The Fund supports several networks of state health policymakers to help identify, inspire, and inform policy leaders.
The Fund identifies and shares policy ideas and analysis on topics important to state health policymakers, particularly on issues related to state leadership, primary care, aging, and health care costs.
Keep up with news and updates from the Milbank Memorial Fund. And read the latest blogs from our thought leaders, including Fund President Christopher F. Koller.
The Fund publishes The Milbank Quarterly, as well as reports, issues briefs, and case studies on topics important to health policy leaders.
The Milbank Memorial Fund is an endowed operating foundation that aims to improve population health by connecting leaders and decision makers with the best available evidence and experience. It does this work by:
The Milbank Memorial Fund is an endowed operating foundation that publishes The Milbank Quarterly, commissions projects, and convenes state health policy decision makers on issues they identify as important to population health.
I. Glenn Cohen
Daniel B. Kramer
Back to The Milbank Quarterly
Context: Millions of life‐sustaining implantable devices collect and relay massive amounts of digital health data, increasingly by using user‐downloaded smartphone applications to facilitate data relay to clinicians via manufacturer servers. Whether patients have either legal or normative claims to data collected by these devices, particularly in the raw, granular format beyond that summarized in their medical records, remains incompletely explored.
Methods: Using pacemakers and implantable cardioverter‐defibrillators (ICDs) as a clinical model, we outline the clinical ecosystem of data collection, relay, retrieval, and documentation. We consider the legal implications of US and European privacy regulations for patient access to either summary or raw device data. Lastly, we evaluate ethical arguments for or against providing patients access to data beyond the summaries presented in medical records.
Findings: Our analysis of applicable health privacy laws indicates that US patients may have little access to their raw data collected and held by device manufacturers in the United States under the Health Insurance Portability and Accountability Act Privacy Rule, whereas the EU General Data Protection Regulation (GDPR) grants greater access to device‐collected data when the processing of personal data falls under the GDPR’s territorial scope. The California Consumer Privacy Act, the “little sister” of the GDPR, also grants greater rights to California residents. By contrast, our normative analysis argues for consistently granting patients access to the raw data collected by their implantable devices. Smartphone applications are increasingly involved in the collection, relay, retrieval, and documentation of these data. Therefore, we argue that smartphone user agreements are an emerging but potentially underutilized opportunity for clarifying both legal and ethical claims for device‐derived data.
Conclusions: Current health privacy legislation incompletely supports patients’ normative claims for access to digital health data.
Keywords: health policy, implantable cardioverter-defibrillators, pacemakers, HIPAA, GDPR.
Read on Wiley Online Library
Get the Latest from the Milbank Memorial Fund
The Milbank Quarterly’s multidisciplinary approach and commitment to applying the best empirical research to practical policymaking offers in-depth assessments of the social, economic, political, historical, legal, and ethical dimensions of health and health care policy.