In performing the research that led up to the publishing of our iPHR Market Report in May, one step we took was to look at ll the multitudes of PHR solutions in the market and on which form factor were they offered (i.e., desktop solutions, USB-centric solutions or native Internet apps provided as a service SaaS model).  We came to the conclusion that Internet-based apps would be the preferred modality in the future and see the greatest adoption.

Our justification went something like this:

Desktop solutions are not “connected” making them too burdensome for most consumers as they must self-enter health information.  They are also not very portable.  To achieve portablity, many desktop solutions are combined with a USB thumb-drive that the consumer can take with them on travel.  Also, hospitals have often given patients a copy of their records and discharge summaries on such USBs, which some PHR vendors claim as a user – sure they are…  (One of the self-proclaimed “market leaders” is notorious for making this claim. ) There are still quite a few USB-based PHR product offerings in the market today, but they will fade in time.

They will fade for the simple reason that they pose a serious security risk. I can’t imagine any IT admin allowing a consumer’s USB to get anywhere near a system’s computer/network – there are simply too many security risks.  Back in early 2007, two researchers at Oregon University showed just how vulnerable PHR-based USBs were to a malicious hack.  Today, I read another good article on security risks that goes beyond risks from just USBs, but risks from about anything you might plug into your computer, referred to as supply chain risks.  These supply chain risks take security threats to a whole new level.  How IT departments respond to this relatively new risk is something that bears close scrutiny.