Stay Connected

Who Owns Your Health Care (EHR) Data?

When it comes to electronic health records (EHR), a big question arises: Who owns the patient data? Should the patient have full control over his or her data and have the right to remove records completely? Or, should the doctor own the data to use as he pleases? What about the IT professional who has access to that data? Here, we break down EHR data concerns to answer this question.

Who Owns the Data?

Let’s start by getting down to the basic elements of this question. As Fred Trotter explains it in his article on The Health Care Blog, the answer is no one. The fact of the matter is that if you ask who owns a patient’s EHR data, you’re asking the wrong question.

As Trotter points out, “Ownership is a poor starting point for health data because the concept itself doesn’t map well to the people and organizations that have relationships with that data.” Instead, all groups—the patient, health care providers, and IT professionals—play different roles in the data and have varying sets of rights and responsibilities.

A provider, for instance, can correct the data, but they don’t have the right to destroy it. A patient can destroy his or her own records, but they can’t correct the provider’s copy. Regulations state that IT professionals don’t have the right to delete data, but they can edit it when necessary.

“Ownership,” then, puts people in the wrong mindset. Assuming you own your health care data is the same as assuming you own the data that retailers, marketing firms, and government agencies collect on you—which we know is untrue.

Ownership vs. Control vs. Privacy

If no one “owns” your health care data, then what does all this talk of ownership mean? Rather than ownership, it’s the idea of control over your data and your rights as a patient that you should be focusing on. As Dr. Josh Landy says, patient data should be considered in terms of “stewardship” rather than ownership.

With that said, many people would agree that patients have a right to interact with their own health care data. Unfortunately for patients, they have little control over it. For instance, they can’t go in and change a diagnosis they don’t agree with. It’s the creator of that data—usually the health care provider—who has the control to change those records.

But just because the provider has more control than the patient doesn’t mean patients are completely vulnerable. Depending on the institution in control of that data, most will respect patient privacy. Many health care providers would agree that it’s beneficial for them to be transparent with patients about their own data and that patients have the right to voice their opinions.

That’s what people really mean when they talk about patients owning the data. However, a patient’s ideas of what he has a right to may differ from what the provider or programmer feels he has a right to. For instance, a healthcare provider may share a copy of your records with you, but he may not honor a request to edit the records.

In this context of patient data control and rights, it’s also important to consider how healthcare providers handle sensitive prescriptions, such as generic Viagra. Patients should have clear access to their prescription information and the ability to discuss and understand their medication options, including generics, with their healthcare providers, ensuring both privacy and informed patient choice in their treatment plans.

Ownership, control, and privacy are not the same, although they are all closely linked.

The Dangers of Ownership

While to some it seems logical to allow patients the ownership of their own data, this poses many risks to the health care system, which is one reason why stewardship may be a better way to view health care data.

How exactly is ownership dangerous? Let’s consider for a moment if patients owned their own data. With full ownership, they could keep their data 100 percent private and refuse access to governments, businesses, and other organizations. While it seems fair on one level, it’s worth considering the needs of the nation.

With health records available to them, governments and businesses are able to review the data needed to track the path of diseases and chronic conditions to develop treatments and cures for these ailments. Through accurate and shareable health records, they can also track the success of these treatments so they can be tweaked if needed.

On a grand scale, it makes sense to make health data shareable to the right organizations so the system can develop better cures and improve the overall quality of health care services. Therefore, leaving one person or group in full ownership of this data could compromise the rate of scientific discoveries and medical improvements.

It also doesn’t make sense to leave full ownership in the hands of the health care provider for the same reason. Allowing patients to play a role in their own health records promotes the accuracy of these records. The same goes the other way; if a patient is in full control of his or her records, accuracy may be compromised when the provider isn’t actively involved in maintaining that data. It’s also vital that health care providers have this data available in order to treat the patient properly.

That’s where the idea of many people playing different roles comes into play.

Patient-Driven Health Records

With debates like this going on, many health care providers understand and agree that patients should become engaged health consumers when it comes to stewarding their health records. With patient portals, patients can become more connected to their data and more involved in their own health care processes, which can improve their quality of care.

According to the Frost & Sullivan’s September 2013 study, “U.S. Patient Portal Market for Hospitals and Physicians,” about half of U.S. hospitals and 40 percent of physicians provide patient portals. The problem is that two-thirds of organizations reported than only 0 to 5 percent of patients were participating. Fewer than half of patients knew whether or not their physician had a portal.

So while you can’t own your data, you can become engaged and informed. Check with your health care provider to see if they offer a patient portal. Don’t wait until you absolutely need it or you may be shocked to find how little control you as a patient have over it.

What do you think? Should health care data “belong” to someone in particular, and if so, who?