Information collection, storage, and management is central to the practice of health care. For centuries, patients’ and providers’ expectations kept medical records confidential between providers and patients. With the advent of electronic health records, patient health information has become more widely available to providers and health care managers and has broadened its potential use beyond individual patient care. Adhering to the principles of Fair Information Practice, including giving patients control over the availability and use of their individual health records, would improve care by fostering the sharing of sensitive information between patients and providers. However, adherence to such principles could put patients at risk for unsafe care as a result of both missed opportunities for providing needed care as well as provision of contraindicated care, as it would prevent health care providers from having full access to health information. Patients’ expectations for the highest possible quality and safety of care, therefore, may be at odds with their desire to limit provider access to their health records. Conversely, provider expectations that patients would willingly seek care for embarrassing conditions and disclose sensitive information may be at odds with patients’ information privacy rights. An open dialogue between patients and providers will be necessary to balance respect for patient rights with provider need for patient information.
POINT BY KELLY CAINE
Over 2,000 years before privacy rights were enshrined in law, physicians recognized that preserving patient privacy was critical for successful health care practice. Upon taking the Hippocratic Oath, which is one of the oldest binding documents in history, physicians swear a collective oath to protect patient privacy. The original oath includes the passage, “What I may see or hear in the course of the treatment … I will keep to myself.”1 The modern translation is just as clear in its directive: “I will respect the privacy of my patients, for their problems are not disclosed to me that the world may know.”2
To this day, physicians are some of the staunchest advocates for the need to protect patient privacy. Why is ensuring that patient health information is kept private a historic mandate that has stood the test of time? There are many reasons.
First, health care providers who interact with patients know that gaining and keeping patient trust is central to achieving good health outcomes.3 Overwhelmingly, patients trust their physicians.4 One expectation that is part of this trust is that health information revealed to a provider will be used exclusively for the purpose of providing care and will be kept confidential.4 Providers know that if they violate patient trust by sharing health information beyond what patients expect and desire, they will lose this trust, and this will handicap them from achieving good outcomes.
Second, providers know that if patient privacy is insufficient, some patients will avoid care altogether.5 Exacerbating this problem, disadvantaged populations such as mental health patients,6 patients with HIV,7 and adolescents8 are especially prone to avoid care when they are unsatisfied with provider privacy policies.
Third, even when patients do seek care despite privacy concerns, they may withhold health information from providers. In one study, 12 % of respondents reported that they withheld information from providers because of security concerns.9 In another study, 20 % of younger and older adults reported they would not disclose “highly sensitive” information to the fullest extent possible, and 17 % reported they would provide somewhat to completely inaccurate information to a computerized system.10 Mental health patients have reported that they would be likely to disclose less,11 and actually disclosed less to their providers when limitations of confidentially were explained to them.12 Patients concerned about the privacy and security of EHRs disclose less to their providers during clinical encounters.13 When patients withhold information from providers due to privacy concerns, a system designed to improve care, such as an EHR, can be considered a “double-edged sword” that can introduce risks in addition to benefits.13
Beyond risk to the individual patient, insufficient guarantees of patient privacy pose risks to public health. Thirty percent of adults who have declined to participate in health research (representing 5.4 million people in the U.S.) have done so because they were “concerned [that their] personal information would not be kept private and confidential.”14 This represents the most frequent reason for refusal to participate in research, more than any other cause, including concern that the process would be risky, painful, or unpleasant. Similarly, some patients refuse HIV testing when it is not offered anonymously.15
Given all this, it is not surprising that providers are some of the strongest advocates for maintaining patient privacy. Providers have historically done a very good job of keeping patient information private. Until recently, when a provider met with a patient and retained a record, those records were kept in a private office, and no one other than the physician or physician’s staff—and more recently, the patient—was granted access to them. However, with the introduction of information technology that enables the limitless collection, storage, and sharing of data, records once stored locally can now be shared globally. Indeed, one primary goal of electronic health records (EHRs), which are “digital version(s) of a patient’s paper chart” that are real-time and patient-centered, is to facilitate the sharing of patient data across health care organizations.16
Despite the rapid changes in the technological and regulatory environments, the preferences, expectations, and desires of patients with regard to privacy have remained intact. For example, 100 % of patients in one study, published elsewhere in this JGIM supplement,17 reported that they would like to know and be able to control what entities accessed information in their EHRs. In a similar study, only 1 % of respondents agreed that “researchers would be free to use my personal medical and health information without my consent at all,” and a majority (58 %) of patients agreed that “privacy of personal medical records and health information is not protected well enough today by federal and state laws and organizational practices.”14
Especially during this transitional phase where health information technology is being rushed into use, is difficult to use, falls short of promises for reducing workload—and in many cases, has increased physician workload18—the need for collaboration between physicians and patients is critical. Whether this means respecting patients’ wishes to withhold some aspects of their records using granular control mechanisms17 or talking with patients about the benefits of sharing even sensitive, embarrassing information, providers and patients need to work together from a base of trust to achieve good health care.
