Who owns a patient’s health information?
·The patient to whom it refers?
·The health provider that created it?
·The IT specialist who has the greatest control over it?
The notion of ownership is inadequate for health information. For instance, no one has an absolute right to destroy health information. But we all understand what it means to own an automobile: You can drive the car you own into a tree or into the ocean if you want to. No one has the legal right to do things like that to a “master copy” of health information.
All of the groups above have a complex series of rights and responsibilities relating to health information that should never be trivialized into ownership.
Raising the question of ownership at all is a hash argument. What is a hash argument? Here’s how Julian Sanchez describes it: