Patient preferences in controlling access to their electronic health records: a prospective cohort study in primary care.

INTRODUCTION: Previous studies have measured individuals' willingness to share personal information stored in electronic health records (EHRs) with health care providers, but none has measured preferences among patients when they are allowed to determine the parameters of provider access. METHODS: Patients were given the ability to control access by doctors, nurses, and other staff in a primary care clinic to personal information stored in an EHR. Patients could restrict access to all personal data or to specific types of sensitive information, and could restrict access for a specific time period. Patients also completed a survey regarding their understanding of and opinions regarding the process. RESULTS: Of 139 eligible patients who were approached, 105 (75.5 %) were enrolled, and preferences were collected from all 105 (100 %). Sixty patients (57 %) did not restrict access for any providers. Of the 45 patients (43 %) who chose to limit the access of at least one provider, 36 restricted access only to all personal information in the EHR, while nine restricted access of some providers to a subset of the their personal information. Thirty-four (32.3 %) patients blocked access to all personal information by all doctors, nurses, and/or other staff, 26 (24.8 %) blocked access by all doctors and/or nurses, and five (4.8 %) denied access to all doctors, nurses, and staff. CONCLUSIONS: A significant minority of patients chose to restrict access by their primary care providers to personal information contained in an EHR, and few chose to restrict access to specific types of information. More research is needed to identify patient goals and understanding of the implications when facing decisions of this sort, and to identify the impact of patient education regarding information contained in EHRs and their use in the clinical care setting.

Provider responses to patients controlling access to their electronic health records: a prospective cohort study in primary care.

INTRODUCTION: Applying Fair Information Practice principles to electronic health records (EHRs) requires allowing patient control over who views their data. METHODS: We designed a program that captures patients' preferences for provider access to an urban health system's EHR. Patients could allow or restrict providers' access to all data (diagnoses, medications, test results, reports, etc.) or only highly sensitive data (sexually transmitted infections, HIV/AIDS, drugs/alcohol, mental or reproductive health). Except for information in free-text reports, we redacted EHR data shown to providers according to patients' preferences. Providers could "break the glass" to display redacted information. We prospectively studied this system in one primary care clinic, noting redactions and when users "broke the glass," and surveyed providers about their experiences and opinions. RESULTS: Eight of nine eligible clinic physicians and all 23 clinic staff participated. All 105 patients who enrolled completed the preference program. Providers did not know which of their patients were enrolled, nor their preferences for accessing their EHRs. During the 6-month prospective study, 92 study patients (88 %) returned 261 times, during which providers viewed their EHRs 126 times (48 %). Providers "broke the glass" 102 times, 92 times for patients not in the study and ten times for six returning study patients, all of whom had restricted EHR access. Providers "broke the glass" for six (14 %) of 43 returning study patients with redacted data vs. zero among 49 study patients without redactions (p = 0.01). Although 54 % of providers agreed that patients should have control over who sees their EHR information, 58 % believed restricting EHR access could harm provider-patient relationships and 71 % felt quality of care would suffer. CONCLUSIONS: Patients frequently preferred restricting provider access to their EHRs. Providers infrequently overrode patients' preferences to view hidden data. Providers believed that restricting EHR access would adversely impact patient care. Applying Fair Information Practice principles to EHRs will require balancing patient preferences, providers' needs, and health care quality.

Giving patients granular control of personal health information: using an ethics 'Points to Consider' to inform informatics system designers.

OBJECTIVE: There are benefits and risks of giving patients more granular control of their personal health information in electronic health record (EHR) systems. When designing EHR systems and policies, informaticists and system developers must balance these benefits and risks. Ethical considerations should be an explicit part of this balancing. Our objective was to develop a structured ethics framework to accomplish this. METHODS: We reviewed existing literature on the ethical and policy issues, developed an ethics framework called a "Points to Consider" (P2C) document, and convened a national expert panel to review and critique the P2C. RESULTS: We developed the P2C to aid informaticists designing an advanced query tool for an electronic health record (EHR) system in Indianapolis. The P2C consists of six questions ("Points") that frame important ethical issues, apply accepted principles of bioethics and Fair Information Practices, comment on how questions might be answered, and address implications for patient care. DISCUSSION: The P2C is intended to clarify what is at stake when designers try to accommodate potentially competing ethical commitments and logistical realities. The P2C was developed to guide informaticists who were designing a query tool in an existing EHR that would permit patient granular control. While consideration of ethical issues is coming to the forefront of medical informatics design and development practices, more reflection is needed to facilitate optimal collaboration between designers and ethicists. This report contributes to that discussion.