I participated in a personal health record (PHR) workshop yesterday hosted by the Center for Democracy and Technology (CDT). CDT’s goal was to gain input from a wide array of stakeholders (an impressive collection of about 40 health care leaders with different types of expertise in PHRs) to help inform CDT’s recommendations to federal agencies - HHS and the Federal Trade Commission (FTC) - and try to build some degree of consensus among key stakeholders.

[NOTE: All comments at the meeting were not for attribution, but I confirmed with the organizers that there was no problem in sharing my own impressions following up from the meeting.]

There’s no doubt that current federal statutes and regulation (and there are potentially many that apply to PHRs) create considerable uncertainty regarding how to balance promotion of consumer engagement with concerns over privacy and security. Existing regulations from HIPAA, the Electronic Communications Privacy Act, and others coupled with the new provision from the American Recovery & Reinvesment Act (ARRA) - not to mention the complexity of layering state laws on top of that - provide a lot of work for privacy attorneys. But with all the different (potentially) applicable federal and state laws/regulation, there is very little practical guidance on what has to go into privacy policies. PHR implementers can find some guidance from FTC consent decrees, which can represent an expansion of the law.

That lack of clear legal guidance clearly has not helped get consumers engaged in using PHRs to manage their health. Estimates on nationwide PHR usage typically fall in the single digits (in terms of percentage of the US population).

Controversy over the estimates prompted me to share the fact that I'm likely registered to use multiple PHRs (I don’t even know, but probably 4 or 5), but I’m not actually using any of them because my experience has not proven any of them to provide any value to me in managing my health. The only PHR I use is for Molly Seidman - my golden retriever - because my vet (Friendship Hospital for Animals) offers a simple pet portal free of charge that includes messaging with the clinic, health reminders, medication management tools. In fact, during the meeting yesterday (literally less than an hour after I made this comment), some helpful information therapy (Ix) arrived in my email inbox that linked relevant educational information about Molly to the pet portal.

[Why, oh why, does the $2.5 trillion US health care system not offer the humans in my family as good care as my golden retriever gets? Not that she’s not deserving, but...]

What’s clear to me, however, is that - despite the challenges created by the patchwork of laws and regulations - consumer engagement in PHRs suffers when we focus too much attention on the legal issues surrounding privacy and security.

There’s no doubt that we need to deal with privacy and security concerns up front, but as long as the conversation focuses on data, it’s all about people’s fears. It’s not about value. Consumers don’t intrinsically care about data.

In contrast, consumers do care about tools that make it easier for them to accomplish specific health tasks for themselves and the people they love. If PHR certification, for example, continues to focus exclusively on privacy, security and interoperability rather than including attention to functionality, consumers have no reason to get into the PHR game.

Members of Kaiser Permanente or Group Health Cooperative and patients at Palo Alto Medical Foundation are using PHRs at rates probably 10 times the level of the general population. There are a lot of reasons for that, but one of the big ones is that those people have been provided with an opportunity to manage their health effectively through portals that connect them not only to their personal health data, but to Ix and related tools that help them manage their families’ health.

This blog originally appeared at The Health Care Blog.

More recent posts at The Health Care Blog:

Op-Ed: The True Measures of a "Good Doctor"

The Cost of Health Reform - $1.5 Trillion or... ?

Unlikely conversation partners

The Red Flags Rule

More on HITECH, Microsoft mea culpas, Google, et al