[Since I wrote this post, thanks to @LeonardKish and @JeffBrandt, I’ve learned about #blockchain, and become interested in its implications for healthcare workflow. My point in this post was that patient data is more about control of data workflow than data ownership in a traditional legal sense. However, blockchain certainly addresses important aspects of control over data workflow. Blockchain tech potentially makes some workflows obsolete. Blockchain’s smart contracts are state machines, fundamental representations of workflow. And, creating and interacting with blockchain applications can itself require complicated workflow, so workflow tech may also play an important supporting role here, as well.]
I had an interesting Twitter debate last week about whether patient ownership of patient data is the silver bullet so many seem to think. During that debate I Googled, “patient data ownership legal theory” (without the quotes). The top-ranked document was a law article in the Harvard Journal of Law & Technology titled Much Ado About Data Ownership (a reference to Shakespeare’s Much Ado About Nothing, so you can probably tell where this is going…).
— Charles Webster MD (@wareFLO) November 19, 2015
The author has degrees in electrical engineering and law, plus a Ph.D. from Stanford, and directs the Center on Biotechnology & Law at University of Houston. The piece is interesting but heavy going (footnotes take up half the article!). I am not a lawyer (though I did take a three-credit undergraduate course in business law), so I’d love to get some comments from some lawyers in health IT on some of the following quotes.
“The urge to propertize health data needs to be weighed skeptically and with a clear understanding of how property rights actually work. If pursued, data ownership may disappoint many of its proponents”
“Statements such as “[w]hoever owns patient data will determine whether its benefits can be tapped” overstate the importance of controlling one raw material input to a complex, multistage production process.”
(BTW, “complex, multistage production process”? That’s workflow. Efficient, effective, flexible, and transparent management of complex, multistage production processes is exactly what workflow technology does.)
“Creating property rights in data would produce a new scheme of entitlements that is substantively similar to what already exists, thus perpetuating the same frustrations”
“Data propertization proposals fail because patients’ raw health information is not in itself a valuable data resource, in the sense of being able to support useful, new applications. Creating useful data resources requires significant inputs of human and infrastructure services, and owning data is fruitless unless there is a way to acquire the necessary services”
“Simply owning data will not ensure an adequate supply of data resources without access to the necessary services. Proposals that fail to address these realities cannot resolve the data access problem.”
“raw health data are just one of many inputs for creating useful data resources”
“Data holders do not have unlimited personnel and data processing resources to respond to queries”
“The fact that the necessary services are costly and in finite supply has ramifications for system design”
(Workflow exists in an economic context, which is why I like my definition of workflow: “Workflow is a series of tasks, consuming resources, achieving goals.” Consuming resources? That’s cost. Achieving goals? Those are benefits. Different stakeholders obtain different benefits from different workflows (see next quote). When economic context changes, workflow usually needs to change. This is one of the major problems with much current health IT technology. Without actual models of work and workflow, to be interpreted, executed, and systematically improved, ability of IT systems to change when their environmental context changes, is severely limited.)
“the optimal infrastructure to supply data resources for one use may not be optimal for supplying other uses”
“Data propertization proposals assume that if encounter-level patient data were simply assigned to the right owner, the market would be able to figure out the right price to pay for useful data resources such as [Longitudinal Health Record (LHR) and Longitudinal Population Health Data (LPHD)], and this price would cover the cost of necessary infrastructure and services to create those resources. This is not a safe assumption”
“Why Data Propertization Proposals Fail
To summarize, encounter-level patient data are an input that can be transformed into high-valued data resources — LHRs and LPHD — for use in clinical care, research, and public health activities. Making these data resources also requires inputs of human and infrastructure services — that is, data provisioning services. In theory, it is possible to produce LHRs for use in clinical care under a patient-controlled system. Such a system would subject all transfers of encounter-level patient data to consensual ordering, which would require permission of the patients whose data are involved. There are major limitations to such a system, however. Because of consent bias, the system cannot supply unbiased LPHD for use in research and public health projects. Research and public health users thus cannot be counted on to cross-subsidize the costs of developing patient-controlled LHRs. Unless the costs of developing patient-controlled LHRs are justified by the value they create in clinical care, a patient-controlled system may not be financially viable.”
“Access to raw patient data is necessary, but not sufficient, to ensure an adequate supply of useful data resources. Data provisioning services also are required. The prospective provision of services is inherently consensual in our system of law. The state’s police and eminent domain powers only allow non-consensual transfers of property; there is no similar mechanism to compel non-consensual provision of services”
“data holders have only limited capacity to supply services and need discretion to refuse. Nonconsensual access to data is possible whether under a property regime or under the regulatory regime provided by the Common Rule and HIPAA Privacy Rule. Nonconsensual access to services is not possible under either regime. Access to infrastructure services, rather than the unresolved status of data ownership, is thus the key impediment to data availability.”
Much Ado About Data Ownership covers so much more ground than what I have focussed on above, especially regarding privacy, research, and public health concerns. I encourage you to read the entire piece.
Regarding how workflow technology can help, I refer you to several of my recent blog posts. The Workflow Prescription: Patients Need Zapier, Workflow, and IFTTT-like Control Over Self-Care Workflow Automation At Home argues patients want workflow, not data. And Give BPM A Chance: Medical Informatics Should Add Business Process Management To Its Toolkit argues medical informatics research should focus more on workflow technology, not just workflow.
@wareFLO On Periscope!