format
    • Strategy B.2: Act as a model for sharing information with consumers and make available tools to do so
    • Strategy B.3: Establish policies that foster consumer and caregiver access to their health information while protecting privacy and security


  • Objective C: Encourage innovation in the capture and usefulness of consumer health information
    • Strategy C.1: Liberate health data that will enable consumer health IT innovation
    • Strategy C.2: Make targeted investments in consumer health IT research
    • Strategy C.3: Employ government programs and services as test beds for innovative consumer health IT
    • Strategy C.4: Monitor and promote industry innovation
    • Strategy C.5: Provide clear direction to the consumer health IT industry on the government’s role and policies in protecting consumers


  • Objective D: Integrate consumer health information and consumer health IT with clinical applications to support consumer-centered care
    • Strategy D.1: Establish meaningful use requirements and other government mechanisms that encourage use of consumer health IT to move toward consumer-centered care
    • Strategy D.2: Support the development of standards and tools that make EHR technology capable of interacting with consumer health IT, and build requirements into EHR certification
    • Strategy D.3: Identify effective uses of consumer health IT that support consumer-centered care, and develop process changes and payment models that encourage their adoption

ONC Seeks Public Comments on PHRs by Dec 10 Re: Security & Privacy

Office of the National Coordinator (ONC) for Health IT:
Public Comments Sought on Personal Health Records
by Dec 10, 2010
Emailed by ONC on Nov 1, 2010

In conjunction with ONC’s upcoming PHR Roundtable, ONC is seeking public comments on issues related to personal health records. The public comment period is open now through December 10. ONC would like the public’s input on the following topics:

  • Privacy and Security and Emerging Technologies
  • Consumer Expectations about Collection and Use of Health Information
  • Privacy and Security Requirements for Non-Covered Entities

Visit the ONC website to submit your comment by December 10:
This link goes to an ONC page with the content that’s posted below.

ONC Seeks Public Comments on PHRs
Excerpted from ONC site on 11/1/2010.

[Click here for ONC Public Comments Page on PHRs]
The Office of the National Coordinator for Health Information Technology is seeking public comments on issues related to personal health records. Please submit comments by visiting one or more of the following questions. Please note that your name and comment will be placed on the public record of this roundtable, including on the publicly accessible HHS/ONC website (links below).

Thank you for your submission. (Note: The links below will take you directly to the ONC blog pages for posting.) 1. Privacy and Security and Emerging Technologies
What privacy and security risks, concerns, and benefits arise from the current state and emerging business models of PHRs and related emerging technologies built around the collection and use of consumer health information, including mobile technologies and social networking?

2. Consumer Expectations about Collection and Use of Health Information
Are there commonly understood or recognized consumer expectations and attitudes about the collection and use of their health information when they participate in PHRs and related technologies? Is there empirical data that allows us reliably to measure any such consumer expectations?  What, if any, legal protections do consumers expect apply to their personal health information when they conduct online searches, respond to surveys or quizzes, seek medical advice online, participate in chat groups or health networks, or otherwise? How determinative should consumer expectations be in developing policies about privacy and security?

3. Privacy and Security Requirements for Non-Covered Entities
What are the pros and cons of applying different privacy and security requirements to non-covered entities, including PHRs, mobile technologies, and social networking?

4. Any Other Comments on PHRs and Non-Covered Entities
Do you have other comments or concerns regarding PHRs and other non-covered entities?

Event Details | Register for the Event by Webinar

See previous e-Healthcare Marketing post for Event Details. In-person participation is now closed due to capacity, but registration for the Webinar is available.

Strategy for Empowering Consumers with Health IT: ONC Wants Your Feedback

Strategy for Empowering Consumers
Monday, November 1st, 2010 | Posted by: Jodi G. Daniel JD MPH, Director of the Office of Policy and Planning, Office of National Coordinatator for Health IT and reposted here by e-Healthcare Marketing. 

