A Novel Way to Protect Personal Health Information

In a previous post, I wrote about the thorny issue of protecting people's personal health information. I recommended that, when it comes to personal health records (PHRs), a consumer ought to have a combination of controls to protect one's privacy. That is, a consumer ought to be able to implement a one-time authorization to share limited data sets personal health information (PHI) with specific types of providers. In addition, he/she ought to have granular control over whom, if anyone, gets to see the rest of their PHI by enabling the person to authorize particular types of providers to receive each PHI data element, and be guided by warnings and alerts. This means the consumer needs a clear-cut way to recognize the authorization status of each piece of data in every PHI category, and to be instructed along the way.

I'll now describe how our Personal Health Profiler™ (PHPro™) does it.
Following is a screenshot of a small section of the PHPro report. On the left there are little button colored red, green, and yellow:

• The little RED button in the left-hand column (displaying a closed lock) means only the consumer is permitted to view the data on that row; it is locked from everyone else.
• The little GREEN button (displaying an open lock) means the consumer has authorized certain types of providers to view the data on that row.
• The little YELLOW button (also displaying an open lock) means the data have been pre-authorized for certain people to view using rules logic.

click to enlarge

To see who is permitted (authorized) to see particular data, or to change the permissions, the person clicks the left of that item. The following Authorization Form then appears:


click to enlarge

By clicking the boxes on the form, new types of providers can be added for authorization, and existing providers can be removed.

What would happen, however, if the person wants to remove the authorization of a provider, but such an action would be unwise since that information could help that provider make better decisions and deliver needed care? The PHPro is designed to give warnings and alerts should this happen. A warning prevents the person from removing the authorization of a certain type of provider when a particular piece of information is absolutely essential, while an alert advises the person not to remove the authorization, but allows the individual to override the alert and remove the authorization anyway.

The following screenshot shows an alert. In this example, the person chose not to allow his/her primary care physician to see information about a serious stomach problem. Since it is inadvisable, a message box appears issuing an alert, which can be over-ridden by the person.


click to enlarge

This is an innovative way to give consumers granular level control over their PHI. Note that the list of provider types can be expanded or contracted easily, and the rules logic for pre-authorizing particular limited data sets can modified as necessary.