Draft:Health Data Sovereignty

The World Health Organisation (WHO) defines health as "a state of complete physical, mental, and social well-being and not merely the absence of disease or infirmity".{{Cite journal |last=Grad |first=Frank P. |date=2002 |title=The Preamble of the Constitution of the World Health Organization. |journal=Bulletin of the World Health Organization |volume=80 |issue=12 |pages=981–984 |issn=0042-9686 |pmc=2567708 |pmid=12571728}}  This definition has since been the subject of criticism since its inception in 1946{{Cite journal |last=Callahan |first=Daniel |date=1973 |title=The WHO Definition of 'Health' |url=https://www.jstor.org/stable/3527467 |journal=The Hastings Center Studies |volume=1 |issue=3 |pages=77–87 |doi=10.2307/3527467|jstor=3527467 |pmid=4607284 }}{{Cite journal |last=Gillon |first=R |date=1986-02-01 |title=On sickness and on health. |journal=BMJ |language=en |volume=292 |issue=6516 |pages=318–320 |doi=10.1136/bmj.292.6516.318 |issn=0959-8138 |pmc=1339285 |pmid=3080152}}{{Cite journal |last=Nobile |first=Marianna |date=2014 |title=The WHO Definition of Health: A Critical Reading |url=https://heinonline.org/HOL/P?h=hein.journals/mlv33&i=117 |journal=Medicine & Law |volume=33 |issue=2 |pages=33–40 |pmid=27359006 |via=HeinOnline}}{{Cite journal |last=Saracci |first=R. |date=1997-05-10 |title=The world health organisation needs to reconsider its definition of health |journal=BMJ |language=en |volume=314 |issue=7091 |pages=1409–1410 |doi=10.1136/bmj.314.7091.1409 |issn=0959-8138 |pmc=2126653 |pmid=9161320}}{{Cite journal |last1=Charlier |first1=P. |last2=Coppens |first2=Y. |last3=Malaurie |first3=J. |last4=Brun |first4=L. |last5=Kepanga |first5=M. |last6=Hoang-Opermann |first6=V. |last7=Correa Calfin |first7=J.A. |last8=Nuku |first8=G. |last9=Ushiga |first9=M. |last10=Schor |first10=X.E. |last11=Deo |first11=S. |last12=Hassin |first12=J. |last13=Hervé |first13=C. |date=2017 |title=A new definition of health? An open letter of autochthonous peoples and medical anthropologists to the WHO |url=https://linkinghub.elsevier.com/retrieve/pii/S0953620516301960 |journal=European Journal of Internal Medicine |language=en |volume=37 |pages=33–37 |doi=10.1016/j.ejim.2016.06.027|pmid=27394926 }} but is acknowledged as a foundation for building new ways of thinking about health, considering different models for medical, wellness, and environmental viewpoints.{{Cite journal |last=Larson |first=James S. |date=1999 |title=The Conceptualization of Health |url=http://journals.sagepub.com/doi/10.1177/107755879905600201 |journal=Medical Care Research and Review |language=en |volume=56 |issue=2 |pages=123–136 |doi=10.1177/107755879905600201 |pmid=10373720 |s2cid=34215327 |issn=1077-5587}}

In the context of health data sovereignty, “data” is information about the people's health.  This data may be stored in written form in a hard-copy file at a health centre, hospital, or other institution (e.g., school, prison); it may be specific physical measurements of a person stored in a digitised format as part of an electronic health record (e.g., height, HbA1c levels); or it could be the collective knowledge about a group of people held by an authority (e.g., a parents recall of all their children’s pertussis vaccination status, a community leaders understanding of the proportion of people in their community who have unmet health needs, historical information about a group coded as traditional song).  The concept of data in general is wide and varied so it is useful to consider a formal definition in a health context, one such definition is provided in para. 35 of the General Data Protection Regulation (GDPR) of the European Union (EU):

“Personal data concerning health should include all data pertaining to the health status of a data subject which reveal information relating to the past, current or future physical or mental health status of the data subject. This includes information about the natural person collected in the course of the registration for, or the provision of, health care services as referred to in Directive 2011/24/EU of the European Parliament and of the Council to that natural person; a number, symbol or particular assigned to a natural person to uniquely identify the natural person for health purposes; information derived from the testing or examination of a body part or bodily substance, including from genetic data and biological samples; and any information on, for example, a disease, disability, disease risk, medical history, clinical treatment or the physiological or biomedical state of the data subject independent of its source, for example from a physician or other health professional, a hospital, a medical device or an in vitro diagnostic test.”Regulation (EU) 2016/679. On the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation). European Parliament and Council. https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32016R0679

Sovereignty as it relates to data is the right that people have to exercise control over information about themselves.{{Cite journal |last1=Reyes-García |first1=Victoria |last2=Tofighi-Niaki |first2=Adrien |last3=Austin |first3=Beau J |last4=Benyei |first4=Petra |last5=Danielsen |first5=Finn |last6=Fernández-Llamazares |first6=Álvaro |last7=Sharma |first7=Aditi |last8=Soleymani-Fard |first8=Ramin |last9=Tengö |first9=Maria |date=2022-06-20 |title=Data Sovereignty in Community-Based Environmental Monitoring: Toward Equitable Environmental Data Governance |url=https://doi.org/10.1093/biosci/biac048 |journal=BioScience |volume=72 |issue=8 |pages=714–717 |doi=10.1093/biosci/biac048 |issn=0006-3568 |pmc=9343228 |pmid=35923191}} This includes ownership, how health data is managed and stored, what it is used for, who has access to it, and how long it is retained.  Having sovereignty over health data includes the power to determine how relevant standards and protocols are defined and applied to management of the data.{{Cite journal |last=Floridi |first=Luciano |date=2020 |title=The Fight for Digital Sovereignty: What It Is, and Why It Matters, Especially for the EU |journal=Philosophy & Technology |language=en |volume=33 |issue=3 |pages=369–378 |doi=10.1007/s13347-020-00423-6 |issn=2210-5433 |pmc=8848320 |pmid=35194548}}

Within a global context, data sovereignty can be understood as data being subject to the laws of the country or nation where it is stored.{{Cite web |date=2022-07-11 |title=Te Mana Raraunga |url=https://www.temanararaunga.maori.nz/ |access-date=2023-05-27 |website=Te Mana Raraunga |language=en-US}} However, there may be different perspectives in how data sovereignty is understood, for example, legal frameworks versus rights.{{Cite journal |last1=Hummel |first1=Patrik |last2=Braun |first2=Matthias |last3=Tretter |first3=Max |last4=Dabrock |first4=Peter |date=2021 |title=Data sovereignty: A review |url=http://journals.sagepub.com/doi/10.1177/2053951720982012 |journal=Big Data & Society |language=en |volume=8 |issue=1 |pages=205395172098201 |doi=10.1177/2053951720982012 |issn=2053-9517 |s2cid=234271644}}

Health data has been recorded physically for thousands of years. The first known health records are Egyptian medical teaching documents dated around 1500-1700 BC.{{Cite journal |last1=Lorkowski |first1=Jacek |last2=Pokorski |first2=Mieczyslaw |date=2022-10-17 |title=Medical Records: A Historical Narrative |journal=Biomedicines |language=en |volume=10 |issue=10 |pages=2594 |doi=10.3390/biomedicines10102594 |issn=2227-9059 |pmc=9599146 |pmid=36289856 |doi-access=free }}{{Cite journal |last=Gillum |first=Richard F. |date=2013 |title=From Papyrus to the Electronic Tablet: A Brief History of the Clinical Medical Record with Lessons for the Digital Age |url=https://linkinghub.elsevier.com/retrieve/pii/S0002934313003987 |journal=The American Journal of Medicine |language=en |volume=126 |issue=10 |pages=853–857 |doi=10.1016/j.amjmed.2013.03.024|pmid=24054954 }}{{Cite journal |last=Al-Awqati |first=Qais |date=2006 |title=How to write a case report: lessons from 1600 B.C. |url=https://linkinghub.elsevier.com/retrieve/pii/S0085253815514543 |journal=Kidney International |language=en |volume=69 |issue=12 |pages=2113–2114 |doi=10.1038/sj.ki.5001592|pmid=16761021 }} Early health records were didactic in form, describing pathology and intended for teaching rather than as a record of treatment.{{Citation |last=Dalianis |first=Hercules |title=The History of the Patient Record and the Paper Record |date=2018 |url=http://dx.doi.org/10.1007/978-3-319-78503-5_2 |work=Clinical Text Mining |pages=5–12 |access-date=2023-05-27 |place=Cham |publisher=Springer International Publishing |doi=10.1007/978-3-319-78503-5_2 |isbn=978-3-319-78502-8}} Unsystematic recording practice continued with little standardisation until the early eighteenth century when didactic medical records in Europe, following the work of Linnaeus to name and classify organisms, shifted to physician written documents describing the patient as a whole along with their symptoms, diagnoses, treatments, and social setting. As medical knowledge expanded in the 19th century, the role of hospitals changed across Europe and North America to being centres for treatment, necessitating the keeping of records of not only care, for use by physicians, but admission and discharge information kept for funding and insurance purposes. This increase in record volume resulted in the creation in the 1850s of the first medical records databases in London and Ontario to improve data storage and access.

