Intended for healthcare professionals

Feature Information Technology

Should patients be able to control their own records?

BMJ 2012; 345 doi: (Published 30 July 2012) Cite this as: BMJ 2012;345:e4905
  1. Peter Davies, freelance journalist
  1. 1London, UK
  1. petergdavies{at}

Giving patients control of their medical records may sound scary to many doctors, but it could reduce workload and improve outcomes, Peter Davies reports

Every general practice in England will have to offer patients online access to their care records by 2015, according to the government’s information strategy for the NHS published in May.1 Currently only 1% do so. As the Department of Health acknowledges, this represents “a challenge to the culture and practices of some health and care organisations and professionals.”

But advocates of patient access to records now want to go further. They want patients to control their records, with the right to decide who may access them. As the information record is about the patient, the record is his or her property, they argue. Patient controlled records bring extensive benefits, they believe: better informed, more engaged patients; a more mature doctor-patient relationship; shorter consultations; fewer errors; and a means of integrating services—in short, that holy grail of modern healthcare, improved outcomes at lower cost.

This may sound counterintuitive to many doctors. Records could contain information that might alarm or even harm a patient, they respond. They may be written in jargon or—for the sake of clarity—in a frank way that patients find offensive or misunderstand. Patients might deluge doctors with trivial inquiries. Although the BMA believes that patients should have access to their records, it remains concerned about security.

Historically, medical records have been regarded as the property of clinicians or their institution. And although patients in the United Kingdom have had the right to read their paper records since the 1990s, few choose to do so. But accessing records online is much easier: it may stimulate demand for access and, with it, control.

First steps

Projects under way in the NHS are exploring possibilities. The Haughton Thornley practice in Greater Manchester says patients’ online access to records has reduced the need for general practitioner and practice nurse appointments.2 South London and Maudsley Foundation Trust has launched an online record that mental health service users can access and contribute to directly ( Renal PatientView, set up by patient groups, professional bodies, and renal registries, provides online access to diagnosis, treatment, and test results that patients can share with anyone they want and view from anywhere in the world (

One of the UK’s leading proponents of patient controlled records argues they are a basic human right. Mohammad Al-Ubaydli, founder and chief executive of Patients Know Best, a company providing patient controlled record systems to the NHS and others, maintains that the logic behind them and the benefits they bring render arguments against them seem like attempts to deny people the right to vote.

The company’s website allows patients to create a personal electronic health record account that includes records from all their clinicians—primary care, hospital, NHS, and non-NHS—and control who gets access. They can conduct online consultations with their clinical team, receive automated explanations of their results, and work with clinicians on a personalised care plan. Twenty hospital departments in England and the United States are using it.

Overcoming reluctance

“Clinicians think receiving messages is going to be a drain on their time,” says Al-Ubaydli, who qualified in medicine at Cambridge before undertaking various medical software projects. But in practice it means fewer phone calls and consultations. “We tell them to try it, and they come back and say it’s the best thing ever.”

Increasing specialisation in medicine will make patient controlled records pivotal, he believes. They represent an important step towards organising care around the patient rather than institutions. As someone with a long term condition, Al-Ubaydli noticed how the succession of clinicians who treated him sought his opinions—not, he says, because he was medically qualified but because he was the only one with a view of the entire process.

He is scathing about the government’s plan to grant online access without handing control to patients. He fears patients may show little interest and that the initiative could discourage progress towards patient controlled records. Europe is much further advanced, he says.

International enthusiasm

Jan Kremer, professor of reproductive medicine at Radboud University Medical Centre in Nijmegen, the Netherlands, began his digital in vitro fertilisation (IVF) clinic in 2003 to make more information available to patients and lower the barrier to contact with doctors and nurses. “I thought: banks are doing this, why not hospitals?”

Patients take charge of their records and can view test results, pictures of embryos, letters to GPs, and other information, as well as emailing questions to their care team—guaranteed to be answered within a day. About 90% of the centre’s IVF patients use the facility and 50% of its gynaecologists. Patients, not professionals, have driven its development.

“The doctor will move from god to guide,” says Kremer. “The time of the paternalistic doctor who knows what’s good or bad for the patient—that time has gone.”

Doctors are initially reluctant to accept this and question why patients would want data from their records. “I say don’t underestimate the power of patients if you give them the tools. They can do much more than we expect.”

