Last week, David Brailer published an op-ed in the Wall Street Journal warning of the problems with access to health information (see “They’re Your Vital Signs, Not Your Medical Records” – subscription required). He points out that the problem goes beyond third party access; individuals don’t necessarily have access to their own data. As he says, “You can’t force a covered entity to give your data to someone you choose, and you can’t stop them from giving it to someone they choose.”
The problem is called “health information blocking.” Brailer explains that companies “unreasonably withhold health information to gain an edge over competitors and make it difficult for customers and patients to switch to other providers. These companies also want revenue that comes from using health information for drug research, targeted marketing and other efforts.” He points to a recent “Report on Health Information Blocking” from the Office of the National Coordinator for Health Information Technology (ONC) at HHS which highlights the need for Congressional action.
As problematic as this is (and it is very problematic), is just part of a larger issue. As the subtitle of the WSJ piece says, “Americans don’t own their own health information.” Delete the word “health” and the larger issue becomes clear.
Back in 2011 I posted a piece on “Who owns your data”. In the piece I reported on what appeared to be a new consensus emerging that people should be paid for access to their personal information (for example, see the WSJ story published back then on The Market for Online Privacy Heats Up). I also noted the World Economic Forum’s Initiative on Rethinking Personal Data. I was especially excited by their report Personal Data: The Emergence of a New Asset Class). that report argued that:
Increasing the control that individuals have over the manner in which their personal data is collected, managed and shared will spur a host of new services and applications. As some put it, personal data will be the new “oil” – a valuable resource of the 21st century. It will emerge as a new asset class touching all aspects of society.
Unfortunately, enthusiasm for the idea of data as a personal asset seems to have died down in the intervening years. The most recent report from the WEF are about trust and privacy.
But issues of trust/privacy and of access/ownership are the proverbial two sides of the same coin. As I have argued before, in our report Information Age: Reframing the Debate,
we currently treat privacy, computer security, intellectual property rights, freedom of information, “right-to-know” policies and free speech issues as separate policy areas. Yet, they are all part of managing the information commons: what information is and should be private, what information is and should be proprietary and what information is and should be public. A more comprehensive approach is needed.
We see this fragmented approach played out in the ongoing debate over health records (as I’ve noted in 2009 and again in 2011). There continues to be a number of issues all jumbled up in the debate, including whether sold data would be used to discriminate and whether the data can be used to send marketing and our promotional materials. The emphasis in the debate seems to be on the right of the collector to collect and sell that data versus the patient’s privacy rights. The health care industry argues that excessive privacy restrictions would drive up administrative costs and stifle innovation. Privacy advocates argue that the industry simply wants to protect its profit stream. The latest issue of health information blockage adds a new twist to the debate–which may bring us back to the ownership issue.
What Congress and the Administration do (if anything) about health information blockage could provide a spark for a look at a more broader set of laws and regulation governing information. Likewise, crafting health information policy might learn from other areas, such as credit and other financial information, as to how sensitive information is handled.
But crafting a broader information policy also needs to be sensitive to the different uses of the information in different areas. The value of data (public versus private) is tied to its use. The public value of anonymous medical data for research purposes is incalculable. It seems to me that such data should be publicly available – with strong anonymity safeguards and no patient opt-out provision (just like Census data or data provided to financial regulators). Policy issues to be addressed include whether (and how much) such data could be sold and manipulated as a private information service–and what share should go to individual patient. Policies on private value-added to publicly available government collected data are already in place for other types of data.
Data that is used for improved customer services, such as flagging drug interaction problems, is also valuable. Here, a strict usage provision might be in order, i.e. cannot be shared with outside providers without permission. An opt-out provision might be in order for data used strictly for customer service. But if the data is going to a proprietary database (such as for marketing purposes, then an opt-in provision with a standard “royalty” rate applied.
Bottom line: information policy continues to be fragmented into sector silos (e.g. health information, financial information, economic & trade data, personal “sociological” data). Policymakers need to view all these areas as interrelated, with a common core set of principles applied to each specific circumstance. Addressing the health information blocking issue might be a way into a discussion of the larger principles.
Thanks to Jon Low at The LowDown blog for highlighting this.