Proxy Access to Patient Portals – Perspective from a children’s hospital

To enable access to patient portals for parents, proxy access rules must be put in place. These require careful consideration to comply with HIPAA and state laws.

Barb Bungard is Manager of IT Regulatory Operations, Akron Children’s Hospital, Akron, Ohio. Barb is an RN with a Masters in Nursing Informatics from the University of Maryland.  Akron Children’s uses Epic Systems MyChart as their patient portal.

We adopted a patient portal policy for all of our patients, including proxy access. We felt it was important for the policy to outline how the patient portal would function including: who is eligible for an account, the enrollment and verification process, and the types of proxy access we would provide. The policy includes: overarching guidelines, but our goal was to build flexibility into the policy so it would not require frequent changes as we continued to develop and enhance our patient portal usage. For example, the current language already includes the necessary parameters for our eventual roll-out of direct-teen access. We felt it was important for our clinical staff to have one all-inclusive policy covering all aspects of patient portal. 

Currently, we are developing specific secure messaging work flows and functionality. All of our clinics have different needs, staffing resources, and expectations on how secure messaging can be used to its fullest extent. Our goal for secure messaging is to improve care by making communication between our patient families and providers more efficient, more timely, and more meaningful. We are exploring existing workflows and the types of messages we will need to meet these goals.

Secure messaging functionality already exists for our patient portal users, but it has not been widely promoted in our clinics. This is an area with great potential to positively impact the quality and efficiency of our care and improve patient satisfaction. Our current policy specifies that secure messaging is available for medical advice, prescription refills and appointment scheduling. As secure messaging evolves to meet Meaningful Use, we may need to update our Patient portal policy, but we do not foresee any changes to our goal.

We examined existing state laws when we established the criteria for each of the proxy-access age ranges. To ensure compliance, we consulted our providers, legal counsel and privacy officer during our decision-making process.

For patients under the age of 12, the parent/legal guardian has proxy access to all health information and services available in Patient portal. The proxy receives an access code which must be activated to establish the Patient portal account.

To protect the privacy of patients ages 12-17, the identified proxy is not able to access certain information via patient portal. This includes medications, medical history, past medical appointments, etc. An exception exists for patients ages 12-17 who have diminished capacity (i.e. developmental delays or other conditions impairing cognitive ability).  For these patients, the parent/legal guardian continues to have full access to patient portal information.

When a patient becomes an adult at age 18, the patient is able to view all of his or her health information available in patient portal.

We will eventually implement direct teen access which will allow patients ages 12-17 to have the access to their health information through the patient portal.

The major issue we had around proxy access was respecting teen privacy rights, while at the same time providing the proxy with adequate medical information. The decision was made to limit the information available to the proxy once the child became an adolescent to respect those rights. Our adolescent medicine providers were very involved in the decision making, as was our legal counsel.

The current challenge we are working through is implementation of direct teen access. The parent/guardian will transition from Child Proxy access to Teen Proxy access, which has limited information, on the child’s 12th birthday. Simultaneously the Teen will become eligible to have direct Teen Access to Patient portal.  We would like to make this transition as smooth as possible, which creates its own set of challenges. At this age the child may not be having regular frequent interaction with our providers to enroll them with their new access. Thus we are exploring alternative mechanisms to enroll the Teen that may not require a visit with their provider 

We faced another challenge addressing situations where the parent/legal guardian no longer has custody of a child. For cases involving parental custody issues, child protective services, foster parents, etc., our policy outlines provisions which allow the medical staff member responsible for a child’s care to suspend or discontinue access to patient portal. We included our privacy officer in the development of this workflow to ensure we respected the rights of all parties involved but at the same time allowed our staff to act in the best interest of the patient.



patient engagement, proxy, patient portal, pediatrics