The early 1900s saw binding and centralising of records along with legislation about the management and storage of records, primarily for insurance and quality improvement use. The 1940s gave rise to rules around paper based records, which became the forerunner of those used with computerised health records.

By the early 1970s electronic patient records were entering the health workplace in both the UK and USA,{{Cite journal |last1=McMillan |first1=Brian |last2=Eastham |first2=Robert |last3=Brown |first3=Benjamin |last4=Fitton |first4=Richard |last5=Dickinson |first5=David |date=2018-12-19 |title=Primary Care Patient Records in the United Kingdom: Past, Present, and Future Research Priorities |journal=Journal of Medical Internet Research |language=en |volume=20 |issue=12 |pages=e11293 |doi=10.2196/11293 |issn=1438-8871 |pmc=6315263 |pmid=30567695 |doi-access=free }}{{Cite journal |last=Berner |first=E. S. |date=2004-10-18 |title=Will the Wave Finally Break? A Brief View of the Adoption of Electronic Medical Records in the United States |url=https://doi.org/10.1197/jamia.M1664 |journal=Journal of the American Medical Informatics Association |volume=12 |issue=1 |pages=3–7 |doi=10.1197/jamia.m1664 |issn=1067-5027 |pmc=543824 |pmid=15492029}} and health professionals had begun to adopt the free sharing of data with health consumers. In the late 2000s the use of electronic health data was widespread in Western nations, although uptake in developing nations lagged due to infrastructure, governance, and technological issues.{{Cite journal |last1=Murdoch |first1=Travis B. |last2=Detsky |first2=Allan S. |date=2013-04-03 |title=The Inevitable Application of Big Data to Health Care |url=http://jama.jamanetwork.com/article.aspx?doi=10.1001/jama.2013.393 |journal=JAMA |language=en |volume=309 |issue=13 |pages=1351–1352 |doi=10.1001/jama.2013.393 |pmid=23549579 |s2cid=20462354 |issn=0098-7484}}{{Cite journal |last=Honavar |first=SantoshG |date=2020 |title=Electronic medical records – The good, the bad and the ugly |journal=Indian Journal of Ophthalmology |language=en |volume=68 |issue=3 |pages=417–418 |doi=10.4103/ijo.IJO_278_20 |issn=0301-4738 |pmc=7043175 |pmid=32056991 |doi-access=free }} By 2011 over 50% of European and US physicians reported having an electronic health record, and by 2016 this number was over 70%. The increased use of electronic health data resulted in the need for digital storage and increased ease of access for health professionals, researchers, and health users alike. Electronic health data records collections now contain quantitative, qualitative, and transactional data{{Cite journal |last=Cáceres |first=Sigfrido Burgos |date=2013 |title=Electronic health records: beyond the digitization of medical files |journal=Clinics |language=en |volume=68 |issue=8 |pages=1077–1078 |doi=10.6061/clinics/2013(08)02 |pmc=3752637 |pmid=24037000}} and are held in fragmented multiple systems, primarily at the point of care, dictated by the purpose of the collection, and by the nature of the organisation collecting the data.

The development of the Web and the internet enabled wider health data sharing. Early forms of health data (e.g., hard copy records, acetate X-rays, cine-films, etc.) had limited access hampered by geography and single-user access constraints, whereas digital forms of health data allowed access across geographic borders, with data being accessible by multiple users simultaneously. This increased accessibility has necessitated regulation and legislation to define who has sovereignty over health data at a national, provider, and individual levels.

General data sovereignty issues entered mainsteam public consciousness following global surveillance disclosures. Since then sovereignty has generally been considered at the nation-state level, in contrast to the increasing discussion of Indigenous Data Sovereignty, which acknowledges traditional indigenous nations alongside the concepts of personal and collective sovereignty. Health data sovereignty shares principles of Indigenous and general sovereignty, considering where data is stored, which entities manage the data, and how health consumers can interact with and have effective ownership (if not actual control) of their information.  

