Eliciting and characterizing scenarios of disclosure of private health data.

Sensitive health information is kept in Electronic Health Records (EHRs) which makes the data accessible, enabling its transfer against patient consent. Hence, the need for privacy-preserving mechanisms is a top priority. As a first step towards the development of privacy-preserving access control language, we used qualitative research methods to characterize scenarios of requests for disclosure of patient data and identify the entities involved, the context of the request, and the requested data.