• Print

Privacy & Security Policy

Personal Health Records (PHR) Roundtable

The Office of National Coordinator for Health Information Technology (ONC) hosted a free day-long public Roundtable on "Personal Health Records — Understanding the Evolving Landscape" on December 3, 2010. The Roundtable was designed to inform ONC’s Congressionally mandated report on privacy and security requirements for non-Covered Entities (non-CEs), with a focus on personal health records (PHRs) and related service providers (Section 13424 of the HITECH Act).

The Roundtable included four panels of prominent researchers, legal scholars, and representatives of consumer, patient, and industry organizations. It addressed the current state and evolving nature of PHRs and related technologies (including mobile technologies and social networking), consumer and industry expectations and attitudes toward privacy and security practices, and the pros and cons of different approaches to the requirements that should apply to non-CE PHRs and related technologies.

Web Archive


Read blog post on Personal Health Records: A Focus on Privacy and Security by HHS Privacy Officer Joy Pritts

PHR Roundtable Transcript [PDF - 975 KB]

Non-HIPAA Covered Entities

The Office of the National Coordinator for Health Information Technology (ONC) contracted with MAXIMUS in 2008 to analyze:

  • Definitions and characteristics of personal health records (PHRs);
  • Legislation applicable to PHRs;
  • Privacy and security policies of selected PHR vendors and related entities; and
  • Consumer views on PHRs and PHR privacy practices. 

As part of ONC’s Health Information Technology for Economic and Clinical Health (HITECH) Act activities, the MAXIMUS whitepaper will assist ONC in identifying existing privacy and security legal framework for PHRs and assess the current gaps in their privacy and security practices.

Non-HIPAA Covered Entities: Privacy and Security Policies and Practices of PHR Vendors and Related Entities Whitepaper [PDF - 2.3 MB]