Indigenous Data Sovereignty aligns to ‘data sovereignty’ but extends to include the social structures of Indigenous peoples.{{Cite book |last1=Lovett |first1=Raymond |title=Good data |last2=Lee |first2=Vanessa |last3=Kukutai |first3=Tahu |last4=Cormack |first4=Donna |last5=Rainie |first5=Stephanie C |last6=Walker |first6=Jennifer |publisher=Institute of Network Cultures |year=2019 |isbn=978-94-92302-27-4 |editor-last=Daly |editor-first=Angela |location=Amsterdam |pages=26–36 |chapter=Good data practices for Indigenous data sovereignty and governance |editor-last2=Devitt |editor-first2=S. Kate |editor-last3=Mann |editor-first3=Monique}} It speaks to the rights of Indigenous peoples to make decisions about the design, collection, ownership, governance, interpretation and use of data about Indigenous peoples, their ways of life, lands and resources.{{Cite book |last1=Kukutai |first1=Tahu |url=https://press-files.anu.edu.au/downloads/press/n2140/pdf/book.pdf |title=Indigenous Data Sovereignty: Towards an agenda |last2=Taylor |first2=J |publisher=ANU Press |year=2016 |isbn=9781760460310 |editor-last=Kukutai |editor-first=Tahu |pages=1–25 |chapter=Data sovereignty for Indigenous Peoples: current practice and future needs |editor-last2=Taylor |editor-first2=J}}{{Cite journal |last1=Garrison |first1=Nanibaa’ A. |last2=Hudson |first2=Māui |last3=Ballantyne |first3=Leah L. |last4=Garba |first4=Ibrahim |last5=Martinez |first5=Andrew |last6=Taualii |first6=Maile |last7=Arbour |first7=Laura |last8=Caron |first8=Nadine R. |last9=Rainie |first9=Stephanie Carroll |date=2019-08-31 |title=Genomic Research Through an Indigenous Lens: Understanding the Expectations |url=http://dx.doi.org/10.1146/annurev-genom-083118-015434 |journal=Annual Review of Genomics and Human Genetics |volume=20 |issue=1 |pages=495–517 |doi=10.1146/annurev-genom-083118-015434 |pmid=30892943 |s2cid=84844220 |issn=1527-8204}} This includes agency over how Indigenous health data is collected, stored, used and accessed.{{Cite journal |last1=Hendl |first1=Tereza |last2=Roxanne |first2=Tiara |date=2022 |title=Digital surveillance in a pandemic response: What bioethics ought to learn from Indigenous perspectives |url=https://onlinelibrary.wiley.com/doi/10.1111/bioe.13013 |journal=Bioethics |language=en |volume=36 |issue=3 |pages=305–312 |doi=10.1111/bioe.13013 |pmid=35180324 |s2cid=246974929 |issn=0269-9702}} Indigenous Data Sovereignty is a movement that emerged from frustrations with poor data practices where non-Indigenous users of data purported to be unbiased and have the authority to speak to Indigenous realities. Indigenous peoples have a history of being subjected to data production aligned to colonial objectives,{{Citation |last=Pihama |first=Leonie |title=Colonization and the Importation of Ideologies of Race, Gender, and Class in Aotearoa |date=2019 |url=http://dx.doi.org/10.1007/978-981-10-3899-0_56 |work=Handbook of Indigenous Education |pages=29–48 |access-date=2023-05-28 |place=Singapore |publisher=Springer Singapore|doi=10.1007/978-981-10-3899-0_56 |isbn=978-981-10-3898-3 }} but Indigenous peoples have their own histories and traditions of collecting and protecting data that existed pre-European colonisation.

The United Nations Declaration on the Rights of Indigenous Peoples (UNDRIP){{Cite web |title=United Nations Declaration on the Rights of Indigenous Peoples |url=https://www.un.org/esa/socdev/unpfii/documents/DRIPS_en.pdf}} is an international human rights document setting out minimum standards and rights of Indigenous people around the world, including the affirmation of rights in treaties and other agreements with different States. Articles 3, 4 and 5 speak to the rights of Indigenous peoples to self-determination. Article 31 acknowledges rights of Indigenous peoples to “maintain, control, protect and develop their cultural heritage, traditional knowledge and traditional cultural expressions, as well as the manifestations of their sciences, technologies and cultures” (p. 22). Many of the articles in the declaration can be applied to Indigenous data{{Cite web |last=Karaitiana |date=2022-02-13 |title=Compendium of Māori Data Sovereignty VERSION 2 |url=https://www.taiuru.maori.nz/compendium-of-maori-data-sovereignty/ |access-date=2023-05-27 |website=Dr Karaitiana Taiuru PhD, JP, ACG, MInstD, RSNZ |language=en-US}}, and as such support Indigenous data sovereignty. Another Indigenous rights instrument that predates UNDRIP is the Mataatua Declaration on Cultural and Intellectual Property Rights of Indigenous Peoples{{Cite web |last=Commission on Human Rights Sub-Commission of Prevention of Discrimination and Protection of Minorities Working Group on Indigenous Populations |date=1993 |title=The Mataatua Declaration on Cultural and Intellectual Property Rights of Indigenous Peoples |url=https://ngaaho.maori.nz/cms/resources/mataatua.pdf |place=Whakatane, Aotearoa New Zealand}} that provides recommendations to Indigenous peoples and member States of the United Nations that align with data sovereignty.

