Patient-controlled PHRs are the right platform for AI-directed health care

The next wave of digital health—AI explainers, digital health avatars, and simulation-ready digital twins—will not thrive inside institution-tethered portals. These tools need comprehensive, longitudinal data assembled under a single, durable identity and governed by transparent, revocable consent. A patient-controlled personal health record (PHR) provides exactly that substrate. Recent federal policy has made consumer-mediated exchange both lawful and practical; meanwhile, advances in AI and FHIR standards make the PHR the most agile place to generate individualized guidance while protecting safety and privacy. Far from being a niche adjunct, a patient-owned PHR is the better platform for AI-directed care, patient engagement, and digital health equity.

Rails that finally favor the individual

The 21st Century Cures Act final rule prohibits information blocking and requires standardized, certified APIs that let patients access and use their electronic health information—cementing app-mediated retrieval as a baseline right.¹ CMS’s Patient Access policies reinforce this architecture.² Together they shift interoperability from institution-negotiated pipes to patient-authorized flows, enabling PHRs to aggregate data across sites, not just within a single portal.^3,4,5,6 In parallel, TEFCA is standing up national exchange “rails.” Its Individual Access Services (IAS) pathway lets consumer apps retrieve a person’s records via QHIN networks—meaning a PHR can reach beyond one-off connections and into nationwide coverage. For older adults, Blue Button 2.0 adds multiple years of Medicare claims, essential for medication, risk, and adherence analytics that AI avatars will use.⁵

Why PHRs fit AI (and digital twins)

AI-directed tools need heterogeneous inputs: clinical records from multiple EHRs, claims, imaging, devices, and patient-reported outcomes. Portals are excellent for transactions (orders, messages) but remain siloed by enterprise. A PHR, by design, fuses cross-site data under a single, consented identity and can expose it—selectively—to analytic services that return lay explanations, adherence plans, and scenario-based simulations. The standards are ready: SMART/HL7 Bulk Data (Flat FHIR) supports cohort-level exports for quality and population health, while SMART on FHIR APIs handle patient-level access inside apps.^7,8,9 These capabilities underpin both real-time coaching and “push-button population health.”¹ For digital health twins, recent reviews highlight the need for rich, longitudinal, multi-modal inputs—a requirement a patient-controlled PHR can meet more readily than any single EHR portal or OS-tied aggregator.¹⁰

Safety and scope: clear lines for AI

The FDA’s final guidance on Clinical Decision Support (CDS) draws a workable boundary: clinician-facing software that merely supports decisions and allows the professional to independently review the basis qualifies as Non-Device CDS (i.e., outside device regulation).⁷ Patient-facing diagnostic, triage, or treatment claims, or analysis of signals/images, tip into SaMD and need clearance. This is ideal for PHRs: they can host patient-education AI (plain-language lab/imaging explanations, discharge checklists) and non-device CDS for clinicians today—while isolating higher-risk modules for separate FDA pathways tomorrow. That modularity is harder inside monolithic portals where features and claims blur across the product.⁷

Privacy that is strict—just different.

Many consumer PHRs operate outside HIPAA unless acting for a provider/plan; they are regulated by the FTC and a growing lattice of state health-data and biometric laws. The FTC’s modernized Health Breach Notification Rule (HBNR) explicitly covers health apps and connected devices and clarifies breach obligations.⁸ A PHR that bans ad-tech trackers on sensitive surfaces, uses purpose-specific, revocable consents, and maintains an auditable sharing ledger is not “unregulated”; it is accountable under a framework designed for consumer technologies. When a PHR contracts as a Business Associate (e.g., to document discharge teaching or write back to a chart), HIPAA simply governs those flows. This dual-regime architecture lets PHRs innovate quickly on consumer features while satisfying enterprise requirements when needed.

Engagement—and equity—are where PHRs shine.

If AI is to narrow disparities, it must meet people where they are: on mobile devices, after hours, and outside clinic walls. Pew Research reports that roughly nine in ten U.S. adults own a smartphone; mobile-only internet use remains common among lower-income populations—an adoption pattern tailor-made for a mobile-first PHR with plain-language explainers, SMS nudges, and proxy support for caregivers.¹¹ Evidence already links digital engagement to operational gains: a systematic review finds patient portal use can improve outcomes and efficiency; other studies associate digital scheduling/portal use with fewer no-shows, a key lever for access in safety-net systems. A patient-controlled PHR generalizes those benefits across all sites of care rather than confining them to one portal.¹² For population health, the same platform can consent patients into community and research initiatives, enabling culturally relevant education and data-donation models that include groups historically underrepresented in research—without sacrificing agency.

