Who Owns Your Medical Data?

What is medical data?
Identifiable vs. anonymized data: What is the difference?
Global views on data ownership
Commercial applications of medical data
Consent for data use: Informed or implied?
DeepMind, the NHS, & Fitbit
The changing landscape of data rights

Whether you are getting a blood test, stepping on a smart scale, or wearing a fitness tracker, you are generating a stream of personal medical data.

But who truly owns that information? As medical data becomes a more powerful asset in modern medicine, concerns about privacy, consent, and control are also growing.

Image Credit: Anggalih Prasetya/Shutterstock.com

What is medical data?

Medical data includes a wide range of health information gathered through clinical care, research, and personal health monitoring. Together, these sources create a multidimensional view of an individual’s health, supporting personalized care and data-driven decisions in medicine.¹

The scope of medical data has expanded significantly with advances in technology and digital health. Traditionally, it includes Electronic Health Records (EHRs), which are comprehensive digital versions of patients’ paper records that capture medical history and care plans across their healthcare journey.²

Genomic data, including DNA sequencing and genetic profiles, offers insights into disease risk, treatment response, and personalized therapies.³

Wearable devices (e.g., fitness trackers, smartwatches) and mobile health apps now collect vast amounts of medical data, enabling health monitoring, preventive care, and personalized healthcare decisions.⁴

Identifiable vs. anonymized data: What is the difference?

A key distinction in medical data is whether it is identifiable or anonymized. Understanding this difference is crucial for ethical use, legal compliance, and maintaining public trust in digital health systems.

Identifiable data includes personal details linked to an individual and is subject to strict privacy and regulatory protections. Anonymized data lacks any identifying information and is commonly used in research, public health, and policy development, providing large-scale insights while preserving confidentiality.⁵

Is Data at the Center of Healthcare for the Future?

Global views on data ownership

The legal landscape of medical data ownership and rights varies globally, with differing levels of patient control, access, and protection.

In the US, the Health Insurance Portability and Accountability Act (HIPAA) grants patients rights to access and control their medical data but does not give them full ownership. While HIPAA allows patients to request, view, and correct their health information, legal ownership typically rests with healthcare providers and institutions.⁶

In the EU, the General Data Protection Regulation (GDPR) emphasizes individuals' control over their data, granting comprehensive rights regarding its processing. These include data portability, allowing patients to transfer medical data to different providers, and the right to erasure, enabling individuals to request data deletion under specific conditions.⁶

In parts of Asia, data protection laws vary, with weaker regulations often giving healthcare providers more discretion and limiting patient rights compared to the US or EU.⁷

Commercial applications of medical data

Medical data is a valuable asset with broad applications across healthcare.

In the AI sector, large volumes of structured and unstructured data, such as EHRs, imaging, lab results, and patient-generated information, train machine learning models to optimize patient diagnostics and treatment.⁸

In pharmaceutical research, real-world medical data, which is routinely gathered outside controlled clinical trials, is crucial for identifying drug targets, designing adaptive trials, and supporting regulatory submissions. It helps reduce time to market and lower research costs.⁹

Insurance companies use medical data to improve risk stratification, underwriting, and pricing models. By analyzing individual and population metrics, they can better predict health risks, tailor policies, and set appropriate premiums. This data-driven approach helps insurers manage costs, maximize profitability, and offer more personalized products.¹⁰

Mental Health Apps: Game-Changer or Gimmick?

Consent for data use: Informed or implied?

As medical data collection and use expand across health systems, the line between informed consent and passive agreement is becoming increasingly blurred.

In traditional healthcare, informed consent is a cornerstone of ethical practice, ensuring individuals voluntarily agree to data use with a clear understanding of the risks, benefits, and purposes.

In contrast, many emerging digital health systems rely on lengthy, complex terms of service that are often overlooked and poorly understood. This creates a significant ethical and legal tension between transparent consent and opaque agreements accepted without true comprehension.¹¹

This discrepancy can undermine trust and compromise data privacy and cloud accountability, creating challenges for both users and providers.

To maintain ethical standards and protect sensitive information, it is therefore crucial to ensure greater transparency, clearer consent processes, and stronger protections for personal medical data.¹¹

DeepMind, the NHS, & Fitbit

Two high-profile examples highlighting data privacy issues are the Google DeepMind-NHS case and Fitbit health partnerships.

In 2015, Google’s AI company DeepMind partnered with the UK’s National Health Service (NHS) to develop an AI system for the early detection of acute kidney disease. The NHS shared data from over 1.5 million identifiable patients to test the Streams app.

The project faced scrutiny for not properly informing patients about data use, raising ethical concerns about consent and privacy.¹²

Fitbit, an American wearable tech company, has partnered with healthcare providers and research organizations to use wearable data to monitor and improve health outcomes.

While these collaborations offer valuable insights for personalized healthcare, they also raise concerns about the sharing, commercial use, and potential exploitation of personal medical data.¹³

The Science of Ultra-Processed Foods and Mental Health

The changing landscape of data rights

As the digital landscape evolves, the future of medical data rights and governance increasingly emphasizes ethical and transparent practices.

