Informed consent and the security of the electronic health record (EHR): some policy considerations

Various codes of ethics, and in particular the IMIA Code of Ethics for Health Information Professionals (HIPs), stipulate that the subject of an electronic health record (EHR) has a series of security rights with respect to her/his EHR, and that to some degree these rights center in the notion of informed consent. This paper examines the ethical basis of this position, outlines its implications for professionals, institutions and society in general, and identifies its limits. Further issues that will be discussed include who carries the responsibility for informed consent, what nature it should take, whether web-based EHRs present ethically unique problems, and related security implications.