Abstract
INTRODUCTION
Applying Fair Information Practice principles to electronic health records (EHRs) requires allowing patient control over who views their data.
METHODS
We designed a program that captures patients’ preferences for provider access to an urban health system’s EHR. Patients could allow or restrict providers’ access to all data (diagnoses, medications, test results, reports, etc.) or only highly sensitive data (sexually transmitted infections, HIV/AIDS, drugs/alcohol, mental or reproductive health). Except for information in free-text reports, we redacted EHR data shown to providers according to patients’ preferences. Providers could “break the glass” to display redacted information. We prospectively studied this system in one primary care clinic, noting redactions and when users “broke the glass,” and surveyed providers about their experiences and opinions.
RESULTS
Eight of nine eligible clinic physicians and all 23 clinic staff participated. All 105 patients who enrolled completed the preference program. Providers did not know which of their patients were enrolled, nor their preferences for accessing their EHRs. During the 6-month prospective study, 92 study patients (88 %) returned 261 times, during which providers viewed their EHRs 126 times (48 %). Providers “broke the glass” 102 times, 92 times for patients not in the study and ten times for six returning study patients, all of whom had restricted EHR access. Providers “broke the glass” for six (14 %) of 43 returning study patients with redacted data vs. zero among 49 study patients without redactions (p = 0.01). Although 54 % of providers agreed that patients should have control over who sees their EHR information, 58 % believed restricting EHR access could harm provider–patient relationships and 71 % felt quality of care would suffer.
CONCLUSIONS
Patients frequently preferred restricting provider access to their EHRs. Providers infrequently overrode patients’ preferences to view hidden data. Providers believed that restricting EHR access would adversely impact patient care. Applying Fair Information Practice principles to EHRs will require balancing patient preferences, providers’ needs, and health care quality.
KEY WORDS: fair information practices, electronic health records, patient preferences, quality of care
INTRODUCTION
Western society, especially the U.S., has rapidly adopted digital technologies for processing and storing personal data. As data uses expanded, concerns arose about personal privacy and activities of organizations collecting, processing, and storing data. In 1973, the U.S. Department of Health, Education, and Welfare convened an advisory committee to address implications for citizens’ rights arising from computerized records and published a call for a “Code of Fair Information Practices” (FIPs).1
In 2008, the U.S. Office of the National Coordinator for Health Information Technology (ONC) formulated FIPs specifically for electronic health records (EHRs)2 that encouraged open and transparent policies and procedures; enabling patients’ access to their health information with the ability to dispute and correct errors with safeguards to ensure confidentiality, integrity, and availability of their health information; and including patients in decisions about what information is collected and how it is used and disclosed as necessary to accomplish its specific purposes.
U.S. health care providers have been slow in adopting EHRs, which have existed for more than 40 years.3 The Health Information Technology for Economic and Clinical Health (HITECH) Act of 20094 provided more than $19 billion for a variety of initiatives to encourage hospitals and physicians’ practices to install and use EHRs, including incentives, support for regional extension centers, training, etc., and it will be imposing financial penalties for not using EHRs.5 As a result, by 2012 more than 85 % of U.S. non-federal acute care hospitals6 and more than half of U.S. physicians7 had installed or signed agreements to install ONC-certified EHRs. Consequently, the amount of stored digital health data is skyrocketing, leading the NationalInstitutes of Health (NIH) to launch its Big Data to Knowledge (BD2K) initiative.8 ONC has been tasked with implementing the HITECH Act and defining the criteria for “meaningful use” that physicians must meet to receive the above-mentioned incentives and avoid penalties. These criteria have included some of the principles of FIPs that are being required of all EHRs and all physicians using them. For example, health systems must provide patients with reasonable access to the information in their EHRs.9 Most health systems accomplish this via patient portals.10
To date legal, financial, and technical challenges11,12 have resulted in few health systems giving patients control over access to information in their EHRs. Most current methods are all-or-nothing opt-in/opt-out approaches where patients give (or withhold) permission to store their health records electronically. The Indiana Network for Patient Care (INPC), one of the nation’s oldest, largest, and most comprehensive health information exchanges,13,14 allows patients to opt out of sharing their local health system data with the exchange. More granular control of access to patient data, also termed data segmentation,15 has not been systematically implemented in any health system or health information exchange. Some third-party programs, such as Microsoft’s HealthVault and Google Health,16 have allowed patients to determine who can see their records, but these systems only contain data entered by patients, not providers, and are not protected by federal laws and regulations covering protected health information.
