Search tips
Search criteria 


Logo of jamiaAlertsAuthor InstructionsSubmitAboutJAMIA - The Journal of the American Medical Informatics Association
J Am Med Inform Assoc. 2011 December; 18(Suppl 1): i18–i23.
Published online 2011 July 31. doi:  10.1136/amiajnl-2011-000184
PMCID: PMC3241162
Focus on personal health records

MyHealthAtVanderbilt: policies and procedures governing patient portal functionality


Explicit guidelines are needed to develop safe and effective patient portals. This paper proposes general principles, policies, and procedures for patient portal functionality based on MyHealthAtVanderbilt (MHAV), a robust portal for Vanderbilt University Medical Center. We describe policies and procedures designed to govern popular portal functions, address common user concerns, and support adoption. We present the results of our approach as overall and function-specific usage data. Five years after implementation, MHAV has over 129 800 users; 45% have used bi-directional messaging; 52% have viewed test results and 45% have viewed other medical record data; 30% have accessed health education materials; 39% have scheduled appointments; and 29% have managed a medical bill. Our policies and procedures have supported widespread adoption and use of MHAV. We believe other healthcare organizations could employ our general guidelines and lessons learned to facilitate portal implementation and usage.

Keywords: Patient portal, personal health records, consumer health informatics, medical informatics computing, support, US Gov't, PHS, user-computer interface, behavioral informatics, medication management, health literacy, ethical study methods, text generation from discrete data, classical experimental and quasi-experimental study methods (lab and field), developing and refining EHR data standards (including image standards), controlled terminologies and vocabularies, human-computer interaction and human-centered computing, surveys and needs analysis, qualitative/ethnographic field study, policy, legal, historical, Shane Stenner, cognitive study (including experiments emphasizing verbal protocol analysis and usability), measuring/improving outcomes in specific conditions and patient subgroups, measuring/improving patient safety and reducing medical errors, collaborative technologies, clinical informatics, biomedical informatics, pediatrics, e-prescribing, human factors, portal, patient, MyHealthatVanderbilt, PHR


Patient portals are ‘healthcare-related online applications that allow patients to interact and communicate with their healthcare providers.’1 Using such portals, patients may view their electronic health record (EHR), schedule appointments, review test results, communicate with providers, pay bills, and receive personalized health information.2 3 Some 200 healthcare organizations and vendors4 have implemented patient portals.5–10 Obstacles to patient portal adoption have been well documented,11–18 but growing experience with these systems has produced both the knowledge and technological capability to overcome these barriers.17 19–21

Because patient portals must align with the Health Insurance Portability and Accountability Act of 1996 (HIPAA),22 it is critical for institutions to implement these systems in a thoughtful and organized manner.23 Researchers have articulated the lack of explicit guidelines directing the functionality and use of patient portals.23 24 In response, this paper describes procedures and policies directing the functionality of MyHealthAtVanderbilt (MHAV), a patient portal for Vanderbilt University Medical Center (VUMC).20 25 We elaborate on popular portal functions and discuss how guiding principles have addressed common user concerns, and have facilitated adoption and usage of MHAV.


VUMC is a private, non-profit, academic healthcare center in Nashville, Tennessee. VUMC includes the 916-bed Vanderbilt University Hospital, outpatient facilities that receive about 1.5 million visits per year, and inpatient facilities that receive about 50 000 admissions per year.

System description

MHAV was launched in 2005 to improve communication between patients and healthcare providers. There were few patient portals and limited experience to guide system development at that time. Thus, our team designed governing procedures and policies to prevent privacy and security threats, ensure HIPAA compliance, and address common barriers to adoption. Stakeholders contributing to the design included healthcare providers, patients, privacy and security officers, legal representatives, and system developers.

The core functions of MHAV are similar to those of other patient portals5–10 and include:

  • Secure messaging
  • Access to electronic health record (EHR) data
  • Delivery of personalized health information
  • Appointment scheduling
  • Bill management

Figures 1–3 illustrate these functions. In the sections below, we describe the procedures and policies governing each function and the associated usage statistics.

Patient registration and access

Privacy and security are the most common concerns of portal users,17 but complex authentication procedures may limit use. MHAV has two types of access to address these issues. Users may register for limited access online by providing their name, social security number, and birth date. Limited access users may exchange secure messages with established healthcare providers. Full access allows viewing of EHR information and requires the patient provide legal proof of identification in person.26 MHAV initially provided accounts for adult patients, and in August 2007 expanded access to pediatric patients.

