Leonard Kish and Eric Topol recently argued eloquently for patient control of a lifetime health record, adding their voices to the calls for patient ownership of health records, building on the foundational notion that ownership is necessary in order to assert control because “possession is nine-tenths of the law.”
I certainly agree that patient control of data is of paramount importance, but I am not convinced that we need to take the leap to patient “ownership” of data, and I am not quite sure what that even means in this day and age — or how it really differs from the status quo.
I’m less worried about the name we use for the bundle of rights a patient has with respect to his or her health data than I am about the vehicle available to exercise those rights.
What has been missing is a platform that (a) empowers patients while (b) respecting the roles played in a patient’s health by all members of the patient’s care team and (c) recognizing the patient’s right to decide who’s on the team. More on that in a moment.
If we were looking at paper medical records in a general practitioner’s office, it would be a little easier to talk about ownership. We typically own physical things. In the physical world, the notion that possession is nine-tenths of the law makes sense. The traditional analysis of ownership in the paper medical records scenario is that the doctor owns the physical records – they are her business and professional records, they document her work. The patient also has rights, though: the right to access and copy the content of those records. A patient’s right to self-determination encompasses the right to have full information about one’s medical history and medical treatment.
At first blush, we might argue: When that which we would own is a collection of bits and bytes in the cloud, readable in multiple locations simultaneously, ownership and possession become less useful words to use. Upon reflection, however, it is clear that we can have ownership rights in the less concrete: one can own a patent or a copyright while millions possess – and, in fact, own — a better mousetrap or the Great American Novel.
I see no reason to depart from this construct, which has worked well in the paper medical record environment. There is a bundle of rights held by an author that attach to a book, and there is a bundle of rights held by a reader that attach to a physical manifestation of that book. There is ownership or control of the physical and there is ownership or control of the not-physical. (An inadvertent commentary on this idea is embodied in the name of the company that holds the copyright to the music of my favorite post-bop-meets-Latin-and-Ethiopian big band leader and his band, Russ Gershon and the Either Orchestra: Ethereal Cereal. Yes, these rights are ethereal. But they exist.) License agreements, real estate easements, and any number of other arcane arrangements demonstrate that we humans are quite capable of slicing and dicing rights into little packages that make sense in a variety of circumstances.
In the context of health data, I do not think that any of us who are not clinicians, or who are clinicians but do not specialize in the disease we suffer from, or who are such specialists but who value the perspectives of other experts, really want to collect and maintain our health data on a flash drive or a personal cloud, or on an open-source sharing platform, to own and to hoard, and then parcel out access on an as-needed basis. (Consider the buzz around Diaspora, the open-source, self-hosted alternative to Facebook, a couple years back. Where are they now?)
And none of us wants to even think about our health data all that much – or at all, really – unless and until we are sick or injured, or a loved one is sick or injured . . . and then we want our data and we want it now!
While some of us might want to act as ever-vigilant gatekeepers for our health data, we as a society are not about to blow up the health care system as we know it. Our social contract involves health care providers of all stripes — and third party payors and benefits administrators (for most of us). We engage in workarounds that recognize that the world exists as it does (providers and payors are custodians of our records, just as banks hold our money for us), and that we have needs that must be accommodated (we can usually get the information we want out of those records as needed, and we can access our money via ATMs and our smartphones). It would be impossible to catalogue all of the workarounds that exist in our crazy, mixed-up world; it would be nice to minimize the number that we have to employ, but we should all acknowledge that we will never be able to eliminate all of them.
Let’s get back to patient control of data. We at Flow Health have built The Operating System for Value-Based Care, which is a patient-centered platform for lifetime health records. That means that a patient can sign up for the service (it’s free) and we will go out and get all of that patient’s medical records, wherever they may be, and integrate them into a “single source of truth” that is then accessible to the patient, and to all members of the patient’s care team. The patient can add providers, family members, caregivers to the circle of trust, and can eliminate access as well. (“I haven’t seen that specialist in three years.” “I’m no longer speaking with my daughter.”) When the care team has full access to the longitudinal health record — the “single source of truth” — good things start happening: meaningful care coordination, elimination of duplicative studies and scans, configurable alerts from hospitals to PCPs around transitions of care. Good things get built to plug into this universal patient data layer through an open API. Smartphone apps that help collect data from the 99% of the time that a patient is not in the doctor’s office can be connected — on the patient’s say-so — to the social-media-like “feed” of the patient’s records, and the data can be delivered in meaningful bite-sized pieces to the clinicians who need to see them and understand them in order to manage patient care in a value-based care system.
