Barbara J. Evans, PhD, JD, LLM writes:
Modern testing technology can extract a wealth of information from the merest speck of a person—a biospecimen—and information systems can transmit entire medical records at the click of a mouse. Given these capabilities, confidentiality—the notion that information patients share during medical treatment should not be disclosed to others without the patient’s authorization—is a fragile concept [1]. One response to patient concerns about confidentiality has been to press state legislators to give patients actual ownership of their medical information. Five states have done so with respect to genetic information [2], and a number of other states are considering whether to recognize patient ownership of health records [3].
It seems obvious, at first glance, that “[h]ow the law defines ownership of patient data…affects patient confidentiality” [4]. However, letting patients own their health records may not be an effective way to improve confidentiality. Although it seems counterintuitive, the protections patients currently enjoy under the Health Insurance Portability and Accountability Act (HIPAA) [5] Privacy Rule [6] and the Common Rule [7] are surprisingly similar to those they would have if they owned their data and biospecimens [8].
Read her essay in the AMA’s Virtual Mentor.