Point and counterpoint: patient control of access to data in their electronic health records

Abstract

Information collection, storage, and management is central to the practice of health care. For centuries, patients' and providers' expectations kept medical records confidential between providers and patients. With the advent of electronic health records, patient health information has become more widely available to providers and health care managers and has broadened its potential use beyond individual patient care. Adhering to the principles of Fair Information Practice, including giving patients control over the availability and use of their individual health records, would improve care by fostering the sharing of sensitive information between patients and providers. However, adherence to such principles could put patients at risk for unsafe care as a result of both missed opportunities for providing needed care as well as provision of contraindicated care, as it would prevent health care providers from having full access to health information. Patients' expectations for the highest possible quality and safety of care, therefore, may be at odds with their desire to limit provider access to their health records. Conversely, provider expectations that patients would willingly seek care for embarrassing conditions and disclose sensitive information may be at odds with patients' information privacy rights. An open dialogue between patients and providers will be necessary to balance respect for patient rights with provider need for patient information.