Privacy and trust between patients and physicians is a cornerstone of health care. In our well-meaning rush to improve patient care using information technology, we should not abandon this principle. Even a technologically superior health care system, if it is built upon a shaky foundation, will not succeed.
COUNTERPOINT BY WILLIAM TIERNEY
As a patient, I certainly feel some ownership of my EHR data. However, I also know that health care is an information business19 , 20 and that the more appropriate information health care providers have, the better care they deliver. So I want my health care providers to have access to all of my information in order to care for me. The quality of my health care is directly affected by providers’ ability to access the right clinical information at the right time to make the right decisions about my care. Anything that interrupts that flow of information will adversely affect my care.
Clearly, most of the clinicians involved in our pilot demonstration study of patient control of EHR access had strong feelings—many negative—about patients having such control.21 Health care providers are responsible for what happens to their patients, and they take that responsibility very seriously. Errors in judgment and decision-making generate substantial chagrin,22 not to mention fear of medical liability. So anything that they perceive as increasing the likelihood of errors constitutes a threat to their practice and to them personally.
I practiced primary care internal medicine for 25 years in the same hospital-based clinic where the demonstration study described elsewhere in this JGIM supplement21 was conducted, and I’m currently a hospitalist in the same hospital. Primary care physicians are responsible for the care of their patients as whole persons, coordinating their care for multiple clinical conditions and across medical specialties. Therefore, all information in the patient’s record has relevance in primary care. If I were currently practicing primary care where patients controlled access to their EHRs, I would inform my patients that I intended to “break the glass” (i.e., override their restrictions on EHR access, should any have been invoked) at the beginning of every visit, when I routinely perused my patients’ electronic and paper records. I have to know all there is to know about each patient, and I don’t know what I don’t know, or what’s important and relevant to that day’s care, without full access to my patients’ records. If a patient were uncomfortable with my “breaking the glass” for each visit, I would transfer his or her primary care to another physician willing to provide care without full EHR access, if I could find one.
In a prior study where we provided EHR information to community pharmacists, we found that patients recognized the need for health care providers to share information.23 Caine and Hanania found that although most patients wanted granular control over access to their EHRs, most (but not all) patients would provide primary care physicians with full access to all of their EHR data.24 This was again borne out in our demonstration study where the majority of patients granted their primary care physicians full access to their EHR data. And that’s my worry: five patients in the demonstration study wanted no providers to have access to any information in their EHRs. How could one deliver care, especially primary care, to such patients without routinely “breaking the glass” and, hence, disregarding their preferences?
However, I also agree with the statement by a subject in Caine and Hanania’s previous study: “There is no reason why my podiatrist needs to see my mental health counselor’s notes.”24 Health care providers with more focused roles in patient care may not need routine access to all EHR information, especially sensitive information concerning mental or reproductive health, sexually transmitted infections, etc. For such persons, having restricted access might be acceptable (to me, at least, but perhaps not to them) as long as each provider knew that EHR information might be hidden but he or she could always “break the glass” to see it.
But what about medicolegal liability? If I make a mistake in judgment that may have been due to lack of access to a patient’s information, am I responsible for that mistake and its consequences? We won’t know the answer to that question unless and until patient-controlled EHR access is implemented and a sufficient number of adjudicated cases accumulate. But if providers are ultimately held responsible for errors to which lack of EHR access may have contributed, it will be even harder for them to accept restrictions on EHR access. I’d anticipate their refusing to care for patients invoking EHR restrictions and/or “breaking the glass” with regularity, which would obviate the whole goal of patients having granular control over their EHRs. It might be even worse if case law established that health care providers were not responsible for errors that occurred when they had restricted access to their patients’ EHRs. Relieving providers of responsibility for their errors could lead to sloppy, unsafe care.
With the above considerations, as both a practicing general internist and health services researcher, I cannot support patients having the ability to hide information in their EHRs from their health care providers, especially their primary care physicians. I understand that my attitude could have adverse effects on communication with my patients and their willingness to provide sensitive information to me and other health care providers. Moreover, I admit that there could be an adverse impact on the doctor-patient relationship and communications if I told my patients, especially those who have a strong desire to control access to their EHRs, that I intended to “break the glass” and ignore their preferences for each and every visit. Nevertheless, I have an overriding duty to provide the best and safest patient care possible in the information-intensive business that is health care. Hamstringing my ability to provide such care is unacceptable to me.
