From Larry Emmott’s newsletter Feb 2012 and other resources………time to start making inquiries……
Who owns the digital records you keep; who owns the data. I bring this up because EHR is “here” in Canada, paperless is no longer just a name and encryption of records is to be mandated in Ontario…..no one from the committee on encryption at the RCDSO will respond to the request for clarity and transparency and that in and of itself gives me severe intestinal cramping. Granted, the request has come on this blog; however, it’s a small community, the request for information in advance has been made which should be worthy of at least a refusal for “unspecified” reasons, but nooooooo…. Two words that come to those of you who use Google Analytics for your website – data mining and leverage…..the data you collect is valuable, but is it ethical and professional to use it as such outside the confines of your particular business. Will there be a standard for encryption, who will provide it, what happens if my PMS (seriously, stop laughing) vendor hasn’t committed to the necessary upgrades, yadda, yadda, etcetera and anon…………this will impact hugely on your practice, regardless of where you work, because like a train in the night, the light can be seen, the rumble can be felt, but the raw force can only be appreciated when it roars through the station………begin the process of asking questions “in advance”…….playing catchup, like using analgesics after the pain starts is never effective.
Electronic medical / dental data is accumulating at an incredible rate, including everything from the last time a patient got a prophy to their total genome. When you, as a dentist, use a dental practice management system (PMS) like Dentrix you are creating more digital data about each patient. Who owns that data? Strictly speaking this is not just a technology question it is a deeper philosophical question. However digital records make it more significant as digital records are much easier to use, to copy, to transmit and to search. If you ask the PMS vendor (Dentrix or Eaglesoft) who owns the data the immediate answer is that the dentist owns the data. What about a cloud based system like Curve where the data is not even stored in the dental office but in a server somewhere in the cloud that we can only access using the Curve online application? Again Curve is adamant that the dentist owns the data but arguably the lines of ownership are even murkier. On the other hand there is a very strong case backed up by HIPAA that the patient owns the data. But do they? Doesn’t the person, in most cases the medical person, who created the data and has responsibility to act on the data have some interest? If I have a bunch of patient data stored on my server the data is there because I created it as a byproduct of doing business. As the creator do I own it or does each patient own their own and am I just the custodian? Are patient records and the valuable data they contain intellectual property that I own and control as if I had created a text book or novel?
The critical question, “Who owns the data?” the only acceptable answer is the dentist owns the data. However that also means the dentist must be able to exercise the usual functions of ownership. Only the dentist can decide who has access to the data. And the dentist can decide to take the data somewhere else at any time. And the data must be available in a readily transferable and accessible format, not a proprietary format only the Practice Management Program can use. Currently acceptable data base formats would be any fully relational data base such as SQL or Oracle. All the vendors will readily agree that the dentist owns the data, at the same time they often create obstacles in the form of proprietary file formats, (That’s the three or four letters after the period in a file name, such as .jpg for a photo) selected data base structures which don’t allow access to some data elements and data files which can not be identified with out using the original software. Any dentist who has tried to switch from one computer program to another knows it is difficult or impossible to get all the data transferred.
The amazing features of digital data that make it so useful and powerful, such as ease of use, rapid access and instantaneous transfer also make it susceptible to abuse. If I have a bunch of patient data stored on my server; do I own it? The data is there because I created it as a byproduct of doing business. As the creator do I own it or does each patient own their own and am I just the custodian? Are patient records and the valuable data they contain intellectual property that I own and control as if I had created a text book or novel? If I own it, I should be able to exercise the basic rights of ownership including selling the data. However as a dentist I can only sell the data in a very proscribed fashion. I can sell to another dentist buying the practice but I cannot sell to a drug company looking for customers.
As a dental professional I am obligated ethically and legally to protect much of the data as confidential. Even if I sell the data in an acceptable fashion the fact is the buyer is usually restricted in how he or she can access and use the data. Generally the user can only fully access the data using a specific PMS and even then there are lots of limitations. By the way as an aside you never actually own the PMS software, even if you bought and paid for it, you just own a license to use it. If I have the data but can’t access parts of it or more commonly can’t transfer parts of it do I really own it? Back to Apple and the idea that they would create a system that allows a third party to control some aspect of your iPhone. If they can do that what is there to stop a software provider from embedding code that will only allow you to share data with selected others. For example you could only use selected e-claims companies. Or you could only share a radiograph with a proprietary viewer. Who owns the data? If I own it, I should be able to exercise the basic rights of ownership including selling the data. However as a dentist I can only sell the data in a very proscribed fashion. I can sell to another dentist buying the practice but I cannot sell to a drug company looking for customers. As a dental professional I am obligated ethically and legally to protect much of the data as confidential. Even if I sell the data in an acceptable fashion the fact is the buyer is usually restricted in how he or she can access and use the data. Generally the user can only fully access the data using a specific PMS and even then there are lots of limitations.