Do I want to own my data? I want to control my data.
I want to own my car. A friend of mine prefers to lease his. He still has the freedom to hop in the car and head up to the mountains for the weekend.
David Harlow practices health law in Boston and serves as counsel for Flow Health.
When will the healthcare industry look to computer science experts (like Sweeney and Pentland) for solutions that enable the benefits of IT without the harms?
Current US HIT systems are designed for mass surveillance, create millions of hidden honeypots of 1000s or millions of individuals’ health information, and are not transparent or accountable. That’s not a sustainable business model.
The US HIT system enables data commercialization, but prevents patients from obtaining their own data or having private secure communications with doctors. Current HIT destroys patient relationships with physicians—-quite a feat—the very relationship that is the basis of the Practice of Medicine AND the source of health data is prevented.
BOTH—-the only way health or any research across millions can be done is if individuals own personal data & researchers query it. See Louis D. Brandeis Privacy Award winner MIT’s Alex Pentland on the New Deal on Data: http://hd.media.mit.edu/wef_globalit.pdf
Great quote :
“It would be impossible to catalogue all of the workarounds that exist in our crazy, mixed-up world; it would be nice to minimize the number that we have to employ, but we should all acknowledge that we will never be able to eliminate all of them.”
There’s strong motivation – and desire – to change all these crazy workflows – but I question the logic (or success) when we don’t change the incentives or (specific to healthcare) the liability.
Merle — As you note, we have different visions. At the core of the Flow Health vision is the opportunity for improved care coordination and care delivery enabled by a patient-centered longitudinal health record, read/write accessible in real time by any authorized member of the patient’s care team.
We—you, I, Leonard Kish, Eric Topol, ONC, HHS and most others—share the same objective/vision, namely, to have a patient’s complete medical record from all providers available at the point of care anytime, anywhere. Where we disagree and differ dramatically is on our priorities and how we can best achieve it.
Our priorities and criteria couldn’t be simpler. First, are FOCUS and SPEED of implementation. Our immediate concern must be to improve the quality of care during the patient-provider encounter and we should not wait for a perfect solution when a good one is ready to go. We must stop harming millions, killing hundreds of thousands and wasting $billions each year.
Second, is SCOPE and AVAILABILITY. It must work for everyone all the time, even in natural disasters and simple power outages.
Third, SIMPLICITY and EASE OF USE at all times. It must be plug-and-play, blend into provider workflow, and contain a patient’s complete up-to-date record from all providers so a provider can instantly access specific records, avoid mistakes, unnecessary tests, procedures and visits, and deliver better, coordinated, lower-cost care.
Fourth, it must be SECURE and FINANCIALLY SELF-SUSTAINING; the business model must support the system.
Fifth, EVERYONE MUST BENEFIT, including financially.
Sixth, it must be FLEXIBLE and AGILE so it can be improved and meet ever-changing needs.
Our MedKaz system meets these priorities and criteria—and then some. I’m not aware that any other system does.
David, if subscription is free (and always will be) … what is the business plan?
In Europe the patient-citizen-consumer has IP rights on his or her personal generated (health) data. But then, … data is one thing, quality data another.
All stakeholders, patients included, can (hopefully) add quality and thus value …
Think : connected Health Literacy, Intended use evidence & validation + their dissemination & promotion to the lay user, Usability of Apps & Devices, Lifeline data & measurement adherence, Datasets & context aggregation, Derived data, …
Within Epposi.org (the patients included multistakeholder platform since 1994) we promote an independent, not-for-profit, partnership-based, EU health data governance model.
After duly informed & granular opt-in consent, the data can be shared, against other value.
Starting from health data IP, the patient-citizen-consumer now has a very empowering business plan and can be incentivised to build and share his or her high quality datasets.
