You Don't Own Your Health Care Information. And You Should.

Lots of people are going to save money due to the digitization of your health care data. And lots of people are going to make money from it also.


Unfortunately, you are not going to do either because you don't own that information.

The important question is not why you don't  (we bet you have a pretty good idea) but when that should change. JL

David Brailer comments in the Wall Street Journal:

You don't own your health care information. You can’t force a covered entity to give your data to someone you choose, and you can’t stop them from giving it to someone they choose. Health apps can do whatever they want with your information.
Experts estimate that in five years we will generate 50 times more health information than today. Diagnoses, treatments, DNA, medical images and vital signs already are being analyzed and stored. Health apps, thermometers and scales, and even devices implanted in our bodies, are connected and streaming data. In the not-too-distant future, our lives will depend upon how our health information is accessed and used.
This brave new digital world has one huge risk: You don’t own your health information. In 1996 the U.S. passed a law called HIPAA (Health Insurance Portability and Accountability Act) requiring hospitals, physicians, labs, pharmacies and other “covered entities” as well as the health plans and their “business associates” (for example, an information-technology vendor) to protect how your data is stored and released. But not without delays, often for months. You can’t force a covered entity to give your data to someone you choose, and you can’t stop them from giving it to someone they choose. Health apps? Most aren’t covered by HIPAA at all, and can do whatever they want with your information.
There is another major risk. HIPAA was written to protect paper health records. In the digital world, health information isn’t “stored” and locked away. It is online, constantly on the move, and accessible to hundreds of legitimate users. But it is also vulnerable to hackers, like those who recently stole health records of nearly 80 million Anthem health-plan members and 10 million Premera members.
Since health care is one of the most tantalizing big-data industries, many companies are investing heavily to own a piece of the multi-billion-dollar monetization of health information. There is a big downside, however: It’s called health information blocking.
On April 10 the Office of the National Coordinator for Health Information Technology issued a scathing report that explained how electronic-records companies, and hospitals and health systems that own physician practices, unreasonably withhold health information to gain an edge over competitors and make it difficult for customers and patients to switch to other providers. These companies also want revenue that comes from using health information for drug research, targeted marketing and other efforts. They know that whoever controls health information will dominate the health-care marketplace and its vast profit pool.
It is crucial that Congress update health-information policy and privacy rules. Four principles should govern new legislation. First and most important, individuals should have unqualified ownership of their health information. Every person should be able to access his information whenever he wants, without blocking or delay. Health information should automatically follow patients wherever they get treated, unless they don’t want that to happen. Patients should be able to control which people and organizations are allowed to see their information, and whether those organizations can retain that information.
Second, individuals should be able to designate an intermediary to manage their information on their behalf. Many people would not want to handle their health information, so an “infomediary” could assist them and ensure that their information is used to advance their health status. Intermediaries could be a spouse, a hospital, a health plan, a pharmacy or even a tech company like Google, GOOGL 0.44 % SalesForce or Yahoo. YHOO -0.13 %
Third, standards for security protection should be raised so that information is protected wherever it flows. A secure medical Internet—encrypted data lines that are walled off from hackers and other threats—is needed to protect the perpetual movement of information among hospitals, physicians and other legitimate data holders.
Fourth, every “covered entity” that touches health data, including every app, should follow the same rules.
The gold rush is on. Someone is going to benefit from the immeasurable wealth created from your health information and its capacity to extend and improve lives. It might as well be you.