PHRs, EHRs raise privacy issues for teens, parents

Personal health records (PHRs) and electronic health records (EHRs) don’t meet the privacy and confidentiality needs of adolescents and their parents and will require significant changes to do so, according to a recent article in Pediatrics.

Children and adolescents require a proxy-typically a parent-to access and manage their PHR until they reach legal adulthood. Patient and proxy may share management of the record, or the proxy may have full control. Most PHRs permit both patient (if appropriate) and proxy to view all data in the PHR.

Recommended: Using voice recognition to speed EHR documentation

Problems can arise when data released into the PHR from the patient’s EHR isn’t meant to be shared with others. Such private and confidential information, protected by law, can include records of a teenager’s healthcare visits for reproductive health (contraception, sexually transmitted diseases), substance abuse, and mental health, which providers usually aren’t allowed to share with parents. Parents, for their part, may reveal things to providers that they don’t want their adolescent child to know-information about paternity or domestic abuse, for example.

Issues of privacy and confidentiality can affect virtually all types of health data, the authors of the article point out: medication lists, problems lists, notes, visit summaries, appointments, test results, family and social histories, and hospital bills. Addressing the issues, they note, will require fixing some defects in the way EHRs and PHRs are set up.

For one thing, EHRs aren’t designed to flag all sensitive information, either automatically or as directed by a healthcare provider, so sensitive and nonsensitive information are released into the PHR without differentiation. Moreover, PHRs aren’t equipped with access tools that permit different users, such as teenagers and their parents, to have different views of the records depending on what information they’re allowed to see.

More: HEEADSSS 3.0

Instead of addressing these deficiencies amid the rapid adoption of PHRs, many healthcare centers have relied on “workarounds” that reduce the risk of disclosure but interfere with access to medical information, the authors say. Such measures include discontinuing access to PHRs for parents of adolescents aged around 12 or 13 years; suppressing health information; revoking access for both parents and adolescents; or permitting patient and parent access but allowing the teenager to discontinue parental access at any time because of a confidential visit (thereby placing the onus of maintaining confidentiality on the adolescent).

While acknowledging that addressing privacy and confidentiality issues will require “significant modifications” to the design of EHRs and PHRs, the authors nevertheless urge providers to “insist that their EHR and PHR vendors focus on the need to provide the tools needed to appropriately protect privacy and confidentiality in this era of sharing.”