In 2010, ONC launched a Challenge Grant program to enable “enhanced query for patient care.”17 Under this program, the Regenstrief Institute developed a Web-based system whereby patients could record their preferences for who could access specific data in their EHRs. Regenstrief developers then modified their existing EHR viewer called Careweb® 18 to allow patients’ preferences to guide what EHR information providers can see. Careweb is the sole means for viewing data in the INPC and the EHR maintained by Eskenazi Health, an urban public health system in Indianapolis. We have previously published the requirements for capturing patients’ preferences for viewing information in their EHRs19 and an ethics framework for following FIP principles in health care.20 Articles published elsewhere in this JGIM supplement describe the process of designing the patient preference program,21 and challenges that had to be overcome to incorporate it into Careweb to control the display of EHR data to clinicians.22 In this article, we report the results of a demonstration study where we implemented this patient-controlled EHR access program in a single primary care clinic in Eskenazi Health’s large urban primary care network and prospectively assessed its effects on EHR data displays and providers’ reactions. A description of the system patients used to record their preferences, as well as their actual preferences for controlling access to their EHRs are contained in a separate article in this JGIM supplement.23
METHODS
Subject Enrollment
This study was approved by the Indiana University Institutional Review Board and the INPC Management Committee and was conducted in Eskenazi Health’s General Internal Medicine Clinic (GMC). (Note: The hospital system was named Wishard Health Services until December of 2013, during this study, when Wishard Hospital was closed and all operations of the hospital and its primary care centers were transferred to Eskenazi Health. For simplicity, throughout this article we refer to the health system as Eskenazi Health.) All GMC physicians, nurses, and other clinic staff were invited to participate in this study. For each participating physician, we identified all patients who had visited them at least twice in the previous year—and hence had existing EHRs and relationships with their primary care physicians.
A research assistant in the GMC’s practice-based research network24,25 used lists generated by the Regenstrief Medical Record System, which has serve as Eskenazi Health’s comprehensive EHR since 1973,3 to identify potentially eligible subjects, approach them in the GMC waiting room, and assess their interest in the study. Patients fluent in English who expressed interest were taken to a secluded room where the study was explained. For those signing informed consent, a study assistant (a fourth-year medical student) using formal scripted instructions led enrolled subjects through the computer-based program for capturing their preferences for displaying EHR data to GMC providers. The details of the patient preference system are provided in a companion manuscript in this journal supplement.23 Subjects could choose to restrict access by provider (from a list of all GMC doctors, nurses, and other clinic staff enrolled in the study) and by data: they could allow or restrict access to all data or to specific information within their EHRs, specifically data deemed highly sensitive by the National Committee on Vital and Health Statistics26: sexually transmitted infections, HIV/AIDS, sexual health and pregnancy, drug and alcohol use and abuse, and mental health information. For this study, physicians’ assistants and nurse practitioners were arbitrarily included with clinical nurse assistants and medical assistants as “other clinic staff,” because they were too few to comprise their own category and they serve an intermediary role between nurses and physicians. Patients could also restrict data displays based on a range of ages.
Careweb Data Displays
The EHR maintained by Eskenazi Health imports data from multiple health information systems serving inpatient and outpatient services for registration, scheduling, laboratory, pharmacy, transcription, etc. The Regenstrief Institute maintains clinician-facing technologies for Eskenazi, specifically its Gopher® order-entry and note-writing27,28 and Careweb data viewer.18 Careweb is the only means by which data in Eskenazi EHRs and the INPC can be viewed by providers, and it does so by four methods via tabs on Careweb’s main menu: 1) display all patient data in reverse chronological order; 2) display free-text notes and reports in reverse chronologic order; 3) create and display customized flowsheets of numeric and/or coded data by selecting categories from a menu or typing in specific whole or partial term names from a local dictionary3; and 4) via Careweb’s Google-like search tool, Chart Search,18 where entering any partial or full word or phrase yields displays of discrete data or free-text reports containing that term/phrase (with much built-in synonymy) in reverse chronologic order.
