February 1, 2022








Healthcare data is all the rage. Big data, artificial intelligence, value-based care, metadata, real-world data, clinical trials, registries, genomic data — they are all part of a market with an estimated value in 2028 of $130 billion. But who really owns this data? Who controls it? Who benefits from it, and who is left out?

Ownership is often not the same as control. Neither does it guarantee value. Clarifying one’s objectives in the context of healthcare data, generating inherently valuable datasets, and specifying one’s rights with other stakeholders are all important steps for any clinician in today’s modern healthcare world.


In the healthcare sector, data ownership is generally governed by national laws and institutional policies. Typically, but not always, these relate to personal data and protected health information. HIPAA in the U.S. and GDPR in the European Union are important examples. GDPR’s provisions are widely recognized as the strictest regarding personal data and special categories thereof, including personal health information (сollectively referred to as Personal Data in this article).

The spirit and letter underlying Personal Data laws are patient ownership of such data. Patients may consent to share or otherwise convey some of their ownership rights, but that consent must be highly explicit. Civil and criminal penalties for wrongfully and even accidentally appropriating personal data are severe.

Healthcare data which has been suitably anonymized or pseudonymized is not considered Personal Data. The laws governing adequate anonymization or pseudonymization are complex and highly fact specific. They involve aggregation, security, encryption, consent form, control, data-processing and other elements, looked at as a whole. Failure to comply with any of these elements can render non-Personal Data into Personal Data, with resultant liability.  

Some organizations, including RegenMed, refer to properly anonymized or pseudonymized Personal Data as Aggregated Non-Personal Data. Such data may be owned wholly or in part by entities or individuals other than the individuals from whom such data originally derived. However, absent clear contractual specification of Aggregated Non-Personal Data ownership rights, disputes can arise, especially once it is clear that such data can generate value.


In the healthcare world, it is not unusual for control of data — whether Personal Data or Aggregated Non-Personal Data — to be separate from ownership. The GDPR, for example, has detailed provisions covering data controllers, data processors, sub-processors, joint controllers and similar designations covering control of data which may be wholly or partially owned by others.

Similarly, physician employment agreements, hospital data policies, registry participation, grant terms and conditions, clinical trial consent forms and many other arrangements restrict and grant various degrees of control over healthcare data. Such transfers of control can of course substantially vitiate the value otherwise obtainable from ownership of Aggregated Non-Personal Data.

Control over Aggregated Non-Personal Data thus takes many forms and has many serious implications — not all of them initially evident. Physicians and other healthcare providers (HCPs) frequently sign away any control over or interest in discoveries, inventions and datasets deriving from their everyday clinical practices. Healthcare professionals and their patients are the principal contributors to registries and other aggregated healthcare datasets, but often transfer substantial control over the use and value of such contributions. Clinical trial, journal article and medical research data are often maintained in secrecy for many years, and even then, released only partially.


As mentioned, healthcare data generates well over $100 billion in value each. Major areas of value generation include product development, regulatory compliance, marketing, government- and foundation-funded research, payer reimbursement, value-based care and the large infrastructure of vendors servicing such segments.  Thus, most monetary value generated through healthcare data accrues to medical product manufacturers and distributors, payers, hospital systems, EMR companies and various data vendors.

Very little of that monetary value flows to the healthcare professionals. This is paradoxical since the most important — and therefore the most valuable — healthcare data emanates directly from the everyday clinician-patient interaction.

This inability of HCPs to develop value from healthcare data can be attributed to several factors, including everyday clinical burdens, challenges in collaborating in data aggregation with peers, inadequate tools and processes, expense and limited business/legal expertise.


As mentioned, the most potentially valuable healthcare datasets are those which are based on the clinician-patient interaction. To achieve that value, those datasets must include long-term follow-up tied to specific clinical hypotheses. The datasets should also be verifiable, integrated and statistically significant in the context of those hypotheses.

Circles, powered by inCytes™, support HCPs around the world in developing and generating value from such datasets. Circles can be implemented to address any clinical or medical-scientific question and are supported by an enterprise-grade yet low-priced SaaS platform equipped with international collaboration with like-minded peers and experts.

Read the latest

Follow usContact usSubscribeget started