Increasingly patients are creating and maintaining personal health records (PHRs) with data from a variety of healthcare providers as well as data they have generated about their health. What provisions should be included in a model privacy and security policy that patients might use in making decisions related to their privacy and the security of their PHRs?

 

PHR, which means Personal Health Record, is defined as a tool that allows users to manage, share, and store their personal health information electronically. For a PHR process, there are three stages that it should undergo, which include ;

• having a better understanding of the landscape.
• Stakeholders input
• Tool development by consumers and testing.

Provisions to be included in model privacy and security policies include ;

• Improve safer maintenance to encourage best practice - privacy practices should be a priority than required by law. There should be a tool for privacy practices to meet standards. A logo is established for a company for consumers to differentiate from imitations. Formation of the logo is mostly done after an audit.
• Federal information processing for data collected about consumers should be adopted.
• Entities that provide products and services through the website should also be extended access to federal policies. Third-party providers should also be included.
• Information or data in a PHR should be portable and divisible so that users can only share a segment of their records and not the whole record.
• Third-party users should get clear information about the relationship between them and the website.
• PHR should also introduce security protection, including strong authentication policies. This includes the following; Proofing of the identity, Token identifying, ongoing monitoring and auditing, and enforcement.