A recent kerfuffle at Memorial Sloan Kettering Cancer Center launched a discussion about whether MSK acted judiciously by providing a for-profit, startup company exclusive access to its hospital surgical pathology imaging data as well as associated textual records (see: Controversy at MSK Cancer Center Regarding the Pathology Archive and Database; Controversy Surrounding Memorial Sloan Kettering Cancer Center and Paige.AI Highlights Risks of Data Sharing and Monetization in Anatomic Pathology). The larger issue here is who "owns" or "controls" hospital data. These questions were addressed in a recent article, a passage from which relating to the use of patient data is provided below (see: Who should profit from the sale of patient data?):
With one exception, every U.S. state either recognizes medical providers as the owners of medical data or do not have any laws to confer specific ownership or property right to medical records. Only New Hampshire explicitly grants ownership of data to patients. Regardless of state law, I believe that we must abandon the discussion of data ownership and instead focus on data stewardship. The ownership of data, whether granted to patients or to providers, will have dangerous unintended consequences....
A model of data stewardship alleviates these concerns. Once a party takes the stewardship of data, they have to act according to a set of rules which guarantee the benefits of all other parties. Despite some notable exceptions such as the Apple Health Application in which patients will be in charge of storing and sharing of their medical records, medical providers are designated as de facto stewards of patients’ medical data in the U.S. healthcare system. This aligns with the long term vision of policymakers who authorized billions of dollars to incentives medical providers to adopt Electronic Health Records (EHR) systems so that they could collect, store, and share patients’ medical data in electronic format.
For me, the question of ownership of hospital-based patient data is (or certainly should be) a settled issue along the following lines:
- Medical providers such as hospitals are the owners of patient data according to many state laws but such laws should be construed as requiring them to act as stewards of the data.
- This stewardship by hospitals should be regulated by a set of transparent rules that guarantee benefits to all involved parties including patients, hospitals, and healthcare professionals.
- The goal of EHRs in hospitals and health systems, the deployment of which has been subsidized with hundreds of millions of dollars of federal funding, should be to collect, store, and share patients’ medical data in electronic format according to such rules.
- As MSK has now come to understand with regard to its pathology database, it would be inappropriate to provide exclusive access to patient data to a single for-profit company, particularly one for which hospital executives and physicians have a fiduciary interest.
- The overarching goal for the sharing of patient data by hospitals in any fashion other than direct patent care should be to improve the overall quality, efficiency, and effectiveness of healthcare so that the patients themselves, the source of such data, derive benefits from this process.
Comments