Who Should Own Medical Records?

Updated: Jul 12

Initially published by Data Driven Investor on Medium.


Photo by Los Muertos Crew from Pexels
Nobody gave much thought about patient medical records till a few years back.

The concept of patient data or medical data ownership didn't even exist. Of course, patients could access the lab results and reports, and doctors used them for devising treatment plans. Some keep with the provider and seldom does anyone make any claims or receive any of them.

Things are Changing with Technology and Care Model

Maintaining comprehensive medical records, often in electronic EHR systems, has become essential and mandatory. Digitalizing data and sharing across platforms like the internet has brought new concerns about the safety and security of health information.

Things are also changing with patients becoming more informed with ready access to information on the web. Innovative models like the value-based care model have increased importance on medical records where performance is related to earnings.

There is an increasing trend of discomfort and vulnerability among the stakeholders in the healthcare industry- who should be responsible for the ownership and privacy of patient data?

Physicians believe it's their property because they have created it and are responsible for treating the patient. The patients own their records since it involves them and their privacy. The providers and every stakeholder in healthcare can claim ownership as they have played their part and deserve the right to use it without compromising identifying information about patients.

So who should actually be responsible for it and own it?

The Problems of Data Breaches and Privacy Threats

The electronic EHR systems utilizing software as a service (SAAS) or free cloud storage are engaged in sharing and selling data to third parties for a considerable sum of money. The technology, like the application program interface (APIs), has created room for vulnerabilities for patients and physicians.

It is natural for anyone to feel concerned about hacks and cyber attacks on company databases. We risk losing the privacy of our personal information and facing severe consequences like identity theft.

In May 2017, the Bronx Lebanon Hospital Center in New York faced a data breach that compromised the records of a minimum of 7,000 patients. It revealed the patient's diagnosis, HIV status, and other information like domestic violence or acts of sexual abuse reports.

Yet it is not an isolated incident-

· Henry Ford Health System encountered an attack on patient records which compromised data of 18,470 people

· Augusta University Medical Center faced two phishing attacks in one year

· The records of 106,000 patients were breached at Mid-Michigan Physicians Imaging Center

All the attacks and breaches took place in 2017 alone!

We have a Big Problem in Our Hands

The same technologies we have created to make our work effective and easy are being turned and used against us for profit and other ulterior motives.

Every stakeholder in healthcare has the right to access and use the data they contributed to creating. Still, it has to be ensured that they are used legitimately and positively without jeopardizing privacy and security.

The Movie Industry Analogy: A Fair Distribution of Benefits

The movie industry has an adequate distribution of benefits among the directors, actors, producers, studios, and other stakeholders. Each one gets a fair share of incentives and gifts for the part they have contributed.

Can this be effectively used for healthcare?

You may say the two industries differ, but entitlement and privacy are universal concepts that extend to anything like health, social norms, beliefs, political and sexual orientation, and religion.

If we follow the movie industry analogy, everyone can be entitled to the part of the data under their scope of creation- be it physicians, patients, or providers.

Need for Ownership for Physicians

Physicians interact with patients to create medical data and notes, which should be under their control. They should also use the data for assessment, action plans, and clinical decision-making.

Allowing doctors full access to medical records also improved patient satisfaction, patient education, and patient safety, promoting better clinical outcomes, according to a pilot study.

Patients should have their Rights.

Patients are the foundation of medical records, so it makes sense that they should own them.

Healthcare costs are rising, making it difficult for patients to afford them. Access to complete medical records will enable them to make informed decisions and choose their providers.

Patients also find it challenging to transfer their data from one provider to another, even in the age of electronic HER system and cloud computing. It still takes months for patients to transfer actual data among providers within the same state.