Could Digital Rights Management Solve Healthcare’s Data Crisis?

Today, academic medicine and health policy research resemble the automobile industry of the early 20th century — a large number of small shops developing unique products at high cost with no one achieving significant economies of scale or scope.

Academics, medical centers, and innovators often work independently or in small groups, with unconnected health datasets that provide incomplete pictures of the health statuses and health care practices of Americans.

Health care data needs a “Henry Ford” moment to move from a realm of unconnected and unwieldy data to a world of connected and matched data with a common support for licensing, legal, and computing infrastructure. Physicians, researchers, and policymakers should be able to access linked databases of medical records, claims, vital statistics, surveys, and other demographic data.

To do this, the health care community must bring disparate health data together, maintaining the highest standards of security to protect confidential and sensitive data, and deal with the myriad legal issues associated with data acquisition, licensing, record matching, and the Health Insurance Portability and Accountability Act of 1996 (HIPAA).

Just as the Model-T revolutionized car production and, by extension, transit, the creation of smart health data enclaves will revolutionize care delivery, health policy, and health care research. We propose to facilitate these enclaves through a governance structure know as a digital rights manager (DRM).

The concept of a DRM is common in the entertainment (The American Society of Composers, Authors and Publishers or ASCAP would be an example) and legal industries.  If successful, DRMs would be a vital component of a data-enhanced health care industry.

Giving birth to change. The data enhanced health care industry is coming, but it needs a midwife.There has been explosive growth in the use of electronic medical records, electronic prescribing, and digital imaging by health care providers. Outside the physician’s office, disease registries, medical associations, insurers, government agencies, and laboratories have also been gathering digital pieces of information on the health status, care regimes, and health care costs of Americans.

However, little to none of these data have been integrated, and most remain siloed within provider groups, health plans, or government offices.

In the past, technical and cost issues have restricted efforts to share and integrate health care datasets. However, advances in technology permit a bold vision of a new infrastructure involving shared access to big data, computing power, and analytic tools. The resources exist to access and analyze extremely large health data sets in the secure, HIPAA compliant, computing environments of data enclaves.

Data enclaves are a “secure computing environment, firewalled from outside intrusion, accessible only by authorized users, that allows for remote access to microdata where the inflow and outflow are controlled and monitored by either experienced confidentiality officers or by algorithms, whereby users have access to analytic tools and only those data they are licensed to use.”

The governance issues. What remain to be resolved is how to legally and administratively bring the data together:

  1. how multiple stakeholders will provide data under standard contribution agreements;
  2. how to link extremely large and multi-year files, match records across datasets, and provide statistical deidentification where necessary; and
  3. how to license these data to multiple researchers under standard use agreements.

As stated above, we suggest that these tasks be solved by a digital rights manager.

How the DRM will work. Data owners, such as provider groups, are reasonably concerned about unfettered access to data. Therefore, the DRM’s most important job will be to provide a low-cost, reliable, and technically and legally protective environment in which data owners are comfortable placing their data. The DRM will negotiate data contribution agreements with each data owner, and the DRM will grant access to data users consistent with these agreements.

Thus, a DRM will reduce the burden on potential data contributors giving them greater incentive to participate and share data by allowing them to deal with a single responsible party.

The DRM will also have a responsibility for fulfilling all the legal requirements that must be met—under HIPAA, state law, or otherwise—relative to the uses of the data. The DRM will also negotiate software-licensing agreements and arrange for commonly required intermediate value added services such as encrypted provider or individual identifiers or statistical de-identification.

To do so, the DRM will require specialized expertise in the HIPAA, statistical de-identification, and an enhanced institutional review board with an understanding of big data risks and opportunities.

Under this governance structure, health data owners who want to generate useful insights from their health data can do so securely. Their data, when shared, will be secure, their confidential information will remain protected, and they will not be burdened with administrative expenses associated with distribution, licensing, or oversight associated with their data.

In essence, all of these tasks can be efficiently contracted out to a common technology platform entity so as to reduce the burden on data owners, thereby making more likely that they will share their data. Thus, together, the DRM and the data enclave can transform health data into smart data (Figure 1).


Great benefits and manageable risks. The potential benefits of smart health data are great, but data must be actionable. To that end, the previously outlined governance structure removes barriers and creates new opportunities. For patients, the enclave will be an opportunity to receive better care from evidence-based practice and personalized medicine.

