Uncategorized

Who Owns Patient Data?

Who owns a patient’s health information?

·The patient to whom it refers?
·The health provider that created it?
·The IT specialist who has the greatest control over it?

The notion of ownership is inadequate for health information. For instance, no one has an absolute right to destroy health information. But we all understand what it means to own an automobile: You can drive the car you own into a tree or into the ocean if you want to. No one has the legal right to do things like that to a “master copy” of health information.

All of the groups above have a complex series of rights and responsibilities relating to health information that should never be trivialized into ownership.

Raising the question of ownership at all is a hash argument. What is a hash argument? Here’s how Julian Sanchez describes it:

“Come to think of it, there’s a certain class of rhetoric I’m going to call the ‘one-way hash‘ argument. Most modern cryptographic systems in wide use are based on a certain mathematical asymmetry: You can multiply a couple of large prime numbers much (much, much, much, much) more quickly than you can factor the product back into primes. A one-way hash is a kind of ‘fingerprint’ for messages based on the same mathematical idea: It’s really easy to run the algorithm in one direction, but much harder and more time consuming to undo. Certain bad arguments work the same way — skim online debates between biologists and earnest ID (Intelligent Design) aficionados armed with talking points if you want a few examples: The talking point on one side is just complex enough that it’s both intelligible — even somewhat intuitive — to the layman and sounds as though it might qualify as some kind of insight … The rebuttal, by contrast, may require explaining a whole series of preliminary concepts before it’s really possible to explain why the talking point is wrong.”

The question “Who owns the data?” presumes that the notion of ownership is valid, and it jettisons those foolish enough to try to answer the question into a needless circular debate. Once you mistakenly assume that the question is answerable, you cannot help but back an unintelligible position.

Ownership is a poor starting point for health data because the concept itself doesn’t map well to the people and organizations that have relationships with that data. The following chart shows what’s possible depending on a given role.

Person / Privilege Delete their copy of data Arbitrarily (without logs) edit their copy of data Correct the provider’s copy of the data Append to the provider’s copy of the data Acquire copies of HIPAA-covered data
Sourcing Provider No. HIPAA mandates that the provider who creates HIPAA-covered data must ensure that a copy of the record is available. Mere deletion is not a privilege that providers have with their copies of patient records. Most EHR systems enforce this rule for providers. No. While providers can change the contents of the EHR, they are not allowed to change the contents without a log of those changes being maintained. Many EHRs contain the concept of “signing” EHR data, which translates to “the patient data entering the state where it cannot be changed without logging anymore.” Yes. Providers can correct their copy of the EHR data, providing they maintain a copy of the incorrect version of the data. Again, EHR software enforces this rule. Yes. The providers can merely add to data, without changing the “correctness” of previous instances of the data. EHR systems should seamlessly handle this case. Sometimes. Depending on the ongoing “treatment” status of the patient, providers typically have the right to acquire copies of treatment data from other treating providers. If they are “fired,” they can lose this right.
Person / Privilege Delete their copy of data Arbitrarily (without logs) edit their copy of data Correct the provider’s copy of the data Append to the provider’s copy of the data Acquire copies of HIPAA-covered data
Patient rights Yes, they can delete their own copies of their patient records, but requests to providers that their charts be deleted will be denied. No. Patients cannot change the “canonical” version of a patient record. No. While patients have the right to comment on and amend the file, they can merely suggest that the “canonical” version of the patient record be updated. Yes. The patient has the right to append to EHR records under HIPAA. HIPAA does not require that this amendment impact the “canonical” version of the patient record, but these additions must be present somewhere, and there is likely to be a substantial civil liability for providers who fail to act in a clinically responsible manner on the amended data. The relationship between “patient amendments” and the “canonical version” is a complex procedural and technical issue that will see lots of attention in the years to come. Usually. Patients typically have the right to access the contents of an EHR system, assuming they pay a copying cost. EHRs frequently make this copying cost unreasonable, and the results are so dense that they are not useful. There are also exceptions to this “right to read,” including psychiatric notes and legal investigations.
Person / Privilege Delete their copy of data Arbitrarily (without logs) edit their copy of data Correct the provider’s copy of the data Append to the provider’s copy of the data Acquire copies of HIPAA-covered data
True Copyright Ownership (i.e. the relationship you have with a paper you have written or a photo you have taken) Yes. You can destroy things you own. Yes. You can change things you own without recording what changes you made. No. If you hold copyright to material and someone has purchased a right to a copy of that material, you cannot make them change it, even if you make “corrections.” Sometimes, people use licensing rather than mere “copy sales” to enforce this right (i.e. Microsoft might have the right to change your copy of Windows, etc.). No. Again, you have no rights to change another person’s copy of something you own the copyright to. Again, some people use licensing as a means to gain this power rather than just “sale of a copy.” No. You do not have an automatic right to copies of other people’s copyrighted works, even if they depict you somehow. (This is why your family photographer can gouge you on reprints.)
Person / Privilege Delete their copy of data Arbitrarily (without logs) edit their copy of data Correct the provider’s copy of the data Append to the provider’s copy of the data Acquire copies of HIPAA-covered data
IT Specialist Kind of. Regulations dictate that IT specialists and vendors should not have the right to delete patient records. But root (or admin) access to the underlying EHR databases ensure that only people with backend access can truly delete patient records. Only people with direct access to source code or direct access to the database can completely circumvent EHR logging systems. The “delete privilege” is somewhat difficult to accomplish entirely without detection, however, since it is likely that someone (i.e. the patient) will know that the record should be present. Yes. Source code or database-level access ensures that patient records can be modified without logging. Yes. Source code or database-level access ensures that patient records can be modified without logging. Yes. Source code or database-level access ensures that patient records can be modified without logging. No. Typically, database administrators and programmers do not have the standing to request medical records from other sources.

