Patient Data: Access, Privacy & Ownership
While patient data offers a trove of information that can be used for further research or population health studies from a government or policy perspective, a key concern still remains – do patients themselves know or approve of how of their health information is used?
At the HIMSS Australia Digital Health Summit on 21 November, a patient advocate from Australia and officials from the public health sector from Singapore and Australia sat down for an extended discussion on the complexities of the ownership, access and secondary use of patient data.
Who owns the data?
The reality is that providers, patients and HIT vendors all have some justifiable proprietorship over patient information/data to a certain extent but that reality can be quite complex. A/Prof Low Cheng Ooi, Chief Medical Informatics Officer (CMIO) of Ministry of Health (MOH), Singapore, explained that it is accurate that all the data belongs to the patient – things like vital signs, imaging and laboratory results all belong to the patient.
However, the part about who owns the patient information that can be controversial is the assessment and the professional opinion of the clinician. This is because the clinician makes a point of the assessment from the original patient data and he is held liable for it in a sense, professionally. Technology vendors have the least say about who owns the data as they are primarily intermediaries who host the data, but they have no ownership rights.
Rick Sondalini, Senior Policy Advisor, Australian Digital Health Agency, responded that beyond who owns the data, the more important question to ask would be the legal ownership of the data and the associated rights about access to the data. For the case of the My Health Record in Australia, there is legislation built into in the rules and IT system.
From a patient advocate’s perspective, Renza Scibilia, Manager of Type 1 Diabetes and Consumer Voice, Diabetes Australia, said that while the patients themselves own the data, it is far more complex than that. “In the diabetes world, there are so many platforms now that have bridged the gaps of what are doing. If I am using three or four different devices (to collect health data), I can’t in any way, aggregate anything but there are organizations and companies that are providing that information,” she said.
“My numbers are absolutely everywhere, but I will fight to the death to say that I still own them.”
Access and control of data – putting patients first
“The My Health Record was structured towards patient control, it is about patients being able to control and manage that access,” Sondalini said. A/Prof Low mentioned that in terms of clinical information sharing in the context of a centralized system that collects the health information in the future, the question that comes is, is it made known to the patient that his/her information is shared and for what propose?
He added that Singapore is working towards a vision of one patient, one record and the National Electronic Health Record is very similar to Australia’s My Health Record in that it is a summary record of a patient’s clinical encounters. That critical summary is whatever that is required for the next doctor or care professional to take care of the person/patient.
“When we digitize and start to share information, we’re doing it to facilitate the patient experience so that they not have to repeat the tests or explain their medical history. It also helps the clinicians to have more information but it can open up another can of worms, for instance if the clinician does not read enough or check the medical history,” A/Prof Low elaborated.
Scibilia suggested taking a step back to consider why some patients are not willing to share their health data/information. The main reason is because of the stigmatization of certain diseases and chronic conditions, as well as the fear of being judged. She emphasized that empowering people living with chronic conditions is really important, because they do not need to repeat the same conversation about their condition with every single doctor they need.
Secondary use of data and related concerns
John Daniels, Global Vice President, HIMSS Analytics cited the example of Ascension Health in the US entering into an agreement with Google to share the data from their EMR for specific purposes, which raised a lot of concerns. A question was raised about the secondary use of patients’ data and its implications.
“There’s actually a legislation being put in place (for the My Health Record) that is called secondary use and one of the principles is that there won’t be authorized use of information (for non-health or commercial purposes) from the My Health Record, even if it is de-identified,” Sondalini said.
A/Prof Low commented that when health data is collected centrally in Singapore, the purpose is primarily for continuity of care and direct patient care, which is similar to the principle of the My Health Record in Australia. In Singapore, work is still in progress around proposing a law for the secondary use of health data.
“Once the (health) information is collected, it’s a ‘honey pot’ of information as one of my colleagues described, everybody wants to have access to it. So you need to have very tight central control and a very clear definition of what is authorized and what is not authorized. On a system or government level, when you decide on something, you need to be able to defend it publicly that it is for the greater good,” concluded A/Prof Low.