Personally controlled health records (PCHRs) enable patients to store, manage, and share their own health data, and promise unprecedented consumer access to medical information. To deploy a PCHR in the pediatric population requires crafting of access and security policies, tailored to a record that is not only under patient control, but one that may also be accessed by parents, guardians, and third-party entities. Such hybrid control of health information requires careful consideration of both the PCHR vendor's access policies, as well as institutional policies regulating data feeds to the PCHR, to ensure that the privacy and confidentiality of each user is preserved. Such policies must ensure compliance with legal mandates to prevent unintended disclosures and must preserve the complex interactions of the patient-provider relationship. Informed by our own operational involvement in the implementation of the Indivo PCHR, we provide a framework for understanding and addressing the challenges posed by child, adolescent, and family access to PCHRs.