Life, Death and Data: The importance of owning one's medical data

As a cancer survivor, I’ve come to embrace my identity as the patient from hell. During my 19 month journey from diagnosis to remission, I learned the importance of advocating for myself and the crucial role that patient data plays in the health care process.

Key to the life of a patient is the patient’s data. As a cancer patient, it’s not unusual to seek care from multiple hospitals and health systems, in search of the best doctors, treatments, and supportive care. While a handful of “integrated systems” offer a range of services under one umbrella, many of us are not fortunate enough to have access to these more sophisticated systems, which are often affiliated with research institutions in major cities. Even when we do, we may also have specialists at other centers or local doctors that are providing some services, as a cancer patient may have to visit cardiologists, dermatologists, or any other handful of specialty clinicians. Each one of these visits generates data—from case notes and billing codes to scan images, lab work, and more.

I was diagnosed and treated for cancer in 2020-2021. Most of us would expect that in these recent years, health data would be both digital and accessible. Still, in order to obtain my scans, I had to navigate multiple systems, make countless phone calls, and ultimately, I received image files on a CD. A CD! In this digital age, it’s almost absurd to think that such archaic technology formats are still being used to store and transfer important patient information.

I’m not frustrated only by the use of outdated technology, but also by the sheer inconvenience and lack of transparency plaguing patient access to health systems in general and health data in particular. As a patient with a life-changing cancer diagnosis, I was consumed with worry and uncertainty, trying to figure out what the next steps were in my treatment. And yet, the systems that were supposed to be helping me often added significantly to my stress and confusion. On one hand, health care systems can sign away full access to my data to other companies such as data analytics and consulting firms without my knowledge and while still complying with HIPAA requirements under a “Business Use Agreement”, but in order for me, a patient, to sign a form releasing my information about myself to myself, I had to purchase a fax machine because of the health system’s rules. In another case, I had to drive over an hour to another hospital location to collect a CD in person. And I had to buy an old laptop off eBay with a CD-ROM drive to be able to read my own test results.

I’m simply describing one moment that transpired during this journey. My story of fax machines and CD-ROMs is just one example of challenges that patients face. This challenge may seem unrelated to the care that patients receive, but it potentially impacts everything downstream when it comes to making sure the right information is in the right hands to make the best clinical decisions and get the best health outcomes for every individual.

Patients need easy access to our data. We need to know it is secure and kept private. While the federal laws of the US purport to guarantee that, the systems we have deployed are inadequate to achieving the stated goals. In reality, there are many shortcuts and workarounds that allow health care systems or electronic health record companies to claim they are following all of the rules while simultaneously making data access difficult for patients but easy for commercial data partners. Patients deserve to get all of their health care related data (clinical, administrative, and financial) easily, digitally, and in a digitally-portable fashion that can integrate across systems and travel with them if they change insurers or doctors. We deserve to know where our data is getting transferred, who has it, and what they are using it for, even when it is de-identified. If our data includes a significant portion of our record or if it includes imaging scans, pathology, genomic, or molecular data, or lab values, we should be told.

In the US, while the 21st Century Cures Act rules that went into action on October 6, 2022 were designed to open patient access to digital data, those who currently hold the keys to patient data—health systems, electronic health records companies, diagnostic labs, and others—have asked the Department of Health and Human Services for an extra year to comply. Patients shouldn’t have to wait. This access and transparency is already well overdue.