Aspects of privacy for electronic health records

Patients’ medical data have been originally generated and maintained by health professionals in several independent electronic health records (EHRs). Centralized electronic health records accumulate medical data of patients to improve their availability and completeness; EHRs are not tied to a single medical institution anymore. Nowadays enterprises with the capacity and knowledge to maintain this kind of databases offer the services of maintaining EHRs and adding personal health data by the patients. These enterprises get access on the patients’ medical data and act as a main point for collecting and disclosing personal data to third parties, e.g. among others doctors, healthcare service providers and drug stores. Existing systems like Microsoft HealthVault and Google Health comply with data protection acts by letting the patients decide on the usage and disclosure of their data. But they fail in satisfying essential requirements to privacy. We propose a privacy-protecting information system for controlled disclosure of personal data to third parties. Firstly, patients should be able to express and enforce obligations regarding a disclosure of health data to third parties. Secondly, an organization providing EHRs should neither be able to gain access to these health data nor establish a profile about patients.