Health Breach Notification Rulemaking #541358-00116

Submission Number:
541358-00116
Commenter:
Carolyn Oliver
Organization:
Patient Always First
State:
TX
Initiative Name:
Health Breach Notification Rulemaking

We are a non-profit who have just recently provided a patient-friendly, doctor-valuable, free Personal Health Record to the public at www.pfhr.org. As a physician, I think a good PHR will save so much time and duplication of effort in the system, and is the next, best thing we can do to help our patients, doctors, and healthcare system. Mayor White, and the City of Houston, have plans to urge their employees (20,000), and other citizens in Houston, TX (area population 5 million plus) to put their health information in a good PFR, and ours will be the one featured. This effort is currently being organized, and will probably begin at the end of the summer. I have taken great pains with our PHR to make it patient-friendly. Many, many people are afraid of putting identifiable information on the Internet, so we don't require them to put an address, telephone number, or even an e-mail address into their sign-up. If we required one or more of those, I think we would lose a lot of people even before they get a chance to see how easy our system works for them. Please don't require patients to put a notification address or email into the system. It will only scare people away, especially the older population who mistrust a lot of technology, but are over-represented as far as diseases/illnesses are concerned. Also, we hope to represent the homeless population in the system as well, so they will have a record that they can access and print as they see a provider, and they might not have any notification information to enter. I think asking for a contact address/e-mail could be optional, but I think if you put wording beside it that says something like "in case of a breach of your personal health information," then you're going to get a lot of patients that just close the application, and don't get this valuable document going. I urge you to take a look at our PHR, called the PatientFirst Health Record at www.pfhr.org. It is easier for patients to use than any other I've seen, and it is unique in that it also prints out in the format that doctors like to look at (a sort of medical record document). We've spent several years working hard on this, and want to see this technology make a big difference in the quality of healthcare. So please make sure as you make laws that you don't tie our hands without considering how each law will affect the ability or incentive of patients to put their health information into this valuable form. Of course, we want to keep this valuable information in as secure a form as possible. But there seems to always be a fine balance between making the data secure and also making it stay easy for patients to access, and non-threatening for them to use. It is really hard to get patients to start this PHR process, because they haven't done it before, and don't understand why they need to do it now. But many of us believe that a PHR on every patient would be so extremely valuable, especially to stop so much duplication of expense and effort in the healthcare system, in addition to empowering the patient. In conclusion, think about how your breach notification requirements might affect the incentive of patients we're trying to get to use this valuable technology, especially the many people who will back away from any application that REQUIRES identifying information such as an address, e-mail, or telephone number. Sincerely, Carolyn Oliver, M.D., J.D., Executive Director, Patient Always First, Houston, TX, 77055, 713-461-2822.