- December 9, 2021
The US Office of the National Coordinator for Health IT (ONC) and the Centers for Medicare & Medicaid Services (CMS) have released new rules requiring healthcare providers to permit patients to access their electronic health information. However, there are still concerns regarding patient privacy and third-party use of health data.
Patient data context
The new rules are intended to enable patients to make informed decisions regarding their healthcare, by allowing them access to data previously held only by healthcare providers and those who pay for it. Third-party IT companies will now serve as the bridge between providers and patients, letting patients access their data through standardized, open software.
This raises the question of who should have control over a patient’s data. Is it the provider, who collects the data and has the relevant expertise? Is it the third party, who controls the interface between provider and patient, and who is not bound to the patient by any duty of care? Is it the patient, as it is their life and health at stake, and it’s they who stand to lose the most should the other two entities take an adverse interest?
On a positive note, the agency granted to patients will change the dimension of the healthcare industry, making it friendlier to patients. People can get an idea of the services provided and the prices required and shop around as necessary to find the best options for them.
On a less positive note, because third parties do not have any duty of care to patients, there may be data privacy concerns when these parties handle the interface between patient and provider. With the amount of data passing through these third parties, increased patient agency may come at the cost of decreased privacy.
- Do you feel the new rules governing data access provide sufficient protection to patients?
- Texas is currently the only US state that explicitly forbids re-identifying anonymous medical data. Should other states also adopt similar provisions?
- What are your thoughts on commodifying patient data?