User accounts, delegates, and guardians

New MHAV users must electronically sign an online user agreement before establishing a MHAV account (see online appendix). Adult patients may authorize one delegate to access their information through MHAV on their behalf. Delegates must register for a separate MHAV account with a unique username and password. Delegates do not need to be VUMC patients. Patients may authorize delegates to use selected MHAV functions including secure messaging, bill paying, and access to EHR data. The patient accepts full responsibility for granting or removing these permissions. These policies discourage patients from sharing their usernames and passwords, and document when another person acts on behalf of a patient.

For pediatric patients, the procedures and policies for access were designed to respect both the legal rights of the parents and the developmental state of the child. Parents or legal guardians must complete an application for access to MHAV and show a proof of identification to establish an account. For patients under 13 years of age, parents or guardians may create a MHAV account with controlled access for their child and may also assign a delegate. For patients 13–17 years of age, MHAV requires one parent or legal guardian to consent before a MHAV account can be established, unless a healthcare provider agrees the patient has conditions preventing participation in MHAV. As children enter adolescence, there is a shift from dependence on the parents to independent thinking, and it is important for teenagers to be able to exercise independence and communicate individual concerns.27 Patients who are 13–17 years old must also complete an agreement to allow parental participation in MHAV and may communicate with healthcare providers independently. When a patient reaches the age of 18 years or establishes emancipated status, parental or guardian access is terminated.

Secure messaging

The secure messaging system of MHAV emerged as an extension of VUMC's EHR provider to provider messaging capabilities with additional procedures to maintain patient privacy. MHAV users are required to have a valid electronic mail (email) account for communication. When a VUMC provider sends a message to a user through MHAV, a notification is sent to the user's email address. However, the user must login to the secure MHAV system to view the message. Protected health information is not sent directly through email as these systems may not be secure or answered reliably. If the user does not open a message within a specified time period, the message bounces back to the provider, who can contact the recipient in another manner. The default time for returning a message is 5 days, but may be adjusted depending on the time-sensitivity of the message. This closed-loop system ensures that healthcare providers are notified when messages have not been received.

MHAV messaging procedures formalize a series of institutional best practices around messaging workflows. Patients can send messages to healthcare providers with whom they have an established relationship, defined by a scheduled appointment or having received care from that provider within the past 4 years. To maximize provider productivity,28 messages are sent to clinical groups and are often answered by a staff member (eg, nurse, administrative assistant, or allied health professional).15 29–31 Clinically relevant messages are forwarded to the patient's physician or another provider within a closed-loop system. Because messages are handled by clinical groups rather than by individuals, a provider's absence does not impose a delay on message response. Providers may initiate messages to MHAV users and specify that responses be sent directly back to them. All provider or staff member initiated messages contain a message date, time, and name of sender with degree information, thereby notifying the recipient of who sent the message. There have not been any MHAV user complaints about the message triage system.

MHAV messages may only be viewed and answered in the context of the VUMC EHR. This policy ensures that providers have seamless access to patient information and are responding to messages in the context of how they typically interact with protected health information. Using other types of communication, a provider might process a message in a less secure or private environment.

The messaging function overcomes several limitations of email and telephone communications, such as allowing users and providers to communicate sensitive information asynchronously, and after hours, so both parties may be in a private and secure environment.29 31–34 Messages sent through MHAV are submitted through a secure web-based form, and the EHR-based communications protocols make it difficult for messages to be intercepted. Users may communicate without exposing or accessing personal email accounts or telephone numbers. These procedures promote a sense of privacy and respect for personal boundaries. In addition, MHAV automatically stores all messaging threads to the EHR, providing a permanent documentation of correspondence; in some systems, this record is optional.10 Retaining messages in the EHR encourages MHAV users to send messages for appropriate concerns and encourages providers to generate thoughtful responses. This process differs from the documentation of telephone calls, which usually consists of an interpretation of an interaction rather than the complete communication.