For the past few months, ONC has been reviewing the government’s role in empowering consumers to better manage their health through information technology (IT). As we work toward a future of widespread electronic health record adoption and meaningful use, and as we continue to see rapid technology advancements in this industry, there is opportunity for consumers to take fuller advantage of the benefits of health IT.

Last week, we hosted a meeting with representatives from some of the leading consumer advocacy organizations in the country, including consumer protection agencies, disease advocacy groups, clinical innovation think tanks, and consumer health web designers. This particular meeting was focused on building a dialogue between the government, consumer organizations, and their members about the nation’s transition to electronic health records.  It further validated our belief that public input is critical to the process of focusing our work on areas where the federal government has an important role to play, and away from areas best left to others.

ONC is currently drafting a five-year Federal Health IT Strategic Plan, which is scheduled for publication in early 2011. In the plan, our proposed framework for consumer empowerment takes into consideration our existing activities. But it also provides a unique opportunity to set forward-looking direction and do more for consumers over the next five years. We hope you will assist us.

  • First, do you agree with the four objectives listed below?
  • Second, what specific activities would you like to see the federal government take on? See the bullet points below each objective for some starting ideas of possible activities.   

We will be unable to respond to every post but we will follow-up with another entry to reflect on the discussion.

The Goal: Empower Consumers to Better Manage Their Health through Health IT

  • Objective A. Engage consumers in federal health IT policy and programs: In order for federal health IT policy and programs to be successful, consumers must both understand the impact of those policies and programs and have direct involvement in shaping them. Ideas for possible activities:
    • Fund a communication campaign to engage with consumers about the benefits of health IT
    • Host consumer listening sessions designed to get consumers’ input on programs and policies
    • Solicit consumer input to Federal Advisory Committees and into rulemaking processes
  • Objective B. Accelerate consumer access to electronic health information: Consumers will be better able to manage their health when they have timely and electronic access to their own health information. Ideas for possible activities:
    • Develop tools like the “Blue Button,” an application that enables veterans to download their health information online from My HealtheVet
    • Require electronic access of consumer health information by patients and address privacy protections for this information through federal regulations and policies
    • Create meaningful use incentives for physicians to share health information with patients
  • Objective C. Foster innovation in consumer health IT: Innovative tools will make electronic health information more useful to consumers and make managing their healthcare more convenient. Ideas for possible activities:
    • Fund research into innovative technologies
    • Launch pilots (such as the Beacon Community Program) that show ways to improve outcomes through the use of consumer health IT
    • Set up “technology test beds” that could define needs for new technologies in the clinical setting
  • Objective D. Drive consumer-provider electronic communications: Consumers can become more active participants in their health and care if providers encourage electronic communications and tools, such as secure e-mail and remote monitoring. Idea for possible activity:
    • Develop quality improvement initiatives that encourage providers to help empower consumers through their use of health IT

Please post your comments directly on ONC Health IT Buzz blog.

Registration Open for PHR Roundtable by ONC: Dec 3, 2010 in Washington, DC

Registration Open for Personal Health Records Roundtable: Dec 3, 2010   

Register for the Event 

Online registration is now open for the Roundtable on “Personal Health Records – Understanding the Evolving Landscape.” This free day-long public Roundtable, hosted by the Office of the National Coordinator for Health Information Technology (ONC), will be held on Friday, December 3 at the FTC Conference Center in Washington D.C. Register to attend in person or via webcast by visiting

Personal Health Records — Understanding the Evolving Landscape
Friday, December 3, 2010; 8:30 a.m. to 4:30 p.m.
(registration check-in opens at 7:30 a.m.)Where:
FTC Conference Center
601 New Jersey Avenue, NW, Washington, DC 20001
or via webcastRegister at . 

For agenda and details of the panels, see previous post on e-Healthcare Marketing.

