What is a personal health record?

Featured image

Share this article

Elderly man wearing glasses sits at open laptop with Medical History form on screen, at kitchen table with coffee and an apple and bills on the tableA personal health record (PHR) is not the same thing as an electronic health record (EHR) even though both contain medical information and are (usually) electronic.

The primary difference between a PHR and an EHR is that individuals own and have control over their PHRs, while EHRs are held and maintained by healthcare providers.

A person who has a PHR can access it from practically anywhere the internet is available, control what goes into it, and decide who can access their health information.

In contrast, healthcare providers control EHRs and authorize certain people, such as doctors and hospital personnel, to access it.

SEE ALSO: HIPAA compliant email: The definitive guide

Are personal health records subject to the HIPAA Privacy Rule?

PHRs offered by healthcare providers and health plans are subject to the HIPAA Privacy Rule. Covered entities such as health plans and healthcare providers can contract with business associates to administer PHRs or to perform certain PHR-related functions. By law, such a business associate must have a business associate agreement with the covered entity in place for as long as the business associate is administering PHRs or performing PHR-related functions that involve protected health information (PHI).

Does the HIPAA Privacy Rule apply to other types of personal health records?

Some PHRs are offered by employers or PHR vendors that are not covered entities. These PHRs are not subject to the HIPAA Privacy Rule, with one exception. The Privacy Rule applies to the process of moving PHI from a covered entity, such as a healthcare provider, into an individual’s PHR, even if the PHR itself is not subject to the Privacy Rule.

In other words, if a healthcare provider sends PHI directly to an individual’s PHR, that process is subject to the Privacy Rule. This could require the PHR’s owner to authorize the information transfer. Alternatively, a healthcare provider could send the PHI directly to the individual, who would then enter that information into the PHR, either manually or by uploading it.

Once PHI is in this type of PHR, the Privacy Rule does not apply. It is up to individuals to research PHR providers’ privacy policies, learn who will have access to their PHI, and find out whether their PHR provider is allowed to share their PHI.

What are the benefits and risks of keeping a personal health record?

Personal health records can be useful health management tools because they allow people to see their entire health history and correct errors in their health information. If a PHR owner is far from home and has a health emergency, they can access their PHR remotely and share relevant information with healthcare providers. Many PHRs also offer the ability to send messages to healthcare providers and request prescription refills.

Like other records stored on computers, PHR owners’ PHI could be at risk of exposure if a data breach or malware attack occurs. Personal data could be accidentally or deliberately leaked, either through human error or by a malicious person who has access to PHI.

One way that individuals can protect themselves from PHR-related risk is to carefully review the privacy protocols associated with a prospective PHR. There are many PHR options available. Individuals can and should choose a PHR provider that offers the security and privacy policy that makes them feel comfortable using it.

Email protection is critical to any healthcare organization’s cybersecurity. Paubox Email Suite allows users to compose and send HIPAA compliant email using their laptop, desktop, or mobile device. Email recipients can view email messages and attachments without needing to log into a portal, download an app, or enter multiple passwords.

Paubox has achieved HITRUST CSF certification, demonstrating that our email solutions have met regulatory and industry-defined requirements and are appropriately managing customers’ risk.

Try Paubox Email Suite for FREE today.
Author Photo

About the author

Nancy Parode

Read more by Nancy Parode

Get started with
end-to-end protection

Bolster your organization’s security with healthcare’s most trusted HIPAA compliant email solution

The #1-rated email encryption 
and security software on G2

G2 Badge: Email Encryption Leader Fall 2022
G2 Badge: Security Best Usability Fall 2022
G2 Badge: Encryption Momentum Leader Fall 2022
G2 Badge: Security Best Relationship Fall 2022
G2 Badge: Security Users Most Likely to Recommend Fall 2022
G2 Badge: Email Gateway Best Relationship Fall 2022
G2 Badge: Email Gateway Best Meets Requirements Fall 2022
G2 Badge - Users Most Likely to Recommend Summer 2022
G2 Badge: Email Gateway Best Results Fall 2022
G2 Badge: Email Gateway Best Usability Fall 2022
G2 Badge: Email Gateway Best Support Fall 2022
G2 Badge: Email Gateway Easiest To Use Fall 2022
G2 Badge: Email Gateway Easiest Setup Fall 2022
G2 Badge: Email Gateway Easiest Admin Fall 2022
G2 Badge: Email Gateway Easiest to do Business with Fall 2022
G2 Badge: Email Gateway Highest User Adoption 2022
G2 Badge: Email Gateway High Performer Fall 2022
G2 Badge: Email Gateway Momentum Leader Fall 2022
G2 Badge: Email Gateway Most Implementable Fall 2022
G2 Badge: Email Gateway Users Most Likely to Recommend Fall 2022