The Patient Data Act and associated regulations have special provisions regarding the allocation of permissions and access control. The Swedish Authority for Privacy Protection is the supervisory authority, and is responsible for ensuring that these provisions are followed by all healthcare providers that are part of the shared electronic health records system.