The personal health information (PHI) that a health information system (HIS) stores and processes requires special caution to ensure authorized manipulation by system users. A diverse set of best practices, standards, and regulations are in place nowadays to achieve that purpose. To the access control element in a HIS, general data protection regulation (GDPR) will require explicit authorization and informed consent prior to this manipulation of patient information by healthcare practitioners in a system. The adaptations to cope this type of previous authorization on HIS requires not only a clear understanding of technicalities and modification to the underlying computational infrastructure but also the impact on players that interact with this type of system during healthcare service provision, namely patients and healthcare professionals. This article is an effort to understand this effect by means of collecting opinion from both players in a multicentric survey that presents different questions establishing scenarios that reflect this new control and its consequences.
