Sen. Ron Wyden, D-Ore., is urging 10 of the largest electronic health record vendors to give patients more control over who can access their health information.
The move follows multiple warnings from the Department of Defense’s inspector general about potential breaches involving the medical records of military personnel and senior government officials. In 2021, the watchdog flagged concerns that sensitive health data could be used for extortion, embarrassment or even sold. A follow-up review was launched in June to assess whether those risks have been addressed.
Federal law currently allows clinicians nationwide to access patients’ records by default — even if they’ve never treated the individual — unless privacy controls are manually activated. Sen. Wyden warned that this creates unnecessary exposure, not just for military personnel but for all Americans.
Epic, the nation’s largest health record vendor, recently added tools that let patients monitor and restrict access to their data. The updates were implemented at Sen. Wyden’s request, according to a letter sent to the companies. However, those features are not enabled automatically.
In addition to Epic, the senator sent letters to Oracle Health, Meditech, Altera Digital Health, Medhost, WellSky, Netsmart, McKesson, Veradigm, Athenahealth and TruBridge.