For patients who allowed all providers to view all of their EHR data, Careweb was unchanged. For patients who restricted access to all information for all providers or the specific provider seeking data, all Careweb data viewing screens displayed no results, as if the patient were new to this health system. For patients who restricted access to specific types of highly sensitive data or data occurring in specified age ranges, those data would simply be absent from results displayed, regardless of display method. Because one might infer the content of redacted information by the very fact that it was redacted, Careweb provided no indication that data had been redacted. However, all study providers were aware of this study and that data might be redacted for some patients, although Careweb did not indicate which patients were enrolled in the study.
This study’s investigators and GMC physicians believed there would be times when providers would need to override the patients’ preferences to restrict EHR display, e.g., for legally mandated reporting or when patient safety was at risk. We therefore created a button on the Careweb task menu labeled “Break Glass (Pt Preferences).” Providers who suspected that important information had been redacted could hit the “Break Glass” button, and all data would be displayed for that patient during that Careweb session only. Every time this button was hit, Careweb recorded the date, time, provider and patient names, and the next screen viewed. There were challenges and complexities when implementing patients’ preferences for restricting the viewing of their data; these have been discussed in detail elsewhere in this JGIM supplement.22 For example, although sensitive coded information and data from sensitive locations (e.g., mental health visits) could easily be redacted, sensitive information could not be redacted from within free-text notes and reports.
Data Collection and Analysis
We assessed all GMC visits of enrolled patients during the 6-month observation period. When a patient enrolled in this study visited the GMC, there was no indication in Careweb or Eskenazi Health’s EMR that the patient was in the study. Moreover, study patients comprised less than 1 % of all patients utilizing this clinic, making it impossible for providers to guess which patients might have restricted access to their EHRs. We recorded each time a study provider used Careweb to view a visiting study patient’s data, every time the provider “broke glass,” and the next data viewed. We compared the rate of “breaking glass” between study patients who did vs. did not restrict any display of their EHR data with Fisher’s Exact Test.
At the end of the 6-month study, we administered an anonymous questionnaire to each participating provider. Responding providers were given $25 gift cards. Using a five-point Likert scale ranging from Strongly Agree to Strongly Disagree, providers indicated their familiarity with EHRs and this study, comfort with patients’ restricting EHR access, effects of such restrictions on provider–patient relationships and quality of care, and opinions about patients having control over access to their EHRs. The questionnaire also contained four optional open-ended questions about providers’ experience, concerns, and understanding of this process: Did you have any concerns about this process? Did you ever “break the glass” and see hidden records, and if so, why? Was there anything you did not understand about this process? And how will you react if health care providers are required to allow patients to control who sees what information in their EHRs?
RESULTS
This demonstration study was conducted from August through December of 2013. Eight of nine eligible physicians practicing in the GMC agreed to participate as did all 23 GMC staff: five nurses, four clinical nurse assistants, three physician’s assistants, two nurse practitioners, and nine medical assistants. All study participants provided informed consent.
Participants
Of 141 eligible GMC patients approached, 105 (74 %) were enrolled, and all successfully completed the patient preference program. Enrolled patients were 70 % women, 55 % minority (African-American or Hispanic), had a mean age of 55 ± 13 (SD) years, and all but one had highly sensitive information (in one of the five categories defined in Methods) in their EHRs. Details concerning patients’ preferences and their opinions of this program are contained in the article by Schwartz et al. in this JGIM supplement.23 Approximately half of the study patients wanted all GMC providers to see all of their EHR information; the reminder restricted access to some or all of their EHR information to some or all GMC providers.
Study Visits
During the 6-month prospective study, 92 (88 %) of enrolled patients returned to the GMC 261 times (mean = 2.8, SD 1.6, range 1 to 7, median 2). Forty-three (47 %) of returning patients had restricted display of at least some EHR data to one or more providers. Study patients were seen by study physicians during 84 % of returning visits and were seen by only other clinic staff during the remaining 16 %. Study patients’ visits comprised 2 % of all GMC visits during the study. Providers viewed patient data via Careweb during 126 (48 %) of these 261 study visits. Visits where EHRs were not viewed were most often for refilling medications and visits to nurses, e.g., for checking blood pressure, as medications can be prescribed or refilled and notes can be written without accessing Careweb.
