Helping clinicians and patients navigate electronic patient portals: ethical and legal principles
=================================================================================================

* S. Mehta
* T. Jamieson
* A.D. Ackery

KEY POINTS
*   Clinicians may be concerned about the potential of electronic patient portals to disrupt the therapeutic relationship, deliver medicolegal burdens or harm patients, but these fears are largely unfounded.

*   Pediatric, psychiatric and geriatric patient populations have unique needs and considerations when it comes to digital information access because of questions regarding capacity and autonomy.

*   Contemporary ethical and legal principles are challenged to a degree by patient portals, but these challenges can be navigated by taking a patient-centred approach and employing certain technologic features.

*   Decisions regarding proxy access and preferences for scope of information sharing are best discussed between patient and health care practitioner, although they may be supported at the institutional level through interdisciplinary policy development.

Patient portals are technological innovations that allow patients electronic access to their personal health information. They have the potential to transform the delivery of health care. Patients have long had the ability to request their own medical record, usually through an onerous and time-consuming paper-based approach. With the advent of remote digital access, not only is viewing health information easier, but allowing proxy access — or granting permission to a person other than the patient to view the patient’s health information — is increasingly more common. Large corporations (e.g., Apple) have recognized this shift and are beginning to offer consumer-driven platforms that are bound to transform our current philosophy of record access. This shift has implications for clinicians who are traditionally considered the custodians of health information, as decision-making around access will often fall to them. In light of this responsibility, clinician concerns such as disruption of the therapeutic relationship, novel medicolegal burdens in the digital environment and the potential for patient harm with access to sensitive information must be addressed.

Although patient portals empower patients, which can improve health outcomes, increased access to digital information comes with ethical and legal challenges that must be addressed. Unique considerations exist for 3 patient populations in particular — pediatric, psychiatric and geriatric patients — who are particularly vulnerable. Features of patient portals for these vulnerable groups mandate nuanced considerations for capacity and family dynamics.

The ethical principles of patient autonomy, beneficence and nonmaleficence provide a strong foundation upon which to develop patient portals, yet the digital environment challenges some of these concepts by changing the nature of access. Statutory laws regarding rights to access, privacy and confidentiality are fundamental in any access process but face new risks with portal platforms. In considering some of these pitfalls and leveraging design features to accommodate granular preferences, patients and clinicians alike stand to benefit from portals.

## What is the current legal framework for access to protected health information?

Nationally, the *Personal Information Protection and Electronic Documents Act* governs the collection, use and disclosure of personal information. This act also describes 10 fair information principles — including consent, accountability and safeguarding — that serve as a framework for how organizations should approach data processing and governance.1 In Ontario, the *Personal Health Information Protection Act* (PHIPA) applies specifically to health care and governs how personal health information is collected, stored, transferred, terminated and accessed.2

Regulations are fairly similar from jurisdiction to jurisdiction in Canada, Quebec being a notable exception owing to important local differences. For example, Quebec defines an age of consent in health care at 14 years of age, whereas other provinces do not set a specific age but determine an age of majority based on a clinical assessment of capacity. However, to ground the discussion, we will focus specifically on the legal climate in Ontario, where patients have a statutory right to request and access a copy of their health information held by a health information custodian. A custodian is defined broadly by PHIPA and includes any person or organization who has custody or control of health information, such as physicians, hospitals, laboratories and pharmacies. Custodians are generally obliged to respond to a request within 30 days and may refuse a request in certain situations, the most relevant provision being refusal on the grounds that access could result in serious harm to the individual or another person.2 When implementing a patient portal, it is crucial to define which person, group or organization is the custodian to frame legal responsibility.

A patient is capable of providing consent if they can understand the relevant information regarding the collection, use or disclosure of health information and can appreciate the foreseeable consequences of providing or withholding consent.2 Issues of incapacity can arise in any population. If a patient has a substitute decision-maker who is authorized to consent on their behalf, the substitute decision-maker may request access to health information for that patient if they are deemed incapable.

## Where may current regulations fall short?

The landmark 1992 Supreme Court of Canada case of *McInerney* v. *MacDonald* held that although the information belongs to the patient, the physical record belongs to the person or organization responsible for its creation.3 Since this time, however, there have been substantial strides in technological development in both medicine and how information is accessed. Specific guidance around digital access via portals is scarce; jurisprudence will inevitably be required to keep up with this ever-evolving field, and courts will have to grapple with complex questions in the interim while policy remains unclear.

