Preface to Report

We’re down to the final proofs, the final edits and the PHR Market Report will be ready by the end of the week.  A long process, but well worthwhile – the end result being a comprehensive report of roughly 100 pages in length and 20 in-depth vendor profiles.

My deep thanks and appreciation go out to so many who have provided advice, assistance and encouragement.  While there are far too many to list all contributors, special thanks go out to Rick Benoit at Intel, Ken Mandl and Will Crawford at Children’s Hospital Boston, Sean Nolan at Microsoft, Jerry Lin at Google, David Dobrin of B2B Analysts, and all the PHR vendors who showed such patience in answering my many questions.

As a lead-in, following is the Preface to the Report.  Again, to be notified when report is released, simply send an email to

Quite suddenly, the Personal Health Record (PHR) market has taken on renewed interest.  Countless press articles extol both the virtues and risks of PHRs. Government institutions are dedicating resources to understand how PHRs may affect the healthcare sector – driving needed change. Employers and health plans seek new ways of using PHRs to engage their constituents, encouraging them to adopt healthy behaviors. Providers are adopting PHR solutions to deliver added value to their customers and increase customer retention.

Against this back-drop, within the last year the PHR market has seen the entrance of two of the largest and arguably most significant consumer-driven software companies in the world, Google and Microsoft, who are each pursuing their own consumer-focused, personal healthcare strategies. Even the employer-led consortium, Dossia is back on track developing a personal healthcare platform with Children’s Hospital of Boston that when complete may serve upwards of 8 million consumers.

Further, it is becoming increasingly clear that the U.S. healthcare market is in need of some serious restructuring. While PHRs are no panacea for the healthcare challenges this country faces, they have the potential to initiate change that is long overdue, change that will be consumer led and consumer driven.

Yet, despite this interest, a clear, pressing need, and the entrance of major players, the PHR market remains an elusive, challenging market to understand and predict its future outcome. A multitude of companies, large and small, have developed an equally broad array of PHR solutions. Some solutions reside on a consumer’s desktop, others come on a USB and still others are offered over the Web. Beyond modalities, the capabilities of these solutions are even more wide ranging, from simplistic systems for filing of electronic records to sophisticated solutions with personalization tools that guide the user on not only how to manage their health and the health of loved ones, but may for example provide advice on who may be the best physician in their area for a given aliment and the costs of treatment.

Over the last several months, Chilmark Research has interviewed a wide range of PHR vendors, users, employers, proponents, detractors and observers. One observation became readily apparent in these discussions, the future of the PHR market lies on the Web. Therefore, unlike other reports on this market, the focus of this report is strictly on Web-based PHR applications, that are referred to as iPHR solutions.

First in a series of reports, this report is designed to bring clarity to the reader on where the iPHR market is today, where it is headed and the adoption challenges that need to be overcome. Most importantly, the report will assist the reader in understanding who are the leading iPHR vendors today, what is their unique value proposition and areas they need to improve. Armed with this information the reader will have the knowledge necessary to initiate their own evaluation and selection of an iPHR solution that meets their personal needs or the needs of the organization they represent.


Why Extending HIPAA to PHRs is NOT a Good Idea

There has been a lot of talk about extending current HIPAA regulations to address non-covered entities, particularly PHR vendors. Many believe that this is what is needed to preserve consumer privacy. There was even an article last month in the New England Journal of Medicine by the creators of the Dossia platform, Indivo that unfortunately was taken out of context by some, including the New York Times, (but not all) which continued to fan the flames for an extension of HIPAA. And of course, as long as those flames keep burning brightly, the traditional stakeholders in the healthcare market (especially providers, and health plans) who are loathed to have the consumer take more direct, personal control of their records, can sit back and continue to directly manage the consumer relationship without any pesky intermediaries (e.g., independent PHR vendors).

But HIPAA really doesn’t provide the protection that many of the press, privacy pundits and others claim. For example how many consumers know that under HIPAA…

Health care entities are allowed, for fundraising activities, to release to business associates – without explicit individual authorization – certain demographic information, such as names, addresses and dates of treatment, but not information about health or health care.

Sure, they are not sharing medical records, but they could be sharing information that I happened to be admitted to their psychiatric clinic, (e.g., I went to MGH and ended up at McLeans) which I’m sure most would rather not share.