 

Ergo, neither a patient nor a doctor nor the programmer has an “ownership” relationship with patient data. All of them have a unique set of privileges that do not line up exactly with any traditional notion of “ownership.” Ironically, it is neither the patient nor the provider (when I say “provider,” this usually means a doctor) who is closest to “owning” the data. The programmer has the most complete access and the only role with the ability to avoid rules that are enforced automatically by electronic health record (EHR) software.

So, asking “who owns the data?” is a meaningless, time-wasting, and shallow conceptualization of the issue at hand.

The real issue is: “What rights do patients have regarding healthcare data that refers to them?” This is a deep question because patient rights to data vary depending on how the data was acquired. For instance, a standalone personal health record (PHR) is primarily governed by the end-user license agreement (EULA) between the patient and the PHR provider (which usually gives the patient wildly varying rights), while right to a doctor’s EHR data is dictated by both HIPAA and Meaningful Use standards.

Usually, what people really mean when they say “The patient owns the data” is “The patient’s needs and desires regarding data should be respected.” That is a wonderful instinct, but unless we are going to talk about specific privileges enabled by regulation or law, it really means “whatever the provider/programmer holding the data thinks it means.”

For instance, while current Meaningful Use does require providers to give patients digital access to summary documents, there is no requirement for “complete” and “instant” access to the full contents of the EHR. While HIPAA mandates “complete” access, the EHR serves to make printed copies of digitized patient data completely useless. The devil is in the details here, and when people start going on about “the patient owning the data,” what they are really doing is encouraging a mental shortcut that cannot readily be undone.

Fred Trotter is a recognized expert in Free and Open Source medical software and security systems and is the author of Meaningful Use and Beyond: A Guide for IT Staff in Health Care. He has spoken on those subjects at the SCALE DOHCS conference, LinuxWorld, DefCon and is the MC for the Open Source Health Conference. This post first appeared on O’Reilly Radar.

