Presented to the Interdisciplinary Studies Program: Applied Information Management and the Graduate School of the University of Oregon in partial fulfillment of the requirement for the degree of Master of Science The Quest to Provide a CAPSTONE REPORT Com plete Personal Hea lth Record Jacqu eline M. Muller University of Oregon Sr. Te chnical Project Manager Applied Information Chang e Healthcare Management Program Fall 20 19 Continuing and Professional Education 1277 University of Oregon Eugene, OR 97403-1277 (800) 824-2714 Approved by ________________________________________________________ Dr. Kara McFall Director, AIM Program Running head: THE QUEST TO PROVIDE A COMPLETE PHR 1 The Quest to Provide a Complete Personal Health Record Jacqueline M. Muller Change Healthcare THE QUEST TO PROVIDE A COMPLETE PHR 2 THE QUEST TO PROVIDE A COMPLETE PHR 3 Abstract This annotated bibliography examines the social, technical, and regulatory challenges of providing patients and care teams with complete personal health records. The intended audience includes executives, policy makers, and product developers within the healthcare service and technology industries. Scholarly literature published between 2015 and 2019 was referenced to identify challenges and possible solutions for integrating health and wellness data from multiple sources and devices in order to create longitudinal personal health records. Keywords: patient health record, personal health record, medical record, electronic health record, governance, standards, regulatory, interoperability, integrated THE QUEST TO PROVIDE A COMPLETE PHR 4 THE QUEST TO PROVIDE A COMPLETE PHR 5 Table of Contents Abstract .......................................................................................................................................... 3 Introduction to the Annotated Bibliography .............................................................................. 8 Problem Statement .............................................................................................................. 8 Purpose Statement ............................................................................................................. 12 Research Questions ........................................................................................................... 13 Audience ........................................................................................................................... 14 Search Report .................................................................................................................... 15 Reference Evaluation Criteria ........................................................................................... 17 Annotated Bibliography ............................................................................................................. 19 Introduction to the Annotated Bibliography ..................................................................... 19 Overview of EHR, PHR, and Their Integration ................................................................ 19 The Need for Complete Personal Health Records ............................................................ 25 EHR and PHR Policy and Regulation .............................................................................. 35 EHR and PHR Technology to Promote Integration and Interoperability ......................... 44 Conclusion ................................................................................................................................... 59 Overview of EHR, PHR, and Their Integration ................................................................ 60 The Need for Complete Personal Health Records ............................................................ 61 EHR and PHR Policy and Regulation .............................................................................. 62 EHR and PHR Technology to Promote Integration and Interoperability ......................... 65 Final Thoughts .................................................................................................................. 66 THE QUEST TO PROVIDE A COMPLETE PHR 6 References .................................................................................................................................... 68 THE QUEST TO PROVIDE A COMPLETE PHR 7 List of Tables and Figures Figure 1. Personal health record (PHR) and electronic health record (EHR) relationships. ........ 21 Figure 2. Information model architecture and workflow for exchanging data between a PHR and an EHR. ......................................................................................................................................... 49 Figure 3. The architecture of OmniPHR prototype. ..................................................................... 52 Figure 4. PHR blockchain in OmniPHR ....................................................................................... 53 THE QUEST TO PROVIDE A COMPLETE PHR 8 Introduction to the Annotated Bibliography Problem Statement The enactments of the American Reinvestment and Recovery Act (ARRA) and Health Information Technology for Economic and Clinical Health (HITECH) Act in 2009 spawned large changes in the healthcare industry (Ford, Hesse, & Huerta, 2016; Sullivan & Goldmann, 2011). The American Reinvestment and Recovery Act was enacted to stimulate the economy after the economic downturn that began in 2007, with 1.1 billion dollars invested to improve healthcare research, technology, and cost-effectiveness (Sullivan & Goldmann, 2011). In 2009 the United States Department of Health and Human Services committed 27 billion dollars toward the HITECH Act, which was enacted to help incentivize healthcare organizations to adopt Electronic Health Record (EHR) systems and promote the utilization of these systems in a meaningful way (Wani & Malhotra, 2018). The HITECH Act implemented the Meaningful Use (MU) incentive program to persuade healthcare organizations to utilize their EHR systems in “capturing patient information electronically in a standardized format, using patient information to track key clinical conditions, integrating test and imaging results and using decision support tools, communicating the information to all providers for the purposes of care coordination, initiating reporting of key clinical quality measures, and, finally, using the information to engage families and patients in their care” (Wani & Malhotra, 2018, p. 2). One significant result of these two acts was the promotion of EHR systems as the record- keeping tool of choice for patient health records in the healthcare industry (Pirtle & Ehrenfeld, 2018). For the purposes of this study, an electronic health record system is defined as a health information system for patient health data acquisition, storage, and access at the health system level (Roehrs et al., 2019a). Medical information is entered into an EHR system and accessed by members of a healthcare organization, and the information can be shared with approved systems THE QUEST TO PROVIDE A COMPLETE PHR 9 outside of an owned organization through the EHR system (Alsahafi & Gay, 2018). Another significant result of the HITECH Act was the promotion of personal health records. A personal health record is defined as an all-encompassing health record that a patient owns and accesses (Roehrs et al., 2019a). Patient access to personal health records is commonly found in EHR patient portals where health organizations share information such as treatment plans, diagnoses, and results with patients (Flaumenhaft & Ben-Assuli, 2018). Along with health information, patient portals often allow patients to make appointments, renew prescriptions, and communicate with their care team within a secure environment (Flaumenhaft & Ben-Assuli, 2018). Along with EHR systems, electronic medical record (EMR) systems and patient health record (PHR) systems are the key information systems that store patient health information to improve the quality and safety of healthcare (Alsahafi & Gay, 2018). Electronic health records and EMR systems are often referred to as the same (Heart, Ben-Assuli, & Shabtai, 2017); however, EMR systems are different as they are confined to the internal use of an individual healthcare organization, with no interoperability functions (Heart et al., 2017). An EMR system’s purpose is to “automate and streamline the clinician’s workflow” (p. 21). An EMR system includes “patient demographics, progress notes, problems, medications, vital signs, past medical history, immunizations, laboratory data and radiology reports” (p. 21) and provides access across a health organization (Heart et al., 2017). Personal health record systems come in three forms: (a) tethered, which pull data from healthcare organizations’ EHR systems to populate patient data and provide access to patients via a patient portal; (b) integrated, which pull patient data from multiple source systems with business agreements to share patient health information and allow patients to manually enter their own data; and (c) standalone or web-based PHR systems, which can include computer and THE QUEST TO PROVIDE A COMPLETE PHR 10 mobile applications and personal health devices and are populated and maintained by the individual patients (Alsahafi & Gay, 2018). (Roehrs et al., 2019a) note that the adoption and continuous improvement of EHR and PHR systems have benefited the healthcare industry and patients in many ways. Among healthcare organizations, key benefits of these systems include improved quality of care and cost savings (Heart et al., 2017). Access to electronic health data has benefitted patients and caregivers by allowing them to manage and share health information, make more informed decisions for self-care, and provide critical information in emergency situations (Heath & Porter, 2017). Although there are many benefits to EHR and PHR systems, there are also challenges (Alsahafi & Gay, 2018). As more and more health systems and provider practices implement their own EHR systems and patient portals, the inefficiencies with data storage, interoperability, and access are becoming increasingly apparent (Roehrs et al., 2019b). Today, patient health data is stored in healthcare organization databases, and this data is often confined and not shared outside of the health system, its community-owned practices, and its patient portals (Plastriras & O’Sullivan, 2018). This siloed data comes from the health information systems of healthcare organizations, including laboratory information systems, insurance claim clearinghouses, electronic medical records, and other health-related systems to collect and store information (Flaumenhaft & Ben-Assuli, 2018). With so many patients receiving medical services from multiple healthcare organizations, the quality of patient care can suffer when data is siloed and a complete patient health record is not shared or available to all members of a patient’s care team because they do not have access to the EHR systems that house the patient’s data (Heart et al., 2017). Data siloed in this way also creates challenges for patients who are seeking and unable to access a complete health record THE QUEST TO PROVIDE A COMPLETE PHR 11 through their PHR system in cases of emergencies or to manage personal health care (Heart et al., 2017). The lack of interoperability and access to patient health data that results from these disparate systems leaves patients and unaffiliated providers having to duplicate health history information, repeat laboratory orders, or even perform unnecessary tests and exams (Roehrs et al., 2019a). This focus on EHR data at the organization level and not at the patient level has also left patients without a complete longitudinal PHR that includes all patient wellness data such as nutrition, monitoring equipment outputs, holistic medicine data, as well as the data gathered by EHRs (Alsahafi & Gay, 2018). Heart et al. (2017) state that having access to “a cross- institutional and longitudinal compilation of patients’ medical data” (p. 2) would benefit the patient care team and promote quality medical care. They assert that an integrated EHR and PHR would benefit patients, providers, and policy makers (Heart et al. 2017, p 3). Establishing interoperability between competing health systems, unaffiliated provider practices, and personal health record systems to share data would provide the ability to create a complete longitudinal health record where the patient is the owner of the record and the primary care team the steward of this data (Kshetri, 2018). The establishment of a complete PHR could help in “reducing costs, improving health outcomes for populations, and improving the experience of care for patients and their families” (Ford et al., 2016, p. 2). Cost savings and improved patient care would result because healthcare organizations would be able to pull patient health information from sources outside of their organizations to build complete longitudinal records, resulting in the ability to make more informed medical decisions (Heart et al., 2017). Patient access to a comprehensive medical record would increase because integrated PHRs would be populated with the shared data, allowing patients to access complete records through their patient portals (Heart et al., 2017). Having access to complete health records THE QUEST TO PROVIDE A COMPLETE PHR 12 would allow patients to own and better manage their health data (Plastiras & O’Sullivan, 2018). All of these factors would contribute to improvements in patient care (Heart et al., 2017). Alsahafi and Gay (2018) describe three different approaches to implement integrated PRHs into the healthcare industry: (a) a top-down approach where the government establishes a national PHR system and directs all healthcare organization to utilize EHR systems capable of integration per government specifications; (b) a bottom-up approach that puts healthcare organizations in charge of ensuring their current or new EHR systems meet interoperability standards, with the intent to integrate with local PHR systems; and (c) a middle-out approach where the government establishes interoperability standards and incentivizes providers to utilize compliant EHR systems in order to connect to local health agencies. Beyond the challenges of implementing integrated PHR systems, two other issues stand in the way of successful adoption (Heart et al., 2017). First, surveys show that PHR system users have voiced concerns with privacy and security when accessing, populating, and sharing personal health information (Alsahafi & Gay 2018). Second, providers question the accuracy of health information populated by patients and are leery of accepting and utilizing it (Heart