Healtcare IT and wireless health technologies will be producing in the coming years an almost immeasurable amount of data derived from electronic health records (EHRs), smart phones, body sensors, and other ‘connected’ devices. The ownership of this type of data is an object of debate.
Ownwership of EHR data is not the same as ownership of the material-based traditional paper chart. Ownership is a difficult concept as it is accessible via rights and obligations to various stakeholders. The right of access to the EHR by the patient or legal representative is mandated by law: http://ecfr.gpoaccess.gov/cgi/t/text/text-idx?c=ecfr&sid=f9d42bd17940fcc2b38ea4d1427dfb65&rgn=div8&view=text&node=45:220.127.116.11.18.104.22.168&idno=45. The record is accessible by payers as well as attorneys involved in cases involving the record. Therefore, ownership might not be as much an appropriate term as, suggested by others, is stewardship. What about EHRs and clinical research? A research study involving the collection of data by an individual or entity that does not provide medical care to the study patient may involve obtaining data from the EHR. What information do the investigators have access to? Is the information identifiable data? Can unidentifiable data at another time become electronically identifiable? Is the non-research related data ‘shielded’ from the investigators?
Data derived from wireless technology has been suggested as belonging to the consumer or patient, because it is originates from that individual. It may, however be sent to the EHR and become part of that record. It may be sent to servers that belong to the mHealth technology’s company. That company may just be a software company or may be one that owns a device related to the service. What if multiple companies’ technologies are employed by a patient and go to one server at a ‘covered entity’ (provider, insurer, hospital)? Who ‘owns’ the rights to the data to determine if it is then sold to an entity on a secondary market? Is the collection of a group of patients’ data, even if it unidentified, require the approval of an Institutional Review Board (human research subject committee)? As the data is ‘collected’ as part and parcel of the technology itself, one would argue it is not necessary. That is why wireless health technologies are unique.
These are all questions that are part of lively debates in the legal, regulatory, and commercial sectors. This is not the first time that technology is ahead of these issues. The Internet itself brought similar questions to light, some of which are still debated (sales tax jurisdiction and interstate licensing of physicians for the use of telemedicine among others). We shall see where all this leads. Hopefully these questions may be resolved without overregulation and with common sense.