During the study, providers hit the “Break Glass” button 102 times: 92 times among patients not in the study (and thus had no information redacted) and ten times for six study patients (all of whom had restricted display of data, and five of whom restricted display to the person who “broke the glass”). Three physicians, three nurses, and five other staff “broke the glass” at least once. Among the 43 returning study patients who had restricted EHR data displays, providers “broke the glass” for six (14 %) compared with none of the 46 study patients with no display restrictions (p = 0.01). The first screen viewed after “breaking the glass” most often contained prior free-text notes and/or orders (Table 1).
Table 1.
Number of “Break Glass” Episodes | Next Screen Viewed |
---|---|
37 | Free-text notes and reports |
17 | Order-entry main screen |
9 | Appointments |
7 | Modified patient order |
7 | Data flowsheet |
7 | Chart Search main screen |
6 | Patient registration and demographic data |
5 | Pharmacy orders |
3 | Log-in screen |
2 | Clinical encounter sites |
1 | Summary of all clinical data |
1 | Chart Search chronological results |
Provider Survey
Of the 31 providers in this study, 24 (77 %) responded to the post-study questionnaire. To maintain anonymity, respondents did not record their role (physician, nurse, etc.). As shown in Table 2, most responding providers knew that study patients could control access to their EHR data (87 % checking “strongly agree” or “somewhat agree”), although less than half believed patients understood their EHR. Many respondents (46 %) strongly or somewhat agreed that they were comfortable with patients restricting display of EHR data, although 25 % strongly disagreed. Most respondents (83 %) agreed that their patients’ EHRs are “viewed only by people who should have access to them.” While 53 % of respondents agreed that it was okay for patients to have control over who sees what EHR information, 25 % strongly disagreed. The majority (58 %) also felt that restricting EHR access would affect their relationships with their patients, but a quarter strongly disagreed. More respondents agreed that it was good for patients to control access to EHR content than disagreed (42 % vs. 26 %), and more than twice as many agreed that patients own their EHR information (46 % vs. 21 %). However, there was no consensus on whether, as patients themselves, respondents would want to control providers’ access to respondents’ own EHR data.
Table 2.
Strongly Agree | Somewhat Agree | Neutral | Somewhat Disagree | Strongly Disagree | Don’t Know / Can't Say | |
---|---|---|---|---|---|---|
I believe that patients understand what an electronic health record is | 13 % | 29 % | 33 % | 17 % | 0 % | 8 % |
I understand that in this study, patients decided who could access their electronic health records | 54 % | 33 % | 4 % | 4 % | 0 % | 4 % |
I was comfortable with patients restricting my seeing some of their electronic health record (EHR) | 25 % | 21 % | 13 % | 13 % | 25 % | 4 % |
My patients’ electronic health records are viewed only by people who should have access to them. | 54 % | 29 % | 8 % | 4 % | 0 % | 4 % |
I think it is OK for patients to have control over who sees what information in their electronic health records | 33 % | 21 % | 8 % | 13 % | 25 % | 0 % |
Patients preventing me from seeing part or all of their EHRs could affect my relationships with them | 50 % | 8 % | 13 % | 4 % | 25 % | 0 % |
It is a good thing for patients to have control over who sees their electronic health records | 21 % | 21 % | 29 % | 13 % | 13 % | 4 % |
Restricting access to all or part of a patient’s EHR will likely reduce the quality of care I deliver | 63 % | 8 % | 8 % | 8 % | 13 % | 0 % |
The patient owns the information in his or her electronic health record | 21 % | 25 % | 25 % | 13 % | 8 % | 8 % |
As a patient, I would like to control the information in my EHR that providers can see | 29 % | 17 % | 17 % | 17 % | 21 % | 0 % |
Figures are the percent of each row. The rows may not add to 100 % due to rounding
Responses to the open-ended questions were provided by 12 of the 24 respondents. Five reported concerns about patient-controlled EHR displays, one of whom wrote, “I was concerned I may not be able to view vital information.” Another commented, “Initially, yes—as it worked out, no.” Apparently, experience with the process mitigated this provider’s concerns. Three providers reported working around data display prohibitions by using an older version of Careweb that did not have patient-controlled EHR displays implemented. Another respondent asked why we did not invoke patient-controlled displays in the older version of Careweb, apparently aware of other providers’ workarounds. (Answer: because it was not technically possible in the prior Careweb platform.)