et al., 201). Kshetri (2018) notes that technology solutions will be required to address these challenges and enable the implementation of a complete longitudinal PHR. Employing both technology (Kshetri, 2018) and policy solutions (Schneider, 2008) holds promise for the establishment of a complete longitudinal personal health record. The current issues with siloed patient data and lack of access to a patient’s complete health history and record have led to the need for more comprehensive solutions (Heart et al., 2017). Purpose Statement The purpose of this qualitative study is to identify and describe the opportunities and challenges patients, providers, and medical record system vendors experience with siloed data THE QUEST TO PROVIDE A COMPLETE PHR 13 storage and the lack of access to a complete longitudinal patient health record. The design of the study is a literature review. The method of inquiry is the collection, sorting, review, annotation and analysis of selected research articles. The study presents a theoretical view of potential ways technology and regulatory measures can improve healthcare data storage, interoperability, and access among the health record products of healthcare systems to provide patients and patient care teams with access to longitudinal personal health records. Research Questions Main question. How can policy makers and the healthcare industry use technology and regulations to provide patients and their care team access to complete longitudinal personal health records? Sub-questions. • What are the opportunities and challenges associated with providing patients and patient care teams with complete longitudinal health records? • What technology might improve health record data storage, interoperability, and access? • How can government policies and regulations be used to improve health record data storage, interoperability, and access? THE QUEST TO PROVIDE A COMPLETE PHR 14 Audience The intended audience members for this study are those who have the power to make changes within the healthcare industry and the governing bodies that control the associated standards and regulations. These audience members include executives in hospitals, clinics, and provider practices who are interested in learning about solutions to provide patients and providers with the ability to access all health and wellness data in and outside of their siloed organizations. These positions include chief medical officers, chief information officers, and chief data officers. Their roles focus on establishing continuity and consensus, allocating resources, acting as spokespersons and monitoring the environments of their organizations (Byrnes, 2013; Grover, Jeong, Kettinger, & Lee, 1993). Executives from health insurance organizations that process medical claims for all patients who hold medical insurance will also be interested in learning about transactional patient health information (PHI) data (Winter & Davidson, 2017). Healthcare technology vendors for EHR systems, PHR systems, laboratory information systems (LISs), and health apps, such as Microsoft’s “HealthVault” who are looking to improve the storage, management, and sharing of personal medical information (Flaumenhaft & Ben-Assuli, 2017) are core audience members. Product researchers Panagiotis Plastiras and Dympna M. O’Sullivan, both of the Department of Computer Science at the University of London, are working on a product proposal to improve and promote the development of current Electronic Health Record patient portals and Personal Health Record applications; Plastiras and O’Sullivan and researchers like them who are focused on related products will be interested in the literature that explores potential solutions (2017). Finally, officials of government bodies such as CCHIT and the Office of the National Coordinator for Health Information Technology (ONC) within the United States Department of Health & Human Services (HHS) who administer the HITECH Act and Meaningful Use THE QUEST TO PROVIDE A COMPLETE PHR 15 standards (HealthIT.gov, 2019) are key audience members. Health Level Seven International (HL7) is the international organization that set the technical messaging standards for the exchange of patient and clinical information (Schneider, 2008); members of this organization will be interested in learning about how HL7 and other standards may be used in the establishment of longitudinal health records. Collectively, these organizations and the people employed by them are needed to make the changes necessary to implement longitudinal health records. Search Report Search strategy. I focused my research on the challenges and possible solutions patients and patient care teams face with incomplete and inaccurate electronic health records and personal health records. In my research I examined current challenges, technology, governance, and regulatory requirements related to EHR and PHR systems, as well as the possible solutions to the challenges of incomplete and inaccurate records. This research included but was not limited to implementing new standards and regulatory requirements for electronic and personal health record applications. My initial search returned over seventy peer-reviewed articles focused on electronic health records, patient health records, personal health records, or some combination of the three. By reviewing the abstracts, I was able to discard over half of the articles and focus on the sources relevant to my study. From the initial filtered article list I was able to utilize the associated reference lists to find more relevant articles to add to my list of potential references for my annotated bibliography. Key terms. I used the following key terms and Boolean operators to collect and control the search results: THE QUEST TO PROVIDE A COMPLETE PHR 16 • patient health record OR personal health record OR medical record OR electronic health record OR health record, • (governance OR standards OR regulatory) AND (patient health record OR personal health record OR medical record OR electronic health record OR health record), • (challenges OR accuracy OR issues OR problems) AND (patient health record OR personal health record OR medical record OR electronic health record OR health record), and • (integrated OR interoperability) AND (patient health record OR personal health record OR medical record OR electronic health record OR health record). Search engines and databases. To find material on my topic, I used both the University of Oregon (UO) Libraries and Google Scholar. On Google Scholar, I used the Advanced Search function. Within the UO Libraries, I used the OneSearch and Database A-Z/Subject pages. The specific database I used were: • Gala Academic OneFile, • Institute of Electrical and Electronics Engineers (IEEE) Xplore, • PubMed, • Science Direct, and • Web of Science. Documentation Method. After each key term search, I skimmed titles and abstracts. I saved articles whose abstracts pertained to my subject matter to My List within the University of Orgon (UO) Library application. If an article was not available from one of the databases within the UO Library, I searched by title within Google Scholar to locate the article. I downloaded all articles of interest and saved them as Adobe portable document format (PDF) files to my Capstone 1 file folder on my personal computer (PC). To ensure I had a complete compilation of THE QUEST TO PROVIDE A COMPLETE PHR 17 all articles reviewed and saved, I exported and stored My List to EndNote, a software application designed to collect and organize references and bibliographies. Due to personal preference I exported the information stored on EndNote to a Microsoft Excel spreadsheet, where I created sortable columns to easily find and access specific articles. Reference Evaluation Criteria I evaluated references using the five characteristics described in the Evaluating Information Sources guide by the University of Florida’s Center for Public Issues Education (2014). My research literature acquisition was focused as follows: • Authority: I evaluated and limited my selection to authors who had an education in technology and/or healthcare, or who had meaningful work experience in healthcare information technology (IT). • Timeliness: I evaluated and limited my selection to work completed within the past five years. I imposed this time restriction because of the continuous changes to technology within the healthcare industry. • Quality: I evaluated and selected articles that showed knowledge of technical terminology related to healthcare and related solutions; were free from spelling, grammar, and typographical errors; and showed strong structure, organization, and flow. • Relevancy: I evaluated and selected articles that contained information on electronic and personal health records with an emphasis on background, technology, regulations, challenges, and opportunities. THE QUEST TO PROVIDE A COMPLETE PHR 18 • [Lack of] Bias: I evaluated and selected sources from authors who considered various perspectives and whose sources were from peer-reviewed, scholarly journals, or from a periodical published by established authorities. THE QUEST TO PROVIDE A COMPLETE PHR 19 Annotated Bibliography Introduction to the Annotated Bibliography The following Annotated Bibliography contains sixteen references that examine electronic and personal health record systems and the social, technical, and regulatory benefits and challenges they have faced in the past five years. References are organized into four categories: (a) Overview of EHR, PHR, and Their Integration, (b) Need for Complete Personal Health Records, (c) EHR and PHR Policy and Regulation, and (d) EHR and PHR Technology to Promote Integration and Interoperability. These references describe the challenges and possible solutions the healthcare industry faces with integrated EHR and PHR data to provide a complete longitudinal personal health record for patients and their care teams. Each annotation is comprised of three elements: (a) the full bibliographic citation in APA format, (b) an abstract, and (c) a summary. The abstracts included are complete as published. The summaries present definitions of key elements as provided by the authors and the social, technical, and regulatory challenges preventing the integration of EHR and PHR systems; where appropriate, viable proposals or prototypes are presented. Overview of EHR, PHR, and Their Integration Alsahafi, A. Y. A., & Gay, B. V. (2018). An overview of electronic personal health records. Health Policy and Technology, 7(4), 427–432. doi:10.1016/j.hlpt.2018.10.004 Abstract. Electronic Personal Health Record systems are providing health consumers with greater access and control to their health records by shifting these records from being a health provider-centered Electronic Health Record, to a patient-centered, Electronic Personal Health Record (ePHR). Based on the delivery system, ePHR systems are classified into standalone, tethered, and integrated or unified ePHRs. While national approaches of implementing integrated ePHR vary, the middle out method has been THE QUEST TO PROVIDE A COMPLETE PHR 20 recognized as the ideal approach. It is worth considering the adoption of ePHRs has been slow due to several factors, including technical, individual, environmental, social, and legal factors. This paper provides a representative overview of an ePHR system, outlining its definition, types, architectures, and nationwide approaches of its implementation. Additionally, the drivers and hindrances to health consumer adoption are discussed. Summary. The authors’ focus in this article is to provide their audience with an overview of electronic health records and personal health records, the challenges they both face with providing complete health records, and how interoperability and government policy can be used to improve and promote access to a complete health record. The authors define an EHR as a system populated and accessed by healthcare organizations. They define a PHR as a system owned by patients or their caregivers and populated by several different sources. Patient Health Records come in three models: (a) standalone, where users populate and maintain data; (b) tethered, where users have access through a patient portal tied to a healthcare organization’s EHR; and (c) integrated, where data is populated by healthcare organizations, personal devices, and the user. The authors illustrate the differences between and possible connection points of a PHR and an EHR THE QUEST TO PROVIDE A COMPLETE PHR 21 in Figure 1. Figure 1. Personal health record (PHR) and electronic health record (EHR) relationships. Retrieved from “Personal Health Records: A Systematic Literature Review” by Roehrs, da Costa, Rosa Righi, & de Oliveira, 2017, Health Policy and Technology, 7(4), p. 429. Beyond the overview of the two different types of systems, the authors detail the goals of integrating PHRs with EHRs and integration implementation approaches. The goal of integration is to create a more complete PHR in order to improve patient access, shift the owners of health information from provider-centric to patient-centric, and standardize the exchange of data between patients and healthcare organizations. The authors discuss three implementation approaches for the integration of a PHR with an EHR. With the top-down approach, the government would establish a national PHR system that would be populated by healthcare organizations with data from their EHRs using compliant systems. Another approach is a bottom-up one where standards are established by the government and integrated systems are certified through CCHIT. With the bottom-up model local healthcare organizations would be responsible for implementing the integrated systems within a set timeframe. The final approach the authors favor is a middle-out approach where the government would set standards and THE QUEST TO PROVIDE A COMPLETE PHR 22 incentivize healthcare organizations to complete the integrations, similar to the incentives in the HITECH Act for adoption of EHR systems. The authors conclude by describing the benefits of providing patients with access to a complete health records populated by multiple sources and managed, to some extent, by the patients or their caregivers. However, the authors acknowledge in the end that there are technical, individual, environmental, and social factors that create barriers and challenges with the implementation and adoption of current and proposed solutions. The authors note a chief concern among patients is privacy, security, and the potential for sensitive information to be hacked. Among providers there is concern with health literacy and trusting the information populated by