Campus Progress is now Generation Progress! Find out more »

VOICES

When Your Medical Record Goes From Paper File To Digital File, Who Owns The Data?

As medical records become digitized, patients and physicians are increasingly wondering: who owns the data?

CREDIT: Flickr user Adrian Clark.

Who owns your Facebook profile?

What about Twitter, Instagram, or any other social media platform on which you’ve created a profile?

When your personal information, along with pictures, videos, and comments, are loaded onto a social media platform, it is hard to be certain of who has access, who can share it, and sometimes even who can make changes to your profile. The fact that all this data is not physical, but exists in digital form somewhere in the massive data cloud of the internet, just blurs lines even further.

Now imagine that your profile isn’t just a collection of interests, friendships, and vacation photos, but a detailed list of steps measured by your Fitbit, a real-time chronicle of your heart rate and blood pressure, a list of every medication you’ve ever been prescribed, and an account of symptoms you are experiencing–along with possible diagnoses, genealogical risk factors, and impersonal observations from your doctor.

This is the essence of the current controversy in medicine over patient health data.

The last few years have been a period of turmoil in American healthcare, as a shift from paper to digital patient records has gotten underway. Of course, converting patient records into a digital format–broadly known as Electronic Health Records, or EHRs–is more than a different method of storage. As most every other industry has already learned, digital records open up all sorts of possibilities: sharing is easier, support for Big Data analytics becomes possible, new layers of interactivity with documents can be integrated, and automated messaging can draw from the information to auto-populate documentation with relevant personal data.

Someone (ostensibly with your permission) can log onto Facebook and quickly know your relationship status, age, hometown, education and work history, allowing them to do anything from “friend” you on the platform, to generate a hyper-personalized, targeted marketing campaign based on your specific interests. At the same time that users express their individuality, social media makes them quantifiable through their personal data.

Meticulously managing your privacy settings can’t necessarily stop other users from keeping posts, photos, or information about you long after you delete your account. So you appear to have ownership and control of access, but the impressions you leave behind can quickly escape your control, and possibly even awareness.

According to Facebook’s Terms of Service agreement, you do in fact “own” anything you add to your account–but few users make a habit of actually reading these documents before they sign up and log in. The iTunes User Agreement has become shorthand for the all the impossibly long, obscure legalese Millennials have learned to simply accept and forget as a matter of routine in the digital age.

The alternative, it would seem, is to miss out.

EHRs hold the same potential, but for medical purposes. EHRs can quickly provide doctors with your medical history: hospitalizations, medications, weight over time, chronic conditions. Throw in a little family medical history, and in the right hands, that EHR becomes a predictive instrument: will you go bald? How likely are you to have a heart attack? Are you having trouble losing weight because you cheat on your diet, or have a hormonal imbalance that requires more than swearing off drive-thrus?

The incredible promise of all these features have helped drive the shift to EHRs as a new standard in healthcare. But they also carry the confusion and ambiguity that has accompanied the rest of the digital age.

So even as doctors and developers try to realize the potential of healthcare in the digital age, the emerging question is: Who owns patient records?

In the eyes of many patients, the answer is obvious: patients do. As patients, they are the subjects of the records; their answers to physician questions recorded, their biometrics tracked, their X-rays and test results and medication histories all documented in a newly mobile, electronic format.

And unlike Facebook or iTunes, it is not generally up to patients to opt out of being recorded. Seeing a doctor always yields a record, and that record is more likely than ever to be electronic. So even if they don’t own or control the platform, surely the data that populates the EHR still belongs to the patients?

Physicians, nurses, and other care providers, sometimes take a different view. If patients are to have any access, it ought to be limited. For example, physicians are making notes not for the eyes of their patients, but for themselves, and the benefit of other professionals delivering treatment. Writing for a non-medical audience carries the risk of misinterpretation, or sensitivity (sometimes, the medical truth can hurt). From complex medical terminology, to the minutia of billing compliance, to the new international standards for healthcare coding, there is much to confound, upset, or distract patients with unlimited access.

These kinds of practical problems only compound when patients have not only access, but the ability to edit their EHRs.

In terms of access, patients also may not always be the best gatekeepers to these EHRs. Healthcare organizations and individual providers are all governed by a slew of federal privacy laws with respect to how they protect patient information.

Habituated to sharing by the ubiquity of social media, there is evidence to suggest that Millennials may not be sufficiently aware or assertive when it comes to protecting their privacy–and their data–online.

While moving all medical data into EHRs follows the digitization trend established by most other industry, it carries an elevated risk, due to the highly personal nature of the information, and the number of potential users–each of whom might be the weak link that allows the data, or entire system, to be compromised. Increased access might also mean increased vulnerability, to violations of both privacy and security.

Health information routinely needs to be shared. If you are referred to a specialist, that new doctor will need your primary care provider (PCP) to share the relevant history of treatment. If you should be in an accident and hospitalized, the trauma care team can better serve you by having immediate, direct access to all your health information without your explicit consent–it just may save your life.

EHRs are intended to streamline both storage and sharing of individual patient histories and health data. But they don’t answer the question of who effectively, nominally, or legally “owns” that information–or who gets the final word on controlling access.

During his Precision Medicine Initiative Summit in March, President Obama declared, “I would like to think that if somebody does a test on me or my genes, that that’s mine. But that’s not always how we define these issues.”

While this an important endorsement of patient-centered ownership of all health data, it is far from the final word on the issue. But as the potential of more comprehensive and sophisticated health data becomes known to the public–such as adding individuals’ genomic maps to their EHRs–more people are finding that they not only have a stake in this debate, they have an opinion.

As Millennials age and begin to consume more medical services, they will no longer be able to postpone confrontation with the issue of how healthcare is managed, delivered, and documented in America.

For current and future generations, social media is as much a standard feature of life as the internet, television, or cell phones. The conversation occurring around the nation right now will help determine whether patient-owned EHRs belong on that list–and under what conditions.

Facebook Twitter Tumblr Email
By clicking and submitting a comment I acknowledge the Privacy Policy and agree to the Terms of Use. I understand that my comments are also being governed by Facebook, Yahoo, AOL, or Hotmail’s Terms of Use and Privacy Policies as applicable, which can be found here.