Who Owns Your Health Data?

porsche911 writes "The Wall Street Journal has an interesting article about how the data from Implanted health devices is managed and the limitations patients run into when they want to see the data. Companies like Medtronic plan to sell the data but won't provide it to the person who generated it. From the article: 'The U.S. has strict privacy laws guaranteeing people access to traditional health files. But implants and other new technologies—including smartphone apps and over-the-counter monitors—are testing the very definition of medical records.'"

What rights?

[anorlunda]

HIPPA only applies to health care providers. Anyone else who gets your data by any means, is not restricted by HIPPA. Notable examples are life insurance companies. You sign a waiver to give them access to your health info to qualify for a policy. After that they can do whatever they want with the data. They can, and do, routinely pass it along to a medical information clearing house in Massachusetts (I forget the name of it), which is a third party. The clearing house dishes out the information (including personal identifying information) to anyone who wants to pay for it.

Americans imagine that they own their personal data. Data (information, facts) are not property and can not be owned. Intellectual property laws bestow some rights but not "ownership" You can own the rights but not the facts. If you could own facts, then you could prevent police and courts from using facts about your behavior against you.

Records, on the other hand are ordinary property. Whoever owns the records can treat them like any other property, regardless of the information they contain (exceptions for national security, for parties covered by HIPPA, records under subpoena and so on). There was once a notable case of a hospital in Las Vegas. They rented a warehouse to store paper patient records. They failed to pay the rent. The landlord sold all property stored in the warehouse to recover money owed to him. Neither the landlord, nor any subsequent owner of those paper records was restricted in any way as to what they could do with them.

Re:If a Medical Doctor was involved in the collect

[Bill_the_Engineer]

I believe NEMSIS' ultimate goal is to benefit individual patients by providing a mechanism to share en-route EMS data to participating hospitals and the various health departments.

This may be different than the goals of the medical companies mentioned in the article that may benefit pharmaceutical companies or others.

In other words, NEMSIS seems to be enforcing a data format that enables the transfer of data between medical participants (directly benefits patient and others may benefit indirectly from the government agency monitoring), while the companies mentioned in the article are trying to market the data that they have collected (directly benefiting themselves and others may benefit indirectly from advances made in medical science from aggregated data being sold).

Re:If a Medical Doctor was involved in the collect

[filthpickle]

They remove anything that can identify you before they share it. The aggregate is what everyone wants to see. That is how they would get around anything short of being expressly forbidden to do anything at all with the data.

Re:What rights?

[Chris Mattern]

Actually, no, he's mostly right, to my surprise. From http://www.hhs.gov/ocr/privacy/hipaa/understanding/coveredentities/index.html [hhs.gov]:

"The Privacy and Security Rules apply only to covered entities. Individuals, organizations, and agencies that meet the definition of a covered entity under HIPAA must comply with the Rules' requirements to protect the privacy and security of health information and must provide individuals with certain rights with respect to their health information. If an entity is not a covered entity, it does not have to comply with the Privacy Rule or the Security Rule."

The one thing he got wrong is that while the life insurance company's use of health information is not covered by HIPAA, the medical information clearinghouse *is*, as such clearinghouses are "covered entities" (along with health care providers and health plans--while your life insurance isn't covered by HIPAA, your health insurance is).

 

Re:If a Medical Doctor was involved in the collect

[dkleinsc]

It already is a political issue, the moment the idiots wanted politics involved in HealthCare.

If they're idiots, why is it that health care with lots of government involvement has better patient outcomes for lower costs?

This is the full problem of centralizing decision making away from the people.

The problem with patients making all the key decisions is that patients as a rule (a) don't have a clue what they're deciding, (b) have no idea what it costs, (c) would as a rule pay any price to not die, and (d) don't always have cash on hand when they would need to pay the price to not die. Those are the basic reasons why free markets don't produce optimal outcomes for health care.

Re:Health Data is owned by the Patient

[BetaDays]

A few years ago I was in the position of changing doctors and had a very hard time getting my data from my old doctor to the new. I had to constantly go after them to get copies. They kept putting it off and at one point said they owned the records since they prescribed any and everything medical for me. I explained that I owned my records, they may own the paper printed but the information is mine. I bought and paid for the tests and I paid the doctor to decide what tests needed to diagnose my problems and issues. I'm even paying them to keep my records safe by going to them all the time , being my primary care physician. As long as I am a customer of theirs they are happy with keeping my records on file and "lending" out as needed to doctors they refer me to but as soon as I said I was changing doctors (I moved and wanted a closer doctor then the 1.5 hour drive it would now take to get to my old one) they got all up in my face over my records.saying they owned them. After 3 months I finally got my records which really pushed me back 3 months on any medical diagnoses and treatments since the new doctor didn't want to start or stop anything the old doctor told me to do since he didn't have any facts of what my history was at the time. So now any tests I have done I make sure I get a copy for my own records and keep them in my safe at home.