The Health Information Technology for Economic and Clinical Health Act (HITECH) successfully encouraged widespread adoption of electronic health records (EHR). Their suitability for “big data” analysis make EHR data immensely valuable for secondary research, which could help scientists develop new drugs, medical devices, and public-health knowledge. Thus far, EHR data have not been widely available to academic medical scientists in quantities sufficient to support big data analysis. Instead, the data are aggregated, analyzed, and sold by insurance companies, EHR vendors, and other medical informatics firms. This Note argues that the advent of the EHR data market is a direct result of HITECH’s interaction with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) (together, the “Privacy Regime”). The Privacy Regime (1) establishes the necessary preconditions for the EHR data market; (2) funnels EHR data towards a few large firms; and (3) prevents others, including academic scientists, from acquiring data in similarly large quantities.
The Privacy Regime has radically changed medical research regulation. Traditional clinical trials and retrospective studies are governed by the familiar safeguards of medical ethics including IRB review, peer review, and publication. But under the Privacy Regime, private-sector EHR-based studies are not subject to any ethical review. This result subverts the fundamental principles of medical ethics and inhibits socially valuable public-sector research. This Note proposes reforming the Privacy Regime to subject all medical research to ethical review and to incentivize private firms to share EHR data with academic researchers.
The full text of this Note can be found by clicking the PDF link to the left.