Who should play point guard on healthcare data security, user privacy?

When it comes to healthcare data security, data sharing and protecting user privacy, there is no doubt that all are top concerns that demand attention and a solution.

But one thing there isn't universal agreement on is how much of the responsibility for data security and access should fall on vendors, third-party data services and us as individuals.

To that end, it was interesting to read recent comments by Vint Cerf, vice president and chief Internet evangelist for Google. A Wall Street Journal blog post quotes Cerf, speaking at a cybersecurity lecture at NYU's Tandon School of Engineering last week, as saying that individuals should be in charge. "They should have the ability to say no, I don't want this device because I don't want to be forced into providing that information," he said.

He then said that the "fine print" on user device agreements needs to be more clear.

I'm not going to quibble with Cerf, as I agree with all of his points.

What I would like to know, though, and what I would have asked Cerf, is who he believes should take the lead in ensuring users have control and are provided the opportunity to make such decisions.

That is the crux of the issue: who is going to play point guard on ensuring my data is used how I want it to be used, and shared. Should it be my smartphone maker or the network provider I'm using to collect and house that data? Should it be the app maker, whose software I downloaded is collecting my healthcare data? If it's an app that my doctor prescribed, should he be responsible for ensuring the data is protected and shared appropriately? If my insurance provider wants the data and gave me an incentive to use an app to get that data, should they play a role?

The good news is that there are so many potential responsible parties; the bad news is that there are so many potential responsible parties.

I asked ACT | The App Association Executive Director Morgan Reed for his view on Cerf's statements and solving the dilemma. He pointed out that some big platform providers have already stepped up to make a strong commitment to privacy, citing how Microsoft's HealthVault incorporates over 371 devices into its storage and management system and puts the user in control of who gets to see, use, add and share health data and what apps can have access to that data.

Apple has taken a similar approach with its HealthKit, Reed said, as it allows apps and devices to work together in one safe, secure place, providing a user with a complete picture of their health via the Health app.

Reed also noted how consumers, patients and physicians "place greater value on companies they can trust with sensitive health information."

That's a starting point, at least. Maybe the final solution will feature a list of responsible parties that melds vendors with innovative providers and leading payers, all of whom realize the value proposition in assuring consumer data is safe. - Judy (@JudyMottl and @FierceHealthIT)