J Am Med Inform Assoc 20:7-15 doi:10.1136/amiajnl-2012-001023
  • Focus on patient privacy

Patients want granular privacy control over health information in electronic medical records

  1. Rima Hanania2
  1. 1School of Computing, Clemson University, Clemson, South Carolina, USA
  2. 2Department of Psychological and Brain Sciences, Indiana University, Bloomington, Indiana, USA
  1. Correspondence to Kelly Caine, 314 McAdams Hall, Clemson, SC 29634, USA; caine{at}
  • Received 15 October 2012
  • Accepted 21 October 2012
  • Published Online First 26 November 2012


Objective To assess patients’ desire for granular level privacy control over which personal health information should be shared, with whom, and for what purpose; and whether these preferences vary based on sensitivity of health information.

Materials and methods A card task for matching health information with providers, questionnaire, and interview with 30 patients whose health information is stored in an electronic medical record system. Most patients’ records contained sensitive health information.

Results No patients reported that they would prefer to share all information stored in an electronic medical record (EMR) with all potential recipients. Sharing preferences varied by type of information (EMR data element) and recipient (eg, primary care provider), and overall sharing preferences varied by participant. Patients with and without sensitive records preferred less sharing of sensitive versus less-sensitive information.

Discussion Patients expressed sharing preferences consistent with a desire for granular privacy control over which health information should be shared with whom and expressed differences in sharing preferences for sensitive versus less-sensitive EMR data. The pattern of results may be used by designers to generate privacy-preserving EMR systems including interfaces for patients to express privacy and sharing preferences.

Conclusions To maintain the level of privacy afforded by medical records and to achieve alignment with patients’ preferences, patients should have granular privacy control over information contained in their EMR.

Free Sample

This recent issue is free to all users to allow everyone the opportunity to see the full scope and typical content of JAMIA.
View free sample issue >>

Access policy for JAMIA

All content published in JAMIA is deposited with PubMed Central by the publisher with a 12 month embargo. Authors/funders may pay an Open Access fee of $2,000 to make the article free on the JAMIA website and PMC immediately on publication.

All content older than 12 months is freely available on this website.

AMIA members can log in with their JAMIA user name (email address) and password or via the AMIA website.

Navigate This Article