Personal Health Records — or PHRs, as they are known — are Web- and computer-based tools that let you access, store and manage your lifelong health information and share parts of it with doctors or others. In theory, PHRs can protect you from lurking medical mistakes, alert you to needed medical tests, and help you shop for the cheapest drugs or track your blood pressure.

See also: Gov't is nudging doctors to make health records digital.

Because your entire medical history is kept in one place, privacy and security issues loom larger than in the days when doctors kept all records solely in paper folders in their individual offices. But with proper precautions, PHRs can make it much easier for you to take control of your own health care.

Although the number of people who use a PHR has doubled in the past year, still only one in 14 Americans is leveraging the technology, according to the California HealthCare Foundation. Unlike electronic medical records — which are created and owned by doctors and hospitals — PHRs are owned and controlled by the consumer.

As the government and industry push to digitize the nation’s health care system, some see PHRs as the tool that can best engage patients in their care. Digitally connecting providers to one another and with patients, experts say, is key to improving patient care, facilitating safety and efficiency, and ultimately reducing costs.

PHRs Come in Many Flavors

Today, there are about 200 PHRs available, including those offered by stand-alone PHR firms, technology giants Google and Microsoft, health insurers, health care providers and employers.

Many PHRs are free; others charge a small monthly or annual fee. PHRs come with varying bells and whistles. For those skittish about putting their data on the Web, a few USB- and desktop-based PHRs are available. Some PHRs integrate tools to help patients and doctors better coordinate care.

"The PHR is a piece of a larger picture," says Dan Greden, senior director of Aetna's eHealth division. Aetna sends alerts to nearly 1 million members — and their doctors — using their Aetna PHR when care is needed. A person with diabetes in need of a hemoglobin test, for example, will get notified automatically rather than having to remember to schedule an appointment.

An estimated 70 million Americans have access to a PHR, according to the Massachusetts-based Center for Information Technology Leadership, though most have not adopted the technology. For example, Aetna offers its PHR to 9 million members, yet only 1 million use it.

More than 3 million Kaiser Permanente members use My Health Manager, Kaiser's PHR. Medicare offers PHRs now to beneficiaries in Arizona, South Carolina and Utah, and through some Medicare Advantage plans. WebMD offers a freestanding PHR and others on behalf of large corporations and health care organizations.

Tom Lupfer, 72, of Waco, Texas, uses a secure, password-protected PHR to collect and manage the reams of data constituting the medical record of his grandson, Glenn, who has hydrocephalus, a life-threatening brain condition that causes the 21-year-old to have seizures about four times a year.

Lupfer believes the FollowMe PHR helps Glenn receive better care, avoids medical mishaps, and perhaps has even saved his life. The PHR holds his grandson's contact, medical and drug information, and his history of seizure activity. "By having this information, we are always able to provide caregivers good, accurate dates and times of events," Lupfer says.

Next: Tips on using a PHR»

Technology, Privacy and Security

While PHRs vary, one main difference separates most: whether they are freestanding like FollowMe or tethered like Aetna's. That difference can have an impact on privacy and security, the amount of work needed to maintain a PHR, and even the technology required.

Freestanding PHRs typically require consumers to type, scan or download their medical records. Lupfer keys in essential parts of his grandson's records and downloads scans from the boy's providers. "It's simple," he says. "It's easy to work with."

PHRs tethered to a sponsoring health plan, doctor or employer are preloaded for the individual, reducing the workload to start and maintain them. But the information loaded for consumers is usually based not on medical records but on claims or billing data, which can be prone to error.

Tethered PHRs also limit the data entered, typically to the length of time the person has been with a health plan or received care from a certain provider. Freestanding PHRs, however, are portable, allowing people permanent access. Aetna has partnered with Microsoft's HealthVault so its members can make their PHR portable and access HealthVault tools to monitor weight, blood pressure, cholesterol — and even find a clinical trial.

In today's plug-and-play world, consumers often don't need more than an account, a computer or mobile device — increasingly PHRs are introducing versions for the mobile Web—and Internet access to get instant access to a PHR. PHRs commonly let users print out portions of their medical records to share.

If your PHR is Web-based, as most are, your records are stored on the PHR sponsor's server. "We are more secure than a financial institution," says Aetna's Greden. However, your personal information can still be at risk.

"There are two separate risk scenarios," says Pam Dixon, executive director of the World Privacy Forum. "For medical information held by hospitals and doctors, the risk is that insiders will peek and potentially sell the data." For all online health care records, "the second-biggest risk is that the data will inadvertently leak due to a security lapse," Dixon says. "We see many more cases of leaks due to negligence than intentional hacking."

Dixon suggests opting for a PHR covered by the federal Health Insurance Portability and Accountability Act (HIPAA), the same law giving patients rights to their medical records. Covered entities are regulated in handling patients' medical data. Without HIPAA protection, she says, consumers can lose "many key legal protections," such as doctor-patient confidentiality. According to Dixon, Google Health, HealthVault and WebMD PHRs are not HIPAA-covered.

Tips on Using a PHR

• Read the terms of service and the privacy policy very carefully before storing your data. Some non-HIPAA-covered PHRs market your data.
• Make sure your PHR allows you the right to delete your record.
• If you're using a wireless connection, be sure it's encrypted (look for a small lock symbol in the upper right-hand corner of the screen).
• Keep a printed copy of your PHR in case the records get deleted or altered.
• Double-check the information on your PHR to make sure it is accurate and up-to-date.