To ensure that your health records are kept private and secure, only you or someone who has your permission can access your health records through Blue Button. Since this requires that you log in to your healthcare provider’s or health insurance company’s web site or patient portal (a place for you to store and manage your health records online), you will likely be able to secure your health records with a username and password. The specific privacy and security safeguards associated with Blue Button vary depending on the organization that is offering it. Read the privacy policy on the site you are using for details.

To maximize the security of your information, we recommend that you use an encrypted “Direct” health email address. The Direct Project offers easy and secure messaging, enabling healthcare providers and hospitals to send your health records to you, including summaries of your recent visits, or reminders about preventive or follow-up care. Some Personal Health Records can provide you with a Direct Address that you can use to receive such messages. Direct Project messages are secure, which means that unlike email, they can be used by your healthcare provider to send your information securely to you and to other healthcare providers who are participating in your care. See if your healthcare provider and your personal health record provider support the Direct Project.

Once you download your health records, we recommend that you protect that information by either securing it with a password or encrypting it (translating it into a secret code).