Top 10 Things to Consider When Choosing a PHR

by | Dec 17, 2009

At some point, hopefully in the not so distant future, physicians, clinics and hospitals will reach for the ARRA/HITECH Act carrot, adopt a certified EHR and demonstrate meaningful use.  One proposed requirement for meaningful use that will likely pass through the CMS rule making process is the requirement allowing citizens to receive their personal health information (PHI) is a digital format.  Once citizens have their PHI, we may begin seeing greater adoption and use of independent Personal Health Platforms (PHPs – Chilmark’s preferred term for PHRs, reasons why).

With that in mind, here are the top 10 things that citizens need to consider in choosing their PHR/PHP to store, access and share their PHI or that of their loved ones.  Note: This list is in no particular order as everyone has a slightly different tolerance for risk, usage needs, etc. Also, we are assuming that even the most basic PHP/PHR supports storage of the minimum data sets for base demographics, contact info, med lists, allergies, procedures and some family history.

1) Privacy: PHI is arguably the most private and personal data that you may control in the future.  Falling into nefarious hands could prove disastrous to you and possibly your family. Therefore, when evaluating a vendor’s solution absolutely read the fine print of their privacy policies.  A good rule to follow is the easier the policy is to read and understand, the more likely it is a good policy,  Overly complex verbiage with loads of legal speak is a yellow flag – be careful. Lastly, seek to understand what might happen to your PHI should your PHP provider be acquired, or worse, go out of business.

2) Security: Once your PHI is stored on a PHP vendor’s servers, how secure is it?  First, insure that the vendor uses https, secure socket layer (SSL), 128 bit encryption. Secondly, best to go with a vendor that asks you to create a password that is comprised of letters, numbers and maybe even characters.  Third, seek a vendor that stores your PHI in encrypted format on their servers.

3) Sharing: What sharing capabilities does the PHP vendor provide should you wish to share your records with another (health proxy, your physician, another family member)?  Are you able to share discrete aspects of your PHI via data tagging features within the PHP/PHR or does sharing simply mean complete and total access to the entire record?  Though rarely found today in most PHPs/PHRs, Chilmark foresees a future need for discrete sharing to protect sensitive aspects of one’s full longitudinal record (sexual history, genetics, family history, preventative visits, labs, etc.). A vendor providing such capabilities today is forward thinking.

4) Standards Supported: A PHP’s/PHR’s support of common clinical standards (CCR, CCD, NDC) will become increasingly important as the adoption of EHRs by clinicians takes hold.  Not only will support of standards facilitate a citizen’s ability to obtain their PHI and upload it to their private, personally controlled PHP, but may also facilitate automatically receiving PHI in the future.

The data will also be in computable form.  Accurate, computable data will enable other apps within a PHP to execute various functions (health guidance, alerts, etc.) on your behalf creating a richer more personal system.  Note, while standards are important for automating data retrieval and use, be sure that the solution also provides the ability to upload unstructured data such as your personal notes, advanced directives, health proxies and the like.

5) Access: A PHP/PHR is of little use if you can not readily access it in an emergency or via more than one modality. Most PHPs have some form of “break the glass” feature should one end up in the emergency room unconscious.  Similar to sharing, evaluate exactly what would be shared in such a situation.  Does the solution provide access to the complete record, or can you create a specific personalized ICE form that has only the most critical information an ER doctor would be looking for – usually med list, allergies, basic demographics/profile, and recent lab results.

You will not always be in front of your computer when you need to access some aspect of your PHI, say during a doctor’s visit, on travel, etc. thus another thing to look for is the solutions ability to support access via a mobile device. With the advent of smartphones such as the iPhone, Chilmark foresees a future when many of the better PHPs will have an app that easily connects to the citizen’s host PHP.  That day is not here yet, but several desktop/web-based solutions are currently developing apps for the iPhone and Google’s Android mobile operating systems.

6) Partners: Few citizens are seeking only a digital file cabinet for their PHI, yet that is what the majority of PHP/PHR vendors provide today.  A key part of the problem is simply resources as most vendors of such solutions are small companies that cannot afford to create the multitude of apps that citizens may seek to make their PHI data actionable and their view into the PHP more personalized. These vendors need partners to bring such richness to their solution.  Strength and depth of partnerships are also often a key indicator of the relative health of the PHP/PHR vendor – strong partnerships=good healthy, growing company.

