Tech

What PHR Should I Use? It’s Complicated.

Leslie Kernisan new headshotA friend called me the other day: he is moving his 93 year old father from New England to the Bay Area.

This is, of course, a relatively common scenario: aging adult moves — or is moved by family — to a new place to live.

Seamless transition to new medical providers ensues. As does optimal management of chronic health issues. Not.

Naturally, my friend is anxious to ensure that his father gets properly set up with medical care here. His dad doesn’t have dementia, but does have significant heart problems.

My friend also knows that the older a person gets, the more likely that he or she will benefit from the geriatrics approach and knowledge base. So he’s asked me to do a consultation on his father. For instance, he wants to make sure the medications are all ok for a man of his father’s age and condition.

Last but not least, my friend knows that healthcare is often flawed and imperfect. So he sees this transition as an opportunity to have his father’s health — and medical management plan — reviewed and refreshed.

This last request is not strictly speaking a geriatrics issue. This is just a smart proactive patient technique: to periodically reassess an overall medical care plan, and consider getting the input of new doctors while you do this. (Your usual doctors may or may not be able to rethink what they’ve been doing.) But of course, if you are a 93 year old patient — or the proxy for an older adult — it’s sensible to see if a geriatrician can offer you this review.

Hence my friend’s situation illustrates two common core healthcare needs that families of older adults often have:

To successfully manage a transition to a new team of medical providers.

To obtain a second opinion regarding a person’s health, chronic conditions, and the medical management plan. (For more on how this approach can can help patient assess the quality of their outpatient care, see this post.)
To address both of these needs, older adults and family caregivers need a good personal health record (PHR).

So, I find myself — yet again — on the hunt for a good PHR system to recommend to families.

As some might recall, I blogged about PHRs back in January. (See this post.)

And now the time has come for me to take another look at what’s out there for PHRs. Let’s see what people can recommend for these two family caregiver use cases.

Use Case #1: The family of an older adult with multiple chronic problems has not been collecting substantial health information. (As in, copies of the health information that doctors look at; I’m not talking about those patient visit summaries, which I find are barely of use.) The family is moving the aging parent across the country, and are requesting a comprehensive consultation.
Persnickety doctor (yours truly) sends them her list of medical information that they should bring to the first visit. Family needs to:
  • Obtain this information, much of which is currently in the hands of prior providers,
  • Organize it and keep it in a way that will facilitate care in the future,
  • Keep adding medical information to their repository in the future, in part because Dr. Kernisan has insisted that this will pay off for future healthcare needs.
Use Case #2: I am just going to paste the relevant comment right here, as I find it fascinating. In an earrlir post I listed a number of digital options for managing health information. However, the reader still felt a need to request additional advice. (The moral of the story: family caregivers will likely be asking doctors and others for advice. I assume this is because sorting through a lot of options on your own is tiring; that’s why people ask experts instead of figuring it all out on their own via Google.)

I’m a caregiver to my mother in that I go with her to all her doctor visits & keep a notebook (4 inches) that has all her doctors’ notes (5 in all), hospital visits/ER visits & tests. The notebook grew from a smaller one to the 4-inch one because during her last hospital visit, the doctors were asking me questions that I didn’t know the answers to & didn’t have that specific doctor’s records to help them. Believe me, I got on that right away while she was still in the hospital & it stayed with her at the hospital until she came home.

I also keep an updated list of her medications with allergies listed as well as a 3-page typed-out present, past medical, past surgical, family & social history.

There is a notebook-sized business card holder for her appointment cards.

My problem is now that that 4-inch notebook is becoming heavy to carry, but as sure as I put all the different dividers into individual notebooks & take that particular notebook with us to that particular doctor, he’ll want to know what one of the other doctors said or what the most recent tests showed & I won’t have that information. Is there something out there like a PDA or something where I scan the paper copies onto our home computer, then put the scanned copies on the device as well as a calendar in order to keep her appointments?

Like the idea above about putting a “please return to…” sign on the notebook; never thought about it getting lost.

Thanks for your help.

So to summarize this use case: an adult-child caregiver has been maintaining a personal health record on paper. She has decided that it’s in her mother’s interest for her to serve as health information exchange system. (Smart!) Her notebook is getting big and cumbersome, so she’d like to convert it to a digital repository. She finds providers are often interested in health information — including test results — from other providers.She needs to:

  • Convert her existing paper resources into a digital format,
  • Easily share content from the PHR with her mother’s various doctors,
  • Keep adding information to the PHR as her mother continues to see various providers.

What personal health record systems can you recommend?

I have a few PHR ideas for these two use cases, but I haven’t had time to research in depth since my last post on PHRs. So I am soliciting suggestions and recommendations from you, dear readers.

