HIEs And Health Data Ownership

Without a doubt, patient consent for release of medical data is going to be an immense headache for HIEs. Though they’re poised to extend their tentacles into hospitals and practices across the U.S., we’re still far from sure how we’re going to keep the walls firm between what data patients have released and what they haven’t.

As Forbes contributor Doug Pollack notes, it’s still not clear whether you can limit access to say, just the psychiatric notes in your chart while releasing the rest of the content.  Even if you can, setting such minute permissions within each e-chart is an IT nightmare.

That being said, there’s a bigger problem afoot, one which Pollack dismisses but I do not. My question is this:  who owns the data that travels across an HIE?  While IANALADWTB (I am not a lawyer and don’t wish to be), my research suggests that an already fuzzy issue is just going to get fuzzier.

While it may be beyond dispute that a patient owns the right to access their health data and control who gets to see it, who owns the patient data if an HIE breaks up?  The hospitals involved?  The doctor?  The patient?  Do they engage in a country-fair rope pull to see who wrestles down ownership?

And that’s only the tip of the iceberg. Consider that networking giants like Verizon Enterprise Solutions are planting their humungous stake in the HIE arena, and things only get more complicated.

Verizon just signed a deal under which it will manage the HIE infrastructure for Pennsylvania-based managed care giant Highmark, one which embraces more than a dozen hospitals.  If the HIE contract were to go sour, would Verizon just turn over its data backups to the hospitals, Highmark and affiliated physicians without a fight?   Or would it be to its legal advantage to stall, stall, stall while patients waited and hospitals fumed?

Regardless of how the law evolves on the matter, there are going to reasons for spats when partners representing different interests come together on an HIE.  I’m betting data control will lead to some of the biggest ones.

Things may go smoothly in the new era of HIEs, but if they don’t, the whole darned “sharing” thing could come crashing to the ground.  And hospitals that try to stand up to deep-pockets giants like Verizon and Highmark may live to regret it.

About the author

Anne Zieger

Anne Zieger

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.


  • Good questions. I’ve found Rebecca Skloot’s book, The Immortal Life of Henrietta Lacks, is an excellent, if mind bending, introduction to just who owns what medical specimens, data and lord knows what.

  • Here is yet another strong arguement for the PHR owned by the consumer business model. This is the only solution that will address this very important issue being raised. If the proper disclaimers, waivers are electronically signed off under a written consent with an HIT that contracts with a PHR vendor then the issue is solved. The consumer decides what goes in the record and may or may not include data such as psychiatric conditions. That is their CHOICE. The consumer also waives any liability upon a health provide, HIT or a VES due to omission or inaccurate/outdated records. Keep in mind diagnostic files, such as X-rays, CAT scans MRI, Lab results uploaded in the record don’t lie….

  • From my view the INTENT of what I’ve read is that the patient owns their data. They grant rights to their doctor or hospital to house the data and use it as needed, and MAYBE to for the provider or a ‘free’ PHR vendor to sell off aggregations of theirs and other patient’s data. HIE’s ‘cache’ the data; the HIE doesn’t own it. IMHO, of course.

Click here to post a comment