Message audit processes

Unanswered messages may potentially compromise patient safety and quality of care. In 2006, a review of MHAV messages identified approximately 19 000 unopened messages—some marked urgent—from virtually every department. New processes to identify and prevent unattended messages were developed. They included tallying unattended messages on a weekly basis, hiring a designated person to respond to this audit, notifying department administrators of unanswered messages, and training providers and clinic managers on safe messaging practices. In addition, two new provider messaging functions were implemented: an ‘out-of-office’ function that allows healthcare providers to inform patients and colleagues of absences, and an ‘email alert’ function that delivers email notifications to providers when they have an incoming message. The latter function was designed for part-time clinicians who might not regularly access the EHR. Answering messages in the EHR is a required clinical responsibility at Vanderbilt; both individual healthcare providers and clinical administrators are notified when responses are significantly delayed.

Electronic health record data

Access to EHR data through a patient portal creates concerns about privacy for patients and fears of misunderstanding from healthcare providers. However, MHAV policies address these issues through limitations on the types and timing of available test results. Only full access users are allowed to view information from their EHR. All test results are organized into three groups according to acuity, sensitivity, and need for healthcare provider interpretation. Group A contains approximately 300 blood test results that have high value for immediate user viewing with a low risk of untoward reaction to the information (eg, cholesterol levels). Group A test results are displayed in MHAV as soon as they become available. Group B includes approximately 6700 test results that with standard radiographic reports, are available through MHAV after a 7-day delay, which allows providers to review these results and contact the patient directly. Group C contains highly sensitive results that are never released through MHAV (eg, HIV test results and cancer pathology reports).

The accessibility of certain test results differs between pediatric and adult user accounts as the sensitivity of information may be age dependent (eg, pregnancy test results). MHAV users may also view vital signs, immunization information, and medication and allergy lists.

Personalized health information

A personalized patient portal experience is likely to promote adoption and encourage active participation in one's health management. After logging into MHAV, full access users are presented with information specific to their health conditions and demographic profile. This information is derived from the International Classification of Diseases, 9th Revision, Clinical Modification (ICD-9-CM) diagnostic and the free-text problems section of the EHR,35 which (unlike the ICD-9-CM codes used for billing) is actively maintained by VUMC providers.25 Codes derived from the patient's problem list, combined with the ICD-9-CM codes are automatically matched via computer algorithms to the ICD-9-CM codes assigned by VUMC library staff to each disease topic. When a match is made, the appropriate disease topic is displayed in the portal, allowing patients to see links to information directly relevant to their care.25 Preventive health topics are also linked by patient-specific demographic characteristics and US Preventive Services Task Force recommendations.36 For example, a 65-year old, female MHAV user will receive information on screening for breast cancer, osteoporosis, and colorectal cancer.25

Appointment management

All MHAV users may use the messaging function to schedule an appointment with an established VUMC provider. Full access users may also view upcoming appointments and request appointments with a new provider by completing an online form.

Bill management

Full access users may also view and pay their VUMC medical bills, access patient insurance information, and submit billing questions through a standardized form.

Usage of MHAV

Five years after initial release, MHAV has over 129 800 registered users, representing 27% of all VUMC patients. Of these users, 62% are female. In 2010, a total of 72 071 different users logged into MHAV 1 369 675 times. On average, 2900 new users signed up for access each month. Of the adult users, 1.2% have assigned a delegate to access their account.

Forty-five percent of users have sent and received a message from a VUMC provider. When the message audit process began, 10.7% of messages (~3000 messages) were unanswered each week. By December 2010, <0.5% of messages (~205) were unanswered each week.

Fifty-two percent of users have checked a test result and 45% have viewed other health information from the EHR. There are now over 61 health topics and more than 300 test results with associated explanations available through MHAV, and 30% of users have accessed this information. From January 2006 to December 2010, 2% of MHAV users had requested an appointment with a new VUMC provider, while 39% had viewed upcoming appointments. In this same period, 29% of users had viewed a medical bill, 31% of them had paid a bill, and 8% of all users had asked a billing question through MHAV.


As the demand for patient portals increases, so too does the need for guidelines to direct their design and use.23 We have described the procedures and policies that regulate the functionality and usage of MHAV. We have demonstrated enthusiastic adoption of this portal by the Vanderbilt community, with ongoing growth of MHAV accounts for both adult and pediatric patients, and increasing usage of functions that typically prompt concerns about privacy and security. Our policies for registration, tiered-level access, and accounts designed for parents and delegates help to prevent unauthorized use, but allow sharing of information among patients, families, and caregivers. Our messaging policies ensure that communications are delivered and answered in a secure and timely manner. Our procedures for categorizing and delaying or prohibiting the display of test results permits patients to view important health information through MHAV, but gives healthcare providers ample time to respond to critical findings and keeps users from receiving news online that should be delivered in a more personal manner. Together, all of these functionalities and associated policies support the execution of administrative tasks such as scheduling appointments and managing medical bills. Finally, connections to the EHR create a personalized experience with the delivery of customized and relevant health information.

