< Blog Home

I own my Health Data


It’s a familiar story. We sit in waiting rooms filling out the same information on clip boards. We tote zip lock bags of old pill bottles that tell a better story than we can remember. Folders of visit summaries, notes, and instructions bulge into binders, into boxes. We show up unconscious without histories.

Over the past decade the healthcare industry has spent billions digitizing our care. Yet when we meet a new doctor, we often start with blank slates and end up helplessly digging through fading memories of prior diagnoses and treatments.

As patients, we have a right to our data. We have the right to obtain it from our disparate providers and the health systems that house them. We have the right to combine these records, to analyze them, to share with our families, our next doctor, whoever we please. We have the right to be engaged in our care. And yet we’re helpless.

Although we bear these rights, we currently have no means to benefit from them. When we request our data from our health systems, we are met with furrowed brows, often charged, and finally left unfulfilled with a stack of paper or a “PDF saved onto a DVD”. (My computer doesn’t even have a disc drive…) Either way, the only mechanisms to combine, analyze, and share our health data is a slog into an analog death march.

privacy policy

This is a screenshot of my provider’s privacy policy. This is miles from what the October 16, 2015 Meaningful Use Stage 3 updates require:

For the provider to implement an API under our proposal, the provider would need to fully enable the API functionality such that any application chosen by a patient would enable the patient to gain access to their individual health information provided that the application is configured to meet the technical specifications of the API. Providers may not prohibit patients from using any application, including third-party applications, which meet the technical specifications of the API, including the security requirements of the API.

(Check out the full ruling here.)

If I had electronic access to my data I could authorize applications to use it discretely. I would use apps to help me decipher what I’m looking at, what I’m dealing with. I would use apps that helped me benchmark, find alternatives, and shop. I would use apps that would help me find networks of others like me with the same comorbidities. I would engage family members and care teams in my survival. I would share my records with my future providers. I have the right to be an engaged patient. Don’t give me a PDF.

These apps I speak of exist—and many more would if the developers could build them into an infrastructure supported by patient-authorized data exchange. I talk to innovators and app developers every day who are devoting their careers to bringing better technology into healthcare. But in our current state, the health system is the entity who decides who to share your data with. They designate software vendors as their “business associates” and implement an interface to turn on a fire hose of discrete clinical data. Where is the patient in this? We’re absent.

As patients, we need the ability to authenticate, retrieve, and share our data electronically. This is our right. At Redox, we’re exploring ways to do just this. With our technology, we could empower patients to authorize applications to discretely use their data that’s hosted within electronic health records on premise at their health systems. Here’s how it could work:

Potential Patient Authentication Workflow with Redox
  1. Patient chooses application she wants to use, picks her health system, and fills out basic demographic information.
  2. Redox passes this information in a Patient Search API to find a match at that health system.
  3. If a match is found, the patient must verify she is who she says by answering a few questions about her medical history. (Think credit check questionnaire.)
  4. Once verified, the patient authorizes the application to use her most up-to-date information from that health system for a specified amount of time.

This workflow doesn’t exist yet, however there are clear legal and technical pathways for it. We could have this up and running in months, not years. It’s a vision that I’m extremely passionate about as a patient and healthcare technologist. Allowing patients to authenticate applications to use their data will open up a new era of possibilities in application development. This is the only way to truly democratize health tech adoption: patients need to be able to exercise the right to their data.

If you’re an application developer or work at a health system, please let me know if this resonates with you. We’d love to work together to make this a reality for the patients you serve.

Alternative Text
Written by Niko Skievaski