Trusting patients brings returns, says Kremer. “Patients think positively of the doctor who gives them access to data.” In his experience, as patients become better informed and more involved in their care they seek fewer and shorter consultations and make fewer complaints. Rather than being inhibiting, doctors’ awareness that patients will read what they write has proved an impetus to clarity and better communication.

In July, Radboud University Medical Centre extended patient controlled records to all departments apart from psychiatry, which may follow later. It took five years—not because of technological limitations but because of doctors’ initial reluctance. Now they are enthusiastic, says Kremer. “We were persistent and always gave the same message. You have to let the patients tell how important access to their own data is for them. It’s important to include patients in your marketing strategy.”

A pioneer of electronic medical records in the United States in the 1970s, Intermountain Healthcare has had patient controlled records since the 1990s. Based in Utah, its 22 hospitals and 185 clinics offer patients virtually complete access to their data and must justify holding anything back. Patients may add information to their records and correct errors but cannot redact anything. If they add something incorrect, clinicians make a note to that effect but do not delete it. Such instances are rare, says Brent James, Intermountain’s chief quality officer.

Patient controlled records “clean up professional interactions,” he says. “In the old days you would occasionally encounter pejorative statements in the record.” The system has eradicated that. “And I’ve never seen an instance when it damages your ability to record the truth.” Doctors ensure that sensitive information, such as a diagnosis of cancer, is communicated personally and never encountered first over the internet.

Clinicians may access patients’ records on a strict need to know basis for legitimate healthcare reasons. They must have an established relationship with the patient and have their explicit consent. The system highlights about 40 incidents of potentially inappropriate access a month, of which typically two will require action—“ a pretty low rate” from hundreds of thousands of interactions, says James.

Intermountain introduced patient controlled records because it was ethically “the right thing to do,” says James. It also thought that patients’ more effective participation would improve clinical results, reduce complications, and lower care costs. “We think that’s true, and patients would give you that response, but we can’t prove that outcomes are better,” James admits.

Evidence on the effects of giving patients access to and control of records is hard to come by. A major study by Tom Delbanco, professor of medicine at Harvard Medical School, surveyed 100 primary care physicians and 38 000 patients in the US and found that access was far more popular with patients than with doctors3; results on how each uses information from shared records will be published later this year.

False starts

Development of patient accessible records is littered with false starts. Intermountain found little uptake for its first attempt in the 1990s: designed from the professionals’, not the patients’, view; it took off only when messaging and appointment scheduling were added. The NHS’s HealthSpace facility has been axed: “It is too difficult to make an account. It is too difficult to log on,” explained Charles Gutteridge, national clinical director for informatics at the Department of Health.4 Google Health, launched in 2008 as an online service where users could lodge their personal health records, was withdrawn in 2011: it was “not having the broad impact that we hoped it would,” admitted Google.

But Kremer is undeterred. He has developed MijnZorgNet (MyCareNet,, which he nicknames “the Facebook of Dutch healthcare.” Any Dutch health facility can use MijnZorgNet, which provides patients with a “personal health community” and enables them to interact with their GP, dentist, hospital specialist, nurse, or other patients—in effect, a virtual hospital. It is, says Kremer, the future.

Patient controlled health records: the basics

  • If a health record is “patient controlled,” clinicians must seek the patient’s permission to access it. Patients may revoke access, even to clinicians or institutions that have supplied data, or extend access to others involved in their care

  • Such records may contain some or all of the information in the clinician’s records, which are separate and must be maintained by law

  • They may include clinic and discharge letters, prescriptions, test results, x ray images, family history, and notes on allergies or adverse drug reactions. Patients may add comments or other information

  • These records are increasingly part of systems that enable patients to email their doctor, make appointments online, access health advice, or interact with other patients

  • Over half of general practice IT systems can give patients access to records, but only 1% of practices offer the service; 70% have systems offering online appointment booking and ordering repeat medication, and about 30% offer these services

  • Patients have had the right to access their medical records since 1998 under the Data Protection Act and, since 2009, the NHS Constitution


Cite this as: BMJ 2012;345:e4905


  • Competing interests: The author has completed the ICMJE unified disclosure form at (available on request from the corresponding author) and declares no support from any organisation for the submitted work; no financial relationships with any organisation that might have an interest in the submitted work in the previous three years; and no other relationships or activities that could appear to have influenced the submitted work.

  • Provenance and peer review: Commissioned; not externally peer reviewed.


View Abstract