Patient data ownership: who owns your health?

Abstract

This article answers two questions from the perspective of United Kingdom law and policy: (i) is health information property? and (ii) should it be? We argue that special features of health information make it unsuitable for conferral of property rights without an extensive system of data-specific rules, like those that govern intellectual property. Additionally, we argue that even if an extensive set of rules were developed, the advantages of a property framework to govern health information would be slight: propertization is unlikely to enhance patient self-determination, increase market efficiency, provide patients a foothold in the data economy, clarify legal uses of information, or encourage data-driven innovation. The better approach is to rely less, not more, on property. We recommend a regulatory model with four signature features: (i) substantial protection for personal health data similar to the GDPR with transparent limits on how, when, and by whom patient data can be accessed, used, and transmitted; (ii) input from relevant stakeholders; (iii) interoperability; and (iv) greater research into a health-data service, rather than goods, model.