Too Much or Too Little? How Much Control Should Patients Have Over EHR Data?
Electronic health records (EHRs) have been promoted as a mechanism to overcome the fragmented healthcare system in the United States. The challenge that is being discussed is the rights of the patient to control the access to their EHRs’ data and the needs of healthcare professionals to know health data to make the best treatment decisions for their patients. The Federal Trade Commission has asked those who store consumer information to comply with the Fair Information Practice Principles. In the EHR context, these principles give the rights to the patient to control who can see their health data and what components of the data are restricted from view. Control is not limited to patients, as it also includes parents of adolescent children. We suggest that the ongoing policy discussion include consideration of the precise questions patients will be asked when a need for data sharing arises. Further, patients should understand the relative risks that they face, and the degree to which their decisions will (or will not) significantly reduce the risk of a data breach. As various approaches are considered, it is important to address the relative resource requirements and the associated costs of each option.
KeywordsElectronic health records Patient privacy Data ownership Patient rights Consumer health information Patient data privacy Privacy of patient data Data sharing
- 1.Wagner, K. A., Lee, F. W., Glaser, J. P., Healthcare information systems: A practical approach for health care management. John Wiley & Sons, 2013.Google Scholar
- 4.Caine, K., and Tierney, W., Point and counterpoint: Patient control of access to data in their electronic health records. J. Gen. Intern. Med. 30(Suppl 1):S38–41, 2014.Google Scholar
- 6.Blumenthal, D., and Squires, D., Giving patients control of their HER data. J. Gen. Intern. Med. 30(Suppl 1):S42–3, 2014.Google Scholar
- 7.Gellman, R., Fair information practices: A basic history. Available at SSRN 2415020, 2014.Google Scholar
- 9.Bhartiya, S., Mehrotra, D., & Girdhar, A., Proposing hierarchy-similarity based access control framework: A multilevel Electronic Health Record data sharing approach for interoperable environment. J. King Saud Univ.-Comput. Inform. Sci., 2015.Google Scholar
- 10.Pyke, G., Risk assessment and management. In: McCormick, K. and Gugerty, G., (Ed.), Healthcare Information Technology. McGraw Hill pp 589–610, 2013.Google Scholar
- 11.Ohio Nursing Home Commission., A Program in Crisis. Ohio General Assembly, 1978.Google Scholar