patients. This article is an essential resource for this study because it provides an overview and definition of the key terms in the study as well as possible solutions to the research question. Heart, T., Ben-Assuli, O., & Shabtai, I. (2017). A review of PHR, EMR and EHR integration: A more personalized healthcare and public health policy. Health Policy and Technology, 6(1), 20–25. doi:10.1016/j.hlpt.2016.08.002 Abstract. Objective: To review and present the relationship and need for integrating EMR, EHR and PHR data, by highlighting its use and value challenges and threats. Method: Critical overview of the literature. Results: Electronic Medical Records (EMR) and electronic health records (EHR) are used by physicians to improve quality of care and contain costs. Whereas EMR is usually considered an internal organizational system, the EHR is defined as an inter-organizational system. Recently, a computerized platform for patient-centered medical care known as personal health records (PHR) was introduced, as an enabler for self-management of medical records. PHRs are online THE QUEST TO PROVIDE A COMPLETE PHR 23 systems used by patients. Their transparency of information should lead to better informed and engaged patients. PHR, EMR and EHR can reside on different platforms under various technologies and standards. Although EMR contains local information and provides fast and accurate delivery, the major advantage of EHR in medical practice is the availability of cross-provider medical information. Patient-centered health initiatives such as PHR enable the integration of the prime information components in the EMR and the EHR systems. Conclusion: This integration of medical information combines demographic, lifestyle and behavioral data with health records, thus providing a comprehensive view that coincides with the definition of patient-centered medical care. It can lead to a dramatic amelioration in personalized care as well as public health decision- making, resulting in improved health and wellness, but also poses serious challenges and threats to security and privacy. Summary. The aim of this article is to define EHR, EMR, and PHR systems from the perspective of the key users and then examine the relationships and integrations between these systems. The authors provide comprehensive definitions of the three different health record systems, the benefits and challenges of integrating their data, and challenges the industry faces with researching integration from multiple different sources and data types. An EMR is a complete, up-to-date organizational patient health record comprised of patient demographics, visit information, diagnoses, medications, immunizations, laboratory results, radiology reports, and medical history. The purpose of an EMR is to automate and streamline a care teams’ workflow. An EHR is very similar to an EMR except it has the capability to share and consume data from other healthcare organizations when interoperability is in place, giving it the capacity to create a complete patient health THE QUEST TO PROVIDE A COMPLETE PHR 24 record. Health Information Exchanges (HIEs) utilize EHRs to share patient information between healthcare organization and state run HIEs. Personal health records were originally developed to provide patients with access to their medical records within a healthcare organization; this model is also known as a tethered PHR. Personal health records have evolved to include patient owned and managed, standalone, and integrated applications that can gather or consume data from multiple different source systems. This evolution does not come without concerns for privacy and security from patients and of accuracy of the data entered by patients. The authors assert that integrating data from EMRs, EHRs, and PHRs could greatly benefit patients, their care teams, and policy makers. The combination of both medical and wellness data could provide all of these stakeholders with a complete patient health record, thus improving the quality of care and reducing redundancies. However, the cost of integration is expensive, standardization and regulations among the different systems are not coherent, and an integrated solution comes with the same privacy, security, and accuracy concerns as standalone and integrated PHRs. The authors conclude that integration between these three source systems would create complete patient health records for both patients and providers. However, at the time of publication, HITECH and health information system providers had not agreed on a common data standard, making a full integration impossible. In order to research integration among these systems further, the authors suggest that standardization, privacy, and security issues be addressed by technology and regulators. This article is an essential resource for this study because it provides a comprehensive definition of key elements within the topic of study and identifies challenges preventing integration of EMR, EHR, and PHR systems. THE QUEST TO PROVIDE A COMPLETE PHR 25 The Need for Complete Personal Health Records Ford, E. W., Hesse, B. W., & Huerta, T. R. (2016). Personal health record use in the United States: Forecasting future adoption levels. Journal of Medical Internet Research, 18(3). doi:10.2196/jmir.4973 Abstract. Personal health records (PHRs) offer a tremendous opportunity to generate consumer support in pursing the triple aim of reducing costs, increasing access, and improving care quality. Moreover, surveys in the United States indicate that consumers want Web-based access to their medical records. However, concerns that consumers’ low health information literacy levels and physicians’ resistance to sharing notes will limit PHRs’ utility to a relatively small portion of the population have reduced both the product innovation and policy imperatives. Summary. The authors examine the adoption of personal health records in the United States between 2008-2013 to forecast the future adoption and functionality needed to meet the growing demand for integrated PHRs by patients and their caregivers. The authors used Health Information National Trends Survey responses to both a PHR usage and a functionality question and then considered the effect the HITECH Acts Meaningful Use (MU) incentive program has had on adoption and innovation of PHRs. The authors provide their audience with a summary of MU Stages 2 and 3 and how they pertain to PHRs. Stage 2 requires eligible healthcare organizations to provide a patient portal to assist patients in managing their health information and care coordination. Stage 3 adds in the ability for patients to be able to: (a) communicate with their provider practices via secure messaging; (b) access patient education material; (c) add health data via their patient portals; and (d) view, download, and transmit data from THE QUEST TO PROVIDE A COMPLETE PHR 26 their patient portals. The authors note that these MU requirements describe the “basic functionality of a consumer-managed personal health record” (p. 2). The authors describe the benefits of a PHR as a “triple aim of reducing costs, improving health outcomes for populations, and improving the experience of care for patients and their families” (p. 2). However, they point out that with an increase in patients utilizing third party PHRs and other tools to help manage health information, there is a need for providers and technology vendors to research and develop systems that can integrate and incorporate data from multiple sources to assist in building a complete personal health record. They state that surveys show a historically low adoption rate of tethered EHR portals due to privacy and health literacy concerns as well as a lack of MU certification requirements for EHR interoperability. The authors discuss the importance to policy makers, providers, and technology vendors of understanding the increase in patients’ third-party PHR utilization and demand for improved record sharing when setting PHR usage targets. However, the MU program has yet to address the need for interoperability, which the author believes could be one reason why innovation has been slow, and the usability of the information patients do have access to within their tethered EHRs has been limited. The authors conclude by stating the patients and their technical abilities are not the reasons for the slow speed or PHRs adoption; rather, the failure of providers, technology vendors, and policy makers to implement tools with the functionality and information that would provide value to patients is causing the slow adoption. This article is an essential resource for this study because it addresses the patient desire for integrated PHRs and possible barriers in creating and deploying this functionality. THE QUEST TO PROVIDE A COMPLETE PHR 27 Heath, M., & Porter, T. H. (2017). Patient health records: An exploratory study of patient satisfaction. Health Policy and Technology, 6(4), 401–409. doi:10.1016/j.hlpt.2017.10.002 Abstract. Objective: This study seeks to understand what factors might influence a patient's perception of PHRs in early adoption. We draw from social contagion theory to examine how beliefs and behaviors are subject to those who are important to them. Methods: This is a quantitative study with data collected information from a self-selected patient panel residing in the United States. Cross-sectional data were used to examine a patient beliefs and behaviors as they use personal health records. Results: The findings demonstrated patient skills and abilities to conduct PHR tasks play a role in the feelings developed toward the change. Behavioral resistance was shown to negatively impact patient satisfaction. Cognitive resistance was significant but, not in the hypothesized direction. We found a strong relationship between affective and cognitive resistance. This research suggests when affective is high, cognitive scope is out shadow and whereas affective is low, cognitive scope will broaden. Discussion: After adoption, a patient might still resistance the PHR system. Hospitals and physicians should emphasize the importance of PHR to every patient, seek to offer training opportunities, offer avenues for discussion, and recognize the existence of resistance factors. Conclusion: This study illustrates the need for physicians and hospitals to reshape patient's beliefs about PHRs by helping individuals understand and internalize the change toward PHRs. To ensure the promotion and engagement of the PHR system, all interested parties (hospital administrators, government agencies, policy makers, and physicians) must communicate and publicize a consistent message related to the importance of PHR use. THE QUEST TO PROVIDE A COMPLETE PHR 28 Summary. The authors perform a quantitative study that examines factors and the possible impact they have on patient satisfaction with PHRs. The authors provide a definition of patient satisfaction: “a personal subjective evaluation of care in reference to an individual’s healthcare experience” (p. 3). The authors define a PHR as an application in a private, secure environment where patients can “access, manage, and share their health information” (p. 2). They state that by fully utilizing the functionality of a PHR, patients have more knowledge of their health and are more equipped to make healthcare decisions, manage chronic illness, and practice preventative self-care (p. 2). The authors also point out the cost savings to healthcare organizations when patients schedule their own appointments, renew prescriptions, retrieve lab results, and ultimately reduce the number of phone calls to provider offices. The authors draw attention to the fact that if healthcare organizations want to continue to realize benefits from and increased patient satisfaction with PHRs, they will need to incorporate a patient-centered focus into their patient PHR engagement strategy. There will also need to be a consistent message from government agencies, policy makers, providers, and healthcare organization administrators about the importance of patients fully utilizing their PHRs. The authors conclude that their study is in alignment with other similar studies, which shows a widespread need to develop and deploy a PHR system that engages patients early as well as a need for healthcare organizations to incorporate patient- centered practices and patient engagement into their strategic plans. This article is important to this study because it reinforces the need to promote and encourage patients to utilize their tethered PHRs and push for technology that THE QUEST TO PROVIDE A COMPLETE PHR 29 provides them with the information they need to increase their knowledge of their health and make more informed healthcare decisions. Symons, J. D., Ashrafian, H., Dunscombe, R., & Darzi, A. (2019). From EHR to PHR: Let’s get the record straight. BMJ Open, 9(9). doi:10.1136/bmjopen-2019-029582 Abstract. This article reflects on the changing nature of health information access and the transition of focus from electronic health records (EHRs) to personal health records (PHRs) along with the challenges and need for alignment of national initiatives for EHR and PHR in the National Health Service (NHS) of the UK. The importance of implementing integrated EHRs as a route to enhance the quality of health delivery has been increasingly understood. EHRs, however, carry several limitations that include major fragmentation through multiple providers and protocols throughout the NHS. Questions over ownership and control of data further complicate the potential for fully utilizing records. Analyzing the previous initiatives and the current landscape, we identify that adopting a patient health record system can empower patients and allow better harmonization of clinical data at a national level. We propose regional PHR ‘hubs’ to provide a universal interface that integrates digital health data at a regional level with further integration at a national level. We propose that these PHR hubs will reduce the complexity of connections, decrease governance challenges and interoperability issues while also providing a safe platform for high-quality scalable and sustainable digital solutions, including artificial intelligence across the UK NHS, serving as an exemplar for other countries which wish to realize the full value of healthcare records. Summary. The authors examine the benefits of, challenges to, and a proposed solution for the transition of focus from EHRs to PHRs in regard to health information access. The focus of the authors’ research is the National Health Service of the United Kingdom. The THE QUEST TO PROVIDE A COMPLETE PHR 30 authors provide details on the benefits and challenges of EHR and PHR