Electronic Health Records (EHRs) have made patient information widely available, allowing health professionals to provide better care. However, information confidentiality is an issue that continually needs to be taken into account. The objective of this study is to describe the implementation of rule-based access permissions to an EHR system. The rules that were implemented were based on a qualitative study. Every time users did not meet the specified requirements, they had to justify access through a pop up window with predetermined options, including a free text option (“other justification”).

A secondary analysis of a deidentified database was performed. From a total of 20,540,708 hits on the electronic medical record database, 85% of accesses to the EHR system did not require justification. Content analysis of the “Other Justification” option allowed the identification of new types of access. At the time to justify, however, users may choose the faster or less clicks option to access to EHR, associating the justification of access to the EHR as a barrier.