The described procedures and policies were designed not only to promote acceptance and use, but also to facilitate high quality care and to assure patient safety. Our audit processes have resulted in a dramatic reduction in unanswered messages, which potentially improves both user satisfaction and quality of care. Our future research will include formal evaluations of the user experience as well as the measurement of quality and safety of care delivered through the patient portal.


Poorly designed and managed patient portals have the potential to discourage usage, decrease provider productivity, and compromise patient safety. We have provided a robust set of procedures and policies that promote the efficient delivery of safe and secure information through a patient portal. We believe other healthcare organizations could employ our principles and lessons learned to guide patient portal development and to maximize the benefits of patient portals through a thoughtful and organized process.


Funding: Dr Osborn is supported by the NIH National Institute of Diabetes and Digestive Kidney Diseases (Osborn, K01 DK087894) and by the Vanderbilt University Diabetes Research and Training Center Pilot and Feasibility Grant (Powers, P60 DK020593). Drs Jackson, Johnson, and Rosenbloom are supported by the Agency for Healthcare Research and Quality (Rosenbloom, R18 HS019276; Johnson, R18 HS018168). Drs Anders and Stenner are supported by the National Library of Medicine (Gadd, T15 LM007450). The content is solely the responsibility of the authors and does not necessarily represent the official views of these granting agencies.

Competing interests: None.

Provenance and peer review: Not commissioned; externally peer reviewed.


