Who "Owns" Your Medical Records

Whose Data Is It?

July 8, 2009

An organization called Health Data Rights has published five principles for the basic human right to access and to understand your own healthcare data and information. This is an important set of guiding principles that empowers customers/patients and the caregivers who serve them.


Way before my Dad showed symptoms of Alzheimer’s, he advocated for patients’ access to their electronic patient records. On a personal note, he was afraid that none of his doctors and specialists would have the whole picture. He feared they might miss something important. He felt it was his responsibility, and that of his family members, to assemble and preserve our medical records so that we could all control our own healthcare. He began to advocate about the need for electronic medical records and for patients to have unfettered access to their own records. In the 1980s, he convened meetings at his retirement home, in which he and other residents, many of whom were retired physicians, told the management and caregivers at their assisted living facility, what they expected and wanted: to have all of their medical records digitized, to have these readily available for themselves, their family members, and any medical specialists who would be called upon to serve them.

My father was a remarkable man. As the "father" of computerized typesetting in the 1960s, he knew a thing or two about computers and digital information. He didn’t live to see his own records available in digital form. But if he were still alive, he would be an active advocate for patient’s access to their complete digital medical records. So it’s up to me to carry on!

Patients’ Access to Their Electronic Medical Records is a National Debate

In the current "debate" surrounding the fate of U.S. healthcare for the next decade or so, President Obama is advocating the use of electronic medical records as a way to cut costs. There have been a number of attempts in the U.S. to digitize medical records. Dr. Koop, our surgeon general under the Clinton administration, was a strong proponent. Advanced healthcare facilities, like the Mayo Clinics, were early leaders in gathering and digitizing all the medical records for each patient before that patient arrived on premise. Complete electronic patient records have been part of their protocol for providing excellent holistic, multi-disciplinary patient care.

We are now finally at the point in this country where the need for electronic medical records has become self-evident. Yet, the patient’s right to those records is still shrouded in confusion, privacy legislation, and inside-out thinking and practices.


The good news is that, in mid-June 2009, an organization called Health Data Rights (http://www.healthdatarights.org/) announced a policy framework for patients to have access to their health data. Lots of organizations, including many notable healthcare providers, are stampeding to endorse it. Personal endorsements are also encouraged. Just click on the big button at the top of the home page.

Here is their credo:

"A Declaration of Health Data Rights

In an era when technology allows personal health information to be more easily stored, updated, accessed and exchanged, the following rights should be self-evident and inalienable. We the people:

1. Have the right to our own health data

2. Have the right to know the source of each health data element

3. Have the right to take possession of a complete copy of our individual health data, without delay, at minimal or no cost; if data exist in computable form, they must be made available in that form

4. Have the right to share our health data with others as we see fit

5. These principles express basic human rights as well as essential elements of health care that is participatory, appropriate and in the interests of each patient. No law or policy should abridge these rights."

My dad would have loved this! This is only the beginning of a very long journey, however. Esther Dyson has a wonderful blog post 1 on Huffington Post in which she announces and praises this organization. But, as she points out, asserting your right to your own patient information and actually GETTING access to your patient records is currently close to impossible for most people in the U.S. today. She also points out, as does Dave DeBronkhart (otherwise known as @ePatientDave on twitter), that there’s a missing "right;" we need to have the right to challenge the data. Many health records are wrong! We need to be able to annotate and update them. Dave DeBronkhart tells hair-raising stories about inaccurate patient test results and other records 2 .

I like Dave’s endorsement of HealthDataRights. He says:

"These rights are as inalienable as the right to life itself.

Whose life depends on the data’s accuracy, its availability?

Whose data is it, anyway?"

I also like Esther Dyson’s commentary. She compares what’s happened with our right to own, access and understand our financial data to what she believes will take place as we customers/patients wrest control of our own health-related information from the silos in which it’s currently imprisoned.

"The best analogy is what happened with financial data. It was kept in silos; it was obscure and hard to get at. Then along came Quicken (and other user software, to be sure). Suddenly the banks’ data vaults opened up. Eventually almost all financial institutions let users get hold of their own information and (gasp!) even to aggregate it by themselves. Now there are online services that help users manage their own information, consolidating bank accounts, stock accounts, credit card information and other data. They can massage their own data, and they can compare their own financial metrics to other people’s (mostly in aggregate) if they wish.

I can imagine the same developments in medical information, and ultimately, the same need for intelligibility as well as access. Just as we are not required to hire a consultant to file our taxes, though we may if we want to, we should not have to consult a doctor to see our test results. Over time, online services as well as doctors will offer a variety of tools and personalized content to help us understand and act on our own data. And of course we will still consult doctors—as much or as little as we want.”

What about security?

[Esther Dyson, continues]: “What if someone else pretends to be you to get your data? Again, the best analogy is financial information—which is reasonably secure, especially now that most banks are requiring more than just a password. Moreover, a typical thief would much rather get into your bank account than into your health record (despite some recent health care/identity theft stories. most medical fraud is not at the expense of individuals).”

Bottom Line

The good news is that we now seem to be on the way to acknowledging that we—patients—have the right to access and to understand our own medical and health records.


1) “Release 0.9: HealthDataRights Beta Version” by Esther Dyson, June 23, 2009.

2) “Declaration of Health Data Rights” by Dave DeBronkhart, June 22, 2009.


Sign in to download the full article


Be the first one to comment.

You must be a member to comment. Sign in or create a free account.