The storage of health records in electronic format, and the
wide-spread sharing of these records among different health
care providers, have enormous potential benefits to the U.S.
healthcare system. These benefits include both improving
the quality of health care delivered to patients and reducing
the costs of delivering that care. However, maintaining the
security of electronic health record systems and the privacy
of the information they contain is paramount to ensure that
patients have confidence in the use of such systems. In this
paper, we propose a framework for electronic health record
sharing that is patient centric, i.e. it provides patients with
substantial control over how their information is shared and
with whom; provides for verifiability of original sources of
health information and the integrity of the data; and permits fine-grained decisions about when data can be shared
based on the use of attribute-based techniques for authorization and access control. We present the architecture of the
framework, describe a prototype system we have built based
on it, and demonstrate its use within a scenario involving
emergency responders' access to health record information