Access Controls and Healthcare Records: Who Owns the Data?

Access Controls and Healthcare Records: Who Owns the Data?
Communications of the ACM, July 2019, Vol. 62 No. 7, Pages 41-46
By CACM Staff

“RICHARD MCDONALD: Questions come up as to who actually owns those records, who looks after them, and who needs to have access to them.”

“TERRY COATTA: If you’ve got all these data silos floating around in the world, you would think there would be some standards related to information interchange. Or is it basically just the Wild West out there?”

“DAVID EVANS: Our goal is to provide a view of a patient’s records that not only doctors and pharmacists are able to share, but that can also be available to the patient. This is something that’s actually possible today.”


You need not be an expert with years of healthcare data-management experience to conclude the field is a hot mess. One visit to a hospital, clinic, or pharmacy can convince you of that. Burdened by legacy and fragmented into silos so alien from one another they can scarcely communicate, healthcare recordkeeping has for decades frustrated any and all efforts to unify it.


The underlying reason couldn’t be more obvious: Each clinic, hospital, practice, and pharmacy operates its own isolated record-management system. The platforms and techniques vary from organization to organization, with almost no provisions having been made to share any of the information.


But what if these records were handled in more of a patient-centric manner, using systems and networks that allow data to be readily shared by all the physicians, clinics, hospitals, and pharmacies a person might choose to share them with or have occasion to visit? And, more radically, what if it was the patients—rather than the providers—who were considered to actually own the data?


It was with thoughts like these that a Toronto-based startup called Health-Chain set out to create a platform for managing a patient’s medication profile on the basis of relationships established between patients and their various providers.


That vision became the challenge that HealthChain CTO David Evans took on, drawing on 25 years of work in the financial industry on portfolio management and quantitative research systems. In the years that led up to his transition to healthcare, he found himself increasingly intrigued with the possibilities of applying emerging digital identities and block-chain technologies to the creation of more efficient government services. Now he has an opportunity to put some of those ideas to the test.


To provide some insight into how HealthChain is addressing the medication profile–management challenge, Evans is joined in discussion here by Richard McDonald, a recently retired IBM Distinguished Engineer, and Terry Coatta, the CTO of Marine Learning Systems, a Vancouver-based startup working to develop a learning platform.

Read the article »