ONC Dir of Meaningful Use Seidman Blogs on ‘Virtual Bedside’ EHR Experience

Meaningful Use Expert’s “Virtual Bedside” Experience with EHR
Wednesday, October 20th, 2010 | Posted by: Joshua Seidman PhD on ONC Health IT Buzz blog and republished on e-Healthcare Marketing

It’s scary and emotionally painful to be 500 miles away from your dad when he gets admitted to the ICU in the middle of the night. I learned that some of that fright can be alleviated and the pain can be eased a bit by online access to his health data.

With consent, I was able to access to the Boston hospital’s patient portal, one that was developed many years ago, long before most providers understood the potential power of patient-facing health IT. My dad got the medical care he needed and when he was released from the hospital, with his consent, I also got secure access to the discharge summary and instructions in an electronic file (standardized format—CCD or continuity of care document) that I could open in a browser in a human-readable format.

I learned many things in a very personal way from this experience. There’s no substitute for timely, accurate information when you’re trying to help out family from afar. I could track key markers of clinical status to understand how my dad’s recovery was progressing. Reviewing the data in real time allowed me to piece together clinical data to know what questions to discuss with his doctors. I felt empowered by the data.

Specifically, I could view lab data, both his active and inactive medications, the radiology reports (for X-rays but not other scans), the cardiology reports and ECGs themselves, and the blood cultures. In addition, getting a summary of the entire stay on the day of discharge was very useful (even if it was not yet quite complete—I understood that some additional data may be returned to clinicians a few days later).

That’s not to say that it was a completely user-friendly experience, so I have offered the hospital’s IT team my own personal thoughts on opportunities for improvement. Most importantly, there were very few links to lay content for contextualization (just a few of the labs had links and the content at those links was mediocre). I was able to make sense of all of it with help from internists I work with, but a significant portion of data would otherwise have been difficult for me to understand.

That’s absolutely NOT a reason to close off access to the patient/family (I’m clearly much better able to move forward with the raw data than no data and nobody’s forcing me or anyone else to look at it). Rather, there is infrastructure that can be built to support better understanding. Data can be linked to consumer content so that context is provided for every data element. This can be done via the HL7 Infobutton standard or an XML web services platform (for example, open-source software will soon be available from the National Library of Medicine—MedlinePlus Connect—and several other content vendors already provide similar solutions). This should be done both for the online portal and the CCD/discharge summary. In addition, Kaiser Permanente recently donated to HHS its Convergent Medical Terminology that facilitates the translation of clinical terms into consumer-friendly language.

Some data were not made available to us, such as CT scan results. Although there is a document explaining exclusions from the patient-facing portal that the hospital makes available upon request (for detail, see JAMIA article on the topic), it would be much easier if data produced on that patient but not available to patient/family was stated explicitly on each page what is not there. Without noting in the portal what diagnostic tests were performed but not reported left me wondering if critical tests were carried out and what important information the clinicians may be missing in diagnosing the case.

It’s also not clear why or how certain data are excluded. As I noted, some of the lab data were mysterious numbers upon first examination. The explanation that time is necessary for clinicians to communicate with patient/family doesn’t hold up if the patient/family is left in the dark (that is, if information is not CLEARLY communicated to the patient in some other way, which is expecting a lot more of the clinicians than is probably reasonable).

The most glaring omission was progress notes, which would have been very useful. Progress notes would seemingly be among the easier information for lay people to understand. This health system is participating in a pilot project in the outpatient setting. Pending results from the “Open Notes Project,” the hospital likely will be making those notes available for hospitalized patients and families as well.

Another functionality that the portal has available for outpatients that would have been incredibly valuable for me is secure messaging. There was no opportunity for electronic communication with the ICU or medical unit care team. Phone communication is very hard for care teams in the ICU and on the floor, so having an opportunity to exchange secure email with them would be much more convenient for them and for family members than relying solely on telephone tag.

