AHIMA AND AMIA RELEASE BASIC PRINCIPLES FOR PERSONAL HEALTH RECORD ADOPTION AND USE, AND ISSUE CONSUMER GUIDANCE FOR CONFIDENTIALITY OF PERSONAL HEALTH INFORMATION

Personal health records (PHRs) provide a powerful way of helping individuals manage their healthcare, but consumers should read the "fine print" to understand the privacy policies of the organization supplying the PHR and the source of the data stored in the PHR, according to a recent position statement released by the American Health Information Management Association (AHIMA) and the American Medical Informatics Association (AMIA).

Their recommendations are that consumers look for the following policies and procedures when selecting a PHR: privacy and security; the ability of the individual, or authorized surrogates, to access their information; individual control over accessibility; and sources of the data stored in the PHR.

"If the PHR contains the same information that the doctor has seen, it has more usefulness for tracking purposes than information from insurance forms," states Jill Callahan Dennis, JD, RHIA, president of AHIMA. "For example, insurance claims information may only list some of the diagnoses or medications and not specific details such as blood pressure reading or medication dosage."

The position statement also includes the following basic principles to guide PHR adoption and use:

* Every person is ultimately responsible for making decisions about his or her health.

* Every person should have access to his or her complete health information. Ideally it should be consolidated in a comprehensive record.

* Information in the PHR should be understandable to the individual.

* Information in the PHR should be accurate, reliable, and complete.

* Every person should have control over the ways PHR information is used and shared.

* The operator of a PHR must be accountable to the individual for unauthorized use or disclosure of personal health information.

* A PHR may be separate from and does not normally replace the legal medical record of any provider.

AHIMA and AMIA recommend use of electronic media to facilitate timely, accurate, and secure exchange of information across healthcare institutions and providers; however, individuals are encouraged to use whatever format works best, even if the choice is paper.

"The important thing is to get started," says Dennis. "Each person can create a PHR at his or her own pace, starting with their next medical visit."

A good place for individuals to begin is to visit http://www.MyPHR.com, a site provided as a free public service by AHIMA, for information on how to create and manage a PHR. The Associations suggest PHR users find out if healthcare providers, employers, insurers, or another individual or organization offer a PHR tool or service.

To view the position statement, "The Value of Personal Health Records," visit AHIMA's Web site at http://www.ahima.org/dc/positions/.

AMIA and AHIMA have also released a set of basic principles for organizations accessing or storing personal health information (PHI) to abide, as follows:

* Inform individuals, through clear communications, about their rights and obligations and the laws and regulations governing protection and use of PHI.

* Notify individuals in clear language about the organization's privacy practices and their rights in cases of breaches.

* Provide individuals with a convenient, affordable mechanism to inspect, copy, or amend their identified health information/records.

* Protect the confidentiality of PHI to the fullest extent prescribed under HIPAA, regardless of whether the organization and its employees all comply with HIPAA, state laws, and the policies and procedures put in place to protect PHI.

* Use PHI only for legitimate purposes as defined under HIPAA or applicable laws.

* Prohibit the use of PHI for discriminatory practices, including those related to insurance coverage or employment decisions.

* Timely notification of individuals if security breaches have compromised the confidentiality of their PHI.

* Work with appropriate law enforcement to prosecute to the maximum extent allowable by law any individual or organization who intentionally misuses PHI.

* Continuously improve processes, procedures, education, and technology so that PHI practices improve over time.

Basic principles need to be incorporated in all rules, regulations, or laws pertaining to PHI if it is expected to flow across organizational boundaries through the nationwide health information network (NHIN).

To view the position statement in full, visit AMIA's Web site at http://www.amia.org/informatics/public_policy/index.asp#confidentiality.

About AMIA

AMIA is an organization of 3500 health professionals committed to informatics who are leaders, shaping the future of health information technology and its application in the United States and 41 other nations. AMIA is dedicated to the development and application of informatics in support of patient care, teaching, research, and healthcare administration and public policy. For more information, visit http://www.amia.org.

About AHIMA

AHIMA has 50,000 members dedicated to the effective management of personal health information needed to deliver quality healthcare to the public. Founded in 1928 to improve the quality of medical records, AHIMA is committed to advancing the health information management profession in an increasingly electronic and global environment through leadership in advocacy, education, certification, and lifelong learning. For more information, visit http://www.ahima.org.

Your contributions to Top Drawer (news, calendar items, products for review) are welcome. Send them to:

CIN: Editorial Office 10A Beach St, Suite 2 Portland, ME 04101 Telephone: 207-553-7750 Fax: 207-553-7751 E-mail: [email protected]