personal health record (PHR)

What is a personal health record (PHR)?

A personal health record (PHR) is an electronic summary of health information that a patient maintains control of themselves, as opposed to their healthcare provider. The information contained in a PHR can be self-reported, generated by their providers or a combination of the two. The type of data included in a PHR is not standardized, but a typical record might include the following information:

  • Previous ambulatory visits, hospitalizations and emergency room encounters.
  • Known allergies.
  • Family medical history.
  • Immunization records.
  • Current or past conditions or diseases.
  • Prescription and over-the-counter medications taken.
  • Surgeries or procedures.

Evolution of personal health records

PHRs have existed since the 1990s. But it took more than a decade for the technology to advance sufficiently to drive commercial interest in their development.

In 2007, companies such as Microsoft and Google began offering PHR products, though neither is available today. Dossia, a web-based framework for PHRs, was launched in 2008 by a consortium of companies, including Walmart and AT&T.

The PHR landscape has undergone significant transformation in recent years, driven by emerging technologies and the unprecedented challenges of the COVID-19 pandemic.

The maturation of artificial intelligence and machine learning has enabled sophisticated predictive analytics to be integrated into personal health management. This technology enables more accurate forecasting of health trends and personalized healthcare recommendations.

Simultaneously, blockchain technology can be used to enhance the security of PHR data. Its robust encryption and decentralized nature offer new ways to protect sensitive health information from breaches and unauthorized access.

Furthermore, the COVID-19 pandemic accelerated adoption and expansion of PHRs. This period saw the rapid integration of vaccination records into PHRs, providing individuals with easy access to their COVID-19 vaccination status -- a crucial element during the height of the pandemic. In addition, the rise of telehealth services, necessitated by lockdowns and social distancing measures, became an integral part of PHRs. This integration not only facilitated remote care, but also ensured continuity of care and remote patient monitoring during times when traditional face-to-face encounters were challenging.

These technological advancements and the pandemic's impact have shaped the role and functionality of PHRs, making them more vital and versatile tools in modern healthcare management.

As PHR software continues to evolve in response to new trends and technologies, future products are expected to incorporate genomics data, wearable health technology and personalized medicine approaches.

Digital health technologies diagram.
The advancement of digital health technologies has significantly transformed the personal health record landscape.

GDPR's impact on personal health records

The General Data Protection Regulation (GDPR), implemented in the European Union (EU) in May 2018, has had a significant impact on PHRs in terms of how personal health data is managed, protected and shared.

GDPR imposes strict rules on data protection and privacy that ensure PHR providers in the EU, or those dealing with EU citizens' data, maintain high standards of data security. This includes implementing robust measures to protect against data breaches and unauthorized access.

Under GDPR, individuals must give explicit consent for their health data to be collected, processed and stored in a PHR. PHR providers are required to clearly inform users about how their data will be used, who will have access to it and for what purpose. This transparency empowers users to have more control over their personal health information.

GDPR personal data diagram.
The EU's GDPR and its strict rules on data protection and privacy has greatly affected how personal health data such as personal health records are managed, protected and shared.

GDPR mandates that only the data necessary for the intended purpose should be collected and processed. This principle of data minimization ensures PHRs don't become repositories of excessive, irrelevant personal health information.

GDPR requires PHR providers to demonstrate compliance with its principles. This includes maintaining detailed records of data processing activities, conducting data protection impact assessments for high-risk processing and, in some cases, appointing a data protection officer. Noncompliance can result in significant penalties.

Standalone vs. tethered PHRs

PHRs are classified as standalone or tethered. Standalone PHRs are managed by patients, who input their own data and decide how it should be shared. They can sometimes accept data from external sources.

Tethered PHRs are linked to a specific healthcare organization's electronic health record (EHR) system and accessed through secure portals. There is debate over whether tethered PHRs qualify as true PHRs.


Although PHRs share many similarities with EHRs, the terms are not interchangeable. An EHR is a digital record consisting of clinician-collected notes and information, designed to be shared with other healthcare providers.

Most notably, an EHR platform is entirely controlled and maintained by the healthcare provider or healthcare organization. While a PHR contains similar information, patients themselves retain control of the record.

Benefits of personal health records

PHRs provide several benefits to healthcare professionals and patients, including the following:

  • Improved patient engagement. Having information and tools to manage health and the ability to track health over time can help involve patients in their own care. Furthermore, much of what patients do for their health happens outside a doctor's office. PHRs can empower patients to document these events.
  • Better access to patient information. When a patient seeks care from someone other than their usual provider, such as during emergencies or while traveling, PHRs can help ensure their health information is available to them whenever they need it.
  • Improved management of information. PHRs can help patients track information from multiple providers and can help improve care coordination.
  • Reduced administrative costs. PHRs can reduce the burden on healthcare organizations by making patient information more easily accessible to administrative staff, thereby reducing time spent searching for requested information and responding to questions.
  • Better patient-provider communication. PHRs can improve communication between patients and healthcare providers by providing a direct, secure communication method.
  • Ability to manage family healthcare. PHRs can help caregivers, including family members, better manage the patient's care and help coordinate with other caregivers.

Barriers to personal health records

Despite the potential benefits, there are several challenges facing PHRs, including the following:

  • Data accuracy. When patients or consumers enter and update their own health records, concerns about data accuracy arise. Sometimes, users need to be informed and guided on how to extract relevant information from prescription labels and test reports.
  • Data privacy and security. There are less-stringent data protection requirements in place for PHRs. Also, vendors that provide standalone PHRs are not subject to the Health Insurance Portability and Accountability Act, or HIPAA, because they are not a covered entity, such as a hospital. Only PHRs that are tethered to a healthcare organization's EHR are covered by the law. The U.S. Congress addressed privacy and security requirements for PHRs for the first time in the American Recovery and Reinvestment Act of 2009, under which PHR vendors are required to notify affected individuals and federal regulatory entities of security breaches involving an individual's personal health information or other identifiable health information.
  • Disparities in adoption rates. A digital divide remains when it comes to the adoption of PHRs. Consumers who have low computer competency and low health literacy are less likely to use PHRs.
HIPAA compliance checklist.
While personal health record vendors must adhere to various privacy regulations, only those tied in with electronic health records are subject to HIPAA.

Personal health record software

The PHR market has evolved over the years as vendors have either consolidated or exited the space. But several products remain available.

Today, popular PHR software includes Apple's Health app, WebMD's Personal Health Record, Oracle Cerner's HealtheLife and Epic's MyChart.

Hybrid care is both digital and physical, as well as in office and at home. Learn why hybrid care -- a little bit of everything -- is healthcare's future.

This was last updated in February 2024

Continue Reading About personal health record (PHR)

Dig Deeper on Clinical documentation

Cloud Computing
Mobile Computing