system integration. The authors note that a key benefit of integration between these two systems would be the provision of a complete patient health record for patients, care teams, and policy makers. Access to a complete PHR would provide real-time patient health information to help streamline workflows and improve quality of care. In addition to these benefits, the authors assert that patients should also have access with their PHRs to view, edit, and share their own health records as they see fit. To move forward with an integration plan, the authors assert that patient and provider adoption of PHRs would need to increase. Low adoption in the United Kingdom is attributed to concerns with sharing data, reluctance of healthcare organizations, lack of patient awareness, and issues with establishing connections at the local level. The authors state that the first three issues can be resolved “through patient control of records and bringing value to clinicians and patients” (p. 2). The authors note that the issue with establishing connections and ultimately integration between PHRs and EHRs is a much larger barrier to overcome. Beyond standards and technical requirements, the authors draw attention to the sheer number of connections the United Kingdom would need to establish; at the time of publication the authors identified 8,500 provider organizations, which would require 36 million individual connections. The authors note that this number does not consider organizations like laboratories or community practices. The sheer number and cost of the connections needed for true integration between systems may make this barrier too large to overcome. To address the barriers with patient adoption and local level connections, the authors proposes a hub connection system that would connect organizations with a regional hub, creating a single source of truth. THE QUEST TO PROVIDE A COMPLETE PHR 31 The authors conclude that to provide patients with PHRs that provide value, regulations would need to be put in place to require all organizations to connect and integrate. Due to the cost, complexity and time required, they recommend that a regional PHR hub model be considered. The authors state that a hub model would “reduce the complexity of connections, decrease governance challenges and interoperability issues while also providing a safe platform for high-quality scalable and sustainable digital solutions, such as personal artificial intelligence (p. 1). The authors envision a PHR hub as an example for other countries that also wish to realize the full value of healthcare records. This article is important to this study because it addresses issues that are seen internationally, draws attention to one popular solution, demonstrates that interoperability among all healthcare providers is not feasible, and offers a potential solution to provide patients with complete PHRs. Vydra, T. P., Cuaresma, E., Kretovics, M., & Bose-Brill, S. (2015). Diffusion and use of tethered personal health records in primary care. Perspectives in Health Information Management, 12, 1c. Retrieved from http://perspectives.ahima.org/diffusion-and-use-of-tethered- personal-health-records-in-primary-care/ Abstract. Background: Personal health records (PHRs) enable patients to access their healthcare information in a secure environment, increasing patient engagement in medical care. PHRs can be tethered to a patient’s electronic health record (EHR). Tethered PHRs, also known as patient portals, allow patients to access relevant medical information from their provider. Despite recent policy efforts to promote the use of health information technology and increased availability of PHRs in the clinical setting, PHR adoption rates remain relatively low overall. This article examines physician THE QUEST TO PROVIDE A COMPLETE PHR 32 characteristics of high vs. low PHR adopters. Objective: The objectives of this study were to (1) examine PHR use patterns in the primary care setting, (2) identify physician characteristics affecting PHR adoption, and (3) explore physician perspectives encouraging and deterring use. Methods: Information technology records provided data on primary care patient portal use at a large Midwestern academic medical center. Electronic surveys were administered to affiliated primary care physicians to measure their perceived use of patient portals. A focus group consisting of physician providers who completed the survey was used to further elucidate the trends and perceived utilization of the patient portal in the clinical setting. Results: While they expended significant time communicating with patients using the portal, physicians generally overestimated the time spent per week on the system. Physicians who had been in practice longer estimated a higher average time spent on the system when compared to newer physicians. Patient portal activation rates and use decreased with increased years in practice. During the focus groups, physicians voiced motivation to use patient portals because they perceived improved patient communication and satisfaction with use. However, continued lack of reimbursement for time spent in portal communication was reported as a major barrier to providers’ engagement with this technology. Discussion: Physician endorsement and engagement is critical to achieve widespread adoption of PHRs. Such endorsement can be obtained through (1) providing rewards from health system employers for high use of PHRs, (2) providing financial reimbursement for time spent electronically communicating with patients via the PHR from federal initiatives incentivizing meaningful use of health information technology, (3) building robust support staff assistance for PHR communication into primary care workflows, and (4) integrating more PHR-specific education into providers’ EHR training. THE QUEST TO PROVIDE A COMPLETE PHR 33 Summary. The authors examine the current use of tethered PHRs and how physicians use data from PHRs for patient care. The authors consider the effect of physician’s acceptance levels towards PHRs on patient adoption and what drives physicians to have either positive or negative perspectives of PHRs. The authors define a PHR system as an electronic application through which patients and other authorized users’ access, manage, and share health information. The authors describe different forms of PHRs that are currently utilized: tethered, which refers to patient portals tied to health organizations’ EHRs, and untethered PHRs that are not tied to a specific EHR and where patients or their devices populate the data. Current HITECH MU regulations require eligible providers and healthcare organizations to provide patients with access to and control over their medical information. The goals of this regulation are to increase patient engagement by providing patients with laboratory results, medication lists, immunization and allergy data, as well as the capability to correct inaccuracies, securely communicate with providers, make appointments and renew prescriptions. However, with all the aforementioned benefits, the authors note barriers to adoption due to patients’ privacy and security concerns, “computer and health literacy” (p. 2), and lack of up-to-date information provided within patient portals. The authors note that provider barriers include resistance to the new workflow PHR use requires and concerns with the confidentiality and accuracy of data. The authors conclude that physician beliefs and attitudes towards PHRs greatly affect the adoption and usage of them. To improve adoption of PHRs, physicians and their healthcare organizations should address both patients concerns and work to promote the systems amongst their patient populations. THE QUEST TO PROVIDE A COMPLETE PHR 34 This article is an important resource because it helps define key actions that can increase patient adoption of PHRs. As adoption of PHRs increases, the demand for increased regulations and functionality will also grow. Wang, T., & Dolezel, D. (2016). Usability of web-based personal health records: An analysis of consumers' perspectives. Perspectives in Health Information Management, 13(1f). Retrieved from https://www.ncbi.nlm.nih.gov/pmc/articles/PMC4832130/ Abstract. Personal health records (PHRs) have many benefits, including the ability to increase involvement of patients in their care, which provides better healthcare outcomes. Although issues related to usability of PHRs are a significant barrier to adoption, there is a paucity of research in this area. Thus, the researchers explored consumers' perspective on the usability of two commercially available web-based PHRs. Data from the Usefulness, Satisfaction, and Ease of Use questionnaire were collected from a sample of health information management students (N = 90). A one-way analysis of variance (ANOVA) showed that Microsoft HealthVault had higher scores in most usability categories when compared to Health Companion. Study results indicated that PHR developers should evaluate Microsoft HealthVault as a model for improving PHR usability. Summary. The authors examine the usability of web-based PHRs from the users’ perspective. The authors’ goal in gathering this information was to influence the future design of PHR systems based on their findings. The authors deployed a Usefulness, Satisfaction, and Ease of Use (USE) questionnaire to collect data and used statistical analysis software to analyze the responses. The authors provide details on the benefits and concerns currently associated with web-based PHRs. The benefits noted include the effectiveness of a PHR in engaging THE QUEST TO PROVIDE A COMPLETE PHR 35 patients in their healthcare, which ultimately improves the quality of care and reduces the cost of care. This engagement comes from the ability for patients to securely communicate with their providers online, receive reminders, schedule appointments, and populate health and wellness information not gathered by providers and other healthcare organizations. The authors note that these benefits are directly associated with a PHR’s functionality and ease of use. The authors point out that although there are many benefits associated with web- based PHRs, there are still significant concerns that have created barriers to successful PHR adoption. Those barriers are focused on patient concerns with privacy and security related to the storage and transmission of patient data or the interoperability of PHR and EHR systems. The drawback of these concerns is that they directly affect the acceptance and use of interoperable EHR and PHR systems. The authors conclude by stating users want more health information, showing an increase in adoption of systems that have the functionality to incorporate all health and wellness data in one place where patients and their care teams can access and view information to provide better care. However, the desire for an integrated PHR causes concerns among providers with the accuracy of data manually entered or uploaded by patients, as well as patient concerns related to privacy and security. To continue to drive adoption, the authors note that ease of use, security, and the usefulness of data need to become priorities for the research and development of future products. This article is an essential resource for this study because it draws attention to and provides details on the attributes patients are seeking in a PHR system and the actions that will help to drive adoption of these systems. EHR and PHR Policy and Regulation THE QUEST TO PROVIDE A COMPLETE PHR 36 Flaumenhaft, Y., & Ben-Assuli, O. (2018). Personal health records, global policy and regulation review. Health Policy, 122(8), 815–826. doi:10.1016/j.healthpol.2018.05.002 Abstract. Personal health records (PHR) have been endorsed as a promising tool for the self-management of an individual's medical information, affording benefits to both the individual patient and the healthcare system as a whole. Nevertheless, adoption rates have been relatively slow and widespread acceptance has yet to be achieved. A significant obstacle often cited as delaying the implementation of these systems has been concern regarding the ability to properly ensure the security and privacy of this sensitive information. This article reviews the current legislative landscape in various countries, examining the degree to which they address these issues and support the implementation of PHR's. This review compares in particular a number of prominent components of health data security and privacy across five different legislative jurisdictions in order to allow for a closer examination of regulatory approaches and measures. Of the legislation reviewed the EU's GDPR stands out as seemingly providing the most comprehensive and stringent protection measures, yet nonetheless appears to leave significant room for interpretation and a degree of ambiguity in key areas. The results of this comparison demonstrate considerable variances with regards to legal terminology and the degree of compliance required from entities offering PHR services across various jurisdictions. The paper ends with a discussion of specific policy implications and recommendations stemming from the current legislative state of affairs. Summary. The authors examine the current legislation in the United States as well as other countries that addresses issues with security and privacy of PHRs while also promoting the interoperability of PHRs. THE QUEST TO PROVIDE A COMPLETE PHR 37 The authors define an EMR as a repository of past and current patient health data. This data often includes patient demographics, discharge summaries, progress notes, medication lists, laboratory results, pathology and radiology reports, allergies, immunizations, and other health data. The authors share that EHRs have the capability to integrate and consume structured data from compatible systems. The authors describe a PHR as a patient-centered tool that allows patients to access, manage, and share personal health data, control administrative functions associated with healthcare, and ultimately provide the ability to self-manage one’s ongoing health care, especially for those suffering from chronic illnesses. As of the publication of this article, the authors estimated that there were between 100 and 200 different PHR systems in the United States that offered a myriad of different functions and specifications. The authors note that there are standalone systems that are siloed and tethered systems, which integrate with other systems including the EHRs of healthcare organizations. The authors note there are few industry-wide regulations for PHRs, which causes concerns for privacy and security. The concern arises because only when tethered