Directly related to the big question; who owns the data?
A new look at the Vioxx debacle suggests that HIPAA’s privacy regime may have contributed to 90 thousand unnecessary heart attacks and 25 thousand premature deaths…These are the consequences of HIPAA’s overcautious privacy rules. HIPAA allows health providers and insurers to release patient health information for research use only if the researcher enters into contractual agreements with each individual data-holder…
…policymaking driven by publicity stunt and unintended regulatory consequences that are as serious as a heart attack. Literally.
The primary issue driving HIPAA privacy rules is that a patient’s information must be protected and making it available to others is wrong. Wrong morally and legally. That seems to be obviously true on the surface. Our personal data should be held in confidence. But what if we choose to make it public by participating in a study? Do we still own that data? Who does; the researchers, the web aggregator or the public, as in the public good?
Is it OK to use personal medical data in a study without the patient’s permission if the personal identifiers are removed?
If a large medical organization, say a hospital or an HMO collects a very large set of data that could be analyzed to improve our understanding of a disease and treatment, why not?
In an ideal world all our medical data could be accumulated in a huge national (or for that matter global) data bank. This mass of data would be used by benevolent researchers to delve into disease patterns and treatment outcomes to provide a vastly improved understanding of the human condition.
Then in this ideal world the results would be readily available through online diagnostic data bases and treatment planning algorithms.
But of course in the real world we have fear, politics, bureaucrats, the nightly news and less than benevolent people.