Māori are the Indigenous people of Aotearoa New Zealand. [https://www.temanararaunga.maori.nz/ Te Mana Raraunga], the Māori Data Sovereignty Network, defines Māori Data Sovereignty as “the inherent rights and interests that Māori have in relation to the collection, ownership, and application of Māori data”{{Cite web |year=2018 |title=Te Mana Raraunga - Principles of Māori Data Sovereignty |url=https://www.temanararaunga.maori.nz/s/TMR-Maori-Data-Sovereignty-Principles-Oct-2018.pdf |website=Te Mana Raraunga {{!}} Māori Data Sovereignty Network}}. Māori Data Sovereignty principles have been defined by Te Mana Raraunga. Within an Aotearoa New Zealand health context, [https://www.health.govt.nz/our-work/populations/maori-health/he-korowai-oranga He Korowai Oranga] lays out a Māori health strategy to guide the government and disability sector “to achieve the best health outcomes for Māori” in New Zealand{{Cite web |title=He Korowai Oranga |url=https://www.health.govt.nz/our-work/populations/maori-health/he-korowai-oranga |access-date=2023-05-27 |website=Ministry of Health NZ |language=en}}. It is implemented through a Māori health action plan that includes the development and implementation of a Māori data sovereignty approach in partnership with Māori{{Cite web |year=2020 |title=Whakamaua: Māori health action plan 2020-2025 |url=https://www.health.govt.nz/system/files/documents/publications/whakamaua-maori-health-action-plan-2020-2025-2.pdf |website=Ministry of Health}}. For example, the New Zealand Government through a number of its agencies has partnered with the Data Iwi Leaders Group to provide an avenue for Māori individuals to link their iwi affiliations with their National Health Index number to improve and inform “datasets about iwi, for iwi”{{Cite web |title=Tātai - Share your iwi |url=https://www.tatai.maori.nz }}.

In Australia, the Maiam nayri Wingara principles{{Cite web |date=2018-06-20 |title=Indigenous Data Sovereignty Summit |url=https://www.maiamnayriwingara.org/s/Communique-Indigenous-Data-Sovereignty-Summit-x5rk.pdf |place=Canberra, ACT}} assert the rights of Aboriginal and Torres Strait Islander peoples to access, control, collection, analysis, stewardship and dissemination of data in ways that are meaningful and relevant that enhance self-governance and self-determination, and the right to not participate in processes deemed to be inconsistent with these principles{{Cite web |year=2018 |title=Maiam nayri Wingara principles |url=https://www.maiamnayriwingara.org/mnw-principles |website=Maiam nayri Wingara and Australian Indigenous Governance Institute}}.

Indigenous data sovereignty concerns were initially voiced by Canadian First Nations communities in 1995 in relation to rights over health survey data collected by the government in First Nations communities. This led to the development of a model known as OCAP® that has been built on First Nations principles of ownership, control, access and possession{{Cite web |title=First Nations Information Goverance Centre |url=https://fnigc.ca/ }}.

Changes in technology both enable and complicate health data sovereignty.

