View article

Applying Fair Information Practice principles to electronic health records (EHRs) requires allowing patient control over who views their data.

We designed a program that captures patients’ preferences for provider access to an urban health system’s EHR. Patients could allow or restrict providers’ access to all data (diagnoses, medications, test results, reports, etc.) or only highly sensitive data (sexually transmitted infections, HIV/AIDS, drugs/alcohol, mental or reproductive health). Except for information in free-text reports, we redacted EHR data shown to providers according to patients’ preferences. Providers could “break the glass” to display redacted information. We prospectively studied this system in one primary care clinic, noting redactions and when users “broke the glass,” and surveyed providers about their experiences …