The Intellectual Property Journey Of Patients’ Digital Health Data
When a physician creates a medical record about a patient, does that belong to his intellectual property? Or does it belong to the patient? Or the healthcare institution that runs the EMR system?
Sometimes, it’s important to ask such questions that first might look a bit odd, but you take a second look and find a lot of interesting things in it.

Key Takeaways
As more people use digital health devices and services, a trail of health data is created. Companies, in turn, utilize this data to enhance their products, generate IP, and in some cases, monetize it by selling or sharing with third parties.
Concerns arise about who owns IP in healthcare, with varied laws across countries allowing data use in ways not always transparent to patients.
As AI and digital health evolve, there’s a pressing need for regulations ensuring informed data usage, clear IP ownership, and patient data access.
If you have used or are using a digital health device or service to gain insights about your own health, you have a digital health data trail. Whether it’s your smartwatch or that genetic sequencing you took to know about your risks for certain ailments, your personal data has been logged digitally. The latter is often used by companies providing digital health services to fine-tune their products and generate intellectual property (IP).
As users of such services, it becomes ever important to understand (or at least try to) where that data ends up and consider who should own the resulting IP. We decided to follow the digital health data trail and resulting IP through the patient journey; as the conundrums it poses will become ever more relevant in the digital health era.
Generating IP from data patients already own
Let’s say you’ve had a close elderly relative who has been diagnosed with a condition such as diabetes. Concerned about your own risks of developing this condition, you take a genetic test from a company offering direct-to-consumer (DTC) genetic tests.
After a few weeks, they will share your genetic report, indicating your risks for diabetes as well as other conditions. This provides you a snapshot of what your future health might look like so that you can take preventative measures such as screenings or undertake lifestyle changes as appropriate.
This scenario applies to hundreds of people on a daily basis whether it’s to assess their disease risk or gain tailored nutrition advice. In sending their genetic sample, they are providing one of their most intimate health data to a company in exchange for a service. These companies might be looking further than just providing disease risk assessments to their consumers.
In fact, 23andMe leveraged its gold mine of genetic databases of millions of individuals for drug development and sold some of their IP. While 23andMe’s customers have agreed in the terms of service to allow the use of their data and not receive any remuneration, such drugs would not have been developed without them in the first place. Now it’s even more important as they went bankrupt.
Personal digital health tools that collect patient data
Now, if that genetic test you took indeed indicated a higher risk of you developing diabetes, you might want to take some preventative measures towards that. In addition to some lifestyle and eating habit changes, you might want to consider food logging apps or even a 24/7 glucose monitor to assist in and supplement those changes.
The smartphone market is inundated with such options. There are over 300,000 health apps targeting a myriad of health-related topics from mental health to chronic condition management. Software aside, there are also digital health devices that can measure health parameters from head to toe. Patients can use these to obtain personalised health data which they can use to make informed decisions about their health and lifestyle.

In tandem, they continue the health data trail from external companies’ services to tools that patients carry with them throughout the day. As with DTC genetic companies, data collected from apps and wearables can even be sold to third parties or generate new IP.
For example, in the case of fertility tracking apps, a study conducted in Australia earlier this year found that the country’s most popular fertility tracking apps collect extensive data that is not required for the app. This includes information on aspects such as financial situation and education level which they can monetise.
This was exemplified in the case of period tracking app Flo. The company behind the app shared Flo users’ private health information with third-party firms such as Facebook and Google. This could enable those third parties to further improve their algorithm managing targeted ads, without the original data owners knowing about it, let alone benefit from such transactions.
Doctor-patient visits: the traditional health data generation point
Having tracked your blood glucose level with a smart glucose sensor for some weeks, you decide to have it assessed by your physician. During the visit, the doctor will likely take a glucose measurement of their own and compare the readings with those obtained from the sensor.
Based on the assessment, medical history and physical examination, the doctor will advise on the next steps, and generate an entry in your medical record for that visit. This further extends the patient health data trail to a scenario that has been unfolding for centuries.

The medical data IP issue it raises pertains to who owns the medical record’s IP if the physician was the person to create it. For example, in the case of a surgery or treatment pathway, each surgeon/physician might adopt a particular approach based on their own reasoning with little or no input from the patient; and their decision will be added to the medical record.
The laws vary depending on countries but generally healthcare providers control and safeguard that data, while not owning the information itself. However, in certain cases, healthcare institutions will use those medical record’s IP during partnerships with tech companies for research and product development. In some cases, identifiable information might not even have been adequately removed.
Such deals take place while patients themselves are often unable to easily access their own health records. There has even been a traditional belief that providing patients access to their records might be more harmful than beneficial. However, a pilot study has shown that providing patients full access to their medical records not only improved patient satisfaction and education, but might also lead to significantly improved patient safety.
Future digital health IP will still rely on patients’ data
Throughout the patient journey, the health data trail that ensues is a coveted commodity considering the growing digital health market. This will hold true for the future of the field as other technologies with promising healthcare applications such as artificial intelligence (AI) become more commonplace. For instance, a COVID-19 health data storage deal enabled tech companies to access the UK’s NHS data to test and develop their AI models, leading to an outcry over data misuse. With the rise in popularity and healthcare potentials of generative AI models, health data to train these models and refine the IP will be needed and more partnerships between healthcare institutions and tech companies are to be expected.
However, not involving or not informing the source of that data – the actual patient – will remain a contentious issue. While there might be no straight answer to IP ownership when patient data is involved, the issue has caught the attention of researchers who have proposed a regulatory model.
The reality is that there is no digital health without sacrificing part of one’s health data and privacy; even if it means contributing that to someone else’s IP. This is how we are able to get tailored health information from external services and wearable tools that can help us better manage our lifestyle.
Written by Dr. Bertalan Meskó & Dr. Pranavsingh Dhunnoo