There may be a middle road that would allow patients to have some control over who sees sensitive information in their EHRs, balanced with the responsibilities of health care providers to deliver the best care. Perhaps both patients and providers can agree that there are categories of information that are not sensitive that most or all clinicians should have access to. We might agree to provide broad access to non-sensitive diagnoses and the medications prescribed to treat them, routine lab tests (e.g., blood counts, serum electrolytes, and blood chemistries), imaging study results, demographic information, visits to non-sensitive providers, etc. There could also be consensus that certain types of providers, such as primary care and emergency department providers, would have full access to all of their patients’ EHR information, sensitive or not, but that EHR access could be restricted to non-clinician providers in primary care, subspecialists not delivering primary care, and non-clinical personnel (e.g., registration clerks) unless granted access by patients. There might be agreement that any provider delivering urgent or emergency care would have full EHR access, especially for patients so acutely ill that they cannot speak for themselves. Meanwhile, providers of routine ancillary care might be expected to abide by patients’ EHR restrictions except when rare, urgent circumstances intervene.
Getting it right would take some time. Providers would have to understand Fair Information Practice principles and accept that patients have some right to the control of their health information. At the same time, patients would have to accept that health care is an information business, that providers have an abiding duty—and often an overwhelming personal need—to give them the best care, and doing so requires information. This pact between patients and providers will require balancing the respect for patient autonomy with provider duties to reduce or avoid suffering by providing the best, highest-quality, safest care. The key will be patients and their providers engaging in an ongoing dialogue to fine-tune this balance, defining when patient’s desires or provider’s responsibilities should take precedence.
RESPONSE BY CAINE
Dr. Tierney argues that he would insist on being able to see his patients’ entire records, even if that went against their wishes. He says he would do this because the only way to ensure quality care is to have the “right clinical information” at the right time.
We do not yet know what the “right clinical information” is. Since most patients have incomplete records in EHR systems, the “right clinical information” today consists only of the information patients willingly provide to clinicians. Despite limited information, Dr. Tierney and doctors around the world provide excellent care for their patients.
Providers are increasingly experiencing a “data deluge,” where they do not have time to process all of the patient data that they could potentially access.25 Patients already complain that physicians do not spend enough time in clinical encounters—a time when patients could reveal sensitive information. Physicians, too, are dissatisfied with the length of time that they are able to spend with patients, which results in higher levels of stress and lower satisfaction among providers.26
The problem of provider workload vs. time will only become more pronounced as providers are expected to combine clinical data with data captured from patients’ lives outside the clinic.27 While Dr. Tierney argues that he is able to consume all information in his patients’ records, this is not the case for most clinicians,28 many of whom try to “downsize” the amount of information that they must review prior to a clinical encounter.29 Would those physicians who are already overworked, overburdened, and dissatisfied with the time that they get to spend with patients be better served by “breaking the glass” to view data that patients have explicitly said they do not want revealed? Or would they provide better care by engaging in a conversation with the patient that could reveal information rather than data?
Research is needed to determine what the “right clinical information” to display to providers should be. This is especially important in a future where health information is ubiquitous, extra-clinical, and potentially overwhelming. Understanding patients’ preferences for what constitutes the “right clinical information” should be part of this process.
It is possible that breaking the glass for each patient could result in better care. However, it is also possible that listening to what your patients want and not using your power to coerce them to reveal things they are not comfortable revealing could be the best thing for your relationship with patients and for the care that you provide them. My prediction is that the best care will come from providers who empower patients by respecting their wishes.
Edelstein L. The Hippocratic Oath: Text, Translation, and Interpretation. Baltimore: Johns Hopkins Press; 1943.
Lasagna L. Hippocratic Oath—Modern Version. Available at: http://www.pbs.org/wgbh/nova/body/hippocratic-oath-today.html. Accessed August 25, 2014.
Doyle C, Lennox L, Bell D. A systematic review of evidence on the links between patient experience and clinical safety and effectiveness. BMJ Open. 2013;3:e001570. doi:10.1136/bmjopen-2012-001570.
Kao AC, Green DC, Davis NA, Koplan JP, Cleary PD. Patients’ trust in their physicians: effects of choice, continuity, and payment method. J Gen Intern Med. 1998;13:681–6.
Bishop L, Holmes BJ, Kelley CM. National consumer health privacy survey 2005. Oakland: California Healthcare Foundation; 2005.
Lindenthal JJ, Thomas CS. Psychiatrists, the public, and confidentiality. J Nerv Ment Dis. 1982;170:319–23.