## Are clinicians concerned about portals?

Given that current regulations largely fail to address issues with access to health information in digital formats, clinicians have medicolegal concerns related to unfamiliar obligations imposed by portal platforms and negligence in cases of patient harm caused by information access or lack thereof.4,5 A 2012 survey of the Canadian Medical Protective Association membership found that nearly 30% of clinicians using electronic records believed that portals would increase their medicolegal risk exposure. The association maintains that, as with paper-based records, clinicians are ultimately responsible for maintaining the integrity and security of their patients’ digital records, and must abide by applicable provincial and federal laws.6 Although such guidance may be well-intentioned, the wider scale of distribution of data that is possible with portals compared with paper-based systems makes following it difficult. Further complicating matters, clinicians also have ethical concerns related to potential disruption of the therapeutic relationship, exacerbation of inequity for disadvantaged patients without access to portals, and difficulties in preserving patient privacy and confidentiality in the face of proxy access and data breaches (Table 1).5,14

View this table:
[Table 1:](http://www.cmaj.ca/content/191/40/E1100/T1)

Table 1: 
Clinician concerns about patient portals

## How do we apply legal and ethical principles to the problems of patient portals?

### Autonomy, competence and capacity

Without a legal age of consent for medical care, it is difficult to generate a defined age cut-off to consider for granting exclusive access to health information to the pediatric patient. Pediatric patients are a heterogenous group when it comes to capacity and potential autonomy. Adult caregivers are almost always involved in children’s care and receive access to their health information via implied consent as a proxy. Psychological studies have shown that adolescents as young as 14 years of age have strong decision-making capabilities across many settings, albeit substantial variability.15 Children and adolescents who have been deemed competent by their health care practitioner — otherwise recognized as mature minors by common law — may be afforded a higher degree of autonomy and granted access to their records.16 In these cases, practitioners can discuss exclusive patient access versus the involvement of proxy users. It may be helpful for portals to build in reminders and notifications to prompt practitioners and their administrative staff to review access preferences to act pre-emptively. Indeed, the concept of competence is dynamic and is affected by variables such as the gravity of the diagnosis and complexity of treatment.15 Competence is also skill and task specific by definition, and a child does not necessarily need to be globally competent to understand record access.

Older adults may face diminishing autonomy by degrees owing to debilitating disease and fluctuating capacity. Qualitative studies and Web-based surveys have shown that up to 80% of older patients prefer to share control of their health information with family or close friends.9,17 Certainly, decision-making should start with the patient when possible, with patient-driven caregiver input as needed. Analogous to pediatric considerations, determining access preferences is reliant upon family dynamics and there is no ubiquitous approach. Practitioners should engage patients in a discussion with their family and close friends about proxy access and document this discussion clearly in the chart. Evidence shows that proxy access can lead to improved coordination of care while respecting autonomy, ultimately resulting in better outcomes for older patients (Figure 1).9 Moreover, some portals have the technologic functionality to provide customized views and differential privacy settings to accommodate a variety of role-based experiences.

![Figure 1:](http://www.cmaj.ca/https://www.cmaj.ca/content/cmaj/191/40/E1100/F1.medium.gif)

[Figure 1:](http://www.cmaj.ca/content/191/40/E1100/F1)

Figure 1: 
Patient, clinician, technologic and institutional considerations for portal platforms.

As patients age, they are at increased risk of developing impairing illness that affects their cognition or capacity. In medical emergencies, there are procedures in place to guide practitioner actions, either through advanced directives or standards of care. These high-stakes, immediate decisions are often made quickly and do not inherently trigger issues surrounding portal access. However, in cases of insidious, nonemergent illness, there may be fluctuations in capacity over time that transpire between scheduled appointments of which the practitioner is unaware. As the patient’s relatives or friends may be privy to these deviations, enabling proxy access may help facilitate seamless care (Figure 1). This sentiment is echoed in PHIPA, which grants rights to authorized proxies in requesting health information for incapable patients.2 Certainly, a discussion of the terms of the patient–proxy relationship while the patient is well and of sound mind is ideal. Because the nature of illness is unpredictable, some have suggested to tether this topic to other important conversations, such as end-of-life wishes, as a memory aid for clinicians.18

