Technology Companies, Providers, Health Insurers and Consumer Groups Agree on Framework for Increasing Privacy and Consumer Control Over Personal Health Records | Markle | Advancing America's Future
Technology Companies, Providers, Health Insurers and Consumer Groups Agree on Framework for Increasing Privacy and Consumer Control Over Personal Health Records | Markle | Advancing America's Future

Technology Companies, Providers, Health Insurers and Consumer Groups Agree on Framework for Increasing Privacy and Consumer Control Over Personal Health Records

Publication Date: June 25, 2008 | Back to Latest News

NEW YORK—Dossia, Google, Intuit, Microsoft, and WebMD today joined prominent health care providers, health insurers, and consumer and privacy groups in endorsing a set of practices for new internet services that help consumers track and improve their health. The framework defines a set of practices that can help protect personal information and enhance consumer participation in online personal health records.

“Consumer demand for electronic personal health records and online health services will take off when consumers trust that personal information will be protected,” said Zoë Baird, president of the Markle Foundation, which organized the consensus framework. “We have broken the typical logjam in health care and reached consensus among health sectors and technology innovators, so internet health information products can flourish.”

The announcement comes as technology companies, health care delivery systems, health insurers, large employers, and others are proliferating options for consumers to keep their own copies of health information and connect to health-related services online. However, this emerging, innovative new space is evolving without a common set of information practices and expectations.

“We have achieved the first detailed, consensus-based approach to consumer access and privacy practices for important new internet-based health information services,” said Carol Diamond, MD, MPH, Markle managing director and chair of Connecting for Health. “A stable, common-sense set of principles and practices will foster innovation and improve consumer choice for these emerging services.”

The framework — developed by the Markle-operated Connecting for Health public-private collaboration — includes four overviews and 14 specific technology and policy approaches for consumers to access health services, to obtain and control copies of health information about them, to authorize the sharing of their information with others, and sound privacy and security practices.

In 2006, Connecting for Health released a framework of policy and technology resources for privacy and security in internet-based networks connecting medical professionals from different institutions and clinics. The new framework deals with networks that include individual consumers as participants who can collect their information, store it in applications they control, and share it with whom they want.

The following organizations today endorsed the framework:

AARP • Aetna • American Academy of Family Physicians • Association of Online Cancer Resources ( • America’s Health Insurance Plans • BlueCross BlueShield Association • CapMed • Center for Democracy and Technology • Center on Medical Record Rights and Privacy • Cisco Systems Inc. • Consumers Union • Dossia • FollowMe • Google • Geisinger Health System • Health Care For All • InterComponentWare Inc. • Intuit Inc. • MedicAlert • Microsoft Corp. • National Breast Cancer Coalition • National Partnership for Women and Families • NewYork-Presbyterian Hospital • Pacific Business Group on Health • Palo Alto Medical Foundation • Partners Healthcare System • RxHub • SureScripts • U.S. Department of Veterans Affairs • Vanderbilt Center for Better Health • WebMD

“Some of the new services aren’t covered under federal health information privacy laws, and there is uncertainty about privacy protections,” said Steve Findlay, health care analyst, Consumers Union, publisher of Consumer Reports. “This collaboration lays out specific practices that all PHRs and related services can use, whether they are covered by federal privacy rules or not, so they can enhance public trust.”

Survey reveals overwhelming public support for privacy protective practices

The Markle Foundation also released a survey today indicating that four in five U.S. adults believe that electronic personal health records (PHRs) would help people:

  • Check for errors in their medical records (87 percent).
  • Track health-related expenses (87 percent).
  • Avoid duplicated tests and procedures (86 percent).
  • Keep their doctors informed of their health status (86 percent).
  • Move more easily from doctor to doctor (86 percent).
  • Manage the health of loved ones (82 percent).
  • Get treatments tailored to health needs. (81 percent).
  • Manage their own health and lifestyle (79 percent).

“This new survey indicates that an overwhelming majority of U.S. adults see the value of online personal health records. Nearly half express some interest in using one,” said David Lansky, PhD, president and CEO of Pacific Business Group on Health and chair of the Connecting for Health work group that developed the new framework.

“At the same time, the vast majority of respondents said having key privacy practices in place would be a factor in their decision to use such services. Nearly half called specific privacy practices ‘critical’ in their decision to try one out,” Lansky said.

When asked about some of the practices contained in the new framework, consumers said:

How important in decision to try a PHR service:

Common Framework Practice Area

It’s critical


It’s one factor in


Affected people would be notified if their information falls into unauthorized hands in a way that could compromise their identity or expose their health information.



An individual would be able to review who has had access to their personal health information.

53% 37%

Individuals would have a clear process to request corrections or dispute the way their information is handled.

53% 38%

Individuals would NOT be denied care or penalized financially based on whether they decided to provide certain medical information to an internet-based service.

49% 40%

The survey of 1,580 U.S adults – conducted by Knowledge Networks between May 13 and 22, 2008 – matched the demographic proportions of the general U.S. adult population (including online and offline households), and had a margin or error of plus or minus 2.5 percent. It was designed by Columbia University Professor Emeritus Alan F. Westin, a leading authority in privacy research.

Among the other findings:

A small percentage of Americans use PHRs today.
Despite the expressed interest that consumers revealed when asked about electronic PHRs, only 2.7 percent of respondents (which equates to 6.1 million people) said they had one today. Of this small group, four in five described their PHR as “valuable.”
Consumers cite privacy concerns as a significant barrier to PHR adoption.
Of the people who said they were not interested in having a PHR, more than half (57 percent) cited privacy concerns as a reason for not wanting one. 

“Regarding health privacy, we found that 24 percent of the public have high concerns; 49 percent to 56 percent have moderate concerns, and only 20 percent to 27 percent have low concerns,” Westin said. “This pattern of health privacy intensity suggests that 73 percent to 80 percent of the public will want to be assured of robust privacy and security practices by online PHR services, if they are to join those offerings.”

Consumers see that several options can be effective in ensuring protections on the web.
The survey asked consumers about their perceptions of effectiveness in four different ways of enforcing good practices on the web. Eighty percent said they thought each of these two options would be effective: 

  • Having an independent organization audit the PHR organization and provide a seal of approval to certify it is following good practices.
  • The Federal Trade Commission or state attorneys general enforcing existing consumer protection laws, by finding any PHR that does not follow its own policies is engaging in false and misleading practices.

Seventy-six percent said they thought each of these two options would be effective:

  • Market forces – consumers choosing the products and brands they trust and not using others that do not follow good privacy practices.
  • Congress passing a new health privacy law to cover the special features of online PHR services.

“Enforcement is a crucial element of this framework,” said James X. Dempsey, vice president for public policy of the Center for Democracy and Technology. “Moreover, the Connecting for Health approach makes it clear that it is not sufficient to rely on one single enforcement mechanism for the range of privacy principles. Rather, different enforcement mechanisms will likely be optimal for different aspects of the privacy framework, and comprehensive enforcement will probably require a mix of approaches. It was interesting to see from the survey that consumers believe that a range of enforcement tools may be effective.”


Markle Connecting for Health is a public-private collaborative with representatives from more than one hundred organizations across the spectrum of health care and information technology specialists. Its purpose is to catalyze the widespread changes necessary to realize the full benefits of health information technology while protecting patient privacy and the security of personal health information. Markle Connecting for Health tackles the key challenges to creating a networked health information environment that enables secure and private information sharing when and where it is needed to improve health and health care. Learn more about Markle Connecting for Health at