Patient’s health data: Who should control it?

IMAGE CREDIT:
Image credit
iStock

Patient’s health data: Who should control it?

Patient’s health data: Who should control it?

Subheading text
New rules allowing patients to access their health information raise the question of who should have control over this process.
    • Author:
    • Author name
      Quantumrun Foresight
    • December 9, 2021

    Insight summary

    New rules requiring healthcare providers to grant patients access to their electronic health information have been introduced, but concerns remain about patient privacy and third-party use of data. Patients having control over their health data enables them to actively manage their well-being, communicate better with healthcare providers, and contribute to medical advancements through data sharing. However, involving third parties in data management poses privacy risks, requiring measures to educate patients about potential risks and ensure data security. 

    Patient data context

    The US Office of the National Coordinator for Health IT (ONC) and the Centers for Medicare & Medicaid Services (CMS) have released new rules requiring healthcare providers to permit patients to access their electronic health information. However, there are still concerns regarding patient privacy and third-party use of health data.

    The new rules are intended to enable patients to make informed decisions regarding their healthcare, by allowing them access to data previously held only by healthcare providers and those who pay for it. Third-party IT companies will now serve as the bridge between providers and patients, letting patients access their data through standardized, open software.

    This raises the question of who should have control over a patient’s data. Is it the provider, who collects the data and has the relevant expertise? Is it the third party, who controls the interface between provider and patient, and who is not bound to the patient by any duty of care? Is it the patient, as it is their life and health at stake, and it’s they who stand to lose the most should the other two entities take an adverse interest?

    Disruptive impact

    As third parties become involved in managing the interface between patients and providers, there is a risk that sensitive health data could be mishandled or improperly accessed. Patients may entrust these intermediaries with their personal information, potentially compromising their privacy. Additionally, efforts should be made to educate patients about the potential risks and safeguards available to them, allowing them to make informed decisions about sharing their data.

    However, having control over health data enables patients to take a more active role in managing their own well-being. They can have a comprehensive view of their medical history, diagnoses, and treatment plans, which can facilitate better communication with healthcare providers and improve overall care coordination. Furthermore, patients can choose to share their data with researchers, contributing to the advancement of medical knowledge and potentially benefiting future generations.

    Organizations may need to adapt their practices to comply with data protection regulations and ensure the security and privacy of patient information. These measures could involve investing in cybersecurity measures, implementing transparent data handling processes, and fostering a culture of privacy within the company. Meanwhile, governments may need to establish and enforce strict privacy regulations to safeguard patients' sensitive information and hold third parties accountable for their actions. Additionally, they can encourage the development of interoperable health data systems that allow seamless exchange of information while maintaining data privacy. 

    Implications of patient's health data

    Wider implications of patient's health data may include:

    • Competition among healthcare providers leading to more affordable and accessible healthcare options for individuals and potentially reducing overall healthcare costs.
    • New laws and regulations to address privacy concerns and maintain public trust.
    • A more personalized and targeted healthcare service, catering to the specific needs and preferences of diverse population groups, such as the elderly or individuals with chronic conditions.
    • Advancements in healthcare technology, spurring the development of innovative tools, applications, and platforms to facilitate data exchange and improve patient outcomes.
    • Employment opportunities in data management, privacy protection, and digital health services.
    • The Internet of Things (IoT) enabling the collection of real-time environmental and health data, leading to more effective disease prevention strategies and improved environmental health monitoring.
    • The market for health data analytics and personalized medicine experiencing substantial growth, with companies leveraging patient-controlled data to develop targeted therapies, treatment plans, and health interventions.
    • International cooperation and harmonization of data privacy laws to ensure the seamless and secure exchange of health information across borders.

    Questions to consider

    • Do you feel the new rules governing data access provide sufficient protection to patients?
    • Texas is currently the only US state that explicitly forbids re-identifying anonymous medical data. Should other states also adopt similar provisions?
    • What are your thoughts on commodifying patient data?

    Insight references

    The following popular and institutional links were referenced for this insight: