‘Who owns patient data?’ This is probably one of the most important questions being asked by healthcare members for years now. Did you know that the healthcare industry is the largest creator and consumer of data? Managing these data is one of the most challenging backend tasks for hospitals and practices, which is why they use patient data management services.
Patient data management services is the practice of collecting, managing, storing, and using patient data right in a healthcare setup. When it comes to healthcare, patient privacy is a huge factor to consider. Hospitals that don’t respect patient privacy can get into large and messy legal truffles. HIPAA (The Health Insurance Portability and Accountability Act) has several restrictions in place when it comes to storing and using patient data, and your patient data experts must be aware of all these to ensure the data is dealt with correctly.
So, let’s say a patient is treated in a particular hospital, and patient data includes everything from initial demographic records, past health data, practitioner notes, and lab reports and diagnoses. The hospital hires a third-party patient data management service expert to handle the data. This vendor’s EHR (Electronic Health Record) portal is used to access and store the data in a cloud setup.
Let’s say the vendor and the healthcare practice decide to split ways. If this happens, who owns the data? Can the vendor choose not to share the existing data with the healthcare practice? Can the practice sue the vendor to take ownership of the data?
What would happen if the vendor decides to use the data for their benefit once they come out of the agreement with the practice?
These are all very complex questions, and they are challenging to answer because there is no clear understanding of who the owner of the data is.
In the United States, there is no federal law that points to a particular party as the owner of patient data. However, it is informally agreed that the patient has the upper hand when it comes to these data.
New Hamshire is the only state in the country with a general patient data law. It states that patient data is the property of the patient.
So, let’s consider the same scenario above. The patient data management service provider stops working with the healthcare provider and goes on to destroy all data stored in its cloud. Now, this means the healthcare provider and the patient also lost the data permanently. Can the patient sue the hospital or the service provider if so?
Conclusion
So many such questions remain unanswered because there is no set law for handling patient data. Suppose you are a healthcare practitioner wanting to work with a patient data management service provider. In that case, you need to read the internal terms and conditions laid out by the service provider, especially in terms of data usage, before signing an agreement.