Livongo’s Post Ad Banner 728*90

30
Leave a Reply

8 Comment threads
22 Thread replies
0 Followers
 
Most reacted comment
Hottest comment thread
10 Comment authors
younique lash combImpression TextileAllen CliffordLauren StillMD as HELL Recent comment authors
newest oldest most voted
younique lash comb
Guest

What’s up, always i used to check webpage posts here early in the break
of day, because i like to find out more and more.

Impression Textile
Guest

Thank you bro for this post

Allen Clifford
Guest

Check out LinkedMD on Kickstarter. We have an answer on the way.

@BobbyGvegas
Guest

Hi, Dr. Leslie-

Goog question.

If your patient voluntarily shares ePHI with you from a site hosted by a 3rd party — AND the 3rd party is not explicitly acting as an ePHI Business Associate (“BA”) — you are probably not required to document the transaction. But, I would document it (including express, documented pt date/time permission to view) anyway in some fashion just to CYA, particularly if the information is not “encrypted in transit.”

The Security regs go ePHI ops within HIT systems controlled by CEs and/or BAs.

(And, IANAL)

Merle Bushkin
Guest

Perhaps this will help clarify this issue. Our attorneys specializing in healthcare information, HIPAA, etc., outlined the “rules” for us. This is my understanding of them as they apply to our patient-focused personal health record system and our handling of patient records (PHI). MedKaz is owned by the patient as is the data on it. Once the patient’s PHI are on it, the patient is free to share his/her information with anyone they care to and they are not subject to HIPAA. While there is no requirement to do so as far as I know, we do keep an audit… Read more »

@BobbyGvegas
Guest

As you note, you are a “BA.” But, a BA exists per 45 CFR 164 et seq only to the extent that they are involved with a CE (Covered Entity: Clinical Provider, Clearinghouse, or Health Plan) as it pertains to the business use of ePHI, so your statement is a bit misleading. to wit: “…the patient is free to share his/her information with anyone they care to and they are not subject to HIPAA” That is nominally true. You or I could post our ePHI on Facebook at will were we that reckless and no one (including Facebook) is HIPAA… Read more »

Merle Bushkin
Guest

As a consumer-patient, I want my records secure, private and accurate, and I want to know that when a care provider is treating me that my records and only my records are immediately accessible to him or her. As a PHR vendor, I want to provide nothing less. That’s why we don’t store a patient’s records on our servers, in the Cloud or anywhere else. That’s why we include the patient’s picture on the device to ensure proper patient identification. That’s why we give patients control of their records on a device that they can conveniently carry with them at… Read more »

@BobbyGvegas
Guest

“It’s cute to say 10 lawyers will give you 12 opinions and to speculate what’s appropriate behavior” __ Yeah. A flip wisecrack (often applies to MDs as well), but one borne of frustrating experience. I sat on my HIE’s Privacy and Security Task Force. I was the staff lead on writing the P&Ps. We spent more than a year endlessly debating arcane fine points, with the lawyers always wanting “further study” (on our dime, of course). And they would always blow us Great Unwashed tech grunts off, along the lines of “you just don’t understand legislative construction.” Yes, in HIPAA,… Read more »

Leslie Kernisan, MD MPH
Guest

Thank you Merle & Bobby for these comments; I learned quite a lot from them.

FWIW although I think some people don’t trust the cloud and prefer to have sensitive information only in hand, the general trend seems to be for many to accept the risks of the cloud (which probably most don’t accurately understand) in exchange for convenience.

I’m a Kaiser patient. If KP puts my ePHI on the cloud, it must be “safe enough”…they can certainly afford lawyers.

Merle Bushkin
Guest

“some people don’t trust the cloud and prefer to have sensitive information only in hand, the general trend seems to be for many to accept the risks of the cloud (which probably most don’t accurately understand) in exchange for convenience.” Indeed, many people trust the Cloud and, I guess if I were critically ill and the only option I had was to store my records in the Cloud, I’d do so, too. However, that ‘s not my only choice so I prefer to have them on my MedKaz. Despite the pleasant “image” the Cloud conjures up, it has two serious… Read more »

MD as HELL
Guest
MD as HELL

As I said…….

HIPAA should be repealed in its entirety.

@BobbyGvegas
Guest

Hold your breath.

MD as HELL
Guest
MD as HELL

HIPAA should be repealed in its entirety.

@BobbyGvegas
Guest

Hold your breath.

Datum
Guest
Datum

I’ve heard a lot of people say that they share this information with Google docs. Not sure what the HIPAA implications are. Is a provider in violation of the rules if they accept a file share? It would help if the rules about file sharing were clarified.

Leslie Kernisan, MD MPH
Guest

Good question. I have occasionally looked at unsecure online documents with patients, but accepting a file share does take things to another level.

