Brailer on health information ownership: Give it to patients

It's time to update health information policy and privacy rules, wrote former national coordinator for health IT David Brailer, MD, PhD, in an opinion piece in the Wall Street Journal.

The digitization of medical records removes the ownership of health data from individuals and places it in the hands of providers and healthcare organizations, he wrote. But, if patients don't have access to their data, that could disrupt care delivery.

HIPAA was written to protect paper records, Brailer wrote, so its applicability to the current digital landscape is unclear. "In the digital world, health information isn't 'stored' and locked away. It is online, constantly on the move, and accessible to hundreds of legitimate users."

Brailer offered the following four principles to guide new legislation:

1. Individuals should have total ownership of their health information, whenever they want. Individuals should be able to control who sees their information and whether those individuals or organizations can retain that information.

2. Individuals should be able to designate somebody to manage their information on their behalf, such as a spouse, hospital, health plan, pharmacy or a tech company. These intermediaries would be responsible for ensuring that the data are used to improve health status.

3. Raise standards for security protection and have those standards protect health information wherever it goes.

4. All covered entities interacting with health data should follow the same rules.

"The gold rush [for health data] is on," Brailer wrote. "Someone is going to benefit from the immeasurable wealth created from your health information and its capacity to extend and improve lives. It might as well be you."

Read the complete article.