Skip to main content

Who owns your personal health data?

Jennifer Girka, Healthcare Strategist Dell EMC
Written by: Jennifer Girka

Recently, the New York Times reported that the University of Michigan football team, as part of a $170-million apparel contract with Nike, will allow Nike to harvest biological data from its players through wearable devices, such as heart-rate monitors. The news raised concerns about the privacy and professional future of individual players, corporate collection of personal data and the impact on sports betting.

As the amount of health data collected about each of us grows—as more genomes, proteomes, and biomes are analyzed and as bio-trackers evolve from devices to sensor-rich clothing—concern about who owns, has access to, and profits from our biological data grows, too.

My body, your practice

At the same time, the ongoing debate about conventional medical records—whether and how much access patients should have to them—continues.

Most patients and their advocates believe that patients should “own” their medical data and be able to access it, control who else has access to it, and take it with them from provider to provider.

On the other hand, physicians and healthcare institutions have their own competing claims, interests and responsibilities. These include:

  • Regulatory requirements to maintain and preserve the master record
  • Frank, important, notes about patients and their behaviors in patient records
  • Concerns about lost or corrupted data—including intentional editing by patients to remove “embarrassing” information or to “doctor shop” (e.g., for opioid prescriptions)
  • Contention that medical information is too difficult for patients to interpret correctly

Many of these concerns can be addressed technically; for example, by providing patient access to a read-only copy of their record, instituting a controlled process for patient updating / corrections, providing defined fields for caregiver notes that are stripped from patient versions, and so on.

Empowering patients, but not too much

Even as health systems invest in making patients more engaged and empowered partners in their care, many patients continue to find that it is difficult and time-consuming to get access to or copies of their own medical records.

In response to rising patient complaints, the National Institutes of Health (NIH) issued guidelines in 2016. As the guidelines affirm, patients have the right to access or obtain copies of their records.

Lacking a single longitudinal patient record and/or a national health system database, however, patient information is typically fragmented, residing in multiple databases with multiple providers. Many patients continue to find that it’s up to them to coordinate among providers, making sure that their medical data is accurate and up-to-date in multiple locations. The lack of quick access to a patient’s complete record is especially troubling in emergency situations.

Learning from other industries

Are there lessons that healthcare can learn from how other industries handle personal data? While consumers don’t “own” the information that financial institutions collect about them, for example, they can easily access their account data online or via phone—and are provided with regular and event-triggered updates so they can make sure that information is correct and has not been compromised.

Similarly, two-way transparency in which both physicians and patients receive and review copies of the medical record, with each having a defined ability to authorize specific access to others, seems the right model. New transaction technologies, such as blockchain, which controls authorization and access via public and private keys and maintain a tamper-proof, auditable record of changes, review-able by all parties, might be used to control access and the integrity of patient records—enabling patients and multiple providers to securely access and amend a single record.

Who profits?

Precision Medicine is enabled by data—the more data, the better the insights.

To accelerate the development of new treatments, many people are donating their DNA and other health information to further the U.S. government-driven Precision Medicine Initiative and disease-specific researchers.

Patient health data living outside the health system, generated by research, devices, direct-to-consumer testing and lab services, and residing in personal, public, consortium, institution and corporate databases raises new questions:

  • How can this data be integrated with or into conventional medical records?
  • Is there a way for researchers to leverage new technologies, such as data lakes, to share data and analytics and accelerate advances in therapies, services, and devices?
  • Is there a way for entrepreneurs to own IP developed using personal or public data?
  • Can we define ownership rights in a way that distinguishes between raw medical data—and proprietary tools, services or discoveries made with that data?
  • When private enterprises seek to profit from personal health data, how should the individual’s interests be protected, represented, and, perhaps, even reimbursed?

As we wrestle with these issues, technologies and business models are morphing quickly. Notably, as governments advance toward their “million-cohort database” objectives, a private company, 23andMe has already collected and analyzed DNA samples from more than 1.2 million people, building the world’s largest genetic database. And they are profiting. Consider that more than a dozen companies have paid to gain access to subsets of 23andMe data, including one that paid $10 million just to look at the genes of people with Parkinson’s disease.

If data is in fact the new currency, then it’s safe to assume that personal health data is rising to the top in terms of value. The question remains whether we as the patient will be a broker and beneficiary to our own data.