Industry Voices—Returning the control of health data to the consumer

The EU's General Data Protection Regulation ensures better data protection and privacy for all individuals by enhancing their rights when it comes to the handling of their personal information. (marchmeena29/GettyImages)

The vast amount of data available in today’s technology-driven and hyperconnected society is astounding. We create data everywhere we go with our smartphones, tablets and laptops, and the increasing prevalence of the internet of things means that even more of the devices we interact with on a daily basis are gathering and sharing information.

The application of this information through the creation and interpretation of large data sets, i.e. big data, is becoming an increasingly valuable economic force. Organizations in both the public and the private sectors are leveraging big data across industries, including healthcare, to develop more effective practices, inspire innovative breakthroughs and better serve consumer needs.

The growing role of data in our lives and the data trading markets that have arisen raise important questions about data access and ownership. Who rightfully owns data, the individual creating it or the organization collecting it? Who has the right to access all of this information, and what are they allowed to do with it? Who ultimately has more control when it comes to data use, the individual or the organization? 

RELATED: Privacy experts skeptical of Facebook's moves to protect sensitive health information

Unfortunately, there is not a clear answer to these questions because in many cases our laws simply have not caught up yet. When it comes to electronic health records in the U.S., providers are technically the owners (in every state except New Hampshire) since the data is recorded and stored on their IT systems.

One example of new data-related legislation, which came into effect last year, is the General Data Protection Regulation (GDPR), enacted by the EU. The goal of the law is to ensure better data protection and privacy for all individuals by enhancing their rights when it comes to the handling of their personal information.

The new rules require organizations to ensure that consumers explicitly consent to data collection and clearly understand the type of information being collected. Individuals in the EU now have the right to access their personal data, to request corrections to inaccurate data, and to restrict the use of their data. Although the full impact of the GDPR remains to be seen, it is a step in the right direction towards consumer empowerment when it comes to data.

RELATED: Senate privacy bill aims to set new federal standard for consumer health apps

There is no doubt that big data will continue to shape the future of healthcare. It is being used to predict epidemics, cure diseases, provide better preventative care, and lower costs, among other positive things.

However, individuals have a surprising lack of control when it comes to their own health information. They are often asked to sign away health data ownership via blanket consent forms at times when they are scared or vulnerable, such as before surgery. Consumer rights need to be evolving alongside the use of data in healthcare. 

The future of healthcare should center around individuals being able to easily access their own comprehensive health data and manage the use of it on their own terms.

Chrissa McFarlane is the founder and CEO of Patientory, Inc., headquartered in Atlanta. McFarlane founded Patientory in December 2015 after seeing the need in the market for more personalized and secure consumer-driven health information management solutions.