to the EHR of a healthcare organization or covered entity does a PHR become responsible for following the Health Insurance Portability and Accountability Act of 1996 (HIPAA) guidelines. A similar issue is true with HITECH MU regulations that focus only on providing patients access to PHR and not on provisioning standards or insuring that PHRs can integrate and provide patients with real-time, up-to-date, accurate medical data. The authors identify a “lack of agreed-upon standards in areas such as data definitions, communication protocols and data analytics” (p. 823). They identify other problems that must be resolved as “data ownership and control, third party use of stored data for alternative purposes and the applicability of the legal framework” (p. 823). The THE QUEST TO PROVIDE A COMPLETE PHR 38 authors assert that common industry standards would expand interoperability and enhanced service possibilities, thus enabling patients to safely share data across a variety of platforms and geographical areas. The authors provide a summary table that compares applicable PHR regulations amount five international regions. They compare the United States, Canada, Australia, the EU (after implementing GDPR), and Norway (Pre-GDPR) on the following components: (a) applicable federal data protection laws or guidelines; (b) required safety and security measures; (c) user authentication encryption, identification, and access by others; (d) data controller, data processor, and data ownership; (e) disclosure of data; (f) data beach notification; and (g) applicable enforcement/penalty measures. They determined that the GDPR measures are the most straightforward and stringent. The authors identify the need to establish common privacy and security criteria. They conclude that with the fast pace of development of electronic health systems it is increasingly more difficult to evaluate the associated health regulations and determine where change and control measures need to be put in place. This article is important to the study because to make industry wide changes, regulatory mandates and incentives will be a needed. This article provides useful details on the current landscape of regulations and future changes that are needed. Kostkova, P., Brewer, H., Lusignan, S. D., Fottrell, E., Goldacre, B., Hart, G., … Tooke, J. (2016). Who owns the data? Open data for healthcare. Frontiers in Public Health, 4. doi:10.3389/fpubh.2016.00007 Abstract. Research on large shared medical datasets and data-driven research are gaining fast momentum and provide major opportunities for improving health systems as well as individual care. Such open data can shed light on the causes of disease and effects THE QUEST TO PROVIDE A COMPLETE PHR 39 of treatment, including adverse reactions side-effects of treatments, while also facilitating analyses tailored to an individual’s characteristics, known as personalized or “stratified medicine.” Developments, such as crowdsourcing, participatory surveillance, and individuals pledging to become “data donors” and the “quantified self” movement (where citizens share data through mobile device-connected technologies), have great potential to contribute to our knowledge of disease, improving diagnostics, and delivery of -healthcare and treatment. There is not only a great potential but also major concerns over privacy, confidentiality, and control of data about individuals once it is shared. Issues, such as user trust, data privacy, transparency over the control of data ownership, and the implications of data analytics for personal privacy with potentially intrusive inferences, are becoming increasingly scrutinized at national and international levels. This can be seen in the recent backlash over the proposed implementation of care.data, which enables individuals’ NHS data to be linked, retained, and shared for other uses, such as research and, more controversially, with businesses for commercial exploitation. By way of contrast, through increasing popularity of social media, GPS-enabled mobile apps and tracking/wearable devices, the IT industry and MedTech giants are pursuing new projects without clear public and policy discussion about ownership and responsibility for user- generated data. In the absence of transparent regulation, this paper addresses the opportunities of Big Data in healthcare together with issues of responsibility and accountability. It also aims to pave the way for public policy to support a balanced agenda that safeguards personal information while enabling the use of data to improve public health. Summary. The authors focus on the opportunities, challenges, and regulatory needs for big data in the healthcare industry. The authors state that big data in healthcare is largely THE QUEST TO PROVIDE A COMPLETE PHR 40 populated by electronic patient health records and data collected from personal health devices. This dataset and its collection present opportunities to improve both health systems and individual care. They note that these large sets of open data can aid in identifying the causes of disease and the effects of treatment, including adverse reactions and side-effects. They also identify the role these data sets play in facilitating analyses that are tailored to an individual’s characteristics. However, with these opportunities have come many challenges in determining who is responsible and accountable for the data when it comes to practices such as sharing patient data for research, integrating data for patient care purposes, or accessing data for personal use. To address these challenges, the authors suggest both the public and private sector discuss regulatory agendas aimed at providing public and citizen engagement, clarity and transparency for data and terms of use, a new regulatory framework that gives control back to the user, new data structures and big data analytic standards that deliver common interoperability standards and new information-sharing federal architectures for better storage of Big Data and real-time analytics, as well as training and education of both citizens and healthcare professionals. The authors conclude that to resolve the data ownership and use issues, healthcare policy makers at the international level will need to “develop a shared policy and regulatory framework supporting a balanced agenda that safeguards personal information, limits business exploitations, and gives out a clear message to the public while enabling the use of data for research and commercial use” (p. 5). This article is essential to the study because interoperability and data sharing create Big Data, and the related policies and regulatory framework are essential to ensure THE QUEST TO PROVIDE A COMPLETE PHR 41 patient privacy and security, which will ultimately increase adoption and demand for more useful data. Wani, D., & Malhotra, M. (2018). Does the meaningful use of electronic health records improve patient outcomes? Journal of Operations Management, 60(1), 1–18. doi:10.1016/j.jom.2018.06.003. Abstract. While electronic health records (EHRs) hold the promise of improving patient outcomes, past research on their efficacy has yielded inconsistent results. In this study, we overcome several drawbacks of past research by examining not just partial versus full adoption, but the impact of meaningful assimilation of EHRs as mandated by the HITECH (Health Information Technology for Economic and Clinical Health) Act. Detailed patient-level data from acute-care hospitals in California, coupled with relevant data from several other sources, is used to conduct our analysis. After controlling for self- selection bias, our results show that overall length of stay (LOS) is reduced by 3%, on average, for all patients who undergo treatment at hospitals that are meaningful-use assimilated, relative to patients at hospitals that have fully adopted EHRs. The magnitude of this reduction is increased for patients with greater comorbidity complexity and greater coordination complexity. In addition, we find an overall decrease in readmission. We do not find such benefits among full adopters of EHRs. Thus, our study provides empirical evidence that instead of merely adoption, assimilation of EHRs at a hospital-wide level can improve the efficiency with which patients are treated, with benefits from such an assimilation being far more pronounced for patients with a greater degree of health complexities. These are important findings, because hospitals are struggling to deliver quality care to their sickest patients without severe cost overruns. Recommendations from our study point to a path forward in meeting this challenge. THE QUEST TO PROVIDE A COMPLETE PHR 42 Summary. The authors examine the link between improved patient care outcomes and a full understanding of the information technology benefits associated with HITECHs Meaningful Use mandates. The authors focus on the first stage of Meaningful Use because it is the stage that requires eligible providers and hospitals to use an EHR. They provide information about what constitutes assimilation, or a full understanding of the information technology benefits associated with the MU stage one requirements, which include use of a certified EHR and capturing and sharing patient data in a standardized format with other members of the care team. The authors conclude that along with adoption, the assimilation of EHRs at the healthcare organization level plays an important role in improving patient care outcomes. Although slightly outdated as the healthcare industry is currently attesting for MU stage 3, this article is important to the study because it shows that HITECH Meaningful Use mandates along with a clear understanding of the mandates at the healthcare organization level can improve patient healthcare outcomes. This information will be useful when looking to policy makers to implement new PHR regulations. Winter, J. & Davidson, E. (2017). Investigating value in personal health data governance model. Healthcare Informatics & Health Information Technology, 15. Retrieved from https://aisel.aisnet.org/amcis2017/Healthcare/Presentations/15/ Abstract. In this paper, we seek to deepen discourse on health data governance beyond the important issues of privacy and data security to consider what types of value are potentially afforded by personal health information (PHI) data and, importantly, whose values and interests shape governance structures and goals toward realizing value. We conducted a discourse analysis of texts addressing PHI data use and governance. Through analysis of a broad array of documents using qualitative analysis and guided text mining, THE QUEST TO PROVIDE A COMPLETE PHR 43 we identified six overlapping, but distinctive, models for PHI governance. Each model presents an array of stakeholders, value to be realized from analysis, assumed stewardship roles, and governance structures and goals. This analysis extends consideration of widely shared governance goals, highlighting possible issues and conflicts among actors’ values and interests, particularly when data “slip” between governing models. We consider policy implications and areas of future research from this analysis. Summary. The authors examine health data governance beyond privacy and security. They examine the value of and interest in health data, including patient health information, and who is realizing the value and helping to shape governance structures and stewardship. The authors define data governance as relating to “the management of enterprise data, including issues of data aggregation and integration, data integrity, security, and privacy” (p. 2). Complying with regulatory requirements such as the Sarbanes-Oxley Act of 2002 controls the practice of data governance. The authors examine six governance models for patient health information (PHI) to determine data domains, value afforded by PHI data, stakeholders, governance structures and governance goals. The governance models were identified as: (a) Organizational PHI data governance, (b) Inter- organizational PHI data governance; (c) Public Good PHI data governance; (d) Community Health PHI data governance; (e) Personal PHI data governance; and (f) Aggregator PHI data governance. The evaluation of this information helped the authors understand who PHI stakeholders were and their relevant interests and identify possible issues and conflicts of values and interest amongst these stakeholders. For example: THE QUEST TO PROVIDE A COMPLETE PHR 44 An emerging conflict between PHI data governance models is the use of personally generated health data from wearable devices as well as trace data generated by everyday activities that are IT-mediated, such as Internet browsing and mobile phone use. Advances in data analytics have allowed data scientists to attribute health conditions to individuals based on these trace data. For instance, Microsoft researchers were able to use Internet search queries to identify individuals with pancreatic cancer prior to any disease diagnosis (p. 8-9). This example leads to many questions about who owns this data, who has a right to benefit from it, and whose governance model should be protecting the PHI. The authors conclude that in “addition to ‘how to’ questions, we need to consider the ‘why’ and ‘for whom’ questions that are the essence of data stewardship and governance” (p. 2). This article is essential to the study because it helps expand the understanding of governance and policy beyond just privacy and security. EHR and PHR Technology to Promote Integration and Interoperability Ali, M., Abbas, A., Khan, U., & Khan, S. U. (2018). SeSPHR: A methodology for secure sharing of personal health records in the cloud. IEEE Transactions on Cloud Computing, 1–14. doi:10.1109/tcc.2018.2854790 Abstract. The widespread acceptance of cloud-based services in the healthcare sector has resulted in cost effective and convenient exchange of personal health records (PHRs) among several participating entities of the e-Health systems. Nevertheless, storing the confidential health information to cloud servers is susceptible to revelation or theft and calls for the development of methodologies that ensure the privacy of the PHRs. Therefore, we propose a methodology called SeSPHR for secure sharing of the PHRs in the cloud. The SeSPHR scheme ensures patient-centric control on the PHRs and THE QUEST TO PROVIDE A COMPLETE PHR 45 preserves the confidentiality of the PHRs. The patients store the encrypted PHRs on the un-trusted cloud servers and selectively grant access to different types of users on different portions of the PHRs. A semi-trusted proxy called Setup and Re-encryption Server (SRS) is introduced to set up the public/private key pairs and to produce the