“DATA is the new oil” has become a mantra for our time. And, just like access to oil defined much of the 20th century’s politics, so access to data is already beginning to shape the landscape of the 21st century. As the Council of Europe’s Data Protection Day – or National Data Privacy Day in the United States – dawns, a spat across the pond crystallises many of the questions surrounding access to data; and whose data is it anyway?
The US Department of Health & Human Services (HHS) wants to make it easier for hospitals, medical centres and other healthcare providers to share patient data, usually through the use of application programming interfaces (APIs), pieces of software that allow computer programs to talk to one another. The technology is already underpinning the move to “open banking” by letting customers decide which companies or organisations should be allowed access to their financial data.
Sharing patient data is critical to improving healthcare in the US and further afield. Studies have shown that not sharing information has had a detrimental impact on patients’ health. As stratified or personalised medicine develops, harnessing the power of data will become even more crucial.
Last week, it emerged that Judy Faulkner, chief executive at electronic patient records (EPR) vendor Epic Systems, had written to the chief executives of some of the biggest companies operating hospitals in the US calling on them to sign a letter objecting to the HHS’s proposed regulations. The new rules would make it easier for patients to access their own medical information at no cost and make it harder for EPRs, hospitals and other data holders to block requests.
Epic and other EPRs have cited concerns over data security for their objections to the anti-data blocking regulations. They say that they are worried that app developers will gain undue access to private information.
While data security is essential, these arguments actually go to the heart of one of the key issues for the 21st century – whose data is it anyway? To read the objections from EPRs, it’s easy to think that they are the owners of the data and feels it’s up to them to decide which bodies should and shouldn’t be granted access.
Yet it’s not the companies’ data – it’s the patients’ data. It’s patients who should decide with which companies or organisations they want to share their medical records, not the EPRs. The cynical amongst us may even suspect that the current waves of objections don’t really revolve around data privacy at all but are in fact efforts by medical record companies to tie hospitals and other customers into their closed – and often expensive – systems.
Working with regulators and participants across the energy, healthcare and other industries has taught us that it’s eminently possible to strike the correct balance between data privacy and data access. Handling data the Gemserv way puts individuals – or in this case patients – at the heart of the system, giving them the power to decide who does and doesn’t get access to their information. That’s something worth celebrating, not just on Data Privacy Day but on every day.