I think adult patients should have the right to see all their medical records, and to delete any details they wish from those records. Patients should also get to choose who will view their records. Not likely to happen, is it? No, adult patients are assumed to be incompetent, so ‘professionals’ make decisions about how our information is stored. Instead of controlling our own records, the opposite is happening – we’ve got endless news stories about people’s medical records ending up in the wrong hands.

There’s probably nothing I can do about it; the medical profession doesn’t give a damn how I feel about this situation. But what I can do to keep my information private is to stay away from the doctor. I do that as much as possible.

First, I agree that we own our own health data and should be informed on how/where it is stored. Protecting data ‘at rest’ is very important. And, clearly, any data breaches need to be properly reported as well.

However, health care is primarily about improving health and saving lives. For example, there is a lot of discussion around strong authentication to protect health records. A physician faced with an overly cumbersome authentication system is not going to be as effective as one who has ready and fast access to information. In acute care situations, excessive information security could literally cost lives.

So, I think that the issue is situational and complex, and working through the issues to find a balance between appropriate access and privacy protection is not an easy task…

I tend to think that all data about a person is their property. If a company or government institution is handling said data then they should manage it at least as well as a bank manages a safe deposit box.