### Beneficence and nonmaleficence

Retrospective analyses have shown that portals and other health information–exchange platforms may not only benefit individual patient populations but can also have positive economic and quality effects on the health care system overall.11 However, some groups deserve special mention. Adolescent patients have been identified by numerous studies as vulnerable because they may distance themselves from the health care system.18 The integration of personal health information with digital portals could prevent this alienation by providing a familiar electronic medium for engagement.12 Systematic literature reviews and consultations with subject matter experts have shown that care of adolescent patients is better when they are involved, particularly for management of attention-deficit/hyperactivity disorder and mood disorders, ensuring vaccination completeness and reinforcing medication adherence.19 The American Society for Adolescent Health and Medicine has adopted a favourable position on use of electronic records for the care of and to provide information access to adolescents, as long as special considerations have been taken to protect their privacy and unique needs.19,20

Similarly, older adults could benefit greatly from increased access to personal health information via portals. However, for this population, overly complex design features could lead to difficulty accessing portals. Surveys and retrospective analyses have shown that once they have activated their account, older patients use portals more frequently than younger patients. It is important to address any design-related issues to access that could hinder account activation.

Patients’ health literacy depends on their ability to interpret both qualitative and quantitative data — the latter referred to as health numeracy. Health literacy and numeracy can affect the utility of a portal.13 In addition to providing support at the practitioner and institutional level, involving a proxy user like a substitute decision-maker may allow for a more accessible portal experience.21

Some health care practitioners fear that providing access to clinic notes written by treating clinicians will cause harm to patients with a psychiatric illness.22 However, surveys, retrospective analyses and benefits evaluations have shown that having an accessible electronic record can strengthen medication compliance, reduce medical errors, improve transparency and help dissolve stigma around mental illness.7,23,24 Comprehensive survey data has found that patients with diagnosed mood disorders and psychotic illnesses had similar opinions and feelings about reading clinic notes compared with those without mental illness.10 Perhaps awareness of the fact that seemingly judgmental notes or confusing medical jargon can mislead the patient or disrupt the therapeutic relationship could motivate practitioners to use more descriptive language and avoid unnecessary labelling in their notes.8,25 Moreover, patients may benefit from reading notes that reinforce their strengths and achievements. For example, for patients who struggle with substance abuse, reading clinic notes may enhance their confidence in maintaining abstinence if the notes were accessible after a clinic visit.8

Some patients may be harmed from increased access to information. Those with severe paranoia, poor introspection or an acutely decompensated mental illness may have increased anxiety and psychotic symptoms with portal access.26 If a practitioner is concerned about a patient’s well-being and decides to restrict portal access, they are offered protection under PHIPA.2 Practitioners should use their professional judgment when limiting portal access, document any concerns clearly, and consult with the appropriate ethical and legal experts at their institution before taking action because such a decision to revoke temporarily the normal rights that a patient would otherwise possess cannot be taken lightly.7,24 Accordingly, it would be prudent to minimize the degree of blocked information where possible, with portals offering the functionality to allow for such dynamic access (Figure 1).

Although all personal health information has the potential to be sensitive, certain subject matter, such as genetic testing or biopsy reports, can carry potentially devastating diagnoses and cause patient harm in the form of fear and anxiety. Building in a lag time between information generation and portal upload for select scenarios may mitigate this harm so that practitioners have an opportunity to deliver results and establish a management plan before the information becomes available; however, such a practice arguably contravenes principles of autonomy. Ideally, such situations should be discussed with patients before setting up portal access.

Furthermore, institutions should prepare health care practitioners for the implementation of a patient portal, particularly in areas of medicine that deal with sensitive subject matter and may require restrictions. For abnormal tests that are not clinically significant, it may be helpful to build in educational materials or notifications onto the platform to comfort patients before their discussion with the clinician. For patients who experience anxiety while waiting for results, portal access has the potential to reduce this anxiety and prevent unnecessary visits to learn that their test results are normal.

### The privacy–autonomy paradox

Privacy scholars define informational privacy as an individual’s right to maintain control over their personal information.27 Given inherent differences between the analogue (paper-based) and portal environments, the exchange of information mandates new considerations to bolster privacy protection in the digital age (Table 2).

