The emergence of e-health has put an enormous amount of sensitive data in the hands of service providers or other third parties, where privacy risks might exist when accessing sensitive data stored in electronic patient records (EPRs). EPRs support efficient access to patient data by multiple healthcare providers and third party users, which will consequently, improve patient care. However, the sensitive nature of patient data requires access restrictions to only those `who needs to know'. How to achieve this without compromising patient privacy remains an open issue that needs further consideration. This paper, therefore, presents a novel method to support access to distributed EPRs with three levels of patient identity privacy preservation. The method makes use of cryptographic primitives. In comparison with related work, the method supports three levels of access requirements while preserving data owner's privacy on a single platform.