When Patients Interact with EHRs: Problems of Privacy and Confidentiality

Leslie P. Francis

University of Utah - S.J. Quinney College of Law

September 26, 2012

Houston Journal of Health Law and Policy, Forthcoming

Increasing individuals’ understanding and participation in their health care is good for their health and for the health care system. So goes the argument for encouraging and enhancing technologies that allow interaction between patients and their providers, including patients’ access to their health records. With electronic health records (EHRs) and panoplies of remote communication technologies, patient access can be direct, in real-time, and interactive. These technologies include portals for patients to access their providers’ EHRs and communicate electronically with their providers, remote sensing devices for patient data to be entered directly into EHRs, and EHR capabilities that allow patients to download electronic copies of information in their EHRs.

But patient interaction with their EHRs also presents privacy and confidentiality risks. From the perspective of privacy, patients may be unaware of the extent to which information may be gleaned from them and then be available to others, including their health care providers. From a confidentiality perspective, inadequate identity proofing or authentication procedures may allow unauthorized individuals to access records. Moreover, rules governing records access by authorized personal representatives may reveal more than patients would expect or want. Use by patients of capabilities to download their records may open these records to confidentiality and security protections that are far less stringent than the protections afforded these same records in the possession of health care providers. The article concludes with suggestions for protections that can enable patients to enjoy the great advantages of participative technologies with assurance that privacy and confidentiality are respected.

Number of Pages in PDF File: 20

Keywords: privacy, confidentiality, electronic health records, patient portals, personal representative, health record, blue button

Open PDF in Browser Download This Paper

Date posted: September 27, 2012  

Suggested Citation

Francis, Leslie P., When Patients Interact with EHRs: Problems of Privacy and Confidentiality (September 26, 2012). Houston Journal of Health Law and Policy, Forthcoming. Available at SSRN: https://ssrn.com/abstract=2152693 or http://dx.doi.org/10.2139/ssrn.2152693

Contact Information

Leslie P. Francis (Contact Author)
University of Utah - S.J. Quinney College of Law ( email )
383 S. University Street
Salt Lake City, UT 84112-0730
United States

Feedback to SSRN

Paper statistics
Abstract Views: 1,358
Downloads: 189
Download Rank: 126,634