re- encryption keys. Moreover, the methodology is secure against insider threats and also enforces a forward and backward access control. Furthermore, we formally analyze and verify the working of SeSPHR methodology through the High Level Petri Nets (HLPN). Performance evaluation regarding time consumption indicates that the SeSPHR methodology has potential to be employed for securely sharing the PHRs in the cloud. Summary. The authors review the concerns patients have with the privacy and security of cloud-based, integrated PHRs and propose a solution for a new security methodology to address these concerns. The authors provide their audience with a background on cloud-based computing and integrated PHRs and note the benefits, challenges, and methods of access. The authors also discuss technical specifications and the functionality of their secure sharing methodology. The authors define PHRs as patient-controlled electronic health record information tools that contain various information, including “(a) demographic information, (b) patients’ medical history including the diagnosis, allergies, past surgeries, and treatments, (c) laboratory reports, (d) data about health insurance claims, and (e) private notes of the patients about certain important observed health conditions” (p. 1). Cloud-based computing is said to provide a platform for multiple healthcare organizations like hospitals, providers, laboratories, insurance providers, and service providers to integrate and share information. When patients are given access via cloud- based systems to the information shared between these types of healthcare organizations, THE QUEST TO PROVIDE A COMPLETE PHR 46 they are given the opportunity to compile complete PHRs where they can effectively manage all their health information and communications. Although there are tremendous advantages to integrated PHRs, patients remain concerned with security and the confidentiality of health information stored and transmitted within the cloud. To help address these concerns and promote cloud-based health information exchange and storage, the authors present a methodology called Secured Sharing of PHRs in the Cloud (SeSPHR). This methodology focuses on the encryption and decryption of PHR data using Setup and Re-encryption Server (SRS), a semi-trusted proxy that is secure against insider threats and administers a forward and backward access control. An owner, the patients or their caregivers control the access through an Access Control List (ACL). Owners can grant access to PHR users, such as family members, healthcare providers, and pharmacies. The owner controls the sections and functionality to which each user is granted access. This article concludes that cloud-based PHR adoption has grown, benefitting both patients and healthcare organizations. However, there is still apprehension with cloud- based PHR data storage and transmission. To address these concerns, the authors propose a patient-centered methodology that allows patient and their authorized users to securely store and transmit health data. This article is an essential resource for this study because it details an obtainable solution that provides patients with a complete PHR and a potential solution to resolve the barriers affecting patient adoption of integrated cloud-based PHRs. Plastiras, P., & O’Sullivan, D. (2018). Exchanging personal health data with electronic health records: A standardized information model for patient generated health data and THE QUEST TO PROVIDE A COMPLETE PHR 47 observations of daily living. International Journal of Medical Informatics, 120, 116–125. doi:10.1016/j.ijmedinf.2018.10.006. Abstract. Objective: The development of a middleware information model to facilitate better interoperability between Personal and Electronic Health Record systems in order to allow exchange of Patient Generated Health Data and Observations of Daily Leaving between patients and providers in order to encourage patient self-management. Materials and methods: An information model based on HL7 standards for interoperability has been extended to support PGHD and ODL data types. The new information models use HL7 CDA to represent data, is instantiated as a Protégé ontology and uses a set of mapping rules to transfer data between Personal and Electronic Health Record systems. Results: The information model was evaluated by executing a set of use case scenarios containing data exported from three consumer health apps, transformed to CDA according to developed mapping rules and validated against a CDA schema. This allowed various challenges to emerge as well as revealed gaps in current standards in use and the information model has been refined accordingly. Discussion and conclusion: Our proposed middleware solution offers a number of advantages. When modifications are made to either a Personal or Health Electronic Health Record system or any integrated consumer app, they can be incorporated by altering only the instantiation of the information model. Our proposition uses current standards in use such as CDA. The solution is applicable to any EHR system with HL7 CDA support. Summary. The goal of the authors is to examine interoperability between PHR and EHR systems in order to exchange patient-generated health data collected from health devices and other patient health applications. The authors propose a middleware information model utilizing HL7 standards for interoperability. THE QUEST TO PROVIDE A COMPLETE PHR 48 The authors first provide the audience with a background on PHRs, EHRs and the proposed technical requirements needed to exchange data between these types of systems. The authors define a PHR as a health record populated by multiple sources, including health devices, that is accessed, managed, and shared by an individual. They define an EHRs as a patient health record populated mainly by a healthcare organization but with the capacity to integrate with other systems. The information model to support the collection of patient-generated health data and device-generated data is the HL7 standard messaging format for interoperability. The model uses HL7 Clinical Document Architecture and mapping rules to transfer data between systems. The authors present a middleware proposal, shown in Figure 3. THE QUEST TO PROVIDE A COMPLETE PHR 49 Figure 2. Information model architecture and workflow for exchanging data between a PHR and an EHR. Retrieved from “Exchanging personal health data with electronic health records: A standardized information model for patient generated health data and observations of daily living” by Plastiras, P., & O’Sullivan, D. 2018, International Journal of Medical Informatics, 120, p. 118 The authors conclude by describing their proposed middleware information model and methods and future research into utilizing HL7 Fast Healthcare Interoperability Resources (FHIR) standards as the building blocks for capturing personal health data from devices and health applications. This article is an essential resource for this study because it delivers a proposal for a product that could help deliver a solution for the acquisition and transmission of THE QUEST TO PROVIDE A COMPLETE PHR 50 personal health data to create an integrated PHR for patients and comprehensive EHRs for providers. Roehrs, A., Costa, C. A. D., Righi, R. D. R., Silva, V. F. D., Goldim, J. R., & Schmidt, D. C. (2019a). Analyzing the performance of a blockchain-based personal health record implementation. Journal of Biomedical Informatics, 92, 103140. doi:10.1016/j.jbi.2019.103140 Abstract. Background: The Personal Health Record (PHR) and Electronic Health Record (EHR) play a key role in more efficient access to health records by health professionals and patients. It is hard, however, to obtain a unified view of health data that is distributed across different health providers. In particular, health records are commonly scattered in multiple places and are not integrated. Objective: This article presents the implementation and evaluation of a PHR model that integrates distributed health records using blockchain technology and the openEHR interoperability standard. We thus follow OmniPHR architecture model, which describes an infrastructure that supports the implementation of a distributed and interoperable PHR. Methods: Our method involves implementing a prototype and then evaluating the integration and performance of medical records from different production databases. In addition to evaluating the unified view of records, our evaluation criteria also focused on non-functional performance requirements, such as response time, CPU usage, memory occupation, disk, and network usage. Results: We evaluated our model implementation using the data set of more than 40 thousand adult patients anonymized from two hospital databases. We tested the distribution and reintegration of the data to compose a single view of health records. Moreover, we profiled the model by evaluating a scenario with 10 superpeers and thousands of competing sessions transacting operations on health records simultaneously, THE QUEST TO PROVIDE A COMPLETE PHR 51 resulting in an average response time below 500 ms. The blockchain implemented in our prototype achieved 98% availability. Conclusion: Our performance results indicated that data distributed via a blockchain could be recovered with low average response time and high availability in the scenarios we tested. Our study also demonstrated how OmniPHR model implementation can integrate distributed data into a unified view of health records. Summary. The purpose of this article is to present details of a proposed integrated PHR model using blockchain technology and the openEHR interoperability standard to improve the management and sharing of patient health information. The authors discuss the advantages unified health data from PHRs and EHRs would provide to patients and healthcare providers. They also share the issues that complicate the compilation of data from different healthcare providers to create a complete health record. The authors provide specifics on the barriers complicating health records systems integration, along with background information on PHRs, EHRs, and blockchain. They state that an EHR system is populated and accessed by healthcare organization staff while a PHR is owned and accessed by patients. The barriers associated with the lack of interoperability between EHR and PHR systems cause inefficiencies due to duplicate documentation and unnecessary medical procedures such as lab work or physical examinations. The barriers associated with integration include lack of health data standards for integration, issues with the size of the data contained in many health records, and privacy and security concerns. The authors define blockchain as “a linked list of datablocks chained together in a distributed ledger by pointers, represented by a hash code that identifies each block, and where each datablock has, beyond the content, the pointer to the previous datablock in the chain” (p. 2). THE QUEST TO PROVIDE A COMPLETE PHR 52 The authors present their prototype, OmniPHR, that “promotes the integration of health data through the use of a distributed, private, and customizable platform, along with interoperable and standards-based protocols” (p. 2). In Figure 3 the authors present the architecture of the OmniPHR prototype and in Figure 4 provide a diagram of the workflow of the blockchain’s health datablocks. Figure 3 “shows how clients communicate with the underlying blockchain platform via pull and push messaging. This format enables all clients connected in the network to update their data proactively, i.e., datablocks can be sent and received automatically” (p. 3). Figure 3. The architecture of OmniPHR prototype. Retrieved from “Analyzing the performance of a blockchain-based personal health record implementation” by Roehrs, A., Da Costa, C. A., Da Rosa Righi, R., Da Silva, V. F., Goldim, J. R., & Schmidt, D. C. (2019). Analyzing the performance of a blockchain-based personal health record implementation. Journal of Biomedical Informatics, 92, p. 3. Figure 4 shows how “OmniPHR prototype chains health datablocks together. Each datablock consists of (a) content formed by an archetype containing the health record, (b) a field containing the hash code representing the digital signature of the THE QUEST TO PROVIDE A COMPLETE PHR 53 content of the archetype, and (c) a pointer with hash code that set the previous datablock. The first datablock is named the ’genesis block’ and the ’previous hash’ field points to no other datablock since it is the first node in the linked list” (p. 3). Figure 4. PHR blockchain in OmniPHR. Retrieved from “Analyzing the performance of a blockchain-based personal health record implementation” by Roehrs, A., Da Costa, C. A., Da Rosa Righi, R., Da Silva, V. F., Goldim, J. R., & Schmidt, D. C. (2019). Analyzing the performance of a blockchain-based personal health record implementation. Journal of Biomedical Informatics, 92, p. 3. The authors conclude that the evaluation of the OmniPHR protype using openEHR standards with blockchain technology proves to provide an environment where patient health records can be effectively and securely integrated, thus resolving patient and provider concerns. This article is an essential resource because it presents a viable product using blockchain technology to address the problem within this study. THE QUEST TO PROVIDE A COMPLETE PHR 54 Roehrs, A., Costa, C. A. D., Righi, R. D. R., Rigo, S. J., & Wichman, M. H. (2019b). Toward a model for personal health record interoperability. IEEE Journal of Biomedical and Health Informatics, 23(2), 867–873. doi:10.1109/jbhi.2018.2836138. Abstract. Health information technology, applied to electronic health record (EHR), has evolved with the adoption of standards for defining patient health records. However, there are many standards for defining such data, hindering communication between different healthcare providers. Even with adopted standards, patients often need to repeatedly provide their health information when they are taken care of at different locations. This problem hinders the adoption of personal health record (PHR), with the patients' health records under their own control. Therefore, the purpose of this paper is to propose an interoperability model for PHR use. The methodology consisted prototyping an application model named OmniPHR, to evaluate the structuring of semantic interoperability and integration of different health standards, using a real database from anonymized patients. We evaluated health data from a hospital database with 38 645 adult patients' medical records processed using different standards, represented by openEHR, HL7 