OUP user menu

★ Research and applications ★

Patients want granular privacy control over health information in electronic medical records

Kelly Caine, Rima Hanania
DOI: http://dx.doi.org/10.1136/amiajnl-2012-001023 7-15 First published online: 1 January 2013

Abstract

Objective To assess patients' desire for granular level privacy control over which personal health information should be shared, with whom, and for what purpose; and whether these preferences vary based on sensitivity of health information.

Materials and methods A card task for matching health information with providers, questionnaire, and interview with 30 patients whose health information is stored in an electronic medical record system. Most patients' records contained sensitive health information.

Results No patients reported that they would prefer to share all information stored in an electronic medical record (EMR) with all potential recipients. Sharing preferences varied by type of information (EMR data element) and recipient (eg, primary care provider), and overall sharing preferences varied by participant. Patients with and without sensitive records preferred less sharing of sensitive versus less-sensitive information.

Discussion Patients expressed sharing preferences consistent with a desire for granular privacy control over which health information should be shared with whom and expressed differences in sharing preferences for sensitive versus less-sensitive EMR data. The pattern of results may be used by designers to generate privacy-preserving EMR systems including interfaces for patients to express privacy and sharing preferences.

Conclusions To maintain the level of privacy afforded by medical records and to achieve alignment with patients' preferences, patients should have granular privacy control over information contained in their EMR.

Keywords
  • Privacy of Patient Data
  • Electronic Medical Record
  • User Computer Interface
View Full Text