Livongo’s Post Ad Banner 728*90

34
Leave a Reply

15 Comment threads
19 Thread replies
0 Followers
 
Most reacted comment
Hottest comment thread
15 Comment authors
RhysMike OFamily Home Care & HospiceMichael MillensonSteve Balwin Recent comment authors
newest oldest most voted
Rhys
Guest

On a couple of occasions they tried to get me drunk but as their
own drinking became excessive I walked away. However, I am sure in a short
period of time she would have told me the details about her
unsuccessful return to her husband and what truly happened to their Office – Land franchise.
Of course, they had the help of my friend, Bill Higgins,
and my family.

Fred Trotter
Guest

I wanted to also point people to the excellent article that I just found about this issue at JAMA

http://jama.jamanetwork.com/article.aspx?articleid=183601

The article is by Mark Hall and Kevin A. Schulman

They have a concept called an anti-commons, which is the best description of what you get when you really carefully pull this issue apart.

-FT

Fred Trotter
Guest

Mike,
This article was actually published originally on the radar blog: http://strata.oreilly.com/2012/06/patient-data-ownership-access.html

The date in the URL is correct as far as I know.

Mike O
Guest
Mike O

One question: What was the date of this article? It seems to be July 20, 2012 (based on the URL and the date shown just above the comments). Yet the comments start on July 11. I am asking for proper research citation purposes. Thanks

Fred Trotter
Guest

The earlier date is correct I think. As I recall we made a minor change to the article which bumped the main date…

Family Home Care & Hospice
Guest

Medical data before it is given away should always have the permission of the patient. This data is a confidential matter and known only between the patient and the health care service provider.

Margalit Gur-Arie
Guest

Fred, The example you are providing for use of BP readings is actually a very nice illustration how data could be used to benefit entities other than patients. Why should people be forced to share their BP readings in order to provide some company better tools to increase profits? What do patients get out of that? Particularly those in cities where people are less healthy, probably because they are poorer, and now the jobs are going to go away to the prosperous healthy cities, making people even poorer and sicker? You could have tried for a better example…. However it… Read more »

Fred Trotter
Guest

Margalit, Your framing of my city example implies that cities have no control over how healthy their environments are. I could also say that you could compare BP data to a particular medication usage instead of a city, but then you would say that the drug manufacturer is taking advantage of the patient. Perhaps if my example had used carrots, but then grocery stores might take advantage of patients. Of course, a study that used this de-identified data to study the effects of grass consumption might seem innocuous enough, until you consider how lawn mower manufacturers would then take advantage… Read more »

Margalit Gur-Arie
Guest

Fred, With all due respect, your arguments are rather confusing. There is no “deep question” here that requires “careful discussion”. Patients own their health care information. Patients should be the sole decision makers regarding who can look at, or use their data, in any shape or form, and for any purpose, except as required by law. The argument that programmers who (at their employer’s behest) are most able to avoid regulations, somehow gain ownership rights based on this infraction, is frankly ludicrous. If data sharing benefits the patient, surely the informed patient will give you permission to share it. Or… Read more »

Michael Millenson
Guest

Fred:

Bravo for a thoughtful take on medical record ownership that has real potential to break through meaningless chatter and stakeholder deadlock. It’s a shame that so much of the discussion here became tangential, but perhaps a forum of hospital IT folks and patient advocates might spark a different dynamic.

Michael

John R. Graham
Guest

If I were to advocate a pure market position, I would state that there is a price for everything. Let’s start with the position that most of the data we are addressing are not currently available to the individual himself. He needs an expert to gather the data. So, there could be a lower price for data remaining private, and a higher price to make the data more widely available. I’m pretty confident that the market would figure this out. Alternatively, if the data were to be used for research, there could be a policy of not allowing a person… Read more »

Fred Trotter
Guest

I like a “market approach” to healthcare data. This is the approach that the medical banking people take. They take this idea to its extreme.

Hard to tell if it will work, but that does not mean it is not a good idea.