7) Biometrics: Few solutions support the ability to automatically upload biometric data (glucose, blood pressure, weight etc.) to a PHP.  This is counter to what is actually occurring in the market as more consumer-facing digital,  biometric devices are introduced and hospitals increasingly turn to such devices to facilitate remote care.  If you currently have a chronic condition (diabetes, hypertension, etc.) that requires some form of monitoring, seek only those solutions that provide this capability.  For others, such as athletes who wish to record heart rate this may be a “nice to have” feature.

8.) Personalization: Unfortunately, the vast majority of PHPs/PHRs in the market have terrible personalization capabilities with most solutions being generic systems with simple generic templates designed for the least common denominator.  Therefore, seek solutions that provide a rich set of personalization features, either through the vendor or their partners, allowing you to easily create a system that meets your specific needs.

9) Provenance & Portability: Provenance provides the ability to insure your records are kept intact and that any changes (edits, modifications, notes added) made to them are accurately recorded and an audit trail is produced.  This is particularly important not only for your peace of mind, but also for a physician’s. Portability simply refers to your ability to take your records with you should you decide to move to another solution that better meets your current and/or future needs. When assessing portability, keep in mind what standards (e.g., CCR, CCD, NDC, etc.) are used when exporting your data to insure that your PHI is easily transferable to another system.

10) Engaging: At the end of the day, a PHP/PHR is of little use if you do not actually use it.  Seek a solution that you’ll actually enjoy using, one that provides a multitude of benefits well beyond simply and conveniently storing your PHI.  Are there specific features, widgets and apps you know you’ll have fun using to track your health or the health of a loved one? Does the solution help you complete a specific job far easier than how you are doing it today? Think automatic production of summer camp health forms for your children or allowing you to schedule an appointment with your doctor online.  Is the solution actually easy to use?  If you need to think too hard to accomplish even simple tasks, pass on the solution, it will only get worse.

There you have it folks, those top ten things should get you well on your way to picking a PHP/PHR that is best for you and your family.  Sure, there are a number of other things that could have been included or might have replaced one or two of the above but base on our knowledge of the market, this list is the best starting point in your selection/evaluation process.

Maybe, in the not so distant future, we’ll create our wish list for Santa of what we want to see in a the PHP of the future.  Stay tuned.


  1. Lincoln Nguyen

    The PHR market is almost as fragmented as the EHR market. Luckily there are solutions like GoogleHealth and MS HealthVault out there that are gaining traction. Also consider whether the PHR is tethered.

  2. Ricardo Davis

    A refinement for #2: My ideal PHP will use two-factor authentication for full user access. With the proliferation of USB flash drives, people would not be too intimidated with USB key dongles. Even though this does add to the cost of the PHP solution my privacy is worth the key and associated management costs. Second factor authentication (deals with man-in-the-middle attacks) such as used by Yahoo! and Bank of America would be a helpful feature.

    Also, portability must include the ability for the user to create and maintain an encrypted backup of the entire PHR on their computing device.

    Lastly, the PHR should be the primary record of the patient’s information and it must be under the exclusive control of the patient or patient’s representative. This shifts the balance of power from the health care providers, third-party payers, and their regulators to the patient. If a provider or a payer needs information then they have to go to the patient and get permission for it.



  1. ICMCC News Page » Top 10 Things to Consider When Choosing a PHR - [...] Article John Moore, Chilmark Research, 17 December 2009 SHARETHIS.addEntry({ title: "Top 10 Things to Consider When Choosing a PHR",…
Submit a Comment

Your email address will not be published. Required fields are marked *

Related Content

A Redeterminations Disaster

A Redeterminations Disaster

The necessity of patient engagement with Carrie Kozlowski and Ed Marx In this episode of the Chilcast, Managing Partner John Moore is joined by Carrie Kozlowski, COO and co-founder of Upfront Healthcare, and Ed Marx, CEO and Founder of Marx Advisory and host of the...

read more
Epic UGM 2023: Some News, Some Olds, and the March of Progress Continues

Epic UGM 2023: Some News, Some Olds, and the March of Progress Continues

Green FHIR APIs,
Climb Mount Fuji,
Come see the sunlight!
*Variation on Kobayashi Issa “O, Snail”

My second UGM (Epic’s User Group Meeting) offered a great perspective on the thousands of users on Epic coming together to share, exchange, learn, and advance their practices. Gathering around 13,000 attendees, Epic’s team has done a wonderful job just like a year before, making the atmosphere friendly while highly professional. The unique charm of Wisconsin, and Madison in particular, makes it a truly outstanding conference with a myriad of learning opportunities.

read more
Powered By MemberPress WooCommerce Plus Integration