Slashdot Mirror
Who Owns Your Health Data?
porsche911 writes "The Wall Street Journal has an interesting article about how the data from Implanted health devices is managed and the limitations patients run into when they want to see the data. Companies like Medtronic plan to sell the data but won't provide it to the person who generated it. From the article: 'The U.S. has strict privacy laws guaranteeing people access to traditional health files. But implants and other new technologies—including smartphone apps and over-the-counter monitors—are testing the very definition of medical records.'"
it's a medical record, entitled to the appropriate legal protections and the property of the person to whom it refers.
End of discussion.
Sphinx of black quartz, judge my vow.
Yup. Why would it be any different than the printout of an ECG or an image from an MRI? Just because it's inside the body doesn't make it something other than a medical device.
The world's burning. Moped Jesus spotted on I50. Details at 11.
I'm more concerned about a third-party selling my data. All medical information should only be between the doctor and the patient. Any intermediaries should have limits that prevent them from sharing the data with anyone other than the patient or the doctor (who is really acting on behalf of the patient). If there is a loophole that allows companies like Medtronic to sell patient data then congress should address this (I can't even type this with a straight face).
I'd thought these limitations are already in place and data from medical devices would be covered like data from labs and radiologists.
These comments are my own and do not necessarily reflect the views or opinions of my employer or colleagues...
The U.S. has strict privacy laws
Is that the same U.S. as in all the other posts? Since when has the U.S. any effective privacy laws?
Nae king! Nae laird! Nae yurrupiean pressedent! We willna be fooled again!
There is a large research market for de-identified data, regardless of its source. I suspect that is what is being sold. Even that is fairly well-regulated out of fear of HIPAA if nothing else.
According to Betteridge's law of headlines, the answer to "Who Owns Your Health Data?" is "no".
More Twoson than Cupertino
HIPPA only applies to health care providers. Anyone else who gets your data by any means, is not restricted by HIPPA. Notable examples are life insurance companies. You sign a waiver to give them access to your health info to qualify for a policy. After that they can do whatever they want with the data. They can, and do, routinely pass it along to a medical information clearing house in Massachusetts (I forget the name of it), which is a third party. The clearing house dishes out the information (including personal identifying information) to anyone who wants to pay for it.
Americans imagine that they own their personal data. Data (information, facts) are not property and can not be owned. Intellectual property laws bestow some rights but not "ownership" You can own the rights but not the facts. If you could own facts, then you could prevent police and courts from using facts about your behavior against you.
Records, on the other hand are ordinary property. Whoever owns the records can treat them like any other property, regardless of the information they contain (exceptions for national security, for parties covered by HIPPA, records under subpoena and so on). There was once a notable case of a hospital in Las Vegas. They rented a warehouse to store paper patient records. They failed to pay the rent. The landlord sold all property stored in the warehouse to recover money owed to him. Neither the landlord, nor any subsequent owner of those paper records was restricted in any way as to what they could do with them.
I believe NEMSIS' ultimate goal is to benefit individual patients by providing a mechanism to share en-route EMS data to participating hospitals and the various health departments.
This may be different than the goals of the medical companies mentioned in the article that may benefit pharmaceutical companies or others.
In other words, NEMSIS seems to be enforcing a data format that enables the transfer of data between medical participants (directly benefits patient and others may benefit indirectly from the government agency monitoring), while the companies mentioned in the article are trying to market the data that they have collected (directly benefiting themselves and others may benefit indirectly from advances made in medical science from aggregated data being sold).
These comments are my own and do not necessarily reflect the views or opinions of my employer or colleagues...
"Medtronic plan to sell the data but won't provide it to the person who generated it."
Why wouldn't they give you the data you generated? Why is this allowed? Why is patenting human genes going through a supreme court decision? Who in their right minds thinks that will ever turn out well?
"If any question why we died, Tell them because our fathers lied."
I wouldn't want my data sold to anyone...ever...period!
However as real-time monitoring devices become more prevalent, more precise, and more capable; I can see a strong argument made for the data being captured and analyzed in aggregate by "trusted sources". The CDC could get an early warning of an outbreak, or it could be found that a disproportionally large number of people in a small town are getting cancer due to poor working conditions in a factory or pollution.
As with any data collection tool, it has as much potential to harm as it does to help...but so does a hammer.
I'm sorry, but your opinion seems to be wrong.
They remove anything that can identify you before they share it. The aggregate is what everyone wants to see. That is how they would get around anything short of being expressly forbidden to do anything at all with the data.