Five respondents reported “breaking the glass” to see patients’ data, three of whom reported reasons for doing so. One provider “broke glass” to prevent unnecessary testing, and another did so out of a need to see if a patient needing narcotics had a history of drug abuse. A third did so because he or she felt the patient could not otherwise be successfully treated:
“I did break glass. At times I was unable to see any part of the patient’s chart, including past notes, which completely disabled me from treating [the] patient. The times I broke glass, I was aware of the missing information because there was nothing visible. There may have been times I was unaware that info was being hidden, which can impede treatment."
The most common concern among physicians was patients who might be empowered to hide their use, and potential misuse, of controlled substances: “Yes, I broke the glass because I was concerned that my patient has a history of drug abuse and I was going to prescribe narcotics.”
Only one provider admitted to not realizing that the new Careweb and Chart Search system restricted information from him or her. Finally, when asked how they would react if local or national policy allowed patients to control access to their EHR data, five providers felt it would adversely impact care and patient safety. One respondent stated, “I will really not be happy and will consider switching out of primary care.” Another wrote, “I would be unhappy if a patient restricts the info I can see. I feel it impedes my ability to care for them adequately and increases the chance of errors.” Another agreed: “This will not be good. It could be very costly, causing duplicate testing and med errors.” And finally, “This will jeopardize patient care. I will not feel as comfortable treating patients if there are records hidden from me.”
One respondent had a more balanced opinion: “I think it is OK for the patient to control some of the EHR data, but some things the doctor will need to know.” Three respondents felt it would be okay and would not adversely affect practice, stating: “It would not change how I practice,” and “I think it should be OK.” Another would accommodate patients’ EMR access preferences, but discuss the decision and its consequences with the patient and other providers:
“I would try to use another avenue to communicate with co-providers to assure that everyone who cares for the patient has the same info as I do unless expressly told by the patient not to do so. I would also ask the patient what prompted this decision so I can be sure this decision was reached after the patients understood the ramifications of their decision.”
DISCUSSION
We demonstrated that primary care providers had varying levels of comfort with our system’s redacting displays of their patients’ health information. While many study providers were comfortable with patients having control over who sees what information in their electronic health records, a significant number disagreed, some strongly. Health care is an information business,29,30 and some providers believed impeding their access to their patients’ health information could adversely affect doctor–patient relationships and the costs and outcomes of care. Constraining their ability to provide care by restricting access to information might compromise physicians’ obligation to provide high-quality, safe health care. On the other hand, if patients do not have such control over their EHRs, some resort to risky practices, such as withholding information or avoiding care for embarrassing or stigmatizing conditions.31,32
Having a “break glass” option did not seem to completely assuage providers’ worries. In fact, despite having this option, three providers went out of their way to use an older version of Careweb that had no restrictions, perhaps not trusting that “breaking glass” would display all data. Their finding this somewhat obscure workaround is typical of how health care providers navigate EHRs,33 which suggests that some clinicians will find ways to access restricted EHR information even if ONC mandates that patients control EHR access, such as maintaining “ghost charts.” 34
This demonstration study had limitations. It included a relatively small number of patients and providers in one inner-city academic primary care practice. Although we demonstrated the feasibility of implementing patient control of EHR access, the results of the study cannot be readily generalized to any other practice venue. We did not assess the results of patients’ preferences on their relationship with their health care providers, or on their care or its outcomes.
This study left us with a number of important unanswered questions. Do patients understand the potential consequences of hiding data from their health care providers? What are the effects of patient EHR access control on doctor–patient relationships and patient care and its outcomes? Would specialists have the same expectations of and needs for broad access to EHR data as do primary care physicians? Might patient-controlled EHR access have different affects on care in different specialties and care environments? Future research should shed light on these and other questions before widespread implementation of patient-controlled EHR access is contemplated.
