Patients own their medical records. This truth has had a difficult history for those of us who wish to have a single record of our health, wellness, and disease and want to convey that record to whomever we wish whenever we wish. The lack of interoperability among the many sources of our medical record, coupled with the hassle associated with obtaining a copy of one or more of the fragments of our record under the control of providers, has been and continues to be a consumer frustration. Hence the motivation, at least in part, for the movement toward Personal Health Records (PHRs).

There is no question that the patients own their Personal Health Records (PHRs)—at least the “untethered” type that is not controlled by a provider, employer, or payer. To the extent that the PHR contains the health, wellness, and disease information about a person, it could be the most complete record of such information. It can be conveyed by persons to whomever they choose whenever they choose. We are in the early phases of PHR development and, over time, progress will be made in allowing a more complete gathering of health, wellness, and disease information from multiple sources through electronic data and document transfer directly into a PHR.

The question is whether this progress will be undermined by the very advocates that are promoting PHRs. One of the key values of a PHR is the ability to communicate the personal health information among multiple providers caring for an individual when those providers are unable or unwilling to communicate it among themselves. This could be an extremely valuable function for both provider and patient. In fact, the potential automated communication of PHR information to Electronic Health Records (EHRs) is touted as a possible solution to our failure to achieve interoperability among EHRs.

With ownership comes certain privileges. One such privilege is the ability to delete information from the PHR or withhold the communication of certain information within the PHR to someone else (or to another system). This capability is built into most PHRs. That is no different from the non-PHR world in which a patient can choose to withhold any information from a provider. What is different about PHRs that are controlled by the patient is the ability to alter information sourced from a physician or laboratory or other professional source, and to pass the altered information on to another provider, either electronically or on paper. This does not apply to PHRs that are controlled by a provider since the patient is not allowed to alter professional information in these systems.

To be clear, a person without a PHR could obtain a copy of a laboratory report or physician's note or other professionally sourced document, alter it using a photo tool or some other mechanism in a manner that would disguise the alteration, and pass the altered version on to another provider. That cannot happen, at least not easily, when information is passed directly from one professional source to another, either electronically or on paper. The patient or the patient's system is not in the loop. That is why physicians have a certain (but not complete) level of trust in communications directly from other professional sources compared to information obtained from a patient. Electronic Health Records do not allow alteration of professionally sourced data or documents. The question is whether PHRs will have the same level of trust as EHRs or will be relegated to a lower level of trust. An even bigger question is whether this controversial issue will prevent PHRs from gaining traction in the industry.

Many PHR advocates are insistent that the owner of the PHR has the right to alter professionally sourced documents. The attitude seems to be that since it is not a legal record, the PHR owner has the right to do whatever he or she pleases with the information contained in it. This is an understandable position in view of the current frustration people have with correcting what they believe to be erroneous information in their provider-based records. There is no controversy regarding the right of an individual to request that a physician or other professional correct or amend the record they have created if it is in error. Another mechanism, less widely used but equally noncontroversial, is to allow the patient to comment on some aspect of information contained in their provider-based record. Here, the original information is still present and visible as well as the clearly labeled patient comment. Neither of these mechanisms satisfies many PHR advocates. They insist that the consumer has the right not only to alter any document or information in their PHR, but also to pass on that information in its altered state. The most visible forums where this view has become apparent are Health Level 7's (HL7's) PHR functional model, the Markle Foundation's Common Framework for Networked Personal Health Information and Microsoft's HealthVault.

The working group responsible for HL7's functional model for PHRs is divided on this topic and, hence, the current published standard for the functional model is silent on this issue. This is despite the fact that the only two profilers to date of the HL7 PHR functional model explicitly state that the PHR user cannot alter professionally sourced information. (A “profiler” for HL7 is an organization or group of users of the standard that create an implementation guide for the use of the standard in their domain.) Google Health does not allow their PHR customers to alter professionally sourced information in their own PHR. Microsoft's HealthVault does allow the consumer to alter professionally sourced information, but they flag such information as altered and maintain an audit trail of the previous values.

The Markle Foundation's Common Framework for Networked Personal Health Information is the closest document we have to a public policy statement regarding this issue from a neutral organization. This excellent work was a consensus document of a broad group of stakeholders and has been widely endorsed. The Framework, like the HL7 functional model, is silent regarding the right of individuals to alter professionally sourced information. It is clear in the Framework, however, that there needs to be maintained an “immutable audit trail” of any alterations made to any data in the PHR. It is also clear that this audit trail needs to be communicated along with the PHR record when information is passed outside the PHR electronically. The Framework also states that “there is no default source of truth” in a networked health environment.

Although “source of truth” is a phrase widely used in discussing the integrity of information in electronic records, it is really a misnomer. We never know “truth” when it comes to information regardless of the source. Truth, i.e., the verity of the information, is not knowable. Physicians, laboratories and all sources of information have potential error. What is knowable is “truth of source”. We can insure that if information was generated by a laboratory or physician it is so labeled.

The question becomes, if a consumer can alter data or documents that originated with a professional, how visible to the receiver of this altered information is the fact that it has been altered? Does the Markle Foundation “immutable audit trail” solve this problem? It would require not only that such an audit trail be communicated with the record, but that the receiving system persistently and repeatedly alert the end user to such an alteration every time it is displayed or printed. Creating a set of standards to accomplish this would be difficult, and any resulting standards are likely to be complex. Our history with complex standards is that they are rarely, if ever, consistently applied by vendors.

Advocating the right of a consumer to alter professionally sourced information may put the entire future of PHRs at risk. Rather than using PHRs with altered information as a method of interoperability between EHRs, the owners of EHRs would be better advised to insure that certain data fields in their EHR database, such as diagnoses or laboratory results, have not been contaminated by data passing through a PHR to avoid possible liability.

It would be unfortunate if PHRs were relegated to this low level of trust. It is not necessary for consumers to have the right to alter professionally sourced data in order for the PHR to serve the many useful purposes they can serve. This does not apply solely to the ability of a consumer to alter professionally sourced data, but to anyone altering anyone else's data. There is simply no need to allow it. The ability to comment or to request that the source correct an error is sufficient. The motivation of a consumer to alter professionally sourced information will not always be to correct an error. We will never completely prevent the fraudulent falsification of records, but we can at least make it more difficult. Free speech, even in PHRs, has its limits.