I think that this is the correct thinking. The location of the data collecting device and the means of transmission make no difference. Whether or not it goes through a 'physician' makes little difference - if it's personally identifiable data, it should be protected.
If you are creating, say a smartphone app that follows your heart beat and respiration over time. Or your weight. Or your level of depression. Or whatever, the company creating the app needs to make it clear who has the data, who can get to the data and for how long. If they want to sell the data to an advertising company, fine, but it has to be upfront (in fact, you might want a cut of the pie).
People toss their private medical data all over the web. I'm always impressed about the number of patients I've seen who want me to take a picture of the large gash on their buttocks so they can put it on Facebook to amuse their friends. That's fine, it's their butt. Everybody else needs written and carefully drafted permissions. Including the implanted stuff.
It's really pretty much of a no brainer.
Faster! Faster! Faster would be better!
That is a multifaceted statement, so I'm sure it will generate some arguments covering various topics.
First of all, calling anybody an idiot for any reason especially for not agreeing with you is not conducive to a healthy discussion. I only bring this up because name calling plays a major part of the US government being dysfunctional.
There is absolutely nothing wrong with making anything a political issue. This is how a functioning democracy (more accurately republic) works. I'll go out on a limb and state that one major distinction between a republic and a dictatorship is the republic's ability to have political issues. I can only conclude that people who dislike political issues are those that wouldn't mind a dictator as long as that dictator did everything that the individuals wanted despite the fact that they might actually be in the minority of that country's population that agreed. Just reflect on that for a moment. There is no such thing as "I believe in a constitutional government as long as it only does what I believe it should" simply because there are other people involved and a lot of them pay their share of taxes too.
which brings me to this:
You have to centralize the decision process in order for political discussion to take place. You have two senators and a several house representatives that bring your local issues to this forum. Every time I see someone say we need to take our freely elected government back, I always ask "from who?".
Anyway back to the real topic -- government has to be involved to protect our rights as patients. Who else should it be?
These comments are my own and do not necessarily reflect the views or opinions of my employer or colleagues...
The only one I can come up with prima facie is that the health of one may affect the health of many. Tracking the vectors of diseases and shaping responses to them seems to be an appropriate function of a state-level health organization. For that reason at least part of your health data is not your own in the sense that you have full control of its dissemination. The benefits of knowing that piece seem to outweigh individual control of that data. There is always the possibility of a quarantine situation in which individual rights may be further constrained so there is certainly room for more oversight as to the specific implementation of this with that state-level organization.
It already is a political issue, the moment the idiots wanted politics involved in HealthCare.
If they're idiots, why is it that health care with lots of government involvement has better patient outcomes for lower costs?
This is the full problem of centralizing decision making away from the people.
The problem with patients making all the key decisions is that patients as a rule (a) don't have a clue what they're deciding, (b) have no idea what it costs, (c) would as a rule pay any price to not die, and (d) don't always have cash on hand when they would need to pay the price to not die. Those are the basic reasons why free markets don't produce optimal outcomes for health care.
I am officially gone from
A few years ago I was in the position of changing doctors and had a very hard time getting my data from my old doctor to the new. I had to constantly go after them to get copies. They kept putting it off and at one point said they owned the records since they prescribed any and everything medical for me. I explained that I owned my records, they may own the paper printed but the information is mine. I bought and paid for the tests and I paid the doctor to decide what tests needed to diagnose my problems and issues. I'm even paying them to keep my records safe by going to them all the time , being my primary care physician. As long as I am a customer of theirs they are happy with keeping my records on file and "lending" out as needed to doctors they refer me to but as soon as I said I was changing doctors (I moved and wanted a closer doctor then the 1.5 hour drive it would now take to get to my old one) they got all up in my face over my records.saying they owned them. After 3 months I finally got my records which really pushed me back 3 months on any medical diagnoses and treatments since the new doctor didn't want to start or stop anything the old doctor told me to do since he didn't have any facts of what my history was at the time. So now any tests I have done I make sure I get a copy for my own records and keep them in my safe at home.
Paul: Father... father, the sleeper has awakened! - Dune
You are correct, doctors do this all the time, so they can share case history so that others may benefit from your treatment. However, I believe the concern is with devices that your doctor is not equipped to handle in-house. I believe there are devices that send data automatically to a central location. The data is stored and forwarded to your doctor for review. The question is who owns that stored on the central server? I don't mind the company using that data to monitor the health of my implant, or to improve the device, but should they forward that data to R&D to create new devices? Sounds good, but how about marketing? Now I am a little concerned.