Steve Balwin
Guest

a good few interesting points raised here, from a patient perspective i think it would be unerving to know that you don’t own your own health information and that the people that created it had a right to distribute it to who they wish. I think thats a breach of confidentiality and trust and must go against many principals. Once your dececed i think its a different stopry but until then…

John R. Graham
Guest

Kidney is a bad analogy. It is a thing, not data. This is an excellent post, framing what I’ve been trying to figure out for a long time. Challenging the notion of “ownership” is just what I needed to come to grasp with it. The patient cannot own (most of) the data because the patient did not create (most of) the data. How can I “own” my cholesterol count? For most of human history, nobody even knew such a thing existed. How can I own that which I don’t know exists? In some philosophical sense, the party which collected the… Read more »

Margalit Gur-Arie
Guest

You figured it out wrong, John. Clinical data is information about you, the collection of which is incidental to services for which you have paid (or someone paid on your behalf). These people do not own anything. They have access to it for the sole purpose of providing you with the services you purchased and a fiduciary responsibility to safeguard your clinical data at all times. Any other use of your information should be considered theft and larceny and should be prosecuted. People should actually be sent to jail for trafficking in clinical data. Just because it’s not a tomato… Read more »

Fred Trotter
Guest

Margalit, I think John has mostly gotten it right. By letting go of the notion of ownership, we can have a more nuanced discussion. I want to specifically kibbitz some of your assertions here. First, clinical information is only sometimes “about you”. The whole notion of deidentification is to make data that is still a valid clinical fact, but not a fact “about you”. Even without de-identification, the use of the clinical data is not just for “the sole purpose of providing you with services that you purchased” the clinician can, and should use that data to improve performance, to… Read more »

Margalit Gur-Arie
Guest

Well, Fred, let me start by saying that I appreciate your point of view and do not have any doubts about your intentions being good. However, let me assure you that mine is not a knee-jerk reaction. We have evolved the health care conversation to use words in very peculiar ways and to confuse people in order to preserve the rights of corporations to profit. First of all data de-identification is largely a myth in this day and age, because everything can be reidentified and the entire big-data concept rests on combining multiple sources of information, which is how you… Read more »

Sandra_Raup
Guest

Margalit et al., It’s hard to see how a healthcare record is even that useful without the involvement of the patient. The patient needs to be able to see the information; correct or at least challenge incorrect information; give others such as advocates or family members access to help if they need that kind of help. Without that, I don’t think people can even rely on it – there are so many errors, many not seemingly significant but may be used in entirely unexpected ways. A few years ago a lawyer contacted me because I had documented in a hospital… Read more »

Fred Trotter
Guest

Margalit, The following statement: “because everything can be reidentified” “the entire big-data concept rests on combining multiple sources of information” “completely de-identified data is useless for research.” All of these are utterly false. Let me prove it. BP 127 / 83 This is a real persons blood pressure measurement. Can you re-identify it? I do not hold out much hope for your success. Feel free to pass it to a re-identification expert and see if they can make a better stab at this. Now suppose that I have every blood pressure measurement taken in the city of Houston today, listed… Read more »

Adrian Harris
Guest

Fred, I completely agree with you when it comes down to “ownership” being a useless term for health data. If I’m reading correctly, I agree that what it really comes down to is patient access to data. And access, for me, is even more complicated than ownership. In our digital age, how do we define access to our own information? The current Blue Button standards allow access to a .pdf of our medical records. When will access mean an easy-to-use UI? When will it mean actionable analysis of your health information? Metadata explaining your health record and links to outside… Read more »

Fred Trotter
Guest

Adrian, I have to applaud you, because you are the first commenter to fully embrace my core point: the conversations that really matter start after you stop debating ownership. To be very specific, I would be dubious about any health IT expert who would answer any of your questions is any way other than the following: In our digital age, how do we define access to our own information? – I don’t know, and I am trying to figure that out. When will access mean an easy-to-use UI? – I don’t really know how to define an “easy to use… Read more »

John Irvine
Guest

@ MD as hell – maybe

the better question may be does a third party have the right to sell / rent / give away your right kidney?

