J Am Med Inform Assoc 9:181-191 doi:10.1197/jamia.M1005
  • Original Investigation
  • Research Paper

Giving Patients Access to Their Medical Records via the Internet

The PCASSO Experience

  1. Daniel Masys,
  2. Dixie Baker,
  3. Amy Butros,
  4. Kevin E Cowles
  1. Affiliation of the authors: University of California, San Diego, La Jolla, California
  1. Correspondence and reprints: Daniel Masys, MD, Director, Biomedical Informatics, UCSD School of Medicine, 9500 Gilman Drive, Mailcode 0602, La Jolla, CA 92093-0602; e-mail: <dmasys{at}>
  • Received 14 August 2001
  • Accepted 19 November 2001


Objective The Patient-Centered Access to Secure Systems Online (PCASSO) project is designed to apply state-of-the-art-security to the communication of clinical information over the Internet.

Design The authors report the legal and regulatory issues associated with deploying the system, and results of its use by providers and patients. Human subject protection concerns raised by the Institutional Review Board focused on three areas—unauthorized access to information by persons other than the patient; the effect of startling or poorly understood information; and the effect of patient access to records on the record-keeping behavior of providers.

Measurements Objective and subjective measures of security and usability were obtained.

Results During its initial deployment phase, the project enrolled 216 physicians and 41 patients; of these, 68 physicians and 26 patients used the system one or more times. The system performed as designed, with no unauthorized information access or intrusions detected. Providers rated the usability of the system low because of the complexity of the secure login and other security features and restrictions limiting their access to those patients with whom they had a professional relationship. In contrast, patients rated the usability and functionality of the system favorably.

Conclusion High-assurance systems that serve both patients and providers will need to address differing expectations regarding security and ease of use.


  • * For a detailed description of the PCASSO architecture and operations concept, see Baker.17

  • The HIPAA Privacy Standards do not allow for denial of patient access to any of their medical information.

Free Sample

This recent issue is free to all users to allow everyone the opportunity to see the full scope and typical content of JAMIA.
View free sample issue >>

Access policy for JAMIA

All content published in JAMIA is deposited with PubMed Central by the publisher with a 12 month embargo. Authors/funders may pay an Open Access fee of $2,000 to make the article free on the JAMIA website and PMC immediately on publication.

All content older than 12 months is freely available on this website.

AMIA members can log in with their JAMIA user name (email address) and password or via the AMIA website.

Navigate This Article