Privacy Protection in Patient Centric Electronic Health Record

Patient empowerment and self-care are expected to play an important role when developing new e-Health solutions, and in order for the patient to take an active role in his own treatment and follow-up, he should be given the responsibility for his/her own Personal Health Record (PHR)[1]. This is also supposed to be implemented as fundamental patient?s right in the new health reform in Norway which is currently under evaluation. However, it is unclear how this can be achieved taking into account the laws and regulations regarding privacy and security for a Norwegian patient centric PHR solution. A patient centric PHR solution can be implemented under governmental control, or the patient can be free to host his PHR at Google Health, or prepaid private web solutions. In this paper we will focus on how to take care of the privacy issues in a patient centric PHR, where the patient can define which persons or personnel should have access to the actual content.