This clause was responsible for the data breached at UCLA Medical Center when they hired an outside firm to do a fund raising program. While having over 6,300 records exposed on the Internet was bad enough, what is even worse is that the breach was discovered on Oct. 9th but it was not until mid-April that UCLA thought: Hmmm, maybe we should contact all those people effected.

Six months to let someone know that their privacy has been breached! What’s up with that?

As I have written several times before, I am a strong advocate of consumer privacy of virtually any information that is personal, including medical records. I have also taken to task the PHR industry for their extremely poor record, as an industry, to develop clear standards (shall we even suggest a certification process) that will bring some consistency on privacy policies across this industry sector. So far, it seems to having fallen on deaf ears as the research we conducted for our upcoming PHR Report found consistency across the industry to be nonexistent.

With no prompting of my own, at least that I am aware, Microsoft’s HealthVault Group has been very clear on its privacy policies. They even went so far as to extend these privacy policies to all partners of HealthVault via their Terms & Conditions sheet. With some prompting, I was able to get Microsoft to go public with these terms. Recently, Sean Nolan, chief architect for HealthVault put up a post further defining Microsoft’s perspective/policy as it pertains to HIPAA. He also provides a link to a very good overview of HIPAA and HealthVault that was put together by the HealthVault team and Microsoft’s legal team for the development community.  All, very good proactive moves. Now, if I could only start seeing Google making similar pronouncements/announcements, and while I’m at it, how about Dossia as well. Neither of these two has been as proactive as Microsoft on the issue of privacy and the market really needs more unity here.

Getting back to HIPAA.

First-off, I am not against some federal oversight and policy direction as it pertains to personal health records.  Right now, it is a bit of the Wild West as consumer’s take on more responsibility for managing their records and turn to PHR solutions.  What I fear though is that taking a simplistic aproach, “let’s extend HIPAA to cover PHRs” will not solve the problem and truly protect the consumer.  As the UCLA case above so clearly demonstrates, HIPAA does not provide the privacy that most consumers will want for their PHRs.  Also, numerous reports and surveys have shown, that while consumers are concerned with privacy, they believe that benefits of digital records outweigh the risks.

So we are left with a situation where first, HIPAA clearly does not provide the type of protection that most consumers believe they are receiving and secondly, consumers are not adverse to sharing information, but it is they who wish to choose who sees such information and not some third party entity that makes that choice for them.

Simply extended existing HIPAA regulations to non-covered entities will not provide consumers with a sufficient level of privacy protection.  In fact, it may have the perverse effect of giving a consumer a false sense of security.

Extending HIPAA is NOT the answer.

The answer will lie outside of HIPAA  in a new policy construct that puts the consumer in more direct control of how their information is used via an “opt-in” process, e.g., “I chose who I wish to see my data and to what degree of granularity that data is shared.”  Yes, it will make many in the healthcare sector nervous, but they are going to have to get used to it as this market will increasingly become consumer-driven and those consumer’s will want more control.

On last point (minor detail)…

While I may wish to chose to whom I share my records with and at what level of granularity – that granularity issue is a sticky one.  You see, most vendors’ PHR solutions do not have the data management capabilities built-in to allow data tagging for sharing or sequestering record information at a granular level.  For most, you either share all the data in your PHR, or none of it.   PHR vendors need to “get-on-the-ball” and start building this capability into their solution.  And consumers, you need to start asking PHR vendors if their platform supports such capabilities.


Dis-information Among Those in the Know

Here I am at the World Health Care Congress with what appears to be all the major movers and shakers in the healthcare sector, Chairmans, CEOs, Presidents, EVPs – some really big names, some very powerful players. Now I will never claim to be as brilliant as these people, after all, I’m writing this sitting in the audience and not up on the stage giving the presentation. But with all this cranium here at the conference, why do I hear so much dis-information?

For example, the session on PHRs and Consumer Engagement had panelists who could not accurately define the offerings of Dossia, Google, and Microsoft’s HealthVault and in some respects, had it completely wrong. These are the biggest players in this space, or at least will be soon, easily eclipsing WebMD, RevolutionHealth or any other PHR-like entity in the market today. Do they do this on purpose, or do they really just not know? Very disturbing when one thinks that these panelists were chosen due to their purported wealth of knowledge on the subject.

