P9

Section 6: Charting a Path Toward Fully Networked PHRs

A number of significant projects to deploy PHRs are now underway. With this document, we have offered a vision of how these multiple approaches to the PHR might coexist and even support each other. We began by presenting a set of values and principles that assert the right of the individual to control personal health information and eventually to share that information with a variety of innovative health care services. We then outlined a strategy to put those principles into practice by developing a networked PHR. The first step toward achieving our goal is to develop policies that will enable consumers to participate in health information exchange.

Connecting consumers to a health information exchange network raises a number of policy questions:

• How will individual consumers be authenticated?
• How will authorized users of an individual’s PHR be authenticated and allowed access?
• How does the consumer know she is communicating with who she thinks she is through the network? How does she verify the source and accuracy of data received?
• What consent procedures will be followed before granting consumers access to the network?
• Which secondary uses of the data, if any, are to be sanctioned?
• How will unauthorized uses of data be handled?
• How will personal health applications be certified to access data sources?
• Will standards for patient-sourced data be defined?
• Will patient-entered data (e.g., errors, changes in medication use, etc.) be propagated back to data suppliers?
• How will the consumer's ability to control the sharing of her data be ensured?
• By what procedures will consumers grant access to other users such as providers and caregivers?
• How will relationships among consumers, Consumer Access Services, and other NHIN participants be formalized?
• What mechanisms will assure accountability?

All of the policy issues above cannot be solved at once. Therefore, we have chosen to focus on a few priority problems in 2006 and 2007. These significant policy issues can be grouped into the following categories:

• Authentication: How does a network participant know that a consumer user is really who she says she is? The discussion of this issue should include a thorough exploration of private sector and federal sector roles in determining adequate policy.
• Consumer Access Service policy requirements:
  • What are the key principles and characteristics of a Consumer Access Service?
  • What specific capabilities and liabilities must a Consumer Access Service assume to maintain a chain of trust with the participants of other SNOs?

Markle Connecting for Health will convene multi-stakeholder Working Groups that will formulate policy recommendations for each of these challenges. We recognize that each stakeholder has its own set of interests. To successfully develop an open market of networked PHRs, each stakeholder must make a commitment to enable portability of personal health data with the consumer in control.

Organizations should make the data that they hold available—at the consumer’s request—to applications offered by other entities, as long as those entities comply with a Common Framework of rules and practices for information stewardship.

This approach would allow consumers to access their information through applications of their choosing, as opposed to having access exclusively through the application offered by each entity that captured their data. The networked model opens up possibilities for existing entities and new entrants to compete on innovation, value, and service to consumers. This model holds more promise than proprietary silos, because no one organization holds all of the data valuable to most consumers. We therefore recommend that organizations aim to exploit the power of networks by developing and adopting a Common Framework for networked PHRs.

A networked PHR environment cannot be achieved without collaborative efforts and consensus agreements among all stakeholders. To achieve our national vision of networked PHRs for every American who wants one, we need to agree on the characteristics of the network and the means by which personal health information will be shared and managed. We must create an environment of trust and confidence. Without a Common Framework of policies for information stewardship, even a thousand interesting projects and product offerings are not likely to produce a trustworthy, interoperable PHR.

This paper provides a vision of a plurality of organizations that offer opportunities for consumers to connect to networks of personal health information and services. An individual could connect via a Consumer Access Service offered by a provider group, a RHIO, a retail chain, a payer, an affinity group, a web portal, a bank, etc. We seek a free and fair competitive environment in which all players agree to a minimum set of common rules. The precise path toward this vision is not completely knowable now. However, we envision several steps over the next five years:

1. Collaboration among multiple stakeholders to recommend policies, beginning with the key areas cited above.
2. Development of one or more prototype Consumer Access Services with multiple PHR connections.
3. Broad dissemination of the prototype findings and requirements.
4. Contractual agreements to abide by a Common Framework among a critical mass of health care actors.
5. Evaluation of potential methods to validate and enforce rules for Consumer Access Services and the applications that connect to them.

As we have witnessed in the short history of the Internet, market demand and the power of networks can combine to make consumers a driving force for change. This paper outlines a framework aimed at allowing a similar phenomenon to happen in the particularly complex and sensitive area of personal health information.