Consumer devices, including smartphones and wearable devices such as Fitbits or Apple Watches, have increased the immediacy and volume of health information and consumer expectations of access to, and control over, health data{{Citation |last=Harmon |first=Shawn H. E. |title=Health Research, eHealth, and Learning Healthcare Systems: Key Approaches, Shortcomings, and Design Issues in Data Governance |date=2022 |url=https://www.cambridge.org/core/books/ai-in-ehealth/health-research-ehealth-and-learning-healthcare-systems/1BCFCC0CDCC9C1FB4C51A08814F03B39 |work=AI in eHealth: Human Autonomy, Data Governance and Privacy in Healthcare |pages=423–450 |editor-last=Corrales Compagnucci |editor-first=Marcelo |access-date=2023-05-28 |series=Cambridge Bioethics and Law |place=Cambridge |publisher=Cambridge University Press |doi=10.1017/9781108921923.021 |isbn=978-1-108-83096-6 |editor2-last=Fenwick |editor2-first=Mark |editor3-last=Wilson |editor3-first=Michael Lowery |editor4-last=Forgó |editor4-first=Nikolaus}}. Health information storage and sharing models through Apple Health and others have opened up possibilities for more granular information sharing between consumers, and expectations for direct access to health information{{Cite journal |last1=Mamlin |first1=Burke W. |last2=Tierney |first2=William M. |date=2016 |title=The Promise of Information and Communication Technology in Healthcare: Extracting Value From the Chaos |url=https://doi.org/10.1016/j.amjms.2015.10.015 |journal=The American Journal of the Medical Sciences |volume=351 |issue=1 |pages=59–68 |doi=10.1016/j.amjms.2015.10.015 |pmid=26802759 |s2cid=23254163 |issn=0002-9629}}. The development of patient portals linked to healthcare providers has also increased direct consumer access to information about their care.

Modern computing loads, including health systems, have increasingly moved towards the cloud during the 21st century. Many of these services are run by multi-national companies with servers in multiple locations. Due to this, it is increasingly difficult to determine which jurisdictions specific data is held in or transferred through. This is a complicating factor for national sovereignty over data{{Cite journal |last1=Alami |first1=Hassane |last2=Gagnon |first2=Marie-Pierre |last3=Fortin |first3=Jean-Paul |date=2016 |title=Telehealth in Light of Cloud Computing: Clinical, Technological, Regulatory and Policy Issues |url=https://journals.ukzn.ac.za/index.php/JISfTeH/article/view/138 |journal=Journal of the International Society for Telemedicine and EHealth |language=en |volume=4 |pages=e5 (1–7) |issn=2308-0310}}.

Blockchain technology offers some options for decentralising how data is stored.  Such distributed ledger technology can be designed with rules that specify how an authority (e.g. tribal leadership) deems how Private- and/or Consortium-blockchains should be managed{{Cite journal |last1=Mackey |first1=Tim K. |last2=Calac |first2=Alec J. |last3=Chenna Keshava |first3=B S |last4=Yracheta |first4=Joseph |last5=Tsosie |first5=Krystal S. |last6=Fox |first6=Keolu |date=2022 |title=Establishing a blockchain-enabled Indigenous data sovereignty framework for genomic data |url=https://linkinghub.elsevier.com/retrieve/pii/S0092867422007826 |journal=Cell |language=en |volume=185 |issue=15 |pages=2626–2631 |doi=10.1016/j.cell.2022.06.030|pmid=35868267 |s2cid=250722214 }}{{Cite journal |last=Calzada |first=Igor |date=2021 |title=Data Co-Operatives through Data Sovereignty |journal=Smart Cities |language=en |volume=4 |issue=3 |pages=1158–1172 |doi=10.3390/smartcities4030062 |issn=2624-6511 |doi-access=free }}.  Depending on how a blockchain is designed and built, users could also have the option to control who their health data is shared with and monetise it by allowing researchers access for specific purposes{{Cite web |last1=Roberts |first1=Bryn |last2=Edelmann |first2=Simone |date=2021-12-08 |title=The possibilities and pitfalls of monetizing healthcare data |url=https://healthcaretransformers.com/digital-health/healthcare-data/healthcare-data-monetization/ |access-date=2023-05-27 |website=Healthcare Transformers |language=en-US}}{{Cite book |last1=Schinle |first1=Markus |url=http://hdl.handle.net/10125/71098 |title=Data Sovereignty in Data Donation Cycles - Requirements and Enabling Technologies for the Data-driven Development of Health Applications |last2=Erler |first2=Christina |last3=Stork |first3=Wilhelm |date=2021-01-05 |publisher=University of Hawai'i at Manoa, Hamilton Library |hdl=10125/71098 |isbn=978-0-9981331-4-0 |language=English}}.

Individual health data sovereignty enables data to follow the patient, and to be shared with their consent; it also enables self-care and community care{{Cite journal |last=Ecks * |first=Stefan |date=2004 |title=Bodily sovereignty as political sovereignty: 'self‐care' in Kolkata, India |url=http://www.tandfonline.com/doi/full/10.1080/1364847042000204906 |journal=Anthropology & Medicine |language=en |volume=11 |issue=1 |pages=75–89 |doi=10.1080/1364847042000204906 |pmid=26868100 |s2cid=214614565 |issn=1364-8470}}. A decentralised model of health data sovereignty also enables communities to have the data to support their own health needs.

