Who Owns Healthcare Data?

John Orosco
June 15, 2023

For all of us working in healthcare technology we are in constant conversations around data. How do we protect patient data and how do we manage transporting, using, and destroying PHI?

We have huge insurance policies, detailed security reviews, online training for all staff, as well as discussions of rules and penalties. It is an ever-present part of what we do. What is never discussed is who owns the data we are spending so much time and effort to protect.

With our laser focus on privacy in healthcare we took our eye off the ball when it came to ownership. In the consumer realm this is a big discussion. We have all heard talk surrounding Facebook, or Google, or Microsoft hoarding and selling our data and we all accept a certain amount of risk when sharing anything online. But what about all the terabytes, petabytes, and exabytes of extremely sensitive personal health data? Who owns that?

We recently conducted two polls on the Red Rover LinkedIn page, and here is the breakdown of who we think currently owns healthcare data:

There is some disparity here but more than half of the respondents said that Health Systems currently own patient data. While this would certainly appear to be the most sensible response, as these companies have the visibility to run reports, pull previous encounters, and see old film, we must ask the question, is visibility ownership? To draw on some hypotheticals, if you were sold a car in which you paid a hefty amount, one would assume the vehicle is theirs to own. However, if there were rules in place that stipulated you couldn’t drive over 55 miles an hour, you could only certain roads, and you had to buy all your gas from your car vendor who charged more than the market rate, then you would really start to question if you actually owned the car or not.

The big Electronic Medical Record systems are analogous to this example. Try to use “your” data in a way that the EMR vendors disapprove of, or even worse don’t get paid for, and you will learn pretty quickly who owns the data in the system. How did this happen? In essence, the entire health system got outmaneuvered by simple contract incentives; be it discounts that can be taken away, or security concerns that can put administrators in a no-win situation. These massive contracts are laced with pressure points that can be used to keep their customers in line. Another concern is the technology itself, most of this data does not reside at the Health System anymore. The EMR vendors host the systems, so they have physical custody. All of a sudden there is a lot of “danger” when connecting to these systems by anyone not certified, and that certification is of course something the EMR vendors charge 3rd parties to acquire.

Our second poll was about who should own the healthcare data and we almost universally agree:

Is this realistic? The patient doesn’t have a data center. They can’t store terabytes of information. We can’t really give them control, like the ability to delete their data. That would wreak havoc in the continuity of care; the best we can offer right now is transparency and unfettered access. Understanding that this is my view, I’m very interested in your views; please post below and let me know what you think is the answer to giving patients more control of their data.

500 Locust Street PMB 190
Des Moines, IA 50309

Ready for a Demo?

Let us give you a personal tour of what Red Rover has to offer.

We will contact you through email or by phone, your choice, and we will arrange with you a time and place to perform a tailored demonstration.

Learn more!

Not ready for a live demo? No problem. With your permission we would love to send you a case study from one of our current partners and link to white papers on the Red Rover Core so you can further evaluate if Red Rover is right for you.