MIPs consist of different types of health data, including medical records and genetic information. Here we examine the current state of the law in relation to these two categories. A subtle difference in ownership exists from a legal point of view. The Health Insurance Portability and Accountability Act (HIPAA) privacy rule protects patient data, and patients have privacy and security around the information.1 This means that patients must give healthcare organizations permission to share their data with other healthcare organizations. However, once patients are seen by providers and their stories, labs, presentations and other information are documented in medical records created by providers, providers or healthcare organizations that are underemployed by providers become the owners. Others acknowledged that there might be a legal claim to data ownership, but felt that treating data as someone`s property did more harm than good: The question for the EHR provider is: if the physician is no longer practicing, who is responsible for keeping records during the legal retention period (which could last decades, If minors are taken into account, how does the retention clock usually start ticking as soon as patients reach adulthood)? The EU GDPR, transposed into UK law by the Data Protection Act 2018, is now one of the most important forms of protection for patient health information. It covers the processing of personal data, whether electronic, computerised or paper-based. “Personal data means any information relating to an identified or identifiable natural person (hereinafter referred to as “data subject”).` 163 Since the way in which data can become identifiable is broad (for example, by including names, identification numbers, location data, online identifiers or one of the many particular characteristics of a data set), the GDPR applies in practice to information that is or may be associated in any way with a particular natural person. Patients` legal rights under the GDPR are relatively strong. Individuals have a private right of action to enforce the GDPR or seek damages for damages or distress.177 (They do not have such a right under the U.S. Health Insurance Portability and Accountability Act.178) The GDPR also provides for class action lawsuits.179 Individuals can also file a complaint with the Information Commissioner`s Office, which has the power to investigate and issue orders and sanctions.
A breach of the GDPR can have serious consequences, including the ability to pay compensation, hefty penalties, and even criminal liability.180 Companies also provide individuals with platforms to share and monetize their data. Some use the language of “data trust.” For example, following the 2017 Independent Review of Artificial Intelligence for the UK Government, the Open Data Institute partnered with the Office for Artificial Intelligence and Innovate UK to assess Data Trusts28 as a possible approach to increasing trust and access to data. Some authors have explicitly suggested using data trusts for medical data.29 Others opt for “banking” language; One example is the “health bank” in Switzerland, which proposes to revolutionize “the way personal health data is shared, stored and monetized”.30 Tony M. Honoré wrote that “the administration is one of the characteristic institutions of human society.” 3 Yet, despite its ubiquity, ownership is surprisingly difficult to define. There is no uniform and universally accepted legal definition of ownership. “Possession” is a transitive verb: it requires an object.4 Not surprisingly, most non-lawyers think of property in physical terms, where physical property is what one possesses. In law, however, ownership is not the object itself, but the ability to exercise control through aggregate legal interests. The understanding of property as a set of legal relationships or set of rights has become popularly known as the property law approach.5 This construction allows for the ownership of things that have no physical form, such as a song, an episode of a television show, a brilliantly designed innovation or, for the purposes of this article, health data. In other words, the whole rights approach forms the basis of intellectual property.6 If physicians cannot withhold patient documents due to non-payment, there must be a mechanism in place to ensure that no records are hidden from physicians. In case of non-payment, the records will be returned to the doctors in a readable format. If a physician ceases to practice (for any reason), the employer, executor and/or medical authority will be notified, and a number of procedures will already be in place under state law.
In such cases, the files could not be filed with the trustee, as this would violate data protection laws. However, the trustee may be informed of the options available. However, this case should not be interpreted as categorically supporting the principle that information may (or may not) be property in itself. Boardman involved defendants who, because of their role in a trusted family, knew valuable information about a company (which held a minority stake in the company) and used that information to their advantage when they purchased a majority stake privately. This constituted a conflict of interest. The central issues in the proceedings were, first, whether the information belonged to the trust and, if so, whether the defendants owed the plaintiffs the profits they had derived from the sale of the company. This article has three objectives. First, it shows that individuals52 may possess certain arrangements, forms or representations of health information under intellectual property law, although English law has not yet established a definitive principle that a person may (or may not) possess information per se. Second, it shows that while intellectual property extends protection to health information, the owner of the property will rarely be the patient from whom the information was extracted. Third, by explaining some of the nuances of intellectual property rights, this section shows that a viable property system for health information should reflect the “architecture” of intellectual property frameworks. These include rules on inherent eligibility, eligibility criteria, scope and duration of protection, appropriate notification to third parties, and exemptions from liability and recourse. Without these features, a system of ownership of health information per se would collapse due to legal uncertainty and confusion.53 Why shouldn`t individuals own their medical records? Finally, these medical records contain their personal health information and were created for them.
Lab work is literally part of the patient – why would other people own it? It appears that doctors and patients have legitimate rights to the data contained in a medical record. One way to resolve the conflict is to invoke the principle of “commons,” which refers to shared resources. Ruth Linden, Ph.D., president of Tree of Life Health Advocates, takes a similar view: “My view is that no one should own a patient`s medical records per se because they are the joint construction of at least two parties: doctors taking patients` notes and patients taking their symptoms; Diagnostics; And the most intimate thoughts, behaviors and fears are inscribed there. As such, medical records rightly belong to a unique type of commons. (Wikipedia defines commons as cultural and natural resources accessible to all members of a society, including natural materials such as air, water, and habitable land. These resources are jointly owned, not privately owned.) Many believe that these questions can be answered by turning to an analysis of the properties of health data – by asking and answering the question “Who owns the information?” 14 And it is perhaps not surprising that many – the Minister of Health, hospital patients, NHS trusts, health professionals and researchers, pharmaceutical and diagnostic companies, biobanks, etc. – claim that they belong to him.15 Others argue that the law is clear: information cannot be possessed as a legal matter.