Between the contentious election for president and a global pandemic, there is an issue that, in a normal year, would have lit up headlines but has gone unnoticed by everyone but healthcare insiders. And that is the issue of patient data privacy. With the movement toward greater data interoperability, how we culturally perceive and handle healthcare privacy and patient data must be addressed with the upcoming regulatory changes in 2021.

The barriers in place to hinder data sharing are not lost on those in healthcare and healthcare technology. Incompatible, proprietary technologies, along with entrenched competitiveness and misaligned incentives, create an environment that keeps important patient data locked in silos. The Office of the National Coordinator’s (ONC), the federal agency at the helm of health IT, finalized rules in March 2020 that begin to break down these barriers by instituting a major shift to improve patient access to data. By stiffening the penalties against data blocking and mandating technologies that allow patients to access their health data, these big policy changes hope to spur the same type of innovations that we’ve seen virtually everywhere but in healthcare.

While innovation in the consumer space has brought us conveniences we can no longer live without (e.g., messaging, ride-sharing and online banking), we now also understand there are inherent risks to our private data when technology enables a more effortless flow of it. Lacking clear regulation that provides a framework for data management, beyond practices established by HIPAA 25 years ago, leaves data vulnerable. The healthcare sector risks following in the footsteps of the consumer tech world, which planted the seeds of distrust that ultimately hinders progress.

Facebook and other social media organizations have struggled to manage access, prevent misuse and manage consumer expectations. Increasingly, consumers are growing more concerned about their use of private data given the lack of transparency coupled with unintelligible complexity when you consider Facebook’s terms of service and data policies count close to 30 pages in length. Consumers don’t fully understand what’s happening to their data, nor do they have any real control over their options that are often “take it or leave it.” Healthcare data runs the risk of entering this realm even as most of us in the healthcare community agree that medical data silos have existed for far too long and have led to waste and patient harm.

This thorny issue centers around how an industry built to control and protect healthcare data as the primary goal can then readjust to the Brave New World of new generation technology.

The Health Insurance Portability and Accountability Act of 1996 created a national standard to protect sensitive patient data. HIPAA also provides a framework for patients’ rights to access and control their health data. Let’s not forget that the “portability” component was originally intended to mandate data portability. But, over the years, the mobility part of the law has been misunderstood, devalued, misapplied or, worse, misused as pretext to prevent the flow of health information, protect business interests or ignore records requests to ease operational demands. This de facto outcome of sparse enforcement means that even properly managed anonymized data that is essential for treatment, population health and research has not been widely available in healthcare.

While big industry incumbents resisted interoperability and data portability as a part of their business models, the industry is finally recognizing the enormous potential to develop new products, lower costs, improve access and generate better patient outcomes. Thus, jockeying has begun to manage access and control and the high-value analytics that will develop around it.

Medical data has tremendous value. Those that recognize this are taking steps to be some of the first to proactively manage access to it. They are developing products to accelerate access to this data and offer high-value solutions built around it.

The big healthcare IT (HIT) players who have made enormous investments to lock in proprietary technology and data are now facing challenges to their business models, such as data movement to the cloud, the new ONC rules and the increase in consumerism in healthcare. These challenges have a corresponding risk of commoditization to their vast and expensive enterprise product.

This part of the industry is acting quickly to monetize and protect the data that they have control over in order to defend against this risk of being relegated to a low-cost utility platform that the new tech entrants have promised to disrupt. As a response, traditional health IT companies are moving to the cloud and developing new platform solutions to maintain access and control to data and the corresponding capability to query, analyze and curate patient data.

While this action is dependent on the portability benefits ensured by the ONC rules, the real question is whether these efforts between two giants — HIT and big tech — stop short of achieving the ultimate policy goals of transparency, access and control by patients? Will the patient end up being a passive bystander in all this market action as these two massive industry segments become aligned?

Let’s not wait passively to see how things shake out. To prevent a monumental mistake, key leaders in the healthcare industry, including HIT vendors, providers, patients, new tech entrants and regulators, must take a comprehensive approach in tackling the intertwined issues of corporate responsibility and transparency to manage the ever-growing volume of healthcare patient data.

The guiding principle should continue to focus on the patient rather than the large incumbents attempting to control the dialogue. Similar to the public health effort to reduce disparities such as social determinants of health, this will have to be a comprehensive effort sustained over time that takes special care to support and protect the most vulnerable among us.

We are at an inflection point. The pandemic has proven the dangers that can arise with the lack of data and knowledge sharing. Given this opportunity, let’s not make the terrible mistake of pushing the perception of change only to wish we’d seized the moment.