Personal health records, global policy and regulation review

Personal health records (PHR) have been endorsed as a promising tool for the self-management of an individual's medical information, affording benefits to both the individual patient and the healthcare system as a whole. Nevertheless, adoption rates have been relatively slow and widespread acceptance has yet to be achieved. A significant obstacle often cited as delaying the implementation of these systems has been concern regarding the ability to properly ensure the security and privacy of this sensitive information. This article reviews the current legislative landscape in various countries, examining the degree to which they address these issues and support the implementation of PHR's. This review compares in particular a number of prominent components of health data security and privacy across five different legislative jurisdictions in order to allow for a closer examination of regulatory approaches and measures. Of the legislation reviewed the EU's GDPR stands out as seemingly providing the most comprehensive and stringent protection measures, yet nonetheless appears to leave significant room for interpretation and a degree of ambiguity in key areas. The results of this comparison, demonstrate considerable variances with regards to legal terminology and the degree of compliance required from entities offering PHR services across various jurisdictions. The paper ends with a discussion of specific policy implications and recommendations stemming from the current legislative state of affairs.