Much Ado About Data Ownership
Barbara J. Evans
University of Houston Law Center
June 4, 2011
Harvard Journal of Law and Technology, Vol. 25, Fall 2011
University of Houston Law Center No. 1857986
Recently there have been calls to clarify ownership of data held in large health information networks. This article explores the realities of what patient data ownership would imply to explain why a clearer allocation of entitlements to raw health data would neither enhance patient privacy nor promote access to valuable data resources for public health and research. It updates the debate to account for the 2009 HITECH Act, which correctly recognized that raw patient data are not the valuable resource; these data acquire value only through the application of infrastructure services. The HITECH Act drew on a long tradition of American infrastructure regulation that offers real promise in resolving the infrastructure bottlenecks which (rather than the unresolved status of data ownership) have been the key impediment to data access. Despite this progress there are two unresolved problems, both heretofore neglected in the literature: First, the existing federal regulatory framework governing data access conceives the state’s police power to use data to promote public health much more narrowly than the police power is conceived in all other legal contexts. Second, existing regulatory provisions allowing nonconsensual access to data for research fail to incorporate any “public use” requirement to ensure that unconsented research uses of data are justified by a publicly beneficial purpose. As things stand, persons whose health data are used in research have no assurance that the use will serve any socially beneficial purpose at all. This article reframes the debate. The right question is not who owns health data. Instead, the debate should be about appropriate public uses of private data and how best to facilitate them while adequately protecting individuals’ interests.
Number of Pages in PDF File: 62
Keywords: health information technology, privacy, data ownership, HIPAA, Common Rule, HITECH Act
JEL Classification: I18, K19, K23
Date posted: June 5, 2011 ; Last revised: February 21, 2014
© 2015 Social Science Electronic Publishing, Inc. All Rights Reserved.
This page was processed by apollo3 in 0.531 seconds