Whose Data Is It Anyway? Expanding Consumer Control over Personal Health Information
This is archived content, for historical reference only.
As adoption of health information technology and the ability to exchange personal health information advance, so must the legal foundation that facilitates consumers’ access to, and control and use of, such data for their own privacy and for society’s benefit. Early technological advances offer a crucial window of opportunity to design legal parameters for appropriate consumer access and control, regardless of the information’s source or how it is used.
This policy brief explores the technological and legal landscape governing personal health information, as well as important issues that must be addressed if consumers are to have new, meaningful rights to the electronic records they entrust to an information custodian serving on their behalf. Challenges include defining “personal health information custodian” as an entity; determining the obligations of custodians, providers, and payers in an updated legal framework; providing economic incentives for clinicians to acquire the capability to electronically convey personal health information to consumers; and enforcement of applicable new laws.
The authors conclude that a modernized legal structure is necessary to ensure that consumers can maintain control over their health information. Such laws have the potential to clearly define patients’ rights, protect privacy, and increase the level of consumer engagement in health care.
The complete issue brief is available under Document Downloads.