Sutter uses a number of tactics to protect health information and reassure patients with security and privacy concerns, including 128-bit SSL encryption, session timeouts, page expirations, and disabled data caching. Sutter also monitors the Web server for evidence of unauthorized break-in attempts. "In the unlikely event that the Web server is compromised, no health information would be exposed because it is not stored on the Web server. Patient information is stored only in the EHR, behind a firewall," according to the organization's privacy and security statement, part of a concerted effort to educate patients about the PHR.
More than half of the patients at the Palo Alto (CA) Medical Foundation, a multispecialty group practice that's part of the Sutter Health System, have accessed their personal health records. Quick access to lab tests and results is a big selling point for patients, says Vice President and Chief Innovation and Technology Officer Paul C. Tang, MD.
"Most of the people sign up at the time they are in the office," he says. "If we are going to order lab tests—or any tests, for that matter—I'll look up and see [if the patient] is online. Because it's on the EHR. And if they're not I'll say, 'You know, you can look at these results electronically. Would you like to sign up for that?' That's the most important time to approach a patient because then they will get the results oftentimes the same day, and they love that."
In the paper-based model, the time it took a physician to send out the tests, get back the results, and then pass them on to the patient was "horrible," Tang says. And, in fact, sometimes patients didn't get their results at all.