Another one is that red herring that I have ranted on in the past and is certainly a pet peeve, Privacy.  This issue still gets thrown out there by vested interests (and there are plenty of them here) who have little desire to release the records they control to some third party (or only reluctantly release them) that will stand between them and their relationship with the consumer.  Therefore, they throw out the Privacy Bogeyman to scare the consumer and it is really getting quite old.  I have yet to hear of one privacy breach at a PHR vendor, but weekly I hear of one breach after another at both payers and providers. So who is more secure?
The whining that physicians can not go digital because of costs. As I related in my notes from the first day, this should be viewed as an investment in the business.  Granted, there will not be an immediate ROI, but it will come in time, that I am sure of and ultimately, it will allow providers to participate in the future as more and more consumers look to engage their providers over the Web and desiring greater access and control over their records.  Again, a lot of dis-information on the topic that needs to stop.

Well, enough of my own whining.

There really are some great sessions here today including the keynote this morning from Safeway’s Chairman and CEO, Steve Burd. Safeway is doing some interesting things regarding promotion of health and wellness within their family of employees their families and even their customers.

Also intriguing story at EMC where to gain credibility for their PHR initiative, they brought in various medical research institutions to promote their ongoing clinical trials within the PHR and solicit employee participation.  Involving these research institutionsgave the PHR instant credibility and  was very instrumental in EMC’s internal push for PHR adoption. After about four years, adoption of the PHR at EMC stands at 50% of all EMC employees worldwide with adoption still growing.


WHCC & Reports from the Field

I’ll be attending the World Health Care Congress (WHCC) here in Washington DC getting my fill of all things healthcare and most likely an overdose on policy – after all, this is Washington.

The people who put on the WHCC have put together quite an impressive agenda with so many different and what look to be interesting tracks, the biggest challenge for me was just deciding which ones to attend.  In the end have chosen to focus on those tracks focused on consumer health including transparency, successful models for engagement, empowerment and the like.  Over the course of the next couple of days, I’ll provide a couple posts outlining some of the most critical issues raised and lessons learned from the various presenters and participants.  So stay tuned.

As an aside, had two interesting experiences yesterday, here in DC hainvg arrived a day early.  The first was meeting a man on the DC Metro who had flown in to attend a training session.  We got to talking and he asked me what I did for a living.  Told him healthcare and he immediately opened up with: “Healthcare costs and gas prices are going to drive us into the ground.”  As we continued talking he related his own, most recent experiences with the healthcare system.

He receives good coverage from his employer, though complained about his share of costs continuing to rise.  He has had a heart condition ever since he was a child.  Recently, he changed primary care physicians.  Despite a long record of a heart condition, his new doctor ordered a battery of tests that he estimates cost between $30-40,000.  Though he readily admitted that his costs were a few hundred dollars, he knew that in the end, we all will be paying higher prices to support such practices, that for him seemed at a sham.  He also found the multiple Explanation of Benefits (EOBs) forms that he received from the insurer during this whole process as to appear as though they were written in Greek – simply incomprehensible.

Now, I am not a doctor and certainly not one to judge whether or not these tests were unnecessary.  What this story does point out though are two important points:

  1. Might this consumer, if he had control of his records that were safe-guarded in one of the online data repositories like HealthVault, or Google Health, or even Dossia (if his employer was a member), be able to provide a complete longitudinal health record, maybe the physician would have decided not to order these tests.
  2. With all the talk from insurers about transparency, consumer empowerment and all the wonderful online tools that they want to provide to enable such, from this story it looks like they are getting a little ahead of themselves.  Rather than looking to the Internet and IT as the magic elixir to make all this happen, maybe insurers might want to start with something as simple and basic as making EOBs understandable.   Granted, not novel, nor sexy, but it may deliver better results.

The second little musing is that while heading over to the Hirshhorn Museum (my favorite here in DC, great sculpture garden and fabulous modern art) coming out of the Metro and what should I see plastered on the walls – at least 8 small billboard posters with that big smiling face of Magic Johnson saying something to the affect of “Together we will better manage our health.”

These are part of Aetna’s consumer advertising campaign to encourage greater consumer involvement in managing their health.  Really like this advertising campaign (seen full page ads in the WSJ as well).  As far as I can tell, they are the only major insurer being proactive on educating the consumer.  Now if we could just get the other big insurers (are you listening WellPoint, Cigna, UnitedHealth, etc.) to ramp-up their own consumer advertising to focus on a similar message, we may indeed begin to see consumers take a more proactive role.


Employers Taking Long-View Look to PHRs

Over the past couple of weeks I’ve uncovered a couple of recent reports that add to the growing body of evidence that employers will be one of the key markets for Web-based PHR vendors in the future. Going beyond the simple visibility that efforts such as the employer consortium Dossia platform will bring to the PHR market, employers are increasingly taking a long-term view towards employee health and wellness programs. Employers will increasingly rely on PHRs as a foundational element of their strategy.

