Future Tech General Health Care Politics Management Security

Who Owns the Data?

When you visit a medical or dental office in the future you won’t be handed a clip board and paper forms, all your personal and medical data will be stored on the cloud. The medical / dental office will merely request a download and all the data will be available instantly. No forms, no guessing about medications, no forgetting your last visit, no confusion about insurance.

Isn’t that great all your highly personal medical data will be available to anyone with access through the cloud!

As digital technology and electronic health records stored in the cloud continue to develop they generate legal, moral and philosophical questions our existing ethical framework is simply not equipped to handle.

Most of these ethical questions can be summed up as:

Who owns the data?

If you ask patients the immediate and unequivocal answer is that they, the patients, own the data. That seems right, each patient should have control of their medical information. In fact however that is not how the system works.

If I have a bunch of patient data stored on my server, or somewhere in a shared cloud data base; do I own it? The data is there because I created it as a byproduct of doing business. As the creator do I own it or does each patient own their own and am I just the custodian? As a medical professional I am responsible for acting on the data. Patient records and the valuable data they contain are a major part of the value of a practice when I sell. Are patient records intellectual properties that I own and control as if I had created a text book or novel?

Practice Management System:

If you ask a dental practice management software company (PMS) who owns the data the immediate an unequivocal answer is that you do, the doctor owns the data. Yet again this is not how the system works.

If as a dentist I own the data, I should be able to exercise the basic rights of ownership including using or selling the data. However I can only sell the data in a very proscribed fashion. I can sell to another dentist buying the practice but I cannot sell to a drug company looking for customers. As a dental professional I am obligated ethically and legally to protect the data as confidential.

Even if I sell the data in an acceptable fashion the fact is the buyer is usually restricted in how he or she can access and use the data. Generally the user can only fully access the data using a specific PMS and even then there are lots of limitations. PMS systems can and do embed code that will only allow you to share data with selected others. For example you could only use selected e-claims companies. Or you could only share a radiograph with a proprietary viewer.

By the way as an aside you never actually own the PMS software, even if you bought and paid for it, you just own a license to use it.

If I have the data but can’t access parts of it or more commonly can’t transfer parts of it do I really own it?


One of the most significant benefits of large online data bases of medical information is the aggregation of data for medical research purposes. Already there have been important findings resulting in improved patient care based in data base analysis. It seems axiomatic that more data from a wide range of sources will ultimately lead to better results. That is a good thing, but.

Then there is the issue of privacy. The amazing features of digital data that make it so useful and powerful, such as ease of use, rapid access and instantaneous transfer also make it susceptible to abuse.

The primary issue driving HIPAA privacy rules is that a patient’s information must be protected. HIPAA is not about speaking a patients name aloud in the waiting room, it is about electronic medical data and making it available to others is wrong. Wrong morally and legally. That seems to be obviously true on the surface. Our personal data should be held in confidence. But what if we choose to make it public by participating in a study? Do we still own that data? Who does; the researchers, the web aggregator or the public, as in the public good?

Is it OK to use personal medical data in a study without the patient’s permission if the personal identifiers are removed?

If a large medical organization, say a hospital or an HMO collects a very large set of data that could be analyzed to improve our understanding of a disease and treatment, why not?

In an ideal world all our medical data could be accumulated in a huge national (or for that matter global) data bank. This mass of data would be used by benevolent researchers to delve into disease patterns and treatment outcomes to provide a vastly improved understanding of the human condition.

Then in this ideal world the results would be readily available through online diagnostic data bases and treatment planning algorithms.

But of course in the real world we have fear, politics, bureaucrats, proprietary data bases, the nightly news and less than benevolent people.

Leave a Reply

Your email address will not be published.