Designing a System for Patients Controlling Providers’ Access to their Electronic Health Records: Organizational and Technical Challenges

Jeremy C. Leventhal, Jonathan A. Cummins, Peter H. Schwartz, Douglas K. Martin, William M. Tierney

Research output: Contribution to journalArticlepeer-review

14 Scopus citations


BACKGROUND: Electronic health records (EHRs) are proliferating, and financial incentives encourage their use. Applying Fair Information Practice principles to EHRs necessitates balancing patients’ rights to control their personal information with providers’ data needs to deliver safe, high-quality care. We describe the technical and organizational challenges faced in capturing patients’ preferences for patient-controlled EHR access and applying those preferences to an existing EHR.

METHODS: We established an online system for capturing patients’ preferences for who could view their EHRs (listing all participating clinic providers individually and categorically—physicians, nurses, other staff) and what data to redact (none, all, or by specific categories of sensitive data or patient age). We then modified existing data-viewing software serving a state-wide health information exchange and a large urban health system and its primary care clinics to allow patients’ preferences to guide data displays to providers.

RESULTS: Patients could allow or restrict data displays to all clinicians and staff in a demonstration primary care clinic, categories of providers (physicians, nurses, others), or individual providers. They could also restrict access to all EHR data or any or all of five categories of sensitive data (mental and reproductive health, sexually transmitted diseases, HIV/AIDS, and substance abuse) and for specific patient ages. The EHR viewer displayed data via reports, data flowsheets, and coded and free text data displayed by Google-like searches. Unless patients recorded restrictions, by default all requested data were displayed to all providers. Data patients wanted restricted were not displayed, with no indication they were redacted. Technical barriers prevented redacting restricted information in free textnotes. The program allowed providers to hit a “Break the Glass” button to override patients’ restrictions, recording the date, time, and next screen viewed. Establishing patient-control over EHR data displays was complex and required ethical, clinical, database, and programming expertise and difficult choices to overcome technical and health system constraints.

CONCLUSIONS: Assessing patients’ preferences for access to their EHRs and applying them in clinical practice requires wide-ranging technical, clinical, and bioethical expertise, to make tough choices to overcome significant technical and organization challenges.

Original languageEnglish (US)
Pages (from-to)17-24
Number of pages8
JournalJournal of general internal medicine
Issue number1
StatePublished - 2015


  • electronic health records
  • fair information practices
  • patient preferences

ASJC Scopus subject areas

  • Internal Medicine

Fingerprint Dive into the research topics of 'Designing a System for Patients Controlling Providers’ Access to their Electronic Health Records: Organizational and Technical Challenges'. Together they form a unique fingerprint.

Cite this