Table 1.
Description of the assessed personal health record (PHR) system characteristics.
| Category | Description | |
| Privacy | ||
| Privacy policy location | Considers whether user can easily access the privacy policy | |
| Management and notification of privacy policy changes | Describes whether users are notified of changes in the privacy policy, and the means for doing so | |
| Access management | Focuses on who shares the information, with whom it is shared, and types of permissions | |
| Security: confidentiality and integrity | ||
| Data management | Considers who manages the information, what information is managed, and where this information comes from | |
| Data accessed without user’s permission | Describes what data are shared without the user’s explicit consent for secondary use of the data (eg, for marketing, policy) | |
| Access audit | Informs whether the user can trace with whom his or her information has been shared | |
| Access criteria | Establishes whether the user is authorized to access the particular resource and what actions she or he is permitted to take with respect to that resource in accordance with certain access criteria | |
| Authentication | Describes the method used to prevent identity theft | |
| Without cookies | Indicates whether the system uses cookies | |
| Safeguards | Presents what security measures are deployed by the PHR system | |
| Standards and regulations | ||
| Standards or regulations | Describes whether the PHR system meets any standards or regulations | |