New state laws in Maryland and Oregon would give patients ownership of the medical data they generate when they visit healthcare providers.
In most circumstances, healthcare providers have ownership of the medical data they extract from patients. The Maryland and Oregon bills would give patients ownership of their medical data, opening up avenues for patients to be paid if their medical data is sold.
Both bills would require healthcare providers that sell medical information to tell patients they can share in the profits and would also require healthcare providers to get written permission from patients before selling their medical data, even if the data has been de-identified.
Some exemptions are included to the requirement to get written permission, such as cases where the information is used for public health activities, anti-fraud efforts, and some unpaid research.
The bills are the brainchild of Hu-manity.co, the maker of a blockchain-based app launched in September that aims to help users take control of their medical data. New Hampshire is currently the only state that has passed a law giving patients ownership of their medical data.
According to co-founder Michael DePalma, Hu-manity.co was founded on the belief that people should own their data, particularly their medical data, as personal property.
“People feel that information about their health is most personal of all,” he added. “It is consistently ranked as the information people feel is most sensitive. So in that sense, we’re all involved in healthcare and privacy issues.”
In some cases, people may want to keep control of their medical data, and in other cases, they may want to donate it or lease it, DePalma said. If patients lease the data, “the companies currently using the data would be able to use it in a more trusted and transparent way, and the individuals would be able to receive fair market compensation for the use of the data,” he said.
Some consumer advocates applaud the idea of consumers gaining ownership of their medical data and potentially getting paid for its use, but critics raise concerns that new rules could complicate the use of medical data for research and other legitimate uses.
Many people in the healthcare industry agree that increased patient engagement with their data would be positive, but so would more sharing of de-identified medical information, said Alaap Shah, a lawyer focused on healthcare and life sciences with Epstein Becker Green in D.C. Sharing of medical information that doesn’t identify the patients can improve medical outcomes, reduce costs, and create greater efficiencies, he said.
“Making sharing of such de-identified health information subject to patient authorization and attaching monetary interests that vest with patients could result in significant consequences to patient health, efficient operation of the healthcare system, and overall digital health innovation,” Shah said. “Requiring patient authorization to use de-identified data would likely reduce payors’ and providers’ abilities to conduct health care operations analyses to improve care delivery and cost.”
But supporters say the proposed laws are good for consumers and patients. The Fifth Amendment to the Constitution, prohibiting the taking of private property without due process and just compensation, should apply to medical data, said David Reischer, a lawyer and CEO of LegalAdvice.com.
Just like people have to give permission to be organ donors, digital health data should not be used without “express consent,” he added.
“A third party should not be allowed to exploit a commercial interest in an individual’s health data without even informing the person,” Reischer said. “An individual also has a right to privacy and therefore a legitimate right to know if a third party will access data that is derived from their own body.”