Better for payors, providers, and regulators

For payors, a member-authorized PHR provides fused clinical-plus-claims context to target outreach, support medication adherence, and close HEDIS/Stars gaps—without waiting for each provider’s portal to catch up. Blue Button 2.0 ensures that, at least for Medicare members, a robust longitudinal baseline is available on day one.² For providers, a patient-owned longitudinal record reduces re-work (chasing CDs, re-taking histories), documents teach-back, and deflects routine “please explain my labs” messages by delivering explanations upstream—freeing clinical time for relationship-heavy tasks. For regulators, PHRs operationalize the intent of Cures and TEFCA: they convert “right of access” and “trusted exchange” into real-world, patient-directed data liquidity and inject competition at the edge, where innovation touches patients.¹

What about the incumbents?

EHRs remain essential as transactional systems of record for orders, documentation, and revenue cycle. But they are ill-suited to be the only interface for AI-directed, patient-facing services. Their incentives are rightly aligned to clinician productivity and institutional compliance. A patient-controlled PHR occupies a different locus of control: it’s the individual’s canonical copy, portable across life contexts (new insurer, new employer, moving states), with consented APIs that let many AI services compete to deliver value. By design, that ecosystem is more modular: non-device education today; cleared SaMD add-ons tomorrow; Bulk Data for quality programs when a sponsor funds it; TEFCA IAS to fill any remaining connectivity gaps.⁶

A pragmatic way forward

Build to four near-term capabilities: (1) Cures-compliant FHIR connections for major portals, (2) Blue Button 2.0 for claims, (3) device/wearable feeds and patient-reported data, and (4) consented sharing with time-boxed, scope-limited links. Layer explainable AI that turns results into actions patients can take today; keep clinician-facing support transparent and reviewable to stay outside device scope; and reserve diagnostic/triage modules for separate SaMD tracks. Use Bulk Data exports, when authorized, to feed quality reporting and community programs. As TEFCA IAS matures, plug in to scale from regional to national without renegotiating one portal at a time.²

Conclusion

If we want AI avatars that actually help people, digital twins that simulate realistic trajectories, and engagement that narrows—not widens—disparities, we should stop forcing everything through institution-tethered portals. A patient-controlled PHR gives individuals total, auditable control of their health data; gives innovators permissioned access to the multi-modal fuel AI needs; and gives payors, providers, and regulators a scalable path to better outcomes with stronger accountability. With Cures, TEFCA, Blue Button, Bulk Data, and clear FDA/FTC guardrails, the policy and technical pieces are finally aligned. The most direct route to AI-directed health care that works for everyone—especially the underserved—is to put the patient-owned PHR at the center.

References

1. Office of the National Coordinator for Health IT. 21st Century Cures Act Final Rule (Interoperability & Information Blocking). 2020–2024. (Federal Register)
2. CMS. Patient Access & Interoperability policies. 2020–2024. (Centers for Medicare & Medicaid Services)
3. Sequoia Project (RCE) & ONC. TEFCA overview and IAS. 2024. (HealthIT.gov)
4. Sequoia Project (RCE). TEFCA Guide (Sept 2024) & IAS Provider SOP. 2024. (ASTP TEFCA RCE)
5. CMS. Blue Button 2.0 API. 2024–2025. (bluebutton.cms.gov)
6. HL7 & SMART Health IT. FHIR Bulk Data (Flat FHIR) and IG. 2020–2025. (SMART Health IT)
7. FDA. Clinical Decision Support Software — Final Guidance. 2022; FAQs 2024. (U.S. Food and Drug Administration)
8. FTC. Health Breach Notification Rule — Finalized changes (2024). 2024. (Federal Trade Commission)
9. Mandl KD, et al. “Push-button population health: SMART/HL7 FHIR Bulk Data.” npj Digit Med. 2020. (PMC)
10. Katsoulakis E, et al. “Digital twins for health: a scoping review.” npj Digit Med. 2024. (Nature)
11. Pew Research Center. Americans’ Use of Mobile Technology and Home Broadband (2024). (Pew Research Center)
12. Carini E, et al. “Impact of patient portals on outcomes and efficiency: systematic review.” J Med Internet Res. 2021. (JMIR Publications)

---

About the author

Sanjaya Khanal, MD, FACC—Interventional cardiologist and Founder/CMO of MyMR, a patient-owned AI PHR. Harvard-trained, Associate Professor, IT director and Chief of Staff; med-device entrepreneur with multiple patents and publications advancing scalable, patient-centric care.