Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

Patient-owned health data is a civil right and may help prevent breaches

As many in health IT know, the theft of patient health data has developed into an epidemic with breaches involving millions of health records in 2016, according to the Department of Health and Human Services (HHS). Among the biggest breaches were the Anthem and Premera Blue Cross hacks, and HHS even released guidance on ransomware attacks. At the same time, however, many patients are unable to get access to their own health data.

This situation has created quite a paradox, wrote Kathryn Haun, a prosecutor with the U.S. Department of Justice, and Eric Topol, a professor at the Scripps Research Institute in La Jolla, Calif., in an op-ed piece in the New York Times.

It doesn’t seem right that cybercriminals can so easily steal this private information while the person the information belongs to cannot access it.

“We need to move on from the days of health systems storing and owning all our health data,” Haun and Topol wrote. “Patients should be the owners of their own medical data. It’s an entitlement and civil right that should be recognized.”

In addition to being a civil right, Haun and Topol argue that patients owning their own data could also help quell cyber attacks.

The authors say that one solution is disaggregation, or medical data being stored in individual or family units in a personal cloud or digital wallet, as opposed to being kept in centralized databases and handled by healthcare organizations and vendors.

Haun and Topol also lauded blockchain as one possible approach to this solution.

“One approach, known as a blockchain, is an encrypted data platform that would give patients digital wallets containing all their medical data, continually updated, that they can share at will,” they wrote.

Haun and Topol insist that EHR software companies like Cerner and Epic won’t bring about the change that is needed.

“Their business is to sell proprietary information software to health systems to create large centralized databases for such things as insurance reimbursements and patient care,” they wrote. “Their success has relied on an old, paternalistic model in medicine in which the data is generated and owned by doctors and hospitals.”