Last fall, the Office of Science and Technology Policy (OSTP) asked for input on whether and how to increase your ability to get and use your data. OSTP received 22 comments in response from companies, trade associations, advocacy groups, and individuals. The comments nearly equally were focused on data portability in general and the portability of health data specifically.
Benefits and Drawbacks
Many commenters praised the potential benefits for users and increased competition that greater data portability might bring, especially as data becomes ever-more important to products and services. Examples of benefits referenced in the comments include adding convenience; improving financial wellness; increasing user exploration of new services and complementary services; easing the burden of backing up data; increasing user control and user trust; lowering barriers to entry for services; and, at the most extreme, for health data, providing the ability “to stay alive and to be healthy.” However, at least one commenter was unconvinced that there was evidence of these benefits.
Commenters also raised concerns about the costs of data portability, especially those related to the work needed to create and maintain data portability. Cost concerns were also raised in relation to the increasing complexity of true data portability between services, particularly as the number of services continues to increase and no standard exchange format exists. Multiple commenters observed that data portability requirements might raise barriers to entry if they proved burdensome for new entrants to implement. Ensuring reciprocity between services offering data portability was also raised by multiple commenters as an important concern. These commenters also noted that services which used the data portability of others sometimes did not offer a similar level of data portability.
One commenter summed up the views expressed by many by saying “portability should be incentivized but not mandated.” While at least one commenter explicitly requested that additional legislation require data portability, many wanted it to be incentivized but not mandated outside of the few highly regulated industries already subject to it. The reasons given against additional government regulation ranged from believing that the market would self-regulate to believing that regulation would be inefficient, ineffective, not fit the various context dependent data portability needs, induce services to move overseas to avoid overly burdensome regulation, or be premature for rapidly developing industries. Commenters suggested that government could incentivize data portability by increasing consumer awareness of it, leading by example, and otherwise encouraging interoperability and open standards, such as through the Federal Trade Commission (FTC) or the National Telecommunications and Information Administration in the Department of Commerce.
Roughly half of the commenters limited their comments to health data and the unique opportunities and challenges it poses, as well as the experience of individuals and the industry over the last 20 years.
Access to your health data is already your legal right under the 1996 Health Insurance Portability and Accountability Act (HIPAA). In addition, over the last eight years, President Obama acted to modernize and expand access to healthcare along with giving better access to health data. This included significant investment to encourage adoption of electronic health records (EHRs), leading by example to give veterans and Medicare beneficiaries better access to their records through Blue Button, and establishing patient data access as a cornerstone for the Precision Medicine Initiative. These actions spurred significant change in the health care industry. In 2008, only 17 percent of physicians and nine percent of hospitals had a basic EHR. The rest used paper records—creating frustrating situations where patients and caregivers often had to print, fax, or hand carry their health information from physician to physician. Now, more than 96 percent of hospitals and 78 percent of physician offices use certified EHR technology.
As multiple commenters pointed out, access to health data and the ability to share it can save lives because health data is crucial to identifying the correct diagnosis and treatment. Some commenters also noted that lack of proper implementation of health data portability can drive up costs and lead to unnecessary retesting when providers can’t access the data they need about their patients.
Some commenters made specific suggestions about how the Administration can do more to increase the flow of health data, including convening bioethicists and data scientists around the issue, and launching a review of publicly-funded organizations that may be benefiting from data blocking. Some commenters advocated for additional legislation, while others pointed out that existing regulations and laws are adequate but simply need to have stronger enforcement. For example, multiple commenters suggested strengthening the power of the HHS Office of Civil Rights to enforce the individual right of access to health information. Another commenter urged the Office of the National Coordinator for Health IT to conduct more in-the-field testing of electronic health record certification requirements, to ensure that products are truly meeting Federal standards. However, some commenters cautioned that any attempts to strengthen policies around health data standards must be coupled with robust feedback from stakeholders and the affected community. Those commenters also cautioned that Federal standards requirements must be informed by on-the-ground experience, such as through rigorous pilot testing, to gauge how the standards are functioning in practice.
Importantly, commenters told us that the goals of better health data portability and patient access are not at odds with strong privacy and security protections—that data holders must strive to achieve both goals, and the Federal government has a role to play in influencing policy and guidance to help them. Many emphasized that HIPAA not only requires safeguards for patient privacy, but also a fundamental right of access to health information. In order to ensure that the health IT community is meeting both priorities—better data portability while keeping information safe and secure—commenters noted that clear and transparent communication with patients is key to build trust.
Ensuring data portability is a developing field, both internationally and in the United States. Article 18 of the European Union’s 2016 General Data Protection Regulation sets out data portability as a right for data subjects. This Administration’s Consumer Privacy Bill of Rights Framework and Draft Legislation both included rights to access your own data. Other laws, for example the Privacy Act, also guarantee differing levels of data access or portability for some types of data or data collectors.
Working with the private sector, the Obama Administration has made significant progress in increasing data portability through its My Data initiatives, launched in 2010. These include Blue Button for health data, Green Button for electric utility data, My Transcript for Internal Revenue Service data, and the My Student Data for Federal student data. In addition, companies across a variety of sectors have also independently taken steps to ensure data portability as a competitive feature for their users.
As data continues to increase in value both to users and services, ensuring that you have access to and control of your data will become ever more important and continued government, private sector, advocacy organization, and individual engagement will be critical. Thank you for engaging in this comment process, and, you may read the full comments in human readable form or access them in the portable JSON format.
Alexander Macgillivray is a Deputy U.S. Chief Technology Officer in the White House Office of Science and Technology Policy.