USB-based Personal Health Records: An analysis of features and functionality

https://doi.org/10.1016/j.ijmedinf.2009.11.005Get rights and content

Abstract

Purpose

To determine the features of commercially available USB-based Personal Health Records (PHR) devices, and compare the commercial state of the art to recommendations made by certification committees.

Methods

Thirteen USB-based PHRs were identified and analyzed based on data elements used and features provided. Marketing techniques used by the companies were also explored.

Results

Eight of the thirteen PHRs contained all seven clinical data elements (problems, procedures, medications, providers, allergies, labs, immunizations), three were missing a single element and the remaining two lacked two elements. In the features analysis no single PHR contained all eight features (export data, import data, images, summary print out, emergency entry, teaching material available for problem, username and password supported, Mac-compatible), but two of the devices had seven of the eight features. Finally, scare tactics were used in marketing all but two of the PHR devices.

Conclusion

While PHRs are very important in the health care field, at the present time, USB-based PHRs currently on the market appear to have deficiencies. Tethered or web-based PHRs may be a better option for consumers at present.

Introduction

Complete and accurate medical history information is critical to both patients and physicians. Knowledge of a patient's family history, medical conditions and procedures, social history and other important pieces of information critically informs diagnosis and treatment [1]. Unfortunately, not every patient is able to provide his or her clinician this information during a visit, nor do clinicians always have enough time during a visit to collect the information. Health records, broadly, are designed to store a patient's information in an organized and useful presentation. Such records have, traditionally, been maintained by physicians and other healthcare providers about their patients. Personal Health Records (PHRs) represent a departure from this traditional model of medical record keeping: with a PHR, a patient's health information is organized around (and perhaps maintained by) the patient. In this paper, we present an analysis of commercially available USB-based Personal Health Records (PHR).

In 2005 the International Standardization Organization (ISO) stated the “key features of the personal health record are that it is under control of the subject of care and that the information in it contains is at least partly entered by the subject (consumer, patient)” [2]. A widespread misconception about PHRs includes that they must be completely separate from the EHR, in fact the PHR can be considered in at least four different forms: “(a) a self-contained EHR, maintained and controlled by the patient/consumer, (b) [a self-contained EHR], maintained by a third party such as a web service provider, (c) a component of an integrated care EHR maintained by a health provider (e.g., general practitioner) and controlled at least partially (i.e. the PHR component as a minimum) by the patient/consumer, or (d) a component of an integrated care EHR but maintained and controlled by the patient/consumer” [2]. PHRs of the “self-contained EHR” form (the first two types in the ISO model) come in multiple formats, including be web-based (e.g., Google Health), personal computer (PC) based, or on portable devices (including USB devices) [3], [4]. All forms of PHRs carry many of the same benefits, including increased health communication between patient and clinician.

From November 2002 to May 2003 the Markle Foundation's Connecting for Health (CFH) conducted investigations examining the potential benefits of personal health records, how consumers perceive PHRs, and the concerns consumers have [1]. Consumer concerns towards personal health records were found to be focused on two major areas: privacy and security [1]. When 1000 Americans were asked the general question of “how concerned are you about the potential for invasion of your personal privacy in the U.S. today”, 61% responded with a 4 or a 5, on a scale of 1 (not at all concerned) to 5 (very concerned) [5]. While one study showed the majority of Americans concerned over privacy and security, a separate study found a relatively different set of concerns. The study asked a group of chronically ill patients their perceived concerns and benefits regarding patient-accessible electronic health records. Concerns the patients identified in the survey included: 16% believed lab data in a PHR would confuse them, 5% believed a PHR would make patients worried, and 3% believed patients would take offense after viewing a PHR [6].

Although they expressed some concerns, patients also perceived significant benefits to PHRs: 68% believed a PHR would increase trust in their physician, 89% believed a PHR would increase patient understanding, 85% believed a PHR would clarify patient instruction, 89% believed a PHR would reassure patients, and 76% believed a PHR would improve compliance [6]. Overall, there appears to be positive consumer attitudes toward PHRs.

