Ownership of your own health data should be a fundamental right, right? But it isn’t. Eric Topol, Founder and Director of the Scripps Research Translational Institute, hit the nail on the head in this tweet:
Before we dive headfirst into the question of ownership of patient data, I think it’s important to explore a topic that most people have not given proper attention to — the complete lack of interoperability in medical systems and records.
Today, in order to get your own medical records, you have to rely on the privacy rule of 2000 which requires medical providers to provide you with a copy of your medical records “at a reasonable cost.” The rule doesn’t include a specific fee, but it states that the cost should not “impede the ability of patients to copy their medical records” but should at the same time allow providers to “recoup their reasonable costs for copying of protected health information.” Does this rule sound like it was written in an age before email and the digital revolution? Yes. And that’s because it was.
Thankfully things are starting to change. On March 9, 2020, two rules were issued by the HHS Office of the National Coordinator for Health Information Technology (ONC) and Centers for Medicare and Medicaid Services (CMS) to implement interoperability and patient access provisions of the bipartisan 21st Century Cures Act (Cures Act). The CMS Interoperability and Patient Access final rule, CMS-9115-F, outlines how health plans need to provide online access to provider directories and patient records. These new interoperability mandates come into effect on July 1, 2021.
The ONC rule specifies the interoperability data and technology standards for the sharing of medical records between patients, providers, and payers. These new data specifications break down the old system of health record silos. This will enable health records to seamlessly sync between all the providers and payers a patient interacts with. I recently wrote this piece, “1 digital health record to rule them all” which outlines what may become possible when health data interoperability is truly achieved.
But these new rules are not perfect and these accessibility changes do not solve the health data ownership problem. While new rule changes mean that companies like Automate Medical will help enable seamless health data interoperability, it’s still not clear who actually owns the data itself. In other words - sure the delivery of patient health records will shift away from photocopies or CD ROMs (who even owns a CD ROM reader anymore?) - but does this change anything around the custody and control of the data itself? No. Lots of questions remain.
Recently a health ministry adviser in Japan asked, “will the prime minister allow his own medical records to be stored on AWS?” This begs the question of both health data ownership and even the encroachment of Big Tech on national security interests, but that’s a topic for a whole other post. Most people agree that individuals should have quick access to their health data and maintain control and ownership over it, too. In reality, that's not how it works.
Every time a patient meets with a provider and shares information they are giving them something invaluable: their health data. The question of who actually owns the patient’s health data is overlooked, and patients are not compensated for providing their health data to these providers...yet. Eric Topol believes that owning your own health data should be a civil right. I agree. Eric’s tweet above nails things down on this topic cleanly and clearly in my opinion. So, what can we do? And what are people already doing?
This past week on June 23rd there was an awesome article in The Verge, the headline read: Hospitals are selling treasure troves of medical data — what could go wrong? It’s a good read if you have a few minutes and outlines the pros and cons of hospitals selling de-identified patient health data to niche startups and tech giants like Google. The piece still didn’t take on the big question in my mind, should patients be compensated when their health data (even if deidentified) is sold?
This will be the focus of my next piece where I’ll dive into the world of bulk health data purchasing and the rise of so-called biobrokers who are championing a business model which puts money directly into the pockets of patients for consenting to the sale of their health records.
Subscribe now to follow this series and my general musings on what I find interesting at the intersection of pop culture and health, legal, and finance. If you want to read more about the importance of health data interoperability, check out this open letter put together by me and my cofounders at Automate Medical. Until next time, goodbye and good luck.