Controlled dissemination of Electronic Medical Records

Building upon a security analysis of the Dutch electronic patient record system, this paper describes an approach to construct a fully decentralized patient record system, using controlled disclosure of references to medical records. This paper identifies several paths that can be used to disclose references. Contrary to many existing national-scale system designs, our approach avoids centralization and ensures that patients (and/or their family doctors) remain implicitly or explicitly in control over the disclosure of their information, keeping the network of healthcare professionals who can access a patient's information to a minimum.