FHIR, and MIMIC-III reference models. OmniPHR demonstrated the feasibility to provide interoperability through a standard ontology and artificial intelligence with natural language processing (NLP). Although the first executions reached a 76.39% F1-score and required retraining of the machine-learning process, the final score was 87.9%, presenting a way to obtain the original data from different standards on a single format. Unlike other models, OmniPHR presents a unified, structural semantic and up-to-date vision of PHR for patients and healthcare providers. The results were promising and demonstrated the possibility of subsidizing the creation of inferences rules about possible patient health problems or preventing future problems. THE QUEST TO PROVIDE A COMPLETE PHR 55 Summary. This article is the predecessor to the Roehrs et al. (2019a) article Analyzing the performance of a blockchain-based personal health record. The authors identify the purpose of an EHR as standardizing and collecting health data from within an organization. They state the purpose of a PHRs is to act as a repository for health and wellness information gathered from multiple source systems, including healthcare providers and wellness devices. The goal of standardizing data formats is to allow for interoperability among healthcare systems, such as systems supporting laboratories, pharmacies, insurance carries, and EHRs. However, standardization of PHR data formatting is much more complex when the intent is to gather data from all health and wellness sources, including providers, pharmacies, and personal health devices. Interoperability applies to many frameworks; for the purpose of their proposal and the development of the prototype the authors uses the third level of health data interoperability defined by the Healthcare Information and Management System Society (HIMSS), semantic interoperability, which “takes advantage of both the structuring of the data exchange and the codification of the data including vocabulary so that the receiving information technology system can interpret the data” (as cited in HIMSS, 2018). The OmniPHR proposal is to provide integration with different health data standards while also aggregating semantic interoperability among the different PHR data formats. The authors’ goals are to develop an interoperability model for PHR that presents up-to-date data to provide patients with a complete health record to help reduce redundancy, improve accuracy, and increase adoption of PHRs. Their first protype does so using “artificial intelligence with NLP [natural language process], ontology, and an open health standard to achieve semantic interoperability” (p. 873). They conclude that THE QUEST TO PROVIDE A COMPLETE PHR 56 additional evaluation of the OmniPHR will include expanded health care data and focus on possible benefits for both patients and providers. This article is beneficial to the study because it identifies technical specifications and standardization for the establishment of a PHR. It also provides an early-stage prototype of a PHR. Wang, S., Zhang, D., & Zhang, Y. (2019). Blockchain-based personal health records sharing scheme with data integrity verifiable. IEEE Access, 7, 102887–102901. doi:10.1109/access.2019.2931531 Abstract. The sharing of personal health records can help to improve the accuracy of the doctor’s diagnosis and to promote the progress of medical research. Currently, to reduce the maintenance cost of data, personal health records are usually outsourced to a third party such as the cloud service provider. In this case, patients may lose direct control over their personal health records and the semi-trusted cloud service provider may tamper with or reveal personal health records. Therefore, ensuring the privacy and integrity of personal health records and realizing the fine-grained access control are crucial issues when personal health records are shared. As a distributed architecture with decentralized and tamper-proof features, blockchain provides a new way to protect the personal health records sharing system. In this paper, we propose a new personal health records sharing scheme with data integrity verifiable based on blockchain. Aiming at the problems of privacy disclosure, limited keyword search ability and loss of control rights in the process of personal health record sharing, the new scheme uses searchable symmetric encryption and attribute-based encryption techniques to achieve privacy protection, keyword search, and fine-grained access control. Compared with the existing similar schemes, the new scheme allows patients to distribute attribute private key for users, avoiding many THE QUEST TO PROVIDE A COMPLETE PHR 57 security problems caused by the existing of attribute authority in the scheme. Furthermore, the new scheme uses blockchain to manage keys in the scheme, avoiding the single point failure problem of centralized key management. In particular, the new scheme stores the hash values of encrypted personal health records in blockchain, and the related index set is stored in smart contract, which can further improve the efficiency of data integrity verification. Finally, performance evaluation and security analysis indicate that our scheme is secure and feasible for practical use. Summary. The authors propose a new PHR sharing scheme using blockchain to address concerns and barriers with current access and control. This new sharing scheme allows patients to control the access to and functionality of their PHRs. The authors share evidence of why the current framework that consists of either a push model that sends information from one location to another, pull model that extracts information from a source, or view model that peers into a system is not sustainable and does not have the capability to provide patients and their care teams with a complete personal health record from multiple source systems and data types. To address this issue, the authors present a product proposal for a sharing scheme using blockchain, cloud storage, searchable symmetric encryption, attribute-based encryption, and smart contracts. Control of access is achieved by managing and distributing private keys through blockchain. The scheme provides patients with a workflow that starts with the initialization or setup, personal health record storage, personal health records sharing, and personal health records management. The authors conclude that their new scheme provides tamper-proof, secure access to PHRs without having to rely on third party cloud-based vendors, which pose a higher risk to security and of privacy violation. However, the authors assert that there is still a THE QUEST TO PROVIDE A COMPLETE PHR 58 need to validate and test if cloud servers will allow for file deletion, which the authors require for personal health records management. This article is essential to this study because it provides a viable solution to securely access PHRs. The article also introduces the technical requirements and specifications for utilizing a blockchain-based scheme to solve a data sharing issue. THE QUEST TO PROVIDE A COMPLETE PHR 59 Conclusion Electronic health record (EHR) systems are the record-keeping tool of choice for patient health records in the healthcare industry (Pirtle & Ehrenfeld, 2018). A related concept is a personal health record, defined as an all-encompassing health record that a patient owns and accesses (Roehrs et al., 2019a). Patient access to personal health records is commonly found in EHR patient portals where health organizations share information such as treatment plans, diagnoses, and results with patients (Flaumenhaft & Ben-Assuli, 2018). Although there are many benefits to EHR and PHR systems, there are also challenges (Alsahafi & Gay, 2018) with inefficient data storage, lack of interoperability, and lack of access (Roehrs et al., 2019b). Patient health data comes from the health information systems of healthcare organizations, including laboratory information systems, insurance claim clearinghouses, electronic medical records, and other health-related systems to collect and store information (Flaumenhaft & Ben-Assuli, 2018). As a result of the disparate sources of patient data, the data is siloed (Flaumenhaft & Ben-Assuli, 2018). Patients are left without a complete longitudinal PHR that includes all patient wellness data such as nutrition, monitoring equipment outputs, holistic medicine data, as well as the data gathered by EHRs (Alsahafi & Gay, 2018). On the quest to determine how to provide patients and providers with access to complete longitudinal personal health records, this study looked to define key elements and identify associated benefits and challenges. This annotated bibliography provides sources on the social, technical, and regulatory matters associated with the integration or compilations of health and wellness data from various sources such as EHR systems, PHR systems, and personal health tracking devices into a complete personal health record. THE QUEST TO PROVIDE A COMPLETE PHR 60 Overview of EHR, PHR, and Their Integration An EHR system is populated and accessed by healthcare organizations (Alsahafi & Gay, 2018). An EHR system has the capability to share and consume data from other healthcare organizations when interoperability is in place, giving it the capacity to create an integrated patient health record (Heart, Ben-Assuli, & Shabtai, 2017). Health information exchanges (HIEs) utilize EHRs to share patient information between healthcare organizations and state run HIEs (Heart et al., 2017). A personal health record (PHR) is owned by patients or their caregivers and populated by several different sources (Alsahafi & Gay, 2018). Personal health records were originally developed to provide patients with access to their medical records within a healthcare organization (Heart et al., 2017). Personal health records come in three models: (a) standalone, where users populate and maintain data; (b) tethered, where users have access through a patient portal tied to a healthcare organization’s EHR; and (c) integrated, where data is populated by healthcare organizations, personal devices, and the user (Alsahafi & Gay, 2018). The goal of integrating PHR systems with EHR systems is to create a more complete PHR in order to improve patient access, shift the owners of health information from provider- centric to patient-centric, and standardize the exchange of data between patients and healthcare organizations (Alsahafi & Gay, 2018). Currently, the siloed records have led to inefficacies and dissatisfaction amongst patients and care teams who are looking for access to a complete personal health record comprised of data from multi-source to improve the delivery of quality healthcare and access to health and wellness information (Heart et al., 2017). Alsahafi and Gay (2018) note: A key challenge is having a central source of information for medical records, as an individual will often seek the services of different healthcare providers during his THE QUEST TO PROVIDE A COMPLETE PHR 61 lifetime. With no ideal mechanism to provide the interaction and sharing of data among various EHR systems, it can be very difficult to access in-depth information covering an individual’s entire medical history. This can also make it challenging for patients who want access to their personal health information, either urgently, or simply when they want to be proactively involved in the management of their health. (p. 2) The Need for Complete Personal Health Records Personal health record systems present an opportunity to engage patients while reducing costs, increasing access, and improving care quality (Ford et al., 2016). Integrating PHR and EHR data has the potential to create a complete personal health record filled with real-time patient health information that could help streamline workflows and improve quality of care (Symons et al., 2019). Providing patients with more knowledge of the various inputs to their health equips them with the information to make healthcare decisions, manage chronic illness, and practice preventative self-care (Heath & Porter, 2017). Many tethered and integrated PHR systems give patients the ability to communicate with their providers online securely, receive reminders, schedule appointments, and populate health and wellness information not gathered by providers and other healthcare organizations (Wang & Dolezel, 2016). Along with all the benefits PHR systems deliver to patients, healthcare organizations also experience cost savings when patients schedule their own appointments, renew prescriptions, retrieve lab results, and ultimately reduce the number of phone calls to provider offices (Heath & Porter, 2017). While there are multiple benefits associated with PHR systems, there are also barriers that stand in the way of PHR adoption and the possible integration of EHR and PHR systems (Heart et al., 2017). Social barriers from the patient’s perspective focus on privacy and security concerns with the storage and exchange of data, differing abilities to use a computer and understand health data, and a lack of up-to-date information provided within patient portals THE QUEST TO PROVIDE A COMPLETE PHR 62 (Vydra et al., 2015). Social barriers from the provider’s perspective include resistance to the new workflows PHR use requires and concerns with the confidentiality and accuracy of patient- entered and device-imported data (Vydra et al., 2015). EHR and PHR Policy and Regulation The concept of complete personal health records highlights the need for standardized technical requirements, data governance, and compliance (Alsahafi & Gay, 2018). The technical and regulatory barriers to a complete PHR present overlapping topics (Flaumenhaft & Ben- Assuli, 2018). In 2018, Flaumenhaft and Ben-Assuli estimated there were between 100 and 200 different PHR systems in the United States that offered a myriad of different functions and specifications. There are few industry-wide regulations for PHR systems, which causes concerns with privacy, security, and integration (Flaumenhaft & Ben-Assuli, 2018). The concerns for privacy and security include the fact that only when tethered to the EHR system associated with a healthcare organization or covered entity does a PHR system become responsible for adhering to the Health Insurance Portability and Accountability Act of 1996 (HIPAA) guidelines (Flaumenhaft & Ben-Assuli, 2018). A “lack of agreed-upon standards in areas such as data definitions, communication protocols and data analytics” (Flaumenhaft & Ben-Assuli, 2018, p. 823) has led to a similar issue with HITECH Meaningful Use regulations. Meaningful Use is an incentive program to persuade healthcare organizations to