The public, as consumers and patients, is increasingly gaining access to personal health information (PHI), allowing an individual to see his or her health data to proactively stay healthy and fight off illness. Personal health information management (PHIM) covers PHI access, integration, organization and use by individual consumers and patients. It is also a factor in the overall trend towards patient-centric healthcare.
Putting the right PHIM systems in place can only happen if the healthcare industry understands what people want to do with their own health data. They may use it to manage their agendas, plan and coordinate their activities, make decisions, track their own health and communicate with others. They may also take different approaches to the ways in which they store their PHI and share it with others, whether via healthcare specific networks or other channels, such as social media. PHIM systems should, therefore, accommodate and facilitate these aspects, where appropriate.
PHR and PHIM Integration, Control, and Security
Existing patient information approaches can already support some aspects of personal health information management. Personal health records (PHR) and health management systems for specific conditions are examples. The term PHR also refers not just to data, but also to an application that patients and consumers can use to manage their health information in a confidential, private, secure environment. Note that personal health records differ from medical records, which contain information about a patient’s health compiled and maintained by each of the patient’s healthcare providers.
PHIM and the systems available for PHIM should provide the following:
- Integration of different sources of information. Individual systems like the PHRs and health management systems must be properly integrated, if the key health improvement factors of engagement, satisfaction, and empowerment of participants (patients and consumers) are to be optimized.
- Control by participants over the collection and sharing of their information. A participant will normally want a physician to have access to all the PHI necessary for quality healthcare, but may also want other information to remain private or undisclosed to the physician.
- PHI security. Personal health information can include demographic information, medical history, results of tests and laboratory analyses and health insurance data. Risks, therefore, include breach of privacy and confidentiality, with possible reputational damage and identity theft.
PHIM System Governance, Access and Caregiver Training
IT departments evaluating or building PHIM systems will need to take the patient-centric points above into consideration, and then add the following ones relating to internal and operational requirements:
- PHIM system governance. There are customer relationship, medical professional, financial and legal elements in a PHIM system, so corresponding managers and stakeholders should participate in the supervision of creation, maintenance, and development of the system.
- Multiple PHIM users. Several caregiving entities may require access – with the correct authorization – to a PHIM system, and secure remote access and management will then be required.
- Caregiver end-user training. Different categories of healthcare workers may need to be taught how to safely and effectively use a PHIM system to improve healthcare for their patients.
Finally, regulatory compliance will also be essential. The Health Insurance Portability and Accountability Act (HIPAA 1996) and changes made to HIPAA in the Health Information Technology for Economic and Clinical Health Act (HITECH 2009) limit healthcare entities in the kind of PHI they can acquire, share and use. These entities must also provide the PHI they collect to the individual concerned if the individual asks for it, and should use a suitable electronic PHI format to do so.