High quality health care requires stable, deep relationships between providers and patients where providers are responsible for patients’ wellbeing and alleviating their suffering. Errors in judgment carry a great chagrin factor for physicians,35 and physicians might oppose or avoid using any system that might increase their likelihood of causing errors and harm, even if they agree with FIP principles. Most providers, especially physicians, came into practice in an era where they and their health care organizations owned patients’ health records. Yet our prior research clearly showed that patients have strong feelings of ownership over their records and a desire to make sure that only those who really needed access got it.19 This view, sometimes called the patient-autonomy perspective, can clash with the historical, paternalistic approach.36
It thus appears that there is a significant tension between patients’ and providers’ desires concerning access to and use of EHRs. Reconciling these differences will require substantial engagement by patients, physicians, other providers, and broader society. Patients must understand that health care providers will not willingly compromise their ability to provide the highest quality care, while providers must understand that health information is highly personal, potentially stigmatizing and economically damaging, and can affect patients’ feelings of self-worth and comfort with their health system and their providers. Much work needs to be done, hopefully before implementing policies mandating or forbidding patient-controlled data segmentation.
Perhaps a different paradigm is needed, one of a patient–provider partnership where information is shared for the collaborative goal of enhancing care. This goal is at the root of the learning health care system.37,38 As embodied in the PeoplePower movement’s mantra, “Nothing about me without me”,39 perhaps providers and their patients can agree proactively on the key data needed by various members of the health care team and work to increase the availability of those data to the right providers at the right time. In the end, both patients and providers want the same thing: the highest quality, most cost-effective care that is acceptable to the patient.
Acknowledgements
Contributors
We are grateful to Theda Miller, Chris Power, Jonathan Cummins, and the other faculty and staff of the Regenstrief Center for Biomedical Informatics for their support of our enhancement of Careweb and Chart Search. We also thank the physicians, nurses, and staff of the Wishard/Eskenazi General Medicine Clinic for their gracious hosting of this pilot demonstration study. We also appreciate the diligence of Jane French and Kelly Givens of ResNet for performing in-clinic recruiting and data collection.
Funders
This study was supported in part by grant number 90HT005 from the Office of the National Coordinator for Health Information Technology (ONC) to the Indiana Health Information Technology Corporation. The opinions expressed in this work are the authors’ and do not necessarily reflect the positions of ONC, IHIT, Eskenazi Health, Indiana University, or the Regenstrief Institute, Inc.
Prior presentations
None.
Conflicts of Interest
None of the authors has any financial conflicts of interest with this work.
Footnotes
Clinicaltrials.gov ID number: NCT0186213
REFERENCES
- 1.U.S. Department of Health, Education, & Welfare (HEW). Records, computers and the rights of citizens; report of the Secretary's Advisory Committee on Automated Personal Data Systems. Washington, D.C.: HEW; 1973. Available at: http://epic.org/privacy/hew1973report, accessed September 23, 2014.
- 2.Office of the National Coordinator for Health Information Technology, & U.S. Department of Health and Human Services. Nationwide Privacy and Security Framework for Electronic Exchange of Individually Identifiable Health Information, 2008. Available at http://www.healthit.gov/sites/default/files/nationwide-ps-framework-5.pdf. Accessed September 23, 2014.
- 3.McDonald CJ, Overhage JM, Tierney WM. The regenstrief medical record system: a quarter century experience. Int J Med Informat. 1999;54:225–253. doi: 10.1016/S1386-5056(99)00009-X. [DOI] [PubMed] [Google Scholar]
- 4.Clinical Health Act, (“HITECH”) of the American Recovery and Reinvestment Act of 2009 (“AARA”), Pub. L. No. 111–5, 123 Stat. 115, 226–79, 2009 (codified in scattered sections of 42 U.S.C.).
- 5.Blumenthal D. Stimulating the adoption of health information technology. N Engl J Med. 2009;360:1477–1479. doi: 10.1056/NEJMp0901592. [DOI] [PubMed] [Google Scholar]
- 6.National Coordinator for Health Information Technology. Adoption of electronic health record systems among U.S. non-federal acute care hospitals: 2008–2012 (ONC Data Brief No. 9). Available at: http://www.healthit.gov/sites/default/files/oncdatabrief9final.pdf, accessed September 23, 2014.
