On Feb. 12, 2019, CMS Administrator Seema Verma held a session with some members of the healthcare media (this reporter attended the session) at HIMSS19 in Orlando in which she previewed her keynote remarks at the conference. During the briefing, and later during the actual keynote, Verma provided insight into the recently released Interoperability Proposed Rule as well as spoke directly about the Center for Medicare and Medicaid Services (CMS)’ efforts for empowering American patients.
During each session, Administrator Verma highlighted specific actions her agency is taking to ensure Americans have access to their medical records in a digital format. She also profiled some of the steps for setting the stage to increase seamless flow of health information, reducing burdens on patients and providers, and fostering innovation in healthcare through the unleashing of data for researcher and care innovation.
The Administrator took a strong tone to support patient access to their health information and ownership of patient data. “One thing that I want to make very clear for the entire healthcare system is that the data belongs to the patient. It’s their data. It doesn’t belong to the provider. It doesn’t belong to the EHR company. It belongs the patient.”
A patient’s right to the privacy of their health records seems obvious, but some of the benefits of connected health will only be achieved if this right is qualified and perhaps compromised. Assuming the twin goals of maximizing both personal and public health, there can be no absolute rights of privacy or ownership in personal health data.
The tools of connected health make it possible to determine the efficacy and safety of diagnostic and therapeutic devices and services in the real world. This can serve as the basis for a learning health care system that continuously improves its services and outcomes. Today it takes between 15 and 17 years for the medical community to fully embrace better approaches.[1]
Traditional privacy and ownership rights of health data stand in the way of these benefits. An obvious example of the problem arises where an antibiotic drug taken for an infectious and dangerous disease is not effective. What if a diagnostic device is unreliable? Does the patient have an absolute right to privacy in these situations? What obligation does that patient and her provider have to other individuals who are at risk and to the system that is paying for ineffective services?
There has been a lot of discussion recently in regard to the ownership of patient health data in the electronic health records of providers. The issues of ownership and privacy are overlapping considerations in determining the answer to these questions.