what are the goals of the reservatory?
We are currently seeking funding in order to: (1) explore the technical feasibility of secure personal health-data repositories, (2) conduct structured interviews with multiple stakeholders to assess potential interest from the public, to discover potential regulatory roadblocks and whether they may be mitigated or avoided, and (3) to develop a scalable growth strategy necessary to ensure the Reservatory can become economically sustainable. While the Researvatory is currently not building a product, our ultimate goal is to build the technical infrastructure necessary for individual health repositories. Subsequently, we plan to establish the first personal health-data broker (a separate corporation) designed to integrate with the Reservatory in order to facilitate health-data transactions between individuals and institutions.
isn't it dangerous to let people directly control access to their data?
Potentially, yes. It is certainly possible to envision scenarios in which people have agency over their data and this leads to negative outcomes. This is an inevitable possibility with any rights granted to individuals or to institutions. We belief the better questions concern the nature of the tradeoffs involved under current and proposed systems, and whether there is a strong case for maintaining the status quo.
What are the societal benefits of individual self-agency?
- The development of a personal health services economy.
- A new, and effective means of philanthropy - both private and public - becomes possible. For example, wealthy individuals, corporations or governments may sponsor programs aimed at building the personal repositories of members of undeserved communities. This increases the unrealized financial capital in these communities, and promotes their engagement with objective measures of health.
- The ability to specify what happens to ones data after death. Options may include the naming of data stewards or custodians (an individual or institution) with certain contractual rights. Our belief is that after death, there is a moral responsibility to allow ones data to benefit humanity, however, there may arise circumstances where this default position should be altered.
What are the harms associated with the current system
how does hippa relate to individual self-agency?
HIPPA is nominally in alignment with the principles motivating the creation of the Reservatory, though it leaves a lot to be desired. HIPPA is not a law about health data per se. Instead, it is a law governing doctors, insurance companies, and their business associates. The end result is that your health data may be sold without your direct consent (without violating HIPPA), and even in some circumstances with personally identifying information included (potentially violating HIPPA). As an example of the latter, consider the recent case of Cedars-Sinai Medical Center selling patient data to advertisers including Meta and Google.
"The [HIPPA] Privacy Rule standards address the use and disclosure of individuals’ health information (known as protected health information or PHI) by entities subject to the Privacy Rule. These individuals and organizations are called “covered entities.”
The Privacy Rule also contains standards for individuals’ rights to understand and control how their health information is used. A major goal of the Privacy Rule is to make sure that individuals’ health information is properly protected while allowing the flow of health information needed to provide and promote high-quality healthcare, and to protect the public’s health and well-being. The Privacy Rule permits important uses of information while protecting the privacy of people who seek care and healing.
[...]
While the HIPAA Privacy Rule safeguards PHI, the Security Rule protects a subset of information covered by the Privacy Rule. This subset is all individually identifiable health information a covered entity creates, receives, maintains, or transmits in electronic form. This information is called electronic protected health information, or e-PHI. The Security Rule does not apply to PHI transmitted orally or in writing."
[source: https://www.cdc.gov/phlp/publications/topic/hipaa.html]
While the Reservatory cannot restrict access to health-data already being used by covered entities and (the "business associates" of covered entities) legally granted a degree of access to individual data under HIPPA, we can work to create awareness and to enable greater self-agency.
Importantly, HIPPA does ensure that individuals can send - or have sent - their personal health data to a 3rd party. This is the ultimate legal foundation for personal health repositories.
[source: see Your Health Information, Your Rights! - PDF at https://www.hhs.gov/hipaa/for-individuals/guidance-materials-for-consumers/index.html]
"The [HIPPA] Privacy Rule standards address the use and disclosure of individuals’ health information (known as protected health information or PHI) by entities subject to the Privacy Rule. These individuals and organizations are called “covered entities.”
The Privacy Rule also contains standards for individuals’ rights to understand and control how their health information is used. A major goal of the Privacy Rule is to make sure that individuals’ health information is properly protected while allowing the flow of health information needed to provide and promote high-quality healthcare, and to protect the public’s health and well-being. The Privacy Rule permits important uses of information while protecting the privacy of people who seek care and healing.
[...]
While the HIPAA Privacy Rule safeguards PHI, the Security Rule protects a subset of information covered by the Privacy Rule. This subset is all individually identifiable health information a covered entity creates, receives, maintains, or transmits in electronic form. This information is called electronic protected health information, or e-PHI. The Security Rule does not apply to PHI transmitted orally or in writing."
[source: https://www.cdc.gov/phlp/publications/topic/hipaa.html]
While the Reservatory cannot restrict access to health-data already being used by covered entities and (the "business associates" of covered entities) legally granted a degree of access to individual data under HIPPA, we can work to create awareness and to enable greater self-agency.
Importantly, HIPPA does ensure that individuals can send - or have sent - their personal health data to a 3rd party. This is the ultimate legal foundation for personal health repositories.
[source: see Your Health Information, Your Rights! - PDF at https://www.hhs.gov/hipaa/for-individuals/guidance-materials-for-consumers/index.html]
The incentives alignment problem in the health-tech ecosystem
Will the future envisioned by the reservatory be a wild west?
We believe the health-data economy in the United States is already a wild west, though it is one restricted to certain kinds of entity (i.e., hospitals, insurance, advertisers, biotech & pharma, government). By enabling individual self-agency, there is indeed the potential for unintended negative consequences. The Reservatory is the first entity of its kind and therefore we believe we have a strong responsibility to establish ethical standards and guidelines which exceed the status quo. This cannot be merely by setting ethical "goals", but must consider the incentive structures which promote ethical behavior.
In our vision for the future, there may exist alternatives in the market - that is, competitors in the personalized health-data bank space - and individuals will be able to choose among them. Of course, a need for carefully considered regulation will arise to account for the fact that maximizing individual freedoms may conflict with the societal well-being.
In our vision for the future, there may exist alternatives in the market - that is, competitors in the personalized health-data bank space - and individuals will be able to choose among them. Of course, a need for carefully considered regulation will arise to account for the fact that maximizing individual freedoms may conflict with the societal well-being.