David Brailer, MD, was the first head of the Office of the National Coordinator of Health Information Technology (ONC), appointed by President George W. Bush. Today, he is a venture capitalist.
In today’s Wall Street Journal, Dr. Brailer notes that a law passed in 1996 governs our access to health information. Clearly, it needs updating:
This brave new digital world has one huge risk: You don’t own your health information. In 1996 the U.S. passed a law called HIPAA (Health Insurance Portability and Accountability Act) requiring hospitals, physicians, labs, pharmacies and other “covered entities” as well as the health plans and their “business associates” (for example, an information-technology vendor) to protect how your data is stored and released. But not without delays, often for months. You can’t force a covered entity to give your data to someone you choose, and you can’t stop them from giving it to someone they choose. Health apps? Most aren’t covered by HIPAA at all, and can do whatever they want with your information.
It is a fascinating indictment by someone with unique expertise in the field. Dr. Brailer is demanding a substantial rewrite to current law. He is also deflating ONC’s assertions that it is succeeding in granting patients ownership of our health data.
I participated in a meeting in September 2013, in which Dr. Brailer’s charismatic and enthusiastic successor, Dr. Farzad Mostashari, repeatedly announced that he and his colleagues had (gulp) “created” – not even “discovered” or “defined” – a “new right” for patients to access our data. The notion that government agencies “create” rights should obviously be anathema in the United States.
However, another major obstacle to solving the problem Dr. Brailer identifies is that health insurers control most of our health spending. They also want to control our data. As long as this is the case, we patients will struggle to own our health data in any meaningful senses.
Only when patients directly control payment to providers will providers respect patients’ ownership of our own health data.