Kegeles SM, Catania JA, Coates TJ, Pollack LM, Lo B. Many people who seek anonymous HIV-antibody testing would avoid it under other circumstances. AIDS. 1990;4:585–8.
Cheng TL, Savageau JA, Sattler AL, DeWitt TG. Confidentiality in health care: a survey of knowledge, perceptions, and attitudes among high school students. JAMA. 1993;269:1404–1407.
Agaku IT, Adisa AO, Ayo-Yusuf OA, Connolly GN. Concern about security and privacy, and perceived control over collection and use of health information are related to withholding of health information from healthcare providers. J Am Med Inform Assoc. 2014;21:374–8.
Caine KE, Burnham KE, Fisk AD, Rogers WA. Privacy Concerns and Disclosure Behavior in a Health Setting. Proceedings of the Human Factors and Ergonomics Society 52nd Annual Meeting, 2008.
Kremer TG, Gesten EL. Confidentiality limits of managed care and clients’ willingness to self-disclose. Prof Psychol Res Pr. 1998;29:553–558.
Taube DO, Elwork A. Researching the effects of confidentiality law on patients’ self-disclosures. Prof Psychol Res Pr. 1990;21:72–75.
Campos-Castillo C, Anthony DL. The double-edged sword of electronic health records: implications for patient disclosure. J Am Med Inform Assoc (in press).
Westin AF. IOM Project Survey Findings on Health Research and Privacy. Available at: http://www.iom.edu/~/media/Files/Activity%20Files/Research/HIPAAandResearch/AlanWestinIOMSrvyRept.ashx. Accessed August 25, 2014.
Fehrs LJ, Fleming D, Foster LR, et al. Trial of anonymous versus confidential human immunodeficiency virus testing. Lancet. 1988;2:379–82.
HealthIT.gov. What is an electronic health record? Available at: http://www.healthit.gov/providers-professionals/faqs/what-electronic-health-record-ehr. Accessed August 25, 2014.
Caine K, Kohn S, Lawrence C, Hanania R, Meslin EM, Tierney WM. Designing a patient-centered user interface for access decisions about EHR data: Implications from patient interviews. J Gen Intern Med 2014 (in press).
Cimino JJ. Improving the electronic health record–are clinicians getting what they wished for? JAMA. 2013;309:991–2.
Berwick DM. Escape Fire: Lessons for the Future of Health. New York: The Commonwealth Fund; 2002.
Tierney WM, Kanter AS, Fraser HSF, Bailey C. A toolkit for e-health partnerships in low-income nations. Health Aff (Millwood). 2010;29:272–277.
Tierney WM, Alpert SA, Byrket A, et al. Provider responses to patients controlling access to their electronic health records: A prospective cohort study in primary care. J Gen Intern Med 2014 (in press).
Feinstein AR. The “chagrin factor” and qualitative decision analysis. Arch Intern Med. 1985;145:1257–1259.
Weinberger M, Murray MD, Marrero DG, et al. A pharmaceutical care program for patients with reactive airways disease. Am J Health Syst Pharm. 2001;58:791–796.
Caine K, Hanania R. Patients want granular privacy control over health information in electronic health records. J Am Inform Assoc. 2013;20:7–15.
Beasley JW, Wetterneck TB, Temte J, et al. Information chaos in primary care: implications for physician performance and patient safety. J Am Board Fam Med. 2011;24:745–51.
Dugdale DC, Epstein R, Pantilat SZ. Time and the patient-physician relationship. J Gen Intern Med. 1999;1(Suppl):S34–40.
Robert Wood Johnson Foundation. Health and Health Care in 2032: Report from the RWJF Futures Symposium. Available at: http://www.rwjf.org/content/dam/farm/reports/reports/2012/rwjf402050. Accessed August 25, 2014.
Morrell DC, Evans ME, Morris RW, Roland MO. The “five minute” consultation: effect of time constraint on clinical content and patient satisfaction. Br Med J (Clin Res Ed). 1986;292:870–3.
Kushniruk A, Patel V, Fleiszer D. Analysis of medical decision making: a cognitive perspective on medical informatics. Proc Annu Symp Comput Appl Med Care 1995:193–7.
Conflict of Interest
The authors declare that they have no conflict of interest.
About this article
Cite this article
Caine, K., Tierney, W.M. Point and Counterpoint: Patient Control of Access to Data in Their Electronic Health Records. J GEN INTERN MED 30, 38–41 (2015). https://doi.org/10.1007/s11606-014-3061-0
- Health Care Provider
- Sensitive Information
- Patient Privacy
- Mental Health Patient
- Primary Care Internal Medicine