Why Don’t You Own Your Own Health Data?
David Brailer, MD, was the first head of the Office of the National Coordinator of Health Information Technology (ONC), appointed by President George W. Bush. Today, he is a venture capitalist.
In today’s Wall Street Journal, Dr. Brailer notes that a law passed in 1996 governs our access to health information. Clearly, it needs updating:
This brave new digital world has one huge risk: You don’t own your health information. In 1996 the U.S. passed a law called HIPAA (Health Insurance Portability and Accountability Act) requiring hospitals, physicians, labs, pharmacies and other “covered entities” as well as the health plans and their “business associates” (for example, an information-technology vendor) to protect how your data is stored and released. But not without delays, often for months. You can’t force a covered entity to give your data to someone you choose, and you can’t stop them from giving it to someone they choose. Health apps? Most aren’t covered by HIPAA at all, and can do whatever they want with your information.
It is a fascinating indictment by someone with unique expertise in the field. Dr. Brailer is demanding a substantial rewrite to current law. He is also deflating ONC’s assertions that it is succeeding in granting patients ownership of our health data.
I participated in a meeting in September 2013, in which Dr. Brailer’s charismatic and enthusiastic successor, Dr. Farzad Mostashari, repeatedly announced that he and his colleagues had (gulp) “created” – not even “discovered” or “defined” – a “new right” for patients to access our data. The notion that government agencies “create” rights should obviously be anathema in the United States.
However, another major obstacle to solving the problem Dr. Brailer identifies is that health insurers control most of our health spending. They also want to control our data. As long as this is the case, we patients will struggle to own our health data in any meaningful senses.
Only when patients directly control payment to providers will providers respect patients’ ownership of our own health data.
Health Data Bureaus (HDBs) are our future. They will function like Credit Bureaus do today only HDBs will be much more lucrative than a credit bureau. Transunion, Experian, and Equifax are billion dollar companies that trade on the private spending habits of every American. The same will occur with health data bureaus. Past is prologue: several consumer credit protections were passed by Congress over the last 40 years and the same will occur with health data “protection” legislation, however, Americans do not own their own health data under today’s laws. We “give permission” (sometimes) to entities to view our credit data and the same will occur with our private health data.
Thank you for that chilling comment. I fear you are right.
For those who think that data ownership is their right (or should be): name a single other instance in the US today where information that others collect about you belongs to you and where you have rights over what happens to it.
Chilling indeed…keep up the great work, John.