This will drive towards star-shaped interoperability around the data source and all along the high quality data value chain, meeting all stakeholders expectations.
Johan — Thanks for sharing information about epposi.org. I would be interested to know how broadly it is being used by patients. The EU and US start with different legal frameworks for data sharing and use, but we certainly have shared goals. There are some organizations in the US that have developed granular consents for data sharing but I wonder what the uptake will be beyond small communities of highly engaged patients.
The business model consists of delivering services needed by patients, providers and payors in the effective and efficient management of patient care. Providers and payors may contract for services built on top of the patient data layer and enter into revenue sharing agreements (e.g. the chronic care management (CCM) service is one example, described in greater detail here:
http://blog.flowhealth.com/chronic-care-management-as-an-outsourced-service/ – other examples include analytics, and services delivered via Flow Health apps).
David, you are correct that, in many day to day health circumstances none of us care about “data”, we care about decisions, and we want the best decisions that we or someone we hire can help make about these decisions. In a similar sense, we don’t care about the gas in our tank (or electrons in our battery), we care about what that fuel enables us to do, get where we want to go, and we need those electrons and that gas in an immediately accessible, or attached, vessel. The important aspect to the data is that it follows the person about in an immediately accessible form.
But wait, there’s more to it than that: we also want it in a form that allows us to make additional value both personally and for society at large.
Topol has given numerous examples of patients taking control of their condition through data, leading to new insights, and the opportunity to contribute to research. Senate testimony yesterday by Kathy Giusti of MMRF was full of great examples of empowerment and improved personal health and disease understanding. Patients can can use data to 1. make immediate decisions 2. save money (not repeat the test from a week ago) 3. Build new models 4. Allow others to build new models. There’s several kinds of value.
The problem with your construct that we can’t talk about “ownership” of data is false if for no other reason than that others can lay claim to data, and often do, and that prevents us from putting it in an immediately available vessel or from building new models.
It’s unclear why data cannot be property of an individual, when, in fact, many others can lay claim to the same said property. See list of specific language from various states here in reference to medical records: http://www.healthinfolaw.org/comparative-analysis/who-owns-medical-records-50-state-comparison
And part of that issue is, even if you have rights, you can’t effectively exercise them if you don’t have the data in your possession. You can’t go to copy your medical records in the middle of the night, it takes weeks, if you even get a response (I haven’t). We see this all the time, whether the record is in bits or on paper that resides in the possession of someone else. So I think we need to make data possession and ownership of the data the starting default, not the other way around, independent of the vessel.
I have great respect for what Flow Health is working toward, and it could solve many of these issues, but if the flow servers go down (for technical or, financial reasons) where does that data go? Our goal is to propose a more robust system that is not owned by ANY third party and therefore, most importantly, nobody else can lay a claim to the data, or to even possession of it without specific rights, and can’t go out of business. What’s most important may not be who owns or possesses the data, but who can’t own or possess the data.
Finally, the point we make is that there are emerging new vessels to enable ownership that could work similarly to digital paper, or, in this case, digital coin. Part of the reason so many people are looking at bitcoin/blockchain technologies (and there are many deep aspects) is because they solve part of the data owned by one person can’t be in more than one place without those bundle of rights that are immediately enforceable through network consensus. This is all very new, but we believe the appropriate vessels for digital ownership are emerging, and we need to pay close attention.
I’ll also add, it sure seems like when the data is on someone else’s servers, they always seem to keep pushing the edge of what they can do with the data, what rights they require. And if you, the “owner” of the data on said servers don’t agree to provide such rights?….. then what?
I think we agree that
1. Patients need unfettered access to their data.
2. Others have and/or need access to the some or all of the same data.
3. Patients need the ability to share their data with others.
Leaving aside for the moment the question of whether there should be outright patient ownership of records (and whether legislative change would be required to change that paradigm) vs. recognizing that each player in this drama has a different bundle of rights in health information of an individual patient — where we differ is in which approach to take to ensure that an individual’s data is in fact available when and where desired.
No approach is perfect.
