Wyden Calls on Health Tech Companies to Add Privacy Features Letting Patients View and Control Access to Their Medical Records
Request to Ten Large Electronic Health Record Companies Follows Action by Epic, the Largest Such Company, to Roll Out New Data Privacy Features at Wyden’s Request
Defense Department Investigation Finds Significant Safety Risks to National Security
Washington, D.C. – Senate Finance Committee Ranking Member Ron Wyden, D-Ore., urged ten of the largest major electronic health record (EHR) companies to adopt gold-standard privacy measures to protect sensitive patient information from foreign spies and hackers.
Wyden’s letter comes after a Department of Defense (DOD) Inspector General report revealed that confidential health records of military personnel and senior government officials could be improperly accessed by bad actors.
Wyden urged the major vendors of patient health record software to adopt privacy features enabling Americans to control access to their health records. A 2016 law requires by default, Americans’ health records be widely available to any health provider in the country, even to doctors and other health care professionals who have never treated that patient. Epic, the largest health record technology provider, recently added new privacy controls at Wyden’s request, the letter reveals, enabling patients to see who has accessed their health records and to control access. Because of the legal requirement for data sharing by default, once a health records vendor develops this privacy feature, patients must still turn it on to protect their own health data.
“I write to seek information about if and how you are protecting national security and Americans’ privacy by enabling patients to safeguard their sensitive health information stored in the [EHR] systems you sell to their healthcare providers,” Wyden wrote in his letter to EHR vendors Oracle Health, MEDITECH, Altera Digital Health, MEDHOST, WellSky, Netsmart, McKesson, Veradigm, Athenahealth, and TruBridge. “I am committed to ensuring that Americans have a full range of tools at their disposal to protect their privacy.”
In 2021, a DOD Inspector General investigation found that personnel health records were vulnerable to improper access for “purposes of extortion, public embarrassment, or sale to others.” This raises significant national security concerns if foreign spies or hackers could breach confidential information on military officers or defense personnel. In June 2025, the Inspector General announced it was conducting a follow-up investigation into DOD’s efforts to protect health records from improper access. Widespread access to confidential patient information also threatens the privacy and safety of all Americans.
The text of the letter is here.
###
Next Article Previous Article