Electronic Health Records (EHRs) are held by your doctor and your hospital. (Picture by John F. Blankenhorn. Yes, my son.)
Disclosure is subject to a strict federal law, called HIPAA. Violations are punished severely. When the "Octomom" had her records compromised early this year 15 people were fired, and the hospital drew nearly $500,000 in fines.
Google, Microsoft, and health reformers generally have another idea.
The rules of EHRs and PHRs, then, are different. Stepping across that threshold sounds easy. In practice it isn't.
The difference was on full display last week when Google and Microsoft executives appeared before David Blumenthal, the National Coordinator for Health Information Technology (NCHIT) and Aneesh Chopra, the nation's Chief Technology Officer (CTO).
Make EHRs compatible with Web standards so we can turn them into PHRs, said Google CEO Eric Schmidt and Microsoft chief strategy officer Craig Mundie.
Not so fast, said the bureaucrats. Blumenthal seemed to think this was beyond the scope of his work. Chopra wondered whether consumers should not be satisfied with a "summary" of their records.
The issue has also crossed the pond where David Cameron, leader of the Conservative Party, got into a public spat with David Davis, once a candidate for leadership himself, over the issue.
Put simply Cameron stood for access, Davis for privacy.
Which leads to this very non-partisan question. Are PHRs a threat to privacy? Can we put such records into the clouds and maintain control over them?