Human Resources consulting firm Hewitt released late last week the results of a study it conducted among 500 U.S. employers. One of the most significant findings was that 88% of employers responded that they intend to invest in long-term solutions to keep employees healthy. This was up a whopping 25% over last year’s 63%. Within the report it is also noted:

…more than 85 percent of companies say they invest or plan to invest significant resources in long-term health and productivity initiatives over the next three-to-five years. In addition, almost two-thirds (63 percent) plan to offer incentives to motivate sustained health care behavior change, and 67 percent will utilize health care data and measurements to drive their organization’s health care strategy.

Clearly, based on the Hewitt survey it appears that a properly structured employer-sponsored PHR that provides employees with health and wellness information (and action plans) along with incentives as well as delivering employers key de-identified population health metrics, will go long ways towards helping employers meet their long-term objectives.

Another interesting, and in my view more comprehensive study, is the recent report from another HR consulting firm, Towers-Perrin. Their report, 2008 Health Care Costs Survey, (warning PDF) surveyed 500 large U.S. employers representing some 10 million employees. What is particularly attractive about this report are the comparisons made between employers that are high-performing, versus those that are low-performing. In a nutshell, high-performing companies will pay on average 16% less in 2008 ($8,532. vs $10,200/employee) for healthcare insurance costs versus low-performing companies.

High-performing companies take a very pro-active approach to managing healthcare costs in comparison to their lower-performing brethren by focusing at a nearly 2:1 margin on the following:

  • Motivating employees to manage healthcare purchases responsibly.
  • Support employees capability to make sound healthcare decisions.
  • Focusing on employee health management (e.g., population health analysis, pro-active management of high risks, disease and chronic care management, etc.).

Each of these three can be supported to some degree by the better PHR solutions in the market today

The challenge for employers, however, is still a mixture of gaining employee trust and the need to provide appropriate incentives. Sponsoring a PHR for employees may certainly be a step in the right direction, but how that PHR is presented to employees will make a world of difference as to its ultimate adoption and success. As the Hewit study points out, a significant percentage of employees are still hesitant to trust the motivations of their employers and often do not follow-up on health recommendations without incentives. How employers address these issues will ultimately decide the fate of their internal efforts to control healthcare cost increases.

The California Healthcare Foundation has provided some initial guidance, for employers looking to adopt a PHR platform for their employees. While somewhat perfunctory, this will be of some value to those employers just getting started.


Naturally, Govt. Looks to Google and Microsoft

With a poor track record to date getting Regional Health Information Organizations off the ground, the Office of the Coordinator of Health Information Technology within HHS is now looking to expand the National Health Information Network (NHIN) to exchange data with both Google Health and Microsoft’s HealthVault.

But first the Feds look to be scaling back their broad ambitions from a massive NHIN that incorporated (and funded) public and private entities with state and local RHIOs in a federated-type network. This is not working RHIOs seem to be collapsing about as fast as new ones are created as most do not have a sustainable business model. Now the Feds are focusing on what they can control forming a multi-agency initiative (includes such entities as the VA, Dept of Defense, Indian Health Services, CMS, CDC, etc.) to develop NHIN-Connect. The objective of NHIN-Connect is to create an information exchange gateway that these federal agengies can use to exchange electronic medical records. Couple of weeks ago, long-time Government contractor, Harris, won their first healthcare contract for $6.1M for the first phase NHIN-Connect. Please, don’t even get me started on why these contractors are allowed to keep feeding from the federal trough, even when show little experience – talk about a good ol’boy network.

Getting back to Google and Microsoft, this admission by the Feds to open and connect to these two consumer platforms clearly points the way as to how the future of NHIN will develop. It will not be in the control of the federal government, but consumers and those that serve them. But this does bring up a couple of questions as well. For example:

  • What about Dossia, will they be seen in the same light as Google and Microsoft by those leading NHIN initiatives?
  • When we start looking at privacy and security, how will Google and Microsoft address as the proxy for consumers in the broader context of population health studies that the CDC and NIH may want to do against aggregate data in the NHIN?

There are few easy answers and the questions are many. Ultimately, it may be Google and Microsoft (and Dossia) who end up calling the shots as they will be closest to the end consumer and those in Washington DC promoting NHIN will simply follow in their footsteps.