As the leader of a company specializing in Healthcare Data Reporting and Analytics and the handling of vast amounts’ of patient data, I often get the question, “Who owns my data?”
Even after six years in this business, I am shocked at the lack of understanding on this subject, as well as its polarizing effect. Here at Azara Healthcare, from day one, our position has always been that patient data found in the Electronic Health Record (EHR) belongs to the patient. Everyone that records, accesses, modifies and reports on the data along the way is just the custodian of the information. So, while contractual relationships between patient and care giver, medical practice, and software vendor may dictate terms of use of the data, the ownership of the data should always remain with the patient. Of course, the picture gets more complicated as one begins to aggregate data from multiple sources (enrollment, claims, acute care facilities, etc.). Again, using the custodian metaphor, we believe the ownership of the patient information forms in the relationship between the patient and the entity sharing the data. For example, a Health Plan may own its member data, where a health care facility is a custodian based on a patient relationship.
When I tell those concerned enough to ask me about data ownership that Azara is just the custodian of the data, they typically shoot me a skeptical, puzzled look. They think, “How can a company that transfers the vast majority of my patient records into its cloud-based data repository say that they don’t own my data?” While I cannot speak for other solution providers, at Azara, possession does not equal ownership it equates to trust, a trust we must work hard to maintain every day.
For reporting and analytics providers such as Azara to assure that its clients and partners are comfortable with data ownership, data governance, and data usage, we as an industry, must be clear and transparent about what we will and won’t do with our client’s data. We need to publish and communicate our data use policies in clear, easy to understand language. We need to make our data use policies and rights visible within our contracts, and pro-actively discuss these issues with our prospects and clients.
Speaking specifically for Azara Healthcare, I want to clearly state that we do not take ownership of any of our client data, none of it! We never have and we never will. Our client contracts are very specific that “All Subscriber Data shall remain the sole property of Subscriber or its Members, as the case may be, subject to the other terms of this Agreement.” Beyond this, Azara does secure from its clients the appropriate rights and permissions to use the patient data for us to deliver our reporting and analytic services, including benchmarking. Ownership and usage notwithstanding, everything we do is structured in a manner that assures both Azara and our clients are abiding by Security Standards and Privacy Regulations such as HIPAA, HITECH, etc., about how we manage and use client data. Our contracts go on to say that should opportunities to use, sell, or resell client data in our custody arise that Azara will communicate requests to our clients and determine if they are interested. In all cases, whether transferring data to a client’s payer, state agency or another third party, Azara secures written authorization before sending any information (PHI or not) to any entity whatsoever.
So, the next time you are wondering about ownership of your data, ask your vendor. If you do not receive a clear answer that says you own it, it might be time to look elsewhere.
Up next: “Let My Data be Free” – Access to your data in the world of cloud-based applications.