Those areas for improvement notwithstanding, there’s no doubt that this portal is absolutely transformative from a patient/caregiver perspective. It was incredibly valuable in helping me to understand what’s going on with my dad. Now that I’ve had this experience, it would be absolutely maddening and emotionally painful if I had to go through this again without access to data. I hope that meaningful use of EHRs helps to make this kind of portal the rule rather than the exception.

Joshua J. Seidman, PhD
Director, Meaningful Use

As of Oct 22, 2010, there were nine comments on this ONC’s Health IT Buzz blog post. To see those comments and post comments directly, click here.

ONC Roundtable: Personal Health Records – Understanding the Evolving Landscape

PHR Roundtable: December 3, 2010 
(Excerpted from ONC site on October 22, 2010)
The Office of National Coordinator for Health Information Technology (ONC) will host a free day-long public Roundtable on “Personal Health Records — Understanding the Evolving Landscape.” The Roundtable is designed to inform ONC’s Congressionally mandated report on privacy and security requirements for non-Covered Entities (non-CEs), with a focus on personal health records (PHRs) and related service providers (Section 13424 of the HITECH Act).

The Roundtable will include four panels of prominent researchers, legal scholars, and representatives of consumer, patient, and industry organizations. It will address the current state and evolving nature of PHRs and related technologies (including mobile technologies and social networking), consumer and industry expectations and attitudes toward privacy and security practices, and the pros and cons of different approaches to the requirements that should apply to non-CE PHRs and related technologies.

Registration is available as of Oct 26, 2010, click here.
Public comment will open in October. 

Friday, December 3, 2010
8:30 a.m. – 4:30 p.m. (Check-in begins at 7:30 a.m.)

FTC Conference Center
601 New Jersey Avenue, NW
Washington, DC 20001

or via Webcast

The purpose of this Roundtable is to collect information that will assist in preparation of the Congressional report mandated by Section 13424 of the HITECH Act, which directed the Office of the National Coordinator for Health Information Technology (ONC), in consultation with the Federal Trade Commission, to conduct a study and make recommendations related to the application of privacy and security requirements to non-HIPAA Covered Entities, with a focus on personal health record vendors and related service providers.

7:30 a.m. Facility Opens. Check-in.

8:30 am - Welcome: David Blumenthal, MD, National Coordinator for Health Information Technology

8:45 am –  Setting the Stage: Joy Pritts, JD, HHS Chief Privacy Officer

9:10 am –  Panel One – PHRs: Origins, Developments, Privacy and Security Practices
The first panel will describe and discuss the history and current state of personal health records (PHRs), including types of PHR vendors, business models, and privacy and security practices.

10:45 am – Panel Two – PHRs and Related Technologies: New Forms, New Audiences, New Challenges
The second panel will discuss how PHRs are evolving, including the connection to mobile technologies and social networking, and will address privacy and security practices and challenges in this evolving context. The panelists will address how PHR vendors are reaching out to new markets and patient populations.

12:15 pm - Lunch Break

1:15 pm - Panel Three – Privacy and Security of Identifiable Health Information in PHRs and Related Technologies: Expectations and Concerns
The third panel will provide information on and discuss consumer expectations and concerns related to the privacy and security of identifiable health information in PHRs and related technologies. It will also explore the attitudes of health care providers and industry groups to the privacy and security of PHRs.

2:50 pm – Panel Four – Perspectives on Privacy and Security Requirements for PHRs and Related Technologies
The final panel will address the need for privacy and security requirements for PHRs and related non-CE entities, in accordance with the study required by Congress. It will provide a forum for different views on the appropriate regulation, if any, or other requirements that should be applicable to non-CE PHRs and related service providers and technologies. This panel will have two sub-panels. The first sub-panel will include representatives of federal and state agencies with current enforcement authority. The second sub-panel will explore whether there is a need for regulation and other requirements and the pros and cons of different approaches to government regulation and private sector oversight.

4:20 pmClosing: Joy Pritts, JD, HHS Chief Privacy Officer

4:30 pm – End