I picked up on Twitter some stirrings about the need for more attention to patient data access rights (launched by @leonardkish and David Maizenberg @biologypartners). This interest has resulted in a web page devoted to "unpatients" and their need for unfettered access to personal health information. Here is a paragraph copied from the home page of this web site regarding such rights:
We believe you have a right to know data about yourself and to control your own data-driven destiny. That means you have a right to access health data that is derived from you. We believe this data should always be available to you with full privacy and security, independent of any third party.
Here are all of the elements of the manifesto from the same web site (boldface emphasis mine):
- An individual’s access to data about him/herself is a fundamental human and property right.
- Platforms will be developed to enable the rights and transactions around such property.
- We support the development of these platforms.
- Monopolies on medical knowledge and information are unethical.
- Individuals have a right to any data that comes from a measurement of an internal state of their body, including medical devices.
- Individuals own their lab data (see CLIA).
- Individuals have the right to their data in standardized, machine-readable forms.
- Individuals have the right to have this data analyzed by any human or machine intelligence that they choose.
- Individuals will be able to store, donate, share or even sell limited access and limited rights to their personal data resources.
- Individuals have literally died waiting for their lab data.
- Lab data should be made accessible to individuals as soon as it is available.
- Medical regulations exist to protect individuals from medical harm.
- Data, ideas and information in and of themselves cause no medical harm.
- Individual may have access to metrics and analysis about their own body without a doctor’s permission as long as accessing that data poses no medical risk.
- Individuals have a right to health data privacy.
- Rights to sharing must be established with the individual it originates from, or their legal agent, in advance of sharing.
There is nothing particularly radical about this manifesto. I that that all of these rights are mandated by current laws including HIPAA or commonly accepted in healthcare. The problem is that most patients are uninformed about their access rights to information and these rights may be ignored by hospitals for the sake of convenience. Hospitals are also concerned about the potential cost of responding to these issues in an organized way. In order to address some of the complexities of responding to patient rights to information, the healthcare industry has developed the concept of health data stewardship, which can be described, in part, in the following way (see: Health Data Stewardship: What, Why, Who, How; PDF)
A central concept of data stewardship is accountability, which resides in a named data steward with formal responsibility for assuring appropriate use of health data, and with liability for inappropriate use. Health data stewardship supports the benefits to society of using individuals’ personal health information to improve understanding of health and health care while at the same time respecting individuals’ privacy and confidentiality.
I am not attacking the idea of health data stewardship. However, there needs to be some process that enables healthcare organizations to carry out their mission efficiently while respecting the rights of patients. The problem is that most of the discussion about this topic comes from healthcare professionals, perhaps with some token representation by "professional" patient advocates. I think, therefore, that this nascent patient movement will prove to be valuable in providing a voice in this conversation for the unheard healthcare consumers.