View this table:
[Table 2:](http://www.cmaj.ca/content/191/40/E1100/T2)

Table 2: 
Differences in personal health information

The use of patient portals changes who acts as gatekeeper for accessing personal health information. In an analogue world, a patient wanting access to a medical record would have to specify the records they want; this would be done in writing, in person, with each transaction at a health records department by an explicit consent model. This practice is inefficient and frustrating and it erects a barrier to patient autonomy and rights to access. However, having to check-in for each information acquisition allows for repeated assessments of the validity of the request and of the specific person making the request. The onus is on the requester to verify their right to access information.

In digital systems, once a portal is active, both the patient and associated proxies are generally granted access in real-time to an entire record — or major portion thereof — on an ongoing basis via implied consent. Unless initiated by a patient or practitioner, this system lacks repeated checks to assess the validity of the person accessing their personal health information. This makes the patient or practitioner responsible for checking that the requester has a right to access the information. Yet, the patient may not fully understand their rights or even be aware that another party is accessing their health information, while the practitioner may not know who has been granted access to the chart. Digital systems thus pose increased risk to the privacy and confidentiality of the patient.28 Indeed, this risk is compounded by cybersecurity threats inherent in digital and cloud-based systems.29,30 Portals should strive to ensure transparency by listing who previously had and currently has access to the information in a patient’s record and the corresponding timings when information has been accessed.

The analogue system presents barriers to autonomy, while the digital system presents risk to privacy (Table 2). Portals can augment autonomy by increasing patient access to relevant health information, while the safeguards involved with accessing paper-based records reduce the risk of unauthorized access. These challenges are present in day-to-day scenarios with patients who are well, but they are magnified when the patient’s capacity changes, such as the pediatric patient gaining maturity, the older patient with impairing illness or the psychiatric patient experiencing a decompensation. These risks to rights lie on a spectrum, and the potential for harm to the patient shifts depending on the degree of analogue versus digital and on whether the situation primarily deals with a lack of autonomy or a lack of privacy.

### Conclusion

Although health care practitioners may have valid concerns about patient portals and the digital environment for health records, risk can be mitigated by placing legal and ethical principles at the forefront of technical design and portal governance. Although many stakeholders are involved, clinicians are certainly a fundamental part of that process. The ethical code in medicine is well-defined and practitioners must strive to do what is in the best interest of the patient. Although law may be similarly static, it is important to recognize that some regulatory elements are dynamic and will evolve as new technologies, such as patient portals, change the delivery of health information. Clinicians and clinician-led organizations should abide by provincial and federal regulations while recognizing that outdated policy may not appropriately apply to novel technologies, in which case they should advocate to regulators and legislators to help fill gaps in the law.

## Acknowledgement

The authors thank Lipi Mishra for her assistance in providing legal research for this paper.

## Footnotes

*   **Competing interests:** Shaun Mehta is a part-time medical advisor for Dot Health. No other competing interests were declared.

*   This article has been peer reviewed.

*   **Contributors:** Shaun Mehta conducted the literature review and legal research. Shaun Mehta and Alun Ackery drafted the manuscript. Trevor Jamieson assisted with concept development and editing of the manuscript. All of the authors revised the manuscript critically for important intellectual content, gave final approval of the version to be published and agreed to be accountable for all aspects of the work.

## References

1.  *Personal Information Protection and Electronic Documents Act* (S.C. 2000, c. 5). Assented 2000 Apr. 13.
2.  *Personal Health Information Protection Act*, 2004, S.O. 2004, c. 3, Sched. A.
3.  *McInerney* v. *MacDonald* 1992 2 SCR 138. Available: [https://scc-csc.lexum.com/scc-csc/scc-csc/en/item/884/index.do](https://scc-csc.lexum.com/scc-csc/scc-csc/en/item/884/index.do) (accessed 2018 Nov. 28).
    
    

4.  O’Leary KJ, Sharma RK, Killarney A, et al. Patients’ and healthcare providers’ perceptions of a mobile portal application for hospitalized patients. BMC Med Inform Decis Mak 2016;16:123.
    
    

5.  Miller DP Jr., Latulipe C, Melius KA, et al. Primary care providers’ views of patient portals: interview study of perceived benefits and consequences. J Med Internet Res 2016;18:e8.
    
