New software could give people greater control over how their personal health information is shared between doctors and medical institutions—provided that enough health providers decide to use the system.

Today a patient’s data typically stays within a hospital group or doctor’s practice. If you get care elsewhere you are essentially a blank slate unless a special request for your data is made, in which case the entire record becomes accessible. But many patients may not want their entire medical history to be accessible by everyone they see, so there is pressure to develop tools that can be used to limit access. One tricky issue is that redacting details of a diagnosis may not remove all the clues as to that condition, such as prescribed drugs or lab tests.

A new tool developed by computer scientists at the University of Illinois can figure out which parts of a record may inadvertently reveal aspects of a patient’s medical history. The idea is that as data-sharing proposals advance, the patient would decide what parts of his or her record to keep private. A clinician would get advice from the technology on how to amend the record to ensure that this occurs.

The software bases its recommendations on a machine-learning analysis of many other medical records. This reveals what details could be associated with things like mental health episodes, past drug abuse, or a diagnosis of a sexually transmitted disease when the record is shared with another hospital or doctor. The tool could eventually automatically remove those additional details to keep that information confidential.

John Halamka, a professor at Harvard Medical School, chief information officer of Beth Israel Deaconess Medical Center, and chairman of the New England Healthcare Exchange Network, says the software promises to fill a gap. “Electronic health records at the moment have no facility—none—to break the record into parts,” he says. “You either get the record or you don’t.”

Under health-care reform and various initiatives to expand the use of electronic health records, the goal is to make sharing much easier to improve care and to keep the lid on exploding health-care costs (see “Prescription: Networking”).

However, for health information to be shared, patients must give approval, and many are wary of oversharing, says Carl Gunter, a professor at the University of Illinois who developed the technology as part of a national project he co-directs for improving the security and privacy of health data.

“Unless you give the patient some control over this, they will not share any information,” he says. “And that is going to cost the health-care system a great deal.”

The one big drawback is that giving patients the ability to redact their shared records could sometimes make it more difficult for doctors to treat them than if the doctors got the whole record. For example, if a patient has redacted a drug he’s taking—and the receiving doctor assumes the record includes the patient’s entire history—that doctor might prescribe a new drug that interacts dangerously, Halamka says.

But as a practical matter, in many cases, doctors currently get no data whatsoever. “As an emergency doctor, much of the time I have to fly blind,” Halamka says. “If I get something, it’s a whole lot better than getting nothing.”