Should the state hold your PHR?
William Yasnoff, conveniently located in Arlington, Va., has been pushing Electronic Medical Records (EMR) and Personal Health Records (PHR) for years.
He may be best known for his concept of a Health Record Bank, similar to Google Health or Microsoft HealthVault except it's a government-regulated non-profit.
The banks would do the integration necessary so your records from all providers could stay together, along with the privacy and auditing features needed to reassure patients.
As part of his work pushing the concept Yasnoff rails against HIPAA. The law's loophole assuring transfer of data involved in billing means it offers no protection at all, he writes on his blog.
While continuing to editorialize for community-run data banks, Yasnoff has recently softened his stance toward Google and Microsoft, noting the law offers their users protection sites run by insurers and hospitals lack.
All transfers from Google and Microsoft must have your permission. Those from a covered entity don't, if they're dealing with billing questions.
Still, he adds, Google and Microsoft are just pieces of the puzzle. A true bank must be searchable, and must be able to drive EMR adoption through subsidies, he writes.
Ironically, Yasnoff's problem with Google and Microsoft comes down to one of business models.
The rules against search and commercial use of patient data are good privacy protection, but they don't generate the income needed to make EMRs and PHRs universal.
But his own proposal has the same business model problems. He sees Health Banks taking subscription fees from consumers or, in lieu of that, sponsorships from their employers. He would let them aggregate data for industry studies, and take ads.
Then there is the fact that people move. Why is, say, a Georgia health bank so inherently trustworthy if all those records are transferrable to New Jersey? Aren't we really talking about a government records bank? Isn't that state control of records?
None of this is meant to dump on Dr. Yasnoff, who has been added to our blogroll. It's to show where the problems with PHRs lie, in privacy, in business models, and in the demands of stakeholders.
Technology is not the problem.