‘Patients expressed sharing preferences consistent with a desire for granular privacy control over which health information should be shared with whom and expressed differences in sharing preferences for sensitive versus less-sensitive EMR data. The pattern of results may be used by designers to generate privacy-preserving EMR systems including interfaces for patients to express privacy and sharing preferences.’ (J Am Med Inform Assoc. 2013;20(1))
The implications are that patients would like to be able to set various levels of data sharing, not just ‘yes’ or ‘no’. For EPR manufacturers, that could mean offering such functionality and permitting patients access in order to set the levels. In practice, this could be difficult to do, e.g. what would the default position be?
In the UK, the Code of Confidentiality describes how patient data should be handled. In the US, Fair Information Practices (FIP) are similar. This research goes further than the professional bodies codes of conduct, to show that patients want control of what data, and with whom, their EPR is shared. Interestingly, the ‘most trusted’ recipient of data was the primary care physician.