There has been growing interest by health services providers in providing PHRs (Personal Health Records) which can store individual's personal health information. In PHRs, access to data is controlled by the patient, not by the health care provider. Although a number of benefits can be achieved with the PHRs, important security and privacy challenges of PHRs arise. In this paper a review of the privacy policies of 22 free web-based PHRs is presented. Our objective is to measure the effects of adoption of international standards and cost on privacy and security characteristics. Security and privacy characteristics were extracted according to the standard ISO/TS 13606-4. A statistical analysis was conducted and a neural network-based classification of PHRs was performed. Some improvements can be done to current privacy policies of PHRs to enhance management of other users' data, notification of changes in privacy policy to users and access audits.