While patient-controlled health records (PCHRs) promise easy and unprecedented access to medical information, user access policies will need to be carefully defined to preserve privacy and confidentiality. There are particular challenges in pediatrics, where both the minor's and the parent's rights to privacy and confidentiality need to be upheld. We propose a framework to define access control policies for a pediatric PCHR.