As I understand it, you have described a model that sounds like it might come to exist in the near to middle future, that is likely to require a fair amount of technical know-how (a la minimg Bitcoin) or at the very least requires an extremely motivated patient, and that requires an active traffic cop patient or designee (to get records into or out of a patient-owned data store).
In contrast, the approach to populating the health data layer I have described is a gloss on the status quo, which leads me to believe that it may be more readily adopted by patients and by providers, for the reasons sketched out below.
Patients generally have at least some understanding of the right to demand their records and are in any event likely to authorize collection of records for a central repository in a frictionless encounter with a provider where that health information sharing will improve the individual patient’s experience of the health care system (no more filling out the same darn information on the medical clipboard in every single physician’s office, and having a greater level of confidence that Doctor A knows what Doctor B has been doing) just as it will improve care management as well as management of the cost of care( to which most of us are more exposed than we used to be, thanks to high deductibles and other forms of cost sharing in our health plans).
Providers, in an age of spreading value-based care, have a growing interest in health data silo-busting in order to engage in more effective care management, and are likely to welcome a patient consent that unlocks all records for this purpose, even if it has the “side effect” of making all EHR data available to the patient at the same time.
Furthermore, a “patient-owned” data store is no less vulnerable to failure than a data store operated by a company such as Flow Health, or by an EHR or PHR vendor. In each scenario, the data is likely stored in a secure cloud provided by a commercial operator. In business, arrangements are routinely made for disposition of assets in case of financial or technical troubles. And as noted in my post, I do not believe that the “self-hosted” approach is likely to catch on, for the very reasons that we do not see massive numbers of patient requests for health records on a regular basis: (a) nobody really cares about having access to their health records – until they do, and then they care very much; and (b) not enough people cared enough about the potential compromises to privacy on platforms such as Facebook to stage a mass exodus to a self-hosted open-source alternative such as Diaspora (which had its fifteen minutes, but never really caught on), and it is my sense that not enough people will care enough about health data in such a concrete way that they will undertake the effort necessary to port their records to a patient-controlled data store and manage them there.
Finally, the benefits that flow from patient control of and access to data, as described in your comment, do not require patient ownership. The construct of patent ownership of data does not exist at present, yet the benefits cited at the HELP hearing and by Eric have come to pass. Is the present system perfect? No. I just believe that there is an easier path to the goals we share than the one you have proposed.
Thanks for engaging with me on this important issue.
1. Patients need unfettered access to their data.
2. Others have and/or need access to the some or all of the same data.
3. Patients need the ability to share their data with others.
Peer to peer storage networks are not the same as private clouds, and you’re right, people won’t move because data, they’ll make decisions based on what they are enabled to do.
I sense, however, that major current data holders will recognize that their data will be much more accessible, valuable and much cheaper to manage, and will experiment, and those experiments will grow. Folks won’t be sold on the inputs, they’ll be sold on the outputs: better, cheaper, faster with more control and less risk.
Selling a peer to peer network and TCP/IP wasn’t the reason the internet was adopted. Peer to peer and blockchain won’t be how these networks are adopted, either. It’s about what you can do with them, and how to do things better. It’s data economics in an emerging health data economy.
You’re right, these things are medium-term, but our point is, objects may be closer than they appear, and it would be best to pay attention.
I’m not sure what “ownership” means here when you have a test like an echocardiogram or a MRI that consists of dozens or hundreds of separate or video images that can only be interpretated by someone with years of training watching a fast moving semi-video. So the patient owns the record?… he can’t use it without hiring another radiologist or cardiologist. I don’t even know what format you could put these in. The same thing obtains with a complicated series of electrolytes tests or endocrine assays. And the other thing you should remember is that most docs, if they have last month’s lab and radiology records in front of them, could care less about older tests. Rarely this is necessary. Everyone is constantly changing. It is important to _repeat_lab tests and imaging every so often.
Otherwise, your idea is fine.
We are in agreement on the first point – ownership is a slippery concept in this context – and not too far apart on the second point: the goal of patient control of records is not elimination of all repeat exams but, rather, elimination of unnecessary ones, and ensuring the ready availability of historical exams and other health information so it may serve as a point of reference as needed.