Don’t Let EHR Vendors Own Your Data

In a recent blog posting, John Moore and Rob Tholemeier of Chilmark Research ask the question: “Who’s Data is it Anyway?” Your electronic health records data is not the property of your vendor and there are things you can do about it, they contend. Here’s the blog:

Get access to this article and thousands more...

All Health Data Management articles are archived after 7 days. REGISTER NOW for unlimited access to all recently archived articles, as well as thousands of searchable stories. Registered Members also gain access to exclusive industry white paper downloads, web seminars, podcasts, e-books, and conference discounts. Qualified members may also choose to receive our free monthly magazine and any of our e-newsletters covering the latest breaking news, opinions from industry leaders, developing trends and specialized topics like EHR's, revenue cycle management, health insurance exchanges, analytics, and more!

Already Registered?

Forgot Password/Need Help?
Comments (3)
Two very good comments so far although I would like to expand on both. Deborah, you stress the idea of patients owning the data but as Philip asks, what does that mean? Is the patient responsible for the data? What is the healthcare provider's responsibility? Is the provider's responsibility merely to keep the data from theft of misuse? If so, it would be in the provider's best interest to give the data to the patient before leaving the office or hospital and deleting all copies of the data once the patient walks out the door.

I do agree that the data belongs to the patient in the sense that the patient should always have access to and control over the distribution of their own private health information. I also agree that a software vendor should never have any rights to a patient's private health information. Having said that, Philip makes another good point in that some healthcare providers do not have the capacity to maintain, distribute, or migrate data of this complexity.

Finally, for those healthcare providers that do have the capacity to manage and manipulate the healthcare data, how can the software vendor be safely extracted from this circle (or triangle)? When the provider is ready to move on to their new vendor, what access is there to the data? It is certainly stored in a database with a proprietary schema. The vendor cannot be expected to share their intellectual property to facilitate a former customer in their move to a competitor. Even if a standard data object, such as CDA, were to be used to deliver the data to the healthcare provider (customer), to extract the data from a huge collection of data objects and ingest them into a new database is anything but trivial. That also doesn't address schedules for future appointments or the site specific collection of consent forms, patient letters, worksheets, and any other forms used daily within the EHR.

This is by no means a complete picture of the complexity of managing private healthcare information. I've not even begun to discuss document imaging, patient ID management, provider IDs, billing codes, interfaces to other information systems, and on and on. There are noble and altruistic ideas of who owns what and who is responsible. There are clear changes that must be made but only with careful consideration of the ripple effect. The HITECH Act is one recent example of a change made with a wide net that was targeted to a narrow user base but applied to a much broader set of users.

The author's highlighted objective of not granting any rights of the patient's private healthcare records to the software vendor is a Very good first step.
Posted by smunie | Monday, November 25 2013 at 12:56PM ET
This is a great topic and I appreciate the opportunity to discuss it. My question is this: How do you define data ownership? It seems to me that from a patient's perspective it involves privacy. Who has access to it and how it can be used. There is virtually no consideration however to how it is maintained or physically exchanged between disparate information systems. From a Provider perspective data ownership is about flexibility to choose "Best of Breed" applications and solutions as they become available without being controlled by a vendor. There's no doubt that a vendor's perspective on data ownership involves a continued revenue stream after the initial sale, but they are the only parties in this triangle of ownership with the ability to ensure that the data will be be available for use as systems evolve and they are uniquely responsible for satisfying evolving regulatory requirements. Given the rate of change in the EHR space, does it not make sense then to keep the vendors funded in order for them to continuously develop the systems that support continued, reliable access to electronic health records?
Posted by PHILIP M | Thursday, November 21 2013 at 12:18PM ET
BRAVO to John Moore and Rob Tholemeier of Chilmark Research!!!

It's GREAT to see top industry analysts FINALLY say what Patient Privacy Rights and the bipartisan Coalition for Patient Privacy have been saying for years: health data belongs to patients!

EHR vendor contracts that allow the vendor to own, use, or sell OUR personal data are frankly unethical, illegal, and violate Americans' VERY strong existing rights to health information privacy.

Further: many states require physicians to adhere to the AMA Code of Ethics---which requires patient consent for all routine disclosure of information---as a condition of licensure. Illegal, unethical industry vendor contracts have been used for years. Paul Tang has written and been quoted about this systemic industry practice.

Check out PPR's website: and also year PPR holds International Summits on the Future of Health Privacy in Washington DC, co-hosted by Georgetown Law Center---its free to attend or watch via streaming video.

Deborah C. Peel, MD
Founder and Chair, Patient Privacy Rights
Posted by DEBORAH P | Thursday, November 21 2013 at 9:54AM ET
Add Your Comments:
Not Registered?
You must be registered to post a comment. Click here to register.
Already registered? Log in here
Please note you must now log in with your email address and password.


Slide Shows

Already a subscriber? Log in here
Please note you must now log in with your email address and password.