1. Patient portal. 2010. (accessed 16 Dec 2010).
2. Detmer D, Bloomrosen M, Raymond B, et al. Integrated personal health records: transformative tools for consumer-centric care. BMC Med Inform Decis Mak 2008;8:45. [PMC free article] [PubMed]
3. Chumbler NR, Haggstrom DA, Saleem J. Implementation of Health Information Technology in Veterans Health Administration to Support Transformational Change: Telehealth and Personal Health Records. Med Care. Published Online First: 23 April 2010. doi:10.1097/MLR.0b013e3181d558f9 [PubMed]
4. Gearon CJ. Perspectives on the Future of Personal Health Records. Oakland, CA: California HealthCare Foundation, 2007
5. Nazi KM, Woods SS. MyHealtheVet PHR: a description of users and patient portal use. AMIA Annu Symp Proc 2008:1182. [PubMed]
6. Cimino J, Patel V, Kushniruk A. The patient clinical information system (PatCIS): technical solutions for and experience with giving patients access to their electronic medical records. Int J Med Inform 2002;68:113–27 [PubMed]
7. Zhou YY, Garrido T, Chin HL, et al. Patient access to an electronic health record with secure messaging: impact on primary care utilization. Am J Manag Care 2007;13:418–24 [PubMed]
8. Grant RW, Wald JS, Poon EG, et al. Design and implementation of a web-based patient portal linked to an ambulatory care electronic health record: patient gateway for diabetes collaborative care. Diabetes Technol Ther 2006;8:576–86 [PubMed]
9. Osborn CY, Mayberry LS, Mulvaney SA, et al. Patient web portals to improve diabetes outcomes: a systematic review. Curr Diab Rep 2010;10:422–35 [PMC free article] [PubMed]
10. Bourgeois FC, Mandl KD, Shaw D, et al. Mychildren's: integration of a personally controlled health record with a tethered patient portal for a pediatric and adolescent population. AMIA Annu Symp Proc 2009;2009:65–9 [PMC free article] [PubMed]
11. Koivunen M, Hatonen H, Valimaki M. Barriers and facilitators influencing the implementation of an interactive Internet-portal application for patient education in psychiatric hospitals. Patient Educ Couns 2008;70:412–19 [PubMed]
12. Houston TK, Sands DZ, Nash BR, et al. Experiences of physicians who frequently use e-mail with patients. Health communication 2003;15:515–25 [PubMed]
13. Tang PC, Ash JS, Bates DW, et al. Personal health records: definitions, benefits, and strategies for overcoming barriers to adoption. J Am Med Inform Assoc 2006;13:121–6 [PMC free article] [PubMed]
14. Wynia M, Dunn K. Dreams and nightmares: practical and ethical issues for patients and physicians using personal health records. J Law Med Ethics 2010;38:64–73 [PubMed]
15. Hobbs J, Wald J, Jagannath YS, et al. Opportunities to enhance patient and physician e-mail contact. Int J Med Inform 2003;70:1–9 [PubMed]
16. Kittler AF, Carlson GL, Harris C, et al. Primary care physician attitudes towards using a secure web-based portal designed to facilitate electronic communication with patients. Inform Prim Care 2004;12:129–38 [PubMed]
17. Gamble KH. Is it registering? Patient portals, part II (see Financial Department for part I). Healthc Inform 2009;26:24, 26, 28. [PubMed]
18. Lobach DF, Willis JM, Macri JM, et al. Perceptions of Medicaid beneficiaries regarding the usefulness of accessing personal health information and services through a patient Internet portal. AMIA Annu Symp Proc 2006:509–13 [PMC free article] [PubMed]
19. Ruland CM, Brynhi H, Andersen R, et al. Developing a shared electronic health record for patients and clinicians. Stud Health Technol Inform 2008;136:57–62 [PubMed]
20. Duncavage S, Mathe J, Werner J, et al. A modeling environment for patient portals. AMIA Annu Symp Proc 2007:201–5 [PMC free article] [PubMed]
21. Li Y, Lee P, Jian W, et al. Electronic Health Record Goes Personal World-wide. Yearb Med Inform 2009:40–3 [PubMed]
22. Congress US, editor. , ed. Health Insurance Portability and Accountability Act (HIPAA). Public Law 104–191, 104th Congress, 1996
23. Wakefield DS, Mehr D, Keplinger L, et al. Issues and questions to consider in implementing secure electronic patient-provider web portal communications systems. Int J Med Inform 2010;79:469–77 [PubMed]
24. Reti SR, Feldman HJ, Safran C. Governance for personal health records. J Am Med Inform Assoc 2009;16:14–17 [PMC free article] [PubMed]
25. Koonce TY, Giuse DA, Beauregard JM, et al. Toward a more informed patient: bridging health care information through an interactive communication portal. J Med Libr Assoc 2007;95:77–81 [PMC free article] [PubMed]
26. Waegemann CP. IT security: developing a response to increasing risks. Int J Biomed Comput 1996;43:5–8 [PubMed]
27. Neinstein LS, editor. , ed. Adolescent Heath Care: A Practical Guide. 5th edn Philadelphia, PA: Lippincott, Williams, and Wilkins, 2008
28. Liederman EM, Lee JC, Baquero VH, et al. The impact of patient-physician Web messaging on provider productivity. J Healthc Inf Manag 2005;19:81–6 [PubMed]
29. Stiles RA, Deppen SA, Figaro MK, et al. Behind-the-scenes of patient-centered care: content analysis of electronic messaging among primary care clinic providers and staff. Med Care 2007;45:1205–9 [PubMed]
30. Moyer CA, Stern DT, Dobias KS, et al. Bridging the electronic divide: patient and provider perspectives on e-mail communication in primary care. Am J Manag Care 2002;8:427–33 [PubMed]
31. White CB, Moyer CA, Stern DT, et al. A content analysis of e-mail communication between patients and their providers: patients get the message. J Am Med Inform Assoc 2004;11:260–7 [PMC free article] [PubMed]
32. Mandl KD, Kohane IS, Brandt AM. Electronic patient-physician communication: problems and promise. Ann Intern Med 1998;129:495–500 [PubMed]
33. Keren R, Muret-Wagstaff S, Goldmann DA, et al. Notifying emergency department patients of negative test results: pitfalls of passive communication. Pediatr Emerg Care 2003;19:226–30 [PubMed]
34. Hassol A, Walker JM, Kidder D, et al. Patient experiences and attitudes about access to a patient electronic health care record and linked web messaging. J Am Med Inform Assoc 2004;11:505–13 [PMC free article] [PubMed]
35. Rosenbloom ST, Denny JC, Xu H, et al. Data from clinical notes: a perspective on the tension between structure and flexible documentation. J Am Med Inform Assoc 2011;18:181–6 [PMC free article] [PubMed]
36. U.S. Preventive Services Task Force Recommendations. Rockville, MD: Agency for HealthCare Research and Quality; [PubMed]

Articles from Journal of the American Medical Informatics Association : JAMIA are provided here courtesy of American Medical Informatics Association