Personal Health Records have also drawn the interest of the Certification Commission for Healthcare Information Technology (CCHIT), whose mission is to “accelerate the adoption of robust, interoperable health information technology by creating a credible, efficient certification process” [7]. In 2008, CCHIT designated an advisory task force to come up with recommendations for PHRs, and their final report regarding general principles for PHR certification was published on July 15, 2008. The number one goal outlined by the advisory task force for the PHR is privacy [8]. Key aspects for meeting potential certification requirements regarding privacy include ongoing monitoring and strong enforcement of privacy practices on behalf of consumers of PHRs [8]. A second recommendation from the task force is for a “collaboration to develop standards-based criteria that will ensure PHRs can send and receive data from as many potential sources as possible, including ambulatory electronic health records (EHRs), hospital EHRs, pharmacies, labs, etc.” [8]. Finally, the group recommends that all functionality of the device be designed with requirements for privacy, security, and interoperability in mind [8].

Two of the most widely recognized types of PHRs in ISO's “self-contained EHR” category are web-based PHRs and USB-based PHRs. In the last year, Google introduced the Google Health platform and Microsoft introduced its own HealthVault platform. Users of Google Health create an account protected by a username and password. Users can then input information including conditions, medications, allergies, procedures, test results, and immunizations. As medications are entered, they are checked for drug–drug interactions; if an interaction is detected the system immediately alerts the user, telling them at what level the danger is to them (low, medium or high). Each alert also displays pertinent, up to date information [4]. Google Health also allows users to directly import their medical records, laboratory results and medication history from various medical institutions such as the Cleveland Clinic, Beth Israel Deaconess Medical Center (Boston, MA), Blue Cross Blue Shield of Massachusetts, CVS Caremark, Quest Diagnostics and Medco. Finally, the service allows the user to either print a “read-only” version of their Google Health profile or put them onto iHealth, an online PHR and physician–patient communication service [4]. While this PHR does require an internet connection, it carries much more functionality than the USB-based PHRs. Microsoft's HealthVault platform is similar to Google Health, although it focuses more on being a secure repository of health data. A number of healthcare organizations, such as New York Presbyterian Hospital, have partnered with Microsoft to provide health information via the HealthVault platform.

The Google and Microsoft offerings fall into the “self-contained EHR” category of the ISO framework. They are not directly tied to an EHR system nor to a particular institution. “Component PHRs”, by contrast are linked to the patient's EHR as maintained by a particular healthcare provider organization. While the patient is still able to enter information, they do not have complete control over the record. While “component PHRs” are an attractive option, they have drawbacks as well. Many patients are seen at multiple facilities, thus information may only be up to date at one facility, or information may be split among facilities and thus neither has a full medical record for their patient. Secondly, while there are strides being made to implement EHRs throughout the country, currently only 13% of physicians are using an EHR [9]. Beyond this, few medical facilities have “component PHRs” in place, leaving a majority of the population without this as an option.

In contrast to web-based PHRs, where the patient's record is stored on the internet, USB-based PHRs are also available. The USB-based PHR is a self-contained record that bridges the old fashioned paper-based personal health record model, where a patient might either bring in a paper list of their medications or carry in a copy of their entire medical chart from the previous medical provider, and the newer web-based PHRs. The USB-based PHR appears to be designed for two purposes. First, they can be carried with individuals at all times and store all their critical health information that they have entered. In the case of an emergency, the USB-based device could then be plugged into any computer, at which time a member of an emergency team would have immediate access to their personal health record. The second purpose is that individuals can bring the PHR into their medical appointment, have their clinician open the device on the computer, and then review the information that the patient has previously entered.

Unlike some other PHR forms, a USB-based PHR provides some unique opportunities for breeches of security and privacy on both the patient and provider side. From the provider perspective, if a patient brings in a USB-based device and the provider connects it to his or her computer, this may pose a threat to any sensitive data stored on the provider's computer. This risk was described in a 2007 paper [10]. Another risk is in the case where the device falls into the wrong hands. Although many of the devices have encryption capabilities, these capabilities were shown to be very weak in another previous paper [11].

In order to better understand the current state of the market for USB-based personal health records, we set out to conduct an evaluation of the devices on the market today. Our goal was to learn what features and functions the devices have, how well they work and the extent to which their functionality vary.