- 7.National Coordinator for Health Information Technology. Physician adoption of electronic health record technology to meet meaningful use objectives: 2009–2012. Available at: http://www.healthit.gov/sites/default/files/onc-data-brief-7-december-2012.pdf, accessed September 23, 2014.
- 8.National Institutes of Health. Big knowledge to data (BD2K). Available at: http://bd2k.nih.gov/, accessed September 23, 2014.
- 9.Blumenthal D, Tavenner RN. The “meaningful use” regulation for electronic health records. N Engl J Med. 2010;363:501–504. doi: 10.1056/NEJMp1006114. [DOI] [PubMed] [Google Scholar]
- 10.Goldzweig CL, Orshansky G, Paige NM, et al. Electronic patient portals: evidence on health outcomes, satisfaction, efficiency, and attitudes: a systematic review. Ann Intern Med. 2013 Nov 19;159(10):677–687. [DOI] [PubMed]
- 11.Allen J, Hulman D, Meslin EM, Stanley F. Privacy protectionism and health information: is there any redress for harms to health? Journal of Law and Medicine. 2013;21:473–485. [PubMed] [Google Scholar]
- 12.Goodman KW, Meslin EM. Ethics, Information technology, and public health: duties and challenges in computational epidemiology. In: Magnusen JA, Fu PC Jr, editors. Public Health Informatics and Information Systems. New York: Springer; 2014. pp. 191–209. [Google Scholar]
- 13.McDonald CJ, Overhage JM, Barnes M, et al. The Indiana network for patient care: a working local health information infrastructure. An example of a working infrastructure collaboration that links data from five health systems and hundreds of millions of entries. Health Aff (Millwood) 2005;24:1214–1220. doi: 10.1377/hlthaff.24.5.1214. [DOI] [PubMed] [Google Scholar]
- 14.Biondich PG, Grannis SJ. The Indiana network for patient care: an integrated clinical information system informed by over thirty years of experience. J Public Health Manag Pract 2004;Suppl:S81-6. [PubMed]
- 15.Goldstein MM, Rein AL, Heesters MM, Hughes PP, Williams B, Weinstein SA.Data Segmentation in Electronic Health Information Exchange: Policy Considerations and Analysis. Washington, D.C.: U.S. Department of Health and Human Services, Office of the National Coordinator for Health IT, 2010
- 16.Goth G. A game changer? As Google and Microsoft put their PHR plays into action, CIOs formulate their next moves. Healthc Inform. 2008;25:52–54. [PubMed] [Google Scholar]
- 17.Health Information Challenge Grant Program. Available at: http://www.healthit.gov/providers-professionals/health-information-exchange-challenge-grant-program, accessed September 23, 2014.
- 18.Duke JD, Morea J, Mamlin B, et al. Regenstrief Institute’s Medical Gopher: A next-generation homegrown electronic medical record system. Int J Med Inform. 2014;83:170–179. doi: 10.1016/j.ijmedinf.2013.11.004. [DOI] [PubMed] [Google Scholar]
- 19.Caine K, Hanania R. Patients want granular privacy control over health information in electronic health records. J Am Inform Assoc. 2013;20:7–15. doi: 10.1136/amiajnl-2012-001023. [DOI] [PMC free article] [PubMed] [Google Scholar]
- 20.Meslin EM, Alpert SA, Carroll AE, Odell JD, Tierney WM, Schwartz PH. Giving patients granular control of personal health information: using an ethics 'Points to Consider' to inform informatics system designers. Int J Med Inform. 2013;82:1136–1143. doi: 10.1016/j.ijmedinf.2013.08.010. [DOI] [PubMed] [Google Scholar]
- 21.Caine K, Kohn S, Lawrence C, Hanania R, Tierney WM. Designing a patient-centered user interface for access decisions about EHR data: Implications from patient interviews J Gen Intern Med 2014 (in press). [DOI] [PMC free article] [PubMed]
- 22.Leventhal JC, Cummins JA, Schwartz PH, Martin DK, Tierney WM. Patient control of provider viewing of their electronic health records: Technical and organizational challenges. J Gen Intern Med 2014 (in press). [DOI] [PMC free article] [PubMed]
- 23.Schwartz PH, Caine K, Alpert SA, Tierney WM. Patient choices to control access to their electronic health records in primary care. J Gen Intern Med 2014 (in press). [DOI] [PMC free article] [PubMed]
- 24.Tierney WM, Miller ME, Hui SL, McDonald CJ. Practice randomization and clinical research: The Indiana experience. Med Care. 1991;29:JS57–JS64. [PubMed] [Google Scholar]
- 25.Kho AN, Zafar A, Tierney WM. Electronic data collection in practice-based research networks: Lessons learned from a successful implementation. J Am Board Fam Med. 2007;20:196–203. doi: 10.3122/jabfm.2007.02.060114. [DOI] [PubMed] [Google Scholar]
- 26.Carr JM. National Committee on Vital and Health Statistics Recommendations Regarding Sensitive Health Information. Available at: http://www.ncvhs.hhs.gov/101110lt.pdf. Accessed September 23, 2014.
