Personal Health Records

If you are considering using a personal health record:

  • Look for one that is subject to HIPAA privacy and security rules.  In most cases, this is a personal health record that is offered by your doctor or health insurer.  If you don't know whether it is subject to HIPAA, ask.  Be wary of companies that state they are HIPAA compliant and are not regulated by HIPAA. 
  • Ask who will have access to your medical information.
  • Ask whether you will have control over how your information is shared.
  • Find out how any authorization process works.  Are you able to revoke an authorization?
  • Can you delete information from the personal health record?
  • What security measures are in place to protect the information?
  • Where is the information stored, and if it is stored remotely (in the cloud) where does it reside?
  • What support does the vendor offer?  Is there a privacy officer?