Agree that we need more clarity about these rules.

@BobbyGvegas
Guest

Well, technically, under HIPAA, ANY time ePHI is created, updated, deleted, transmitted, or simply accessed for viewing, there must be an audit trail log: date/time, by whom, about whom, action taken. 45 CFR 164.306(a)(1) and 45 CFR 164.312 et seq specifically at a minimum. And, a CE of BA is bound by ALL of .164.3 as appropriate: .306(2)(c) Standards. A covered entity or business associate must comply with the applicable standards as provided in this section and in §164.308, §164.310, §164.312, §164.314 and §164.316 with respect to all electronic protected health information. While the word “view” does not appear in… Read more »

@BobbyGvegas
Guest

“a CE or BA”

Grrr.r.. no ‘edit’ function on the behind-the-times THCB.

Leslie Kernisan, MD MPH
Guest

hi Bobby! Now let me make sure I understand what you wrote.

Does this mean that if I (a covered entity when working as a doctor) view my patient’s health info which they have stored online on Google Drive, there is supposed to be an audit trail?

Does it make a difference if we view it on their device versus the office computer?

Merle Bushkin
Guest

Collecting and carrying around paper records is a chore for the care giver and doesn’t really work for the average care provider who doesn’t have time to rifle through reams of paper. Similarly, most care givers don’t have time or the patience to scan paper records and key in masses of data to some form of phr. There is one system that meets the needs you described, simplifies the transition form one provider to another, and avoids the pitfalls I mentioned. It’s MedKaz®. (Disclosure: I’m Founder & CEO of Health Record Corporation, creator of MedKaz.) My own MedKaz demonstrates its… Read more »

Leslie Kernisan, MD MPH
Guest

Agree that carrying around paper records is a chore. That said, it’s easy to get started with paper.

I just took a look at the MedKaz website. I can’t quite tell how my two use cases would get started with it. How would they get their information on it, assuming their PCP doesn’t give them a pre-loaded device?

Anyway, it looks like you have a promising idea. Ultimately it will come down to how much friction is involved for everyone who has to use the system…good luck!

Merle Bushkin
Guest

Getting past records from providers couldn’t be easier. In both of your use cases, it fits whenever the patient or their children want to activate it. As part of the patient setup procedure, the patient lists all her current providers and others from whom she wants to assemble records. This is highly automated and generates two pre-populated pages for each provider: a Request for Records asking for her records and that they be sent to Health Record Corporation, and a HPAA Release. She signs and sends them to their respective providers. When we receive them, we process them (i.e., make… Read more »

Merle Bushkin
Guest
Merle Bushkin
Guest

We updated the “How It Works” page on our website to make it clear how records initially get onto a patient’s MedKaz and how the patient uses it with his doctor. It is designed to be “friction-free” for all parties. Please let me know it it addresses your concerns. See http://medkaz.com/medkaz-system/how-it-works/

Leslie Kernisan, MD MPH
Guest

It’s certainly more informative now, thanks.

Tooba
Guest

Well that’s very thoughtful .I like the second case . PHR can be maintained in digital Notepads , Smart phones, Ipad etc. it can be saved in these devices and then there would be the whole record of the patient in it .

Leslie Kernisan, MD MPH
Guest

Yes, Nick Dawson wrote a THCB post earlier this year about how he uses Evernote to keep all his records. I don’t think it’s technically secure enough, but it does make it easy to access the information from a variety of devices.

Lauren Still
Guest
Lauren Still

Define “technically secure enough.” Do you not feel that Evernote has not leveraged industry best practices around security and privacy, or is this from a policy standpoint? They aren’t acting as a covered entity, so HIPAA doesn’t apply. Would your opinion change once they are PCI compliant?

Leslie Kernisan, MD MPH
Guest

I’m a practicing doc, not an expert in information security. So I can’t say I know the ins and outs of what companies must offer in order to store a consumer’s health information. What I meant is that I don’t think Evernote has been certified (whatever that really means) as secure enough for protected health information. (If they had, I assume they would be marketing themselves for this purpose.) Whether Evernote actually is secure enough for this work and just hasn’t gone through the process of being labeled as such…quite possible. My opinion would change once someone with the authority… Read more »

Lauren Still
Guest
Lauren Still

PHR is somewhat of a catch-all term. Generally, there are two classes, those that are subject to HIPAA privacy rules, and those that fall outside of that scope. PHRs that are subject to the Privacy Rule are those that a covered health care provider or health plan offers, or are otherwise provided and supported through a covered entity. The big difference is in the mechanics of how the patient accesses information, and how information is transferred in/out of the covered entity. If I’m using my insurance company’s PHR (a covered entity subject to HIPAA rules and whatnot), _they allow me… Read more »