For physicians, more complete and accurate patient information will enable the delivery of better care. For health policy researchers and policymakers, linked data will allow for a better understanding of trends and the impacts of policy initiatives. As a result, the enclave offers an efficient setting in which to engage in comparative and cost effectiveness research.

Some may question the wisdom of hosting so much data. We believe that smart data enclaves will mitigate the risks to patients and providers. As a country, we are missing an opportunity to maximize the gains from the already expended effort to create EHRs and from nearly two decades of HIPAA compliant health data use. Entire generations of medical professionals and researchers are unfamiliar with administrative claims and registry data due to the absence of cost-reducing shared infrastructure.

The question should not be whether we should have a smart health data world, but how soon can we make it happen.

Newman, David, Herrera, Carolina, Frost, Amanda, Parente, Stephen. The Need For A Smart Approach To Big Health Care Data, Health Affairs Blog, 27 January 2014. Copyright ©2014 Health Affairs by Project HOPE – The People-to-People Health Foundation, Inc.

Livongo’s Post Ad Banner 728*90

Leave a Reply

9 Comment threads
2 Thread replies
Most reacted comment
Hottest comment thread
8 Comment authors
David NewmanFred TrotterAdrian Gropper, MDPaulAndrew Oram Recent comment authors
newest oldest most voted
David Newman
David Newman

The concept of digital rights management as a technology from dvd, cds, is not what is being proposed here — quite explicitly it is the introduction of a legal regime that makes holders of data more secure in the sharing of the data and a legal regime that makes gaining access to the data easier. Moreover, at the intermediate step, there are numerous value added components that can be introduced, such as matching across data, that reduce the cost to researchers wanting to use these data.

Fred Trotter

This is just smart enough sounding to pass through the TCHB filters (which are usually quite good), but the ideas here are mostly bunk. The ideas here are valid to the degree that they are not specific and to the degree that they are specific they are not valid. What you are suggesting is something pretty similar to the “Health Data Bank” that floated for years… in that respect it is an interesting idea… and worthy of discussion. But you are referencing a technology stack with DRM that is universally regarded as a broken technology, which means that no reasonable… Read more »

Bobby Gladd

FRED!! My Man! Great response. You goin’ to HIMSS14?

Adrian Gropper, MD

The perspective of a hurting person forced to seek the help of a physician doesn’t come through in this post. Just because technology enables mass universal surveillance does not mean we should rush to build the panopticon. Are we headed for one big enclave for everyone and everything on the planet or does each physician post on her door which enclave they will send the patient’s data to? Do I have a choice of enclave and can that be the only place where my personal data goes? Will access to the data in the enclave favor corporations over communities, licensed… Read more »


This jargon still leaves many questions re patient privacy over their medical records: two quotes follow….one from J. Salwitz MD and the second from Randy Barnett law professor at Georgetown. Salwitz: “However, it is vital, as we pursue this technology, that we guarantee each person has control over his or her records. Patients must be able to determine who can and cannot see their E-Chart, whether it is other doctors, pharmacies, insurance companies or hospitals. They must decide which parts of the records are shared, as well as when and why. In much the same way we share our bank… Read more »

Andrew Oram

An interesting application of technical content control measures, which in general I don’t like but may find value in health. There is a precedent: some cloud-based image sharing sites use content protection for such things as withdrawing the privilege to view an image after a certain amount of time. See

Shane Irving

I know each States (and regions within) HIE progress differs quite a bit. There are many HIE’s that are gaining critical mass in some regions. Could the DRM sit on top of the regional HIE infrastructure to support the country wide sharing? I do agree that it will probably take some kind of central governance to be effective…

Bobby Gladd

Digital rights management (DRM) is a class of technologies[1] that are used by hardware manufacturers, publishers, copyright holders, and individuals with the intent to control the use of digital content and devices after sale;[1][2][3] there are, however, many competing definitions.[4] With First-generation DRM software, the intent is to control copying; With Second-generation DRM, the intent is to control viewing, copying, printing and altering of works or devices. The term is also sometimes referred to as copy protection, copy prevention, and copy control, although the correctness of doing so is disputed.[5] DRM is a set of access control technologies.[6][7] Companies such… Read more »

Bobby Gladd

(from the Wiki)

Bobby Gladd

DRM is viable where there is broad federal and states’ consensus as to the “ownership” (and distribution of value) of “intellectual property.”


Well, let’s put it this way: DRM seems to have worked fairly well for content, my confusion over the finer points of managing my digital music collection notwithstanding ..