HIPAA Regulatory Alert: Who should own patient info to protect privacy?

Journal author examines patient ownership

Patient ownership of data included in electronic health records (EHR) offers little improvement over the protections provided by the Health Insurance Portability and Accountability Act (HIPAA), according to an article in the American Medical Association's Journal of Ethics, Virtual Mentor.1

As more healthcare organizations implement electronic health records and collect and store patient information in formats that can easily be transmitted and shared, the issue of the best way to protect privacy of information has been raised. Author Barbara Evans looks at the perceived benefits of patient ownership of data and the actual protections under HIPPAA. If patients owned their data, the same legal workarounds that infringe upon property rights — public health considerations and eminent domain — would apply to health information. While patients are concerned about the use of their information for research and development of services to improve patient care, patient ownership of information would provide no more protection than already provided by HIPAA.


1. Evans B, Would patient ownership of health data improve confidentiality? Virtual Mentor 2012; 14(9): 724-732.