Too Much or Too Little? How Much Control Should Patients Have Over EHR Data?

  • Soumitra Sudip Bhuyan
  • Sandra Bailey-DeLeeuw
  • David K. Wyant
  • Cyril F. Chang
Systems-Level Quality Improvement
Part of the following topical collections:
  1. Systems-Level Quality Improvement


Electronic health records (EHRs) have been promoted as a mechanism to overcome the fragmented healthcare system in the United States. The challenge that is being discussed is the rights of the patient to control the access to their EHRs’ data and the needs of healthcare professionals to know health data to make the best treatment decisions for their patients. The Federal Trade Commission has asked those who store consumer information to comply with the Fair Information Practice Principles. In the EHR context, these principles give the rights to the patient to control who can see their health data and what components of the data are restricted from view. Control is not limited to patients, as it also includes parents of adolescent children. We suggest that the ongoing policy discussion include consideration of the precise questions patients will be asked when a need for data sharing arises. Further, patients should understand the relative risks that they face, and the degree to which their decisions will (or will not) significantly reduce the risk of a data breach. As various approaches are considered, it is important to address the relative resource requirements and the associated costs of each option.


Electronic health records Patient privacy Data ownership Patient rights Consumer health information Patient data privacy Privacy of patient data Data sharing 


  1. 1.
    Wagner, K. A., Lee, F. W., Glaser, J. P., Healthcare information systems: A practical approach for health care management. John Wiley & Sons, 2013.Google Scholar
  2. 2.
    Liu, V., Musen, M. A., and Chou, T., Data breaches of protected health information in the United States. JAMA 313(14):1471–1473, 2015.CrossRefPubMedPubMedCentralGoogle Scholar
  3. 3.
    Campos-Castillo, C., and Anthony, D. L., The double-edged sword of electronic health records: Implications for patient disclosure. J. Am. Med. Inform. Assoc. 22(e1):e130–e140, 2015.PubMedGoogle Scholar
  4. 4.
    Caine, K., and Tierney, W., Point and counterpoint: Patient control of access to data in their electronic health records. J. Gen. Intern. Med. 30(Suppl 1):S38–41, 2014.Google Scholar
  5. 5.
    Berwick, D. M., What “patient-centered” should mean: Confessions of an extremist. Health Aff. (Millwood) 28(4):w555–w565, 2009.CrossRefGoogle Scholar
  6. 6.
    Blumenthal, D., and Squires, D., Giving patients control of their HER data. J. Gen. Intern. Med. 30(Suppl 1):S42–3, 2014.Google Scholar
  7. 7.
    Gellman, R., Fair information practices: A basic history. Available at SSRN 2415020, 2014.Google Scholar
  8. 8.
    Leventhal, J. C., Cummins, J. A., Schwartz, P. H., Martin, D. K., and Tierney, W. M., Designing a system for patients controlling providers’ access to their electronic health records: Organizational and technical challenges. J. Gen. Intern. Med. 30(1):17–24, 2015.CrossRefGoogle Scholar
  9. 9.
    Bhartiya, S., Mehrotra, D., & Girdhar, A., Proposing hierarchy-similarity based access control framework: A multilevel Electronic Health Record data sharing approach for interoperable environment. J. King Saud Univ.-Comput. Inform. Sci., 2015.Google Scholar
  10. 10.
    Pyke, G., Risk assessment and management. In: McCormick, K. and Gugerty, G., (Ed.), Healthcare Information Technology. McGraw Hill pp 589–610, 2013.Google Scholar
  11. 11.
    Ohio Nursing Home Commission., A Program in Crisis. Ohio General Assembly, 1978.Google Scholar

Copyright information

© Springer Science+Business Media New York 2016

Authors and Affiliations

  • Soumitra Sudip Bhuyan
    • 1
  • Sandra Bailey-DeLeeuw
    • 1
  • David K. Wyant
    • 2
  • Cyril F. Chang
    • 3
  1. 1.Health Systems Management and Policy, School of Public HealthThe University of MemphisMemphisUSA
  2. 2.Jack C Massey College of BusinessBelmont UniversityNashvilleUSA
  3. 3.Department of Economics, Fogelman College of Business and EconomicsThe University of MemphisMemphisUSA

Personalised recommendations