AMA Shines Spotlight On Clinical Data Ownership In HIEs

Anyone who knows me has probably heard me take a few potshots at the AMA, which isn’t exactly known for its progressive positions on health policy issues.  But this time, I must admit, the AMA has done the industry a good turn by shining a spotlight on an issue that deserves a closer look.

The group’s House of Delegates has just adopted a policy asking the AMA to study the issue of who owns — and can use — data sent back and forth across an HIE network.

The author of the policy, a New Mexico-based nephrologist, noted that as health plans acquire HIE technology vendors, it’s become unclear who will control patient data.

For example, UnitedHealth Group’s health IT consulting subsidiary Ingenix bought HIE technology provider Axolotl last year.  Another example of such consolidation comes from Aetna, which picked up HIE vendor Medicity last year, notes American Medical News.

At present, the AMA notes, it’s not clear whether payers who buy HIE technology vendors have the right to siphon out data on patients who aren’t members of their own plans.  (My guess is that health plans will be all too happy to do so, if they can get away with it, as it would help them screen out high-risk patients before they even consider applying for coverage.)

Now, I’m no legal expert, but I would have assumed that HIPAA regs would cover this situation.  But even if HIPAA does spell out what health plans may and may not do in this instance, this won’t be the last time the increasing consolidation of patient records will raise important privacy questions.

The truth is, as health data begins to become a public commodity — something that’s hard to avoid as it’s aggregated and shared with more parties — the notion of health data privacy will need to evolve.

Do we need a “son of HIPAA” law to protect consumers in this new era?  Not being an attorney, I’m not qualified to say.

But as HIEs begin to play a more important role in healthcare delivery, I do think we should pay close attention to what data ends up in whose hands.  Otherwise, we’re looking at loopholes you could drive a truck through.

About the author

Anne Zieger

Anne Zieger

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.


  • The health care system of the future depends on the ability to securely exchange and act on health information. Medicity has been enabling the secure exchange of health information for 11 years and we remain committed to doing so to help physicians improve patient care. We comply with all HIPAA and patient privacy regulations to ensure that clinical data gathered and exchanged using Medicity technology is controlled by patients and our provider clients.

    We have been active on many national, state, and regional security and privacy workgroups to ensure that as technology advances, the security and privacy measures keep pace. That’s why we continue to be involved. For example, we’re a member of the Health Information Trust Alliance (HITRUST) and chair the ONC’s Nationwide Health Information Network Specification Factory Security and Privacy Workgroup.

    Our agreements with clients state that we will not transfer, share, or otherwise distribute their data to any third party – including Aetna – without their express direction. Our ownership by Aetna does not change this.

    No topic is more important to us than the privacy and security of health data. We welcome the opportunity to work with all parties involved to ensure privacy and security of data remains a top priority for everyone in health care.

  • Brent, many thanks for jumping in and sharing your position on this issue. I believe your position is the only one which is likely to serve everyone’s needs over the long run.

    While your corporate ownership may not lead to looser clinical data controls, do you see this becoming an issue in other buyout situations? What if a pharmaceutical company acquired an HIE or HIE tech provider, for example?

  • Katherine,

    While I can’t speak for others, I believe that access to health care data is key to better clinical decisions and better outcomes in the future, and I’m confident that fellow HIE and HIT professionals would agree with me that the privacy and security of that data is paramount.

Click here to post a comment