An emerging trend is the rise of data cooperatives and patient-centered ownership models, empowering individuals to control their data. These models emphasize personal consent and allow individuals to decide how their data is used, enhancing autonomy and privacy.¹⁴

Technologies such as blockchain, which provides immutable records and decentralized data control while ensuring transparency and trust, and zero-knowledge proofs, which validate data without revealing sensitive information, are gaining attention for enhancing security, privacy, and transparency across sectors.^14,15

The growing demand for ethical data use frameworks is driven by the need to balance innovation with privacy while respecting individuals' rights and building trust between consumers and organizations.

As the value of medical data rises, it is crucial to align technological advancement with ethical responsibility by prioritizing transparency, user empowerment, and respect for informed consent. This approach not only drives progress in healthcare and beyond but also gives individuals greater control over their digital lives.

References

1. Wang, S., Yuan, J., & Pan, C. (2022). Impact of big data resources on clinicians' activation of prior medical knowledge. Heliyon, 8(9):e10312. doi: 10.1016/j.heliyon.2022.e10312
2. Adane, K., Gizachew, M., & Kendie, S. (2019). The role of medical data in efficient patient care delivery: a review. Risk Management and Healthcare Policy, 12:67-73. doi: 10.2147/RMHP.S179259
3. Horton, R., & Lucassen, A. (2022). Ethical Considerations in Research with Genomic Data. The New Bioethics, 29(1):37–51. doi: 10.1080/20502877.2022.2060590
4. Canali S., Schiaffonati, V., & Aliverti, A. (2022). Challenges and recommendations for wearable devices in digital health: Data quality, interoperability, health equity, fairness. PLOS Digital Health, 1(10):e0000104. doi: 10.1371/journal.pdig.0000104
5. Chevrier, R., Foufi, V., Gaudet-Blavignac, C., Robert, A., & Lovis, C. (2019). Use and Understanding of Anonymization and De-Identification in the Biomedical Literature: Scoping Review. Journal of Medical Internet Research, 21(5):e13484. doi: 10.2196/13484
6. Jurczuk, M., & Suprunowicz, M. (2024). Consent in Data Privacy: A General Comparison of GDPR and HIPAA. Przegląd Prawniczy Uniwersytetu Im. Adam Mickiewicza, 16:173–194. doi: 10.14746/ppuam.2024.16.07
7. Bentotahewa, V., Hewage, C., & Williams, J. (2022). The Normative Power of the GDPR: A Case Study of Data Protection Laws of South Asian Countries. SN Computer Science, 3, 183. doi: 10.1007/s42979-022-01079-z
8. Johnson, K.B., Wei, W.Q., Weeraratne, D., Frisse, M.E., Misulis, K., Rhee, K., Zhao, J., & Snowdon, J.L. (2021). Precision Medicine, AI, and the Future of Personalized Health Care. Clinical and Translational Science, 14(1):86-93. doi: 10.1111/cts.12884
9. Liu, F., & Panagiotakos, D. (2022). Real-world data: a brief review of the methods, applications, challenges and opportunities. BMC Medical Research Methodology, 22, 287. doi: 10.1186/s12874-022-01768-6
10. Ellili, N., Nobanee, H., Alsaiari, L., Shanti, H., Hillebrand, B., Hassanain, N., & Elfout, L. (2023). The applications of big data in the insurance industry: A bibliometric and systematic review of relevant literature, The Journal of Finance and Data Science, 9, 100102. doi: 10.1016/j.jfds.2023.100102
11. Wiertz, S., & Boldt, J. (2022). Evaluating models of consent in changing health research environments. Medicine, Health Care and Philosophy, 25:269–280. doi: 10.1007/s11019-022-10074-3
12. Ballantyne, A., & Stewart, C. (2019). Big Data and Public-Private Partnerships in Healthcare and Research. Asian Bioethics Review, 11:315–326. doi: 10.1007/s41649-019-00100-7
13. Sui A., Sui, W., Liu, S., & Rhodes R. (2023). Ethical considerations for the use of consumer wearables in health research. DIGITAL HEALTH, 9. doi: 10.1177/20552076231153740
14. Aldamaeen, O., Rashideh, W., & Obidallah, W.J. (2023). Toward Patient-Centric Healthcare Systems: Key Requirements and Framework for Personal Health Records Based on Blockchain Technology. Applied Sciences, 13(13), 7697. doi: 10.3390/app13137697
15. Petrosino, L., Masi, L., D'Antoni, F., Merone, M., & Vollero, L. (2025). A zero-knowledge proof federated learning on DLT for healthcare data. Journal of Parallel and Distributed Computing, 196, 104992. doi: 10.1016/j.jpdc.2024.104992.

Further Reading

• All Healthcare Content
• The Concept of Human Health and Disease
• Medical Ethics and Health Policy
• Proactive Health: The Shift Towards Preventative Healthcare
• Role of Real-Time Data in Healthcare