Data Crisis: Who Owns Your Medical Records?

Eric Topol | San Diego Magazine | September 23, 2016

Electronic records are increasingly hard to keep secure and store, especially with the proliferation of patient-generated data

We’ve all encountered issues with our medical records. Whether getting a copy for a second opinion, finding major mistakes, or changing health care providers, our access to this important set of data has been fraught with difficulties. But that’s in the past tense—it’s getting worse. Sadly, your medical records are the property of hospitals, doctors, and health systems. Except in New Hampshire, where ownership rights are assigned to the patient, no other states recognize the individual’s right of control and ownership of their medical data.

Eric TopolNow that our records are electronic, which was intended to make them eminently portable and sharable, a very serious unintended problem has erupted. In the past year, more than 100 million Americans have had their electronic medical records hacked from health systems. For example, this June, Banner Health in Phoenix had a breach of 3.7 million electronic medical records.

Many hospitals throughout the country have been held hostage for their health information system by hackers and have had to pay ransom to regain control of their patients’ medical data. Such records have become remarkably alluring for hackers, since each can be sold for approximately $50—nearly ten times the value of an individual’s electronic data from a retail or credit company database. Ironically, only a small fraction of Americans have directly accessed their electronic records through direct downloads (which are uncommon) or patient portals, such that the hacking-to-patient-access ratio is likely greater than 10 to 1...