The system SHOULD provide the ability to capture information regarding any individual or entity who requests PHR Account Holder data (including the identity of the requestor, stated reason for the request, the requestor's intended use of the data, date of the request, and the date of the PHR Account Holder's response to that request) according to user role, organizational policy, and/or jurisdictional law.

The system SHOULD provide the ability to capture the Authorization or Consent associated with the request for release of information according to user role, organizational policy, and/or jurisdictional law.

The system MAY provide the ability to manage the fulfillment status of requests.

The system SHOULD manage recurring, standing requests for PHR information.

The system MAY provide the ability for the PHR Account Holder to control access by adding password protection, purpose-of-use protection, and/or intention-of-use protection to PHR Account Holder-defined exported records.

The system SHOULD provide the ability to render PHR Account Holder identifying information on each page of the reports generated.

The system MAY provide the ability to export PHR records to a variety of PHR Account Holders using various platforms without needing special viewing software.

The system SHOULD conform to function S.3.4 (Manage Data Masking for Sensitive or Selective Information) when masking any PHR data provided.

The system SHOULD provide the ability to transmit electronic responses with unstructured and structured health record information.

The system MAY conform to function TI.5.1 (Application, Structured-Message, and Structured-Document Interchange Standards) to enable data extraction in standard-based formats.