utilize their EHR systems in “capturing patient information electronically in a standardized format, using patient information to track key clinical conditions, integrating test and imaging results and using decision support tools, communicating the information to all providers for the purposes of care coordination, initiating reporting of key clinical quality measures, and, finally, using the information to engage families and patients in their care” (Wani & Malhotra, 2018, p. 2). Meaningful Use is only focused on providing patients THE QUEST TO PROVIDE A COMPLETE PHR 63 with access to PHRs and not on provisioning technical standards or insuring that PHR systems can integrate and provide patients with real-time, up-to-date, accurate medical data (Flaumenhaft & Ben-Assuli 2018). Along with the lack of technical requirements, there is also an issue with the lack of regulations for “data ownership and control, third party use of stored data for alternative purposes, and the applicability of the legal framework” (Flaumenhaft & Ben-Assuli, 2018, p. 823). Data governance, which Winter and Davidson (2017) relate to “the management of enterprise data, including issues of data aggregation and integration, data integrity, security, and privacy” (p. 2), is of major concern for health data. Challenges in determining responsibility and accountability for the data when it comes to sharing patient data for research, integrating data for patient care purposes, accessing data for personal use, or commercial exploitation of the data by businesses (Kostkova et al., 2016) will ultimately fall on policy makers to determine who owns the data and is responsible for ensuring rules and regulations are in place to protect the data and the patients (Winter & Davidson, 2017). With the increase in patients utilizing third party PHR systems and other tools to help manage health information, healthcare service and technology executives, product developers and policy makers need to research and develop systems that can integrate and incorporate data from multiple sources to assist in building a complete personal health record (Ford et al., 2016). Policy makers, providers, and technology vendors all need to understand the increase in patients’ third-party PHR system utilization and demand for improved record sharing when setting PHR system usage targets (Ford et al., 2016). However, the Meaningful Use program has yet to address the need for interoperability, which could be one reason why innovation has been slow, and the information patients do have access to within their tethered EHRs has been of limited usability (Ford et al., 2016). Schneider (2008) asserts that HITECH should implement THE QUEST TO PROVIDE A COMPLETE PHR 64 integration standards and regulations for PHR portals and healthcare applications, including mobile devices. In order to address the lack of regulatory mandates, Alsahafi and Gay (2018) recommend the Certification Commission for Healthcare Information Technology (CCHIT) require PHR system vendors to integrate their PHR systems with other health and wellness systems. Schneider (2008) notes the CCHIT could require PHR system vendors to certify their products, demonstrating that the products meet industry standards, including the consumption of a Health Level Seven International (HL7) standard message format. The Health Level Seven International standard message format has set the structural standard for the formatting of clinical data for transfer between health information systems (Roehrs et al., 2019b). Although not federally required, HL7 Fast Healthcare Interoperability Resources (FHIR) is recommended as a standard for formatting health data that will be sent to other software applications (Hylock & Zeng, 2019). The use of HL7 structural message formatting standards and the CCHIT certification process currently apply to electronic health record systems only and could be extended to an integrated solution for personal health records systems (Schneider, 2008). Lastly, implementing a middle-out approach model where HITECH adds a new stage in the Meaningful Use incentive program by establishing interoperability standards and incentives for providers to utilize compliant EHR systems in order to connect to local health agencies would increase both organization and patient-level adoption and improve patient care outcomes (Alsahafi & Gay, 2018). THE QUEST TO PROVIDE A COMPLETE PHR 65 EHR and PHR Technology to Promote Integration and Interoperability With common industry standards and regulations in place, there would likely be an expansion in interoperability and enhanced service possibilities, thus enabling patients to safely share data across a variety of platforms and geographical areas (Flaumenhaft & Ben-Assuli 2018). Ali et al. (2018) propose one methodology called Secured Sharing of PHRs in the Cloud (SeSPHR). This methodology focuses on the encryption and decryption of PHR data using Setup and Re-encryption Server (SRS), a semi-trusted proxy that sets up public/private key pairs to produce re-encryption keys (Ali et al., 2018). An owner, the patients, or their caregivers control the access through an Access Control List (Ali et al., 2018). Owners can grant access to PHR system users, such as family members, healthcare providers, and pharmacies (Ali et al., 2018). The owner controls the sections and functionality to which each user is granted access (Ali et al., 2018). Ali et al. (2018) assert that the methodology is secure against insider threats and also enforces a forward and backward access control. Plastiras and O’Sullivan (2018) propose a middleware information model utilizing HL7 standards for interoperability. The model uses HL7 Clinical Document Architecture (CDA) instantiation as a Protégé ontology, and mapping rules to transfer data between PHR and EHR systems (Plastiras & O’Sullivan, 2018). Advantages of the approach include ease of maintenance, as any modifications to the PHR or EHR system require only a change to the instantiation of the model (Plastiras & O’Sullivan, 2018). Plastiras and O’Sullivan (2018) also note the advantage of basing the solution on standards such as CDA. Another approach is to leverage blockchain technology for personal health record sharing (Wang et al., 2019). Blockchain technology is a “linked list of datablocks chained together in a distributed ledger by pointers, represented by a hash code that identifies each block, and where THE QUEST TO PROVIDE A COMPLETE PHR 66 each datablock has, beyond the content, the pointer to the previous datablock in the chain” (Roehrs et al., 2019a, p. 2). Each node in the peer-to-peer (P2P) network acts as a recorder of datablocks and as an evaluator of the appropriate access to and permissions of the content. Each node can add new blocks to the list and execute evaluation rules for every interaction. The checks of each block are performed in conjunction with all of the other nodes, thus forming the consensus protocol (Roehrs et al., 2019a). Another blockchain technology concept is called smart contracts, which are “modular, reusable, and automatically executed scripts that run on the blockchain” (Wang et al., 2019, p. 102890). A smart contract is “a participant in the blockchain network, which responds to the received information, receives and stores value, and sends out information and value” (Wang et al., 2019, p. 102890). Smart contracts are used “to incorporate business rules or scripts to the processing performed on the platform” (Roehrs et al., 2019a, p. 2). Blockchain provides secure, near real-time transmission of data (Kshetri, 2018). With the identified need for a more patient-centric approach to health records and improved interoperability to securely share data that is currently stored in siloed health system databases, blockchain may be a possible solution (Mackey et al., 2019). While there are many different viable technical approaches to enable access to complete longitudinal personal health records, the sheer number and cost associated with connecting thousands of disparate systems to achieve true integration among EHR and PHR systems may be too large of a barrier to overcome (Symons et al., 2019). Without regulatory mandates and incentive programs, there is little likelihood that healthcare organizations and EHR vendors will be willing to participate in full integration or interoperability to provide patients with a complete health record within tethered PHR systems (Ford et al., 2016). Final Thoughts THE QUEST TO PROVIDE A COMPLETE PHR 67 There is a great need to provide patients with complete personal health records that allow them to integrate manual health data and data collected by personal health devices with the data stored in their tethered PHR systems for both providers and patients to see and utilize (Alsahafi & Gay, 2018). However, there is still further research required into the social, technical, and regulatory elements that will need to be addressed to ensure patient health information is securely exchanged, data populated by patients is deemed accurate, standards are put in place (Heart et al., 2017), and government mandates are enacted to require participation from all healthcare service and technology vendors (Alsahafi & Gay, 2018). Despite the challenges, the payoff for a complete PHR is reduced cost, improved health outcomes for populations, and improved care for patients and their families (Ford et al., 2016). THE QUEST TO PROVIDE A COMPLETE PHR 68 References Ali, M., Abbas, A., Khan, U., & Khan, S. U. (2018). SeSPHR: A methodology for secure sharing of personal health records in the cloud. IEEE Transactions on Cloud Computing, 1–1. doi:10.1109/tcc.2018.2854790 Alsahafi, A. Y. A., & Gay, B. V. (2018). An overview of electronic personal health records. Health Policy and Technology, 7(4), 427–432. doi:10.1016/j.hlpt.2018.10.004 Flaumenhaft, Y., & Ben-Assuli, O. (2018). Personal health records, global policy and regulation review. Health Policy, 122(8), 815–826. doi:10.1016/j.healthpol.2018.05.002. Ford, E. W., Hesse, B. W., & Huerta, T. R. (2016). Personal health record use in the United States: Forecasting future adoption levels. Journal of Medical Internet Research, 18(3). doi:10.2196/jmir.4973 Grover, V., Jeong, S., Kettinger, W., & Lee, C. (1993). The chief information officer: A study of managerial roles. Journal of Management Information Systems, v10(2), 107-130. doi:10.1080/07421222.1993.11518002 Heart, T., Ben-Assuli, O., & Shabtai, I. (2017). A review of PHR, EMR and EHR integration: A more personalized healthcare and public health policy. Health Policy and Technology, 6(1), 20–25. Available: doi:10.1016/j.hlpt.2016.08.002 Heath, M., & Porter, T. H. (2017). Patient health records: An exploratory study of patient satisfaction. Health Policy and Technology, 6(4), 401–409. doi:10.1016/j.hlpt.2017.10.002 Healthcare Information and Management Systems Society (2018). What is interoperability? Retrieved from http://www.himss.org/library/interoperability-standards/what-is THE QUEST TO PROVIDE A COMPLETE PHR 69 Hylock, R. H., & Zeng, X. (2019). A blockchain framework for patient-centered health records and exchange (HealthChain): Evaluation and proof-of-concept study. doi:10.2196/preprints.13592 Kostkova, P., Brewer, H., Lusignan, S. D., Fottrell, E., Goldacre, B., Hart, G., … Tooke, J. (2016). Who owns the data? Open data for healthcare. Frontiers in Public Health, 4. doi:10.3389/fpubh.2016.00007 Kshetri, N. (2018). Blockchain and electronic healthcare records [Cybertrust]. Computer, 51(12), 59-63. doi:10.1109/MC.2018.2880021 Office of the National Coordinator for Health Information Technology (2019). Laws, Regulation, and Policy. Retrieved from https://www.healthit.gov/topic/laws-regulation-and-policy Mackey, T. K., Kuo, T.-T., Gummadi, B., Clauson, K. A., Church, G., Grishin, D., et al. (2019). 'Fit-for-purpose?' - Challenges and opportunities for applications of blockchain technology in the future of healthcare. [editorial]. BMC Medicine, 17(1). doi:10.1186/s12916-019-1296-7 Pirtle, C., & Ehrenfeld, J. (2018). Blockchain for healthcare: The next generation of medical records? [Article]. Journal of Medical Systems, 42(9), 1-1. doi:10.1007/s10916-018- 1025-3 Plastiras, P., & O’Sullivan, D. (2018). Exchanging personal health data with electronic health records: A standardized information model for patient generated health data and observations of daily living. International Journal of Medical Informatics, 120, 116–125. doi:10.1016/j.ijmedinf.2018.10.006. Roehrs, A., Da Costa, C. A., Da Rosa Righi, R., Da Silva, V. F., Goldim, J. R., & Schmidt, D. C. (2019a). Analyzing the performance of a blockchain-based personal health record THE QUEST TO PROVIDE A COMPLETE PHR 70 implementation. Journal of biomedical informatics, 92, 103140. doi:10.1016/j.jbi.2019.103140 Roehrs, A., Costa, C. A. D., Righi, R. D. R., Rigo, S. J., & Wichman, M. H. (2019)b. Toward a model for personal health record interoperability. IEEE Journal of Biomedical and Health Informatics, 23(2), 867–873. doi:10.1109/jbhi.2018.2836138. Schneider, M. E. (2008). Popularity of personal health records growing. Internal Medicine News, 41(3), 48–49. doi:10.1016/s1097-8690(08)70111-2 Sullivan, P., & Goldmann, D. (2011). The promise of comparative effectiveness research. The Journal of the American Medical Association, 305(4), 400. doi:10.1001/jama.2011.12 Symons, J. D., Ashrafian, H., Dunscombe, R., & Darzi, A. (2019). From EHR to PHR: Let’s get the record straight. BMJ Open, 9(9). doi:10.1136/bmjopen-2019-029582 Vydra, T. P., Cuaresma, E., Kretovics, M., & Bose-Brill, S. (2015). Diffusion and use of tethered personal health records in primary care. Perspectives in Health Information Management, 12, 1c. Retrieved from http://perspectives.ahima.org/diffusion-and-use-of-tethered- personal-health-records-in-primary-care/ Wang, S., Zhang, D., & Zhang, Y. (2019). Blockchain-based personal health records sharing scheme with data integrity verifiable. IEEE Access, 7, 102887–102901. doi:10.1109/access.2019.2931531 Wang, T., & Dolezel, D. (2016). Usability of web-based personal health records: An analysis of consumers' perspectives. Perspectives in Health Information Management, 13(1f). Retrieved from https://www.ncbi.nlm.nih.gov/pmc/articles/PMC4832130/ Wani, D., & Malhotra, M. (2018). Does the meaningful use of electronic health records improve patient outcomes? Journal of Operations Management, 60(1), 1–18. doi: 10.1016/j.jom.2018.06.003. THE QUEST TO PROVIDE A COMPLETE PHR 71 Winter, J. & Davidson, E. (2017). Investigating value in personal health data governance model. Healthcare Informatics & Health Information Technology, 15. Retrieved from https://aisel.aisnet.org/amcis2017/Healthcare/Presentations/15/