Sandra_Raup
Guest

Most people look to the case, Moore v. Regents of the U of California that discusses privacy vs. property rights in relationship to our own bodies and body parts. Here’s the wikipedia discussion of the case: http://en.wikipedia.org/wiki/Moore_v._Regents_of_the_University_of_California. This has traditionally been a sanctity of life issue that’s also reflected in laws against suicide and selling organs. But your question addresses the central issue in Moore – can a 3rd party profit from someone else’s body parts? It looks like they can if they have consent of the individual. Are you suggesting that’s a parallel example for uses of patient data?

Fred Trotter
Guest

I agree with Sandra_Raup. Lets tie this issue back to patient data ownership or lets drop it. I am sure THCB would be happy to host an entirely separate article on body part ownership…

Body part ownership is very interesting, but what does it have to do with patient data?

Steven E. Waldren, MD
Guest
Steven E. Waldren, MD

Fred, always enjoy reading your posts.

I would disagree that providers cannot delete a record. After the required retention time, they can delete.

I believe that the partnership of patient and provider own the data (where “provider” includes the clinician and the organization together). Kind of like putting intellectual property into an LLC.

The real question is who has what right to access to the data?

Fred Trotter
Guest

Steven, I agree completely that the real question is “who have the right to muck with the data?”. I also agree that in a healthy patient/doctor relationship it is something “like” putting intellectual property (I term I use ironically) in an LLC. But strictly speaking, only one entity has original copyright ownership of the data, and it is not the patient. So it is “like” that, but only by analogy. Your point of “the provider can delete eventually” is true, and I probably should have mentioned that there are cases/states where that can eventually occur. But my point is that… Read more »

BobbyG
Guest

Good post, Fred.

As a legal matter, PHI “ownership” (as inadequate as the word may be, beyond the essential attribute of “right to control”), varies broadly from one state to another and is in flux.

Fred Trotter
Guest

BobbyG,
In the strict legal sense of copyright ownership, I do not think it is in flux at all. I know of no state which actually modifies who owns the copyright. (not to say there isn’t just that I have not heard of one).

What you mean, I think, is that the underlying “what rights does the patient have?” question is in flux, and that is certainly true, and changing very rapidly.

-FT

BobbyG
Guest

I’m not conflating copyright broadly with PHI specifically. HIPAA is silent on the issue of “ownership” of PHI, but individual states are free to enact more strict PHI laws and take on “ownership” should they choose to. For exmaple, only one state declares that a patient “owns” their PHI (NH, IIRC). Florida law states that the provider “owns” “the medical record,” but that patients explicitly “own” any genetic information contained therein. My state (NV) may soon issue regs stating that the patient “own” their PHI. The other states are all over the map, and we can expect that new laws… Read more »

Fred Trotter
Guest

Bobby,
Your point that state law dramatically impacts these issues is well-taken. I should have mentioned that in the core article. I would also love to have links to the information that you are referencing, since it is the kind of thing that I like to keep up on.

So you think that the Florida and NH actually muck about regarding who holds the copyright? That is a fascinating possibility.

-FT

BobbyG
Guest

One of my sources is the Georgetown U. Health Information Privacy Project

http://hpi.georgetown.edu/privacy/

A lot of their stuff is rather dated. Unless you have Westlaw and Lexis Nexis accounts (and I don’t, given the $$$), you can’t keep up with all the various states’ stuff in timely fashion.

Part of my HIE work in Nevada goes to PHI privacy and security issues, so I stay on this stuff.

MD as HELL
Guest
MD as HELL

Who owns your right kidney?

Sandra_Raup
Guest

It depends on if it’s still in your body. If in your body, you have a privacy interest in it (you have the right to have a say what happens with it, such as donate it, if it’s not going to carry significant risk to you life but you do not have a right to commit suicide); if outside your body, it’s probably discarded (like a blood sample or other tissue and can be claimed by a research institution or lab if it has a legitimate use for it after it has come into its possession). Many people believe they… Read more »

Fred Trotter
Guest

Interesting but tangential.