This model of individual and community data ownership can clash with efforts to improve data availability for clinicians. Findable, accessible, interoperable, reusable (FAIR) data principles have been criticised for separating the use of data from the individuals and communities that they are about{{Cite journal |last1=Ryder |first1=Courtney |last2=Wilson |first2=Roland |last3=D’Angelo |first3=Shane |last4=O’Reilly |first4=Gerard M. |last5=Mitra |first5=Biswadev |last6=Hunter |first6=Kate |last7=Kim |first7=Yen |last8=Rushworth |first8=Nick |last9=Tee |first9=Jin |last10=Hendrie |first10=Delia |last11=Fitzgerald |first11=Mark C. |last12=Curtis |first12=Kate |date=2022 |title=Indigenous Data Sovereignty and Governance: The Australian Traumatic Brain Injury National Data Project |url=https://www.nature.com/articles/s41591-022-01774-7 |journal=Nature Medicine |language=en |volume=28 |issue=5 |pages=888–889 |doi=10.1038/s41591-022-01774-7 |issn=1546-170X |pmid=35440783 |s2cid=248263992}}.

The legal aspects of data sovereignty in healthcare vary from country to country, although there are similarities{{Cite web |year=2019 |title=Connected Health: Empowering Health Through Interoperability |url=https://gdhp.health/wp-content/uploads/2022/03/GDHP_Interop_2.05.pdf |website=Global Digital Health Partnership}}. Data covered by this includes individuals' personal health information, such as electronic health records, test or intervention results, and genetic data. When personal health information is shared or transferred, there is ambiguity regarding consent practices in different jurisdictions at the point where the data is created, such as hospitals or healthcare centres. This means that patients may or may not have consented to share their health data. Appropriate regulations and practices can ensure that the privacy and sovereignty of health data are protected and that people have control over sharing their health information.

Legislation around health data sovereignty is directed by different national approaches. Examples of this are the 2016 GDPR legislation enacted by the European Union, which gives citizens the right to be forgotten, and to control what data is collected and how it is used. A different approach is that of the 1996 HIPAA and 2009 HITECH legislation enacted by the USA, which has a strong privacy focus but allows the individual little say over how data is governed and used following collection. Debate continues around the ownership of privately collected health data however nationally collected data is usually covered by digital and privacy legislation.

National, Indigenous, and individual sovereignty over health data introduces complexities for centralised or commercial biomedical and public health research{{Cite journal |last1=Beaton |first1=Angela |last2=Hudson |first2=Maui |last3=Milne |first3=Moe |last4=Port |first4=Ramari Viola |last5=Russell |first5=Khyla |last6=Smith |first6=Barry |last7=Toki |first7=Valmaine |last8=Uerata |first8=Lynley |last9=Wilcox |first9=Phillip |last10=Bartholomew |first10=Karen |last11=Wihongi |first11=Helen |date=March 2017 |title=Engaging Māori in biobanking and genomic research: a model for biobanks to guide culturally informed governance, operational, and community engagement activities |url=https://doi.org/10.1038/gim.2016.111 |journal=Genetics in Medicine |volume=19 |issue=3 |pages=345–351 |doi=10.1038/gim.2016.111 |pmid=27632687 |s2cid=24470297 |issn=1098-3600}}. It also opens up opportunities for individuals and communities to participate more actively and benefit more directly from research, including through monetisation.

Data monetisation is the process of using data to obtain an economic benefit. Organisations can monetise their data by providing data access to third parties, (direct monetisation), or by using analytics to derive insights from data to improve internal processes, products, and services (indirect monetisation){{Cite journal |last1=Firouzi |first1=Farshad |last2=Farahani |first2=Bahar |last3=Barzegari |first3=Mojtaba |last4=Daneshmand |first4=Mahmoud |date=2022 |title=AI-Driven Data Monetization: The Other Face of Data in IoT-Based Smart and Connected Health |url=https://ieeexplore.ieee.org/document/9210096 |journal=IEEE Internet of Things Journal |volume=9 |issue=8 |pages=5581–5599 |doi=10.1109/JIOT.2020.3027971 |issn=2327-4662 |s2cid=226424893}}. The monetisation of health data means obtaining economic value from health-related information. Health data, including electronic health records, genetics, biometric measurements and lifestyle information, can provide valuable insights to stakeholders such as researchers, medical providers, pharmaceutical companies and technology companies{{Cite book |last1=Busch-Casler |first1=Julia |last2=Radic |first2=Marija |title=Research Challenges in Information Science |chapter=Personal Data Markets: A Narrative Review on Influence Factors of the Price of Personal Data |date=2022 |editor-last=Guizzardi |editor-first=Renata |editor2-last=Ralyté |editor2-first=Jolita |editor3-last=Franch |editor3-first=Xavier |chapter-url=https://link.springer.com/chapter/10.1007/978-3-031-05760-1_1 |series=Lecture Notes in Business Information Processing |volume=446 |language=en |location=Cham |publisher=Springer International Publishing |pages=3–19 |doi=10.1007/978-3-031-05760-1_1 |isbn=978-3-031-05760-1}}.