    [CrossRef](http://www.cmaj.ca/lookup/external-ref?access_num=10.1186/s12888-014-0305-9&link_type=DOI) 
    
    [PubMed](http://www.cmaj.ca/lookup/external-ref?access_num=25403285&link_type=MED&atom=%2Fcmaj%2F191%2F40%2FE1100.atom) 

6.  Protecting patient health information in electronic records. Ottawa: Canadian Medical Protective Association; 2013. Available: [www.cmpa-acpm.ca/en/advice-publications/browse-articles/2013/protecting-patient-health-information-in-electronic-records#ref](http://www.cmpa-acpm.ca/en/advice-publications/browse-articles/2013/protecting-patient-health-information-in-electronic-records#ref) (accessed 2019 May 27).
    
    

7.  Ennis L, Robotham D, Denis M, et al. Collaborative development of an electronic Personal Health Record for people with severe and enduring mental health problems. BMC Psychiatry 2014;14:305.
    
    

8.  Kahn MW, Bell SK, Walker J, et al. A piece of my mind. Let’s show patients their mental health records. JAMA 2014;311:1291–2.
    
    [Abstract/FREE Full Text](http://www.cmaj.ca/lookup/ijlink/YTozOntzOjQ6InBhdGgiO3M6MTQ6Ii9sb29rdXAvaWpsaW5rIjtzOjU6InF1ZXJ5IjthOjQ6e3M6ODoibGlua1R5cGUiO3M6NDoiQUJTVCI7czoxMToiam91cm5hbENvZGUiO3M6ODoiYW5uYWxzZm0iO3M6NToicmVzaWQiO3M6ODoiMTYvNC8zNDMiO3M6NDoiYXRvbSI7czoyMzoiL2NtYWovMTkxLzQwL0UxMTAwLmF0b20iO31zOjg6ImZyYWdtZW50IjtzOjA6IiI7fQ==) 

9.  Crotty BH, Walker J, Dierks M, et al. Information sharing preferences of older patients and their families. JAMA Intern Med 2015;175:1492–7.
    
    [PubMed](http://www.cmaj.ca/lookup/external-ref?access_num=http://www.n&link_type=MED&atom=%2Fcmaj%2F191%2F40%2FE1100.atom) 

10. Klein JW, Peacock S, Tsui JI, et al. Perceptions of primary care notes by patients with mental health diagnoses. Ann Fam Med 2018;16:343–5.
    
    

11. Mikk KA, Sleeper HA, Topol EJ. The pathway to patient data ownership and better health. JAMA 2017;318:1433–4.
    
    [CrossRef](http://www.cmaj.ca/lookup/external-ref?access_num=10.1177/0733464812447283&link_type=DOI) 
    
    [PubMed](http://www.cmaj.ca/lookup/external-ref?access_num=24781964&link_type=MED&atom=%2Fcmaj%2F191%2F40%2FE1100.atom) 

12. Hong MK, Wilcox L, Feustel C, et al. Adolescent and caregiver use of a tethered Personal Health Record system. AMIA Annu Symp Proc 2017;2016:628–37.
    
    

13. Taha J, Sharit J, Czaja SJ. The impact of numeracy ability and technology skills on older adults’ performance of health management tasks using a patient portal. J Appl Gerontol 2014;33:416–36.
    
    [PubMed](http://www.cmaj.ca/lookup/external-ref?access_num=16225445&link_type=MED&atom=%2Fcmaj%2F191%2F40%2FE1100.atom) 
    
    [Web of Science](http://www.cmaj.ca/lookup/external-ref?access_num=000233229200006&link_type=ISI) 

14. Grossman LV, Masterson Creber RM, Ryan B, et al. Providers’ perspectives on sharing health information through acute care patient portals. AMIA Annu Symp Proc 2018;2018:1273–81.
    
    [CrossRef](http://www.cmaj.ca/lookup/external-ref?access_num=10.1111/j.1440-1754.1973.tb01859.x&link_type=DOI) 
    
    [PubMed](http://www.cmaj.ca/lookup/external-ref?access_num=19654990&link_type=MED&atom=%2Fcmaj%2F191%2F40%2FE1100.atom) 

15. Sanci LA, Sawyer SM, Kang MS, et al. Confidential health care for adolescents: reconciling clinical evidence with family values. Med J Aust 2005;183:410–4.
    
