Patient Data Ownership: Who Owns Your Health?
Journal of Law and the Biosciences
Oxford University Press (OUP)
MetadataShow full item record
Liddell, K., Simon, D., & Lucassen, A. Patient Data Ownership: Who Owns Your Health?. Journal of Law and the Biosciences https://doi.org/10.17863/CAM.68658
This Article answers two questions: (1) is health information property?, and (2) should it be? These questions underpin vocal debates across the globe about data ownership in data-driven health economies. Answers are not straightforward. In this Article, we provide answers to these questions from the perspective of law and policy in the United Kingdom (“UK”), comparing this where appropriate to other legal regimes. In the UK, the legal system recognizes property in information through special intellectual property laws, typically granting first ownership to health professionals. The courts have been hesitant to go further despite the absence of an established legal principle against ownership of information per se. The legal position is similar in many other countries, including various European countries and the United States. Western countries tend to protect and control health information in many non-proprietary ways; most notably via data protection laws such as the GDPR and HIPAA wherein patient consent is highly significant, but not always required. This leaves open the question whether the law should recognize property in health information per se. We argue that special features of health information make it unsuitable for conferral of property rights. Unless an extensive framework of rules were developed, similar to the rules covered in intellectual property frameworks, a system of property in health information per se would collapse from legal uncertainty and confusion. Rules would need to address eligible information, qualifying criteria, scope and duration of property protection, fair notice for third parties, and exceptions from liability and remedies. Moreover, the policy advantages of doing so would be slight—propertization does not enhance patient self-determination, increase market efficiency, provide patients a foothold in the data economy, clarify legal uses of information, nor encourage data-driven innovation. The better approach is to rely less, not more, on property. We recommend a regulatory model with four signature features: (1) substantial protection for personal health data similar to the GDPR with transparent limits on how, when, and by whom patient data can be accessed, used, and transmitted; (2) input from relevant stakeholders; (3) interoperability; and (4) greater research into a health-data service, rather than goods, model.
Liddell gratefully acknowledges the support by the Novo Nordisk Foundation for the scientifically independent Collaborative Research Program for Biomedical Innovation Law (grant NNF17SA0027784). Simon gratefully acknowledges the financial support from the Academy of Finland research project, Fairness, Morality and Equality in international and European Intellectual Property Law (FAME-IP). All authors gratefully acknowledge support from the NIHR Southampton Biomedical Research Centre.
Novo Nordisk Foundation (via University of Copenhagen) (NNF17SA0027784)
Embargo Lift Date
This record's DOI: https://doi.org/10.17863/CAM.68658
This record's URL: https://www.repository.cam.ac.uk/handle/1810/321539
All rights reserved