- 27.McDonald CJ, Tierney WM. The Medical Gopher—A microcomputer system to help find, organize and decide about patient data. West J Med. 1986;145:823–829. [PMC free article] [PubMed] [Google Scholar]
- 28.Tierney WM, Miller ME, Overhage JM, McDonald CJ. Physician inpatient order-writing on microcomputer workstations: Effects on resource utilization. JAMA. 1993;269:379–383. doi: 10.1001/jama.1993.03500030077036. [DOI] [PubMed] [Google Scholar]
- 29.Berwick DM. Escape Fire: Lessons for the Future of Health. New York: The Commonwealth Fund; 2002. [Google Scholar]
- 30.Tierney WM, Kanter AS, Fraser HSF, Bailey C. A toolkit for e-health partnerships in low-income nations. Health Aff (Millwood) 2010;29:272–277. doi: 10.1377/hlthaff.2009.0793. [DOI] [PubMed] [Google Scholar]
- 31.Bishop L, Holmes BJ, Kelley C.National Consumer Health Privacy Survey. California HealthCare Foundation, 2005
- 32.Campos-Castillo C, Anthony DL. The double-edged sword of electronic health records: Implications for patient disclosure. J Am Med Inform Assoc 2014 (in press). [DOI] [PubMed]
- 33.Flanagan ME, Saleem JJ, Millitello LG, Russ AL, Doebbeling BN. Paper- and computer-based workarounds to electronic health record use at three benchmark institutions. J Am Med Inform Assoc. 2013 Jun;20(e1):e59–66. [DOI] [PMC free article] [PubMed]
- 34.Balka E. Ghost charts and shadow records: Implication for system design. Stud Health Technol Inform. 2010;160(Pt 1):686–690. [PubMed] [Google Scholar]
- 35.Feinstein AR. The “chagrin factor” and qualitative decision analysis. Arch Intern Med. 1985;145:1257–1259. doi: 10.1001/archinte.1985.00360070137023. [DOI] [PubMed] [Google Scholar]
- 36.Davies P. Should patients be able to control their own records? BMJ. 2012;345:e4905. doi: 10.1136/bmj.e4905. [DOI] [PubMed] [Google Scholar]
- 37.Institute of Medicine . The Learning Health System and its Innovation Collaboratives: Update Report. Washington, DC: National Academy Press; 2011. [Google Scholar]
- 38.Faden RR, Kass NE, Goodman SN, Pronovost P, Tunis S, Beauchamp TL. An Ethics framework for a learning health care system: A departure from traditional research ethics and clinical ethics. Hastings Cent Rep. 2013;43:S16–S27. doi: 10.1002/hast.134. [DOI] [PubMed] [Google Scholar]
- 39.Delbanco T, Berwick DM, Boufford JI, et al. Healthcare in the land of PeoplePower: Nothing about me without me. Health Expectations. 2001;4:144–150. doi: 10.1046/j.1369-6513.2001.00145.x. [DOI] [PMC free article] [PubMed] [Google Scholar]