    [CrossRef](http://www.cmaj.ca/lookup/external-ref?access_num=10.7326/0003-4819-155-12-201112200-00002&link_type=DOI) 
    
    [PubMed](http://www.cmaj.ca/lookup/external-ref?access_num=22184687&link_type=MED&atom=%2Fcmaj%2F191%2F40%2FE1100.atom) 
    
    [Web of Science](http://www.cmaj.ca/lookup/external-ref?access_num=000298280500014&link_type=ISI) 

16. Harrison CCanadian Paediatric Society (CPS). Bioethics Committee. Treatment decisions regarding infants, children and adolescents. Paediatr Child Health 2004;9:99–114.
    
    

17. Zulman DM, Nazi KM, Turvey CL, et al. Patient interest in sharing personal health record information: a web-based survey. Ann Intern Med 2011;155:805–10.
    
    [CrossRef](http://www.cmaj.ca/lookup/external-ref?access_num=10.1016/j.jadohealth.2014.01.011&link_type=DOI) 
    
    [PubMed](http://www.cmaj.ca/lookup/external-ref?access_num=24656534&link_type=MED&atom=%2Fcmaj%2F191%2F40%2FE1100.atom) 

18. Park K, Park MD, Longhurst CA. Patient and family access to electronic health records: a key ingredient for a pediatric learning health system. J Particip Med 2015;7:e3.
    
    [CrossRef](http://www.cmaj.ca/lookup/external-ref?access_num=10.1016/j.jadohealth.2004.03.002&link_type=DOI) 
    
    [PubMed](http://www.cmaj.ca/lookup/external-ref?access_num=15298005&link_type=MED&atom=%2Fcmaj%2F191%2F40%2FE1100.atom) 
    
    [Web of Science](http://www.cmaj.ca/lookup/external-ref?access_num=000222880400013&link_type=ISI) 

19. 1.  Gray SH, 
    2.  Pasternak RH, 
    3.  Gooding HC, 
    4.  et al
    
    Society for Adolescent Health and MedicineGray SH, Pasternak RH, Gooding HC, et al. Recommendations for electronic health record use for delivery of adolescent health care. J Adolesc Health 2014;54:487–90.
    
    

20. Ford C, English A, Sigman G. Confidential Health Care for Adolescents: position paper for the society for adolescent medicine. J Adolesc Health 2004;35:160–7.
    
    

21. Wolff JL, Kim VS, Mintz S, et al. An environmental scan of shared access to patient portals. J Am Med Inform Assoc 2018;25:408–12.
    
    

22. Forchuk C, Reiss JP, O’Regan T, et al. Client perceptions of the mental health engagement network: a qualitative analysis of an electronic personal health record. BMC Psychiatry 2015;15:250.
    
    

23. Robotham D, Mayhew M, Rose D, et al. Electronic personal health records for people with severe mental illness; a feasibility study. BMC Psychiatry 2015;15:192.
    
    

24. Kipping S, Stuckey MI, Hernandez A, et al. A web-based patient portal for mental health care: benefits evaluation. J Med Internet Res 2016;18:e294.
    
    [CrossRef](http://www.cmaj.ca/lookup/external-ref?access_num=10.1186/1471-244X-11-117&link_type=DOI) 
    
    [PubMed](http://www.cmaj.ca/lookup/external-ref?access_num=21791069&link_type=MED&atom=%2Fcmaj%2F191%2F40%2FE1100.atom) 

25. Genes N, Appel J. Ethics of data sequestration in electronic health records. Camb Q Healthc Ethics 2013;22:365–72.
    
    

26. Ennis L, Rose D, Callard F, et al. Rapid progress or lengthy process? Electronic personal health records in mental health. BMC Psychiatry 2011;11:117.
    
    

27. Chang C-H. New technology, new information privacy: social-value-oriented information privacy theory. National Taiwan University Law Review 2015; 10:127–75.
    
    

28. Bailey J. Framed by section 8: constitutional protection of privacy in Canada. Can J Criminol 2008;50:279–306.
    
    

29. Benedict M, Schlieter H. Governance guidelines for digital healthcare ecosystems. Stud Health Technol Inform 2015;212:233–40.
    
    

30. Chen SW, Chiang DL, Liu CH, et al. Confidentiality protection of digital health records in cloud computing. J Med Syst 2016;40:124.