On a daily basis, consumers readily hand over their data to businesses. They share their location with mobile applications. They let supermarkets track their purchases with club cards. They may even share their DNA with a consumer genetic testing firm.
In some cases, consumers may have a greater expectation that the data they share will be kept private and secure. When it comes to medical data, some of the main players -- such as health insurers, hospitals, academic medical centers and physicians -- are bound by the HIPAA (Health Insurance Portability and Accountability Act of 1996) Privacy Rule[1].
The Privacy Rule, however, is only protects personal data when it has a patient's protected health information (PHI) attached -- that includes information like a patient's name and address. Once your data has been "de-identified," there are basically no limits on how it can be used. The data could be used for medical research, for fundraising efforts or for marketing and ad campaigns. And with new analytics tools that can glean insight from just about any information -- even the bend of one's fingernails[2], says IBM's Ginni Rommetty -- that medical data is becoming increasingly valuable.
That's why this week, a group of Oregon lawmakers have introduced legislation[3] that would empower Oregon residents to get a cut of the value of their medical data.
"If somebody was using my personal data, selling it -- which is a huge, huge industry -- then perhaps I should be compensated for the information I am providing," Oregon Rep. David Gomberg said to ZDNet.
Gomberg is one of the sponsors of the Health Information Property Act, which effectively treats personal health data like property. The bill has three components. It