Section snippets

Methods

Our assessment of USB-based PHRs was carried out in four phases: identifying and selecting PHRs, data element analysis, feature analysis, and exploring the products’ marking approaches.

Product characteristics

Table 1 shows the product characteristics of each device and Fig. 1 shows the physical appearance of each of the devices. As seen in Table 1, 4 out of 13 devices require internet access to use their PHR in any capacity. Two PHRs require the consumer to have Windows 98 or later (the Portable Health Profile and Med-InfoChip) while four require Windows XP (MedicTag, EMRy Stick, MedFlash, and LifeSaver). The MedicTag also requires the user to have Microsoft Word.

The cost of the PHRs varies

Discussion

In the age where incentives by Congress for the use of electronic health records, there is little doubt that the use and need for personal health records are not far behind. Overall, what was seen in the evaluation of these thirteen commercial USB-based PHRs is that the functionality, privacy, and security of the devices are variable and rarely complete.

At the most basic levels, each PHR managed to include fields for the patient to enter his or her problems and medications, both of which are

Conclusion

The data elements, features, cost, and compatibility of the currently available USB-based PHR may not be adequate for consumers’ safety and medical needs. Future research and development of PHRs should be geared toward supporting clinical decision support, interoperability with current EMR systems, and enhanced patient–clinician interaction.

Conflict of interest

Neither author has any conflicts of interest to declare.

Summary points

“What was already known on the topic”

  • Consumer concerns towards personal health records were found to be focused on two major areas: privacy and security.

  • USB-based PHRs may pose a threat to any sensitive data stored on the provider's computer.

  • Key goals CCHIT outline for PHRs include certification include privacy, security and interoperability.

“What this study added to our knowledge”

  • None of the PHRs studied had any clinical

Acknowledgements

We are grateful to the companies who supplied sample of their devices. We appreciate the assistance of Liz Chen, PhD of the University of Vermont who reviewed an early version of this manuscript and provided helpful feedback.

Authors’ contributions: The analysis, literature review, and main manuscript writing was completed by Francine Maloney. Adam Wright contributed in the oversight of the study, design of the methods, acquisition of the test devices, and manuscript preparation.

References (19)

There are more references available in the full text version of this article.

Cited by (40)

  • An overview of electronic personal health records

    2018, Health Policy and Technology
  • Mobile personal health records for pregnancy monitoring functionalities: Analysis and potential

    2016, Computer Methods and Programs in Biomedicine
    Citation Excerpt :

    Pregnancy monitoring is encouraged by obstetricians and gynecologists, which explains why there are already several PHRs for pregnancy monitoring for personal computers and as online services [18]. Previous studies have covered the evaluation and analysis of the functionalities of Web-based PHRs [19] and USB-based PHRs [20], in addition to the evaluation of the functionalities of mobile PHR (mPHRs) in general [21] or mPHRs for specific purposes such as blood donation [22]. The aim of this paper is to analyze the features and functionalities of mobile PHRs focused on pregnancy monitoring, in order to discover whether or not they comply with the needs, guidelines and scientific pregnancy literature in regard to tracking pregnancy.

  • Empowering citizens with access control mechanisms to their personal health resources

    2013, International Journal of Medical Informatics
    Citation Excerpt :

    If distribution and integration issues are considered, the accomplishment is even more difficult. Several initiatives trying to bring the management of health resources to the individual the information of which they handle can be found [8–10]. One of the most relevant of these is the Personal Health Record (PHR) [11], indicated as an electronic application through which individuals can access to and manage their health information.

  • Mobile personal health records: An evaluation of features and functionality

    2012, International Journal of Medical Informatics
    Citation Excerpt :

    Traditionally, mobile PHRs included USB drives, CDs, and other electronic storage devices that were incorporated into bracelets or wallet cards. The primary function of many of these portable devices was to provide critical medical history information to providers in times of emergency, and marketing of these devices was driven by scare tactics and scenarios where lack of medical information could result in serious injury or death [8]. These early, portable, personal electronic devices had significant limitations, including insufficient security safeguards and lack of interoperability, rendering them useless if the medical data could not be accessed [14,15].

View all citing articles on Scopus
View full text