Patient online record access (ORA) is spreading worldwide, and in some countries, including Sweden, and the USA, access is advanced with patients obtaining rapid access to their full records. In the UK context, from 31 October 2023 as part of the new NHS England general practitioner (GP) contract it will be mandatory for GPs to offer ORA to patients aged 16 and older. Patients report many benefits from reading their clinical records including feeling more empowered, better understanding and remembering their treatment plan, and greater awareness about medications including possible adverse effects. However, a variety of indirect evidence suggests these benefits are unlikely to accrue without supplementation from internet-based resources. Using such routes to augment interpretation of the data and notes housed in electronic health records, however, comes with trade-offs in terms of exposing sensitive patient information to internet corporations. Furthermore, increased work burdens on clinicians, including the unique demands of ORA, combined with the easy availability and capability of a new generation of large language model (LLM)-powered chatbots, create a perfect collision course for exposing sensitive patient information to private tech companies. This paper surveys how ORA intersects with internet associated privacy risks and offers a variety of multilevel suggestions for how these risks might be better mitigated.