Companies can use health data to identify promising targets for drug research or evaluate the efficacy and safety of new treatments, e.g., Geisinger Health System's Data-Driven Medicine Initiative. Geisinger partnered with Regeneron Pharmaceuticals to sequence its patients' DNA and use the genetic data to identify individuals who could participate in clinical trials of new drugs. In this example, strict privacy and informed consent controls were implemented to ensure data sovereignty and protect patient privacy{{Cite journal |last1=Carey |first1=David J. |last2=Fetterolf |first2=Samantha N. |last3=Davis |first3=F. Daniel |last4=Faucett |first4=William A. |last5=Kirchner |first5=H. Lester |last6=Mirshahi |first6=Uyenlinh |last7=Murray |first7=Michael F. |last8=Smelser |first8=Diane T. |last9=Gerhard |first9=Glenn S. |last10=Ledbetter |first10=David H. |date=2016 |title=The Geisinger MyCode community health initiative: an electronic health record–linked biobank for precision medicine research |url=https://doi.org/10.1038/gim.2015.187 |journal=Genetics in Medicine |volume=18 |issue=9 |pages=906–913 |doi=10.1038/gim.2015.187 |issn=1098-3600 |pmc=4981567 |pmid=26866580}}.

Setting up platforms for data as a service, selling data for performance benchmarking, and developing specialised solutions through partnerships are other innovative ways of monetising healthcare data{{Cite journal |last1=Ettorchi-Tardy |first1=Amina |last2=Levif |first2=Marie |last3=Michel |first3=Philippe |date=2012 |title=Benchmarking: A Method for Continuous Quality Improvement in Health |journal=Healthcare Policy |volume=7 |issue=4 |pages=e101–e119 |issn=1715-6572 |pmc=3359088 |pmid=23634166}}. These strategies have the potential to revolutionise the healthcare industry by improving patient care, reducing costs and facilitating the development of innovative drugs and therapies that would benefit many people.

Data sovereignty and monetisation are interconnected concepts in the digital environment. Data sovereignty empowers individuals and organisations to have control over their data, while data monetisation enables economic value generation from data assets. Monetising data offers opportunities for research, innovation, and improved services{{Cite journal |last1=Tang |first1=Chunlei |last2=Plasek |first2=Joseph M. |last3=Zhu |first3=Yangyong |last4=Huang |first4=Yajun |date=2020-12-16 |title=Data sovereigns for the world economy |url=https://www.nature.com/articles/s41599-020-00664-y |journal=Humanities and Social Sciences Communications |language=en |volume=7 |issue=1 |pages=1–4 |doi=10.1057/s41599-020-00664-y |issn=2662-9992 |s2cid=257086711}}. However, it must be carried out responsibly to respect legal regulations and ethical principles, protect privacy, ensure transparency, and promote trust among individuals and organisations, which is the aim of data sovereignty{{Cite web |last1=Smith |first1=Tim |last2=Nelson |first2=Josh |last3=Jurek |first3=Tony |last4=Schute |first4=Emily |year=2018 |title=Enterprise data sovereignty in life sciences and health care: A new model of sharing for stewards of health information |url=https://www2.deloitte.com/content/dam/Deloitte/us/Documents/life-sciences-health-care/us-lshc-enterprise-data-sovreignity.pdf |series=Tech Trends 2018 {{!}} A life sciences and health care perspective |publisher=Deloitte}}.

The effective storage and management of health data (both physical and digital) relies on the presence of stable infrastructure{{Cite journal |last1=Dash |first1=Sabyasachi |last2=Shakyawar |first2=Sushil Kumar |last3=Sharma |first3=Mohit |last4=Kaushik |first4=Sandeep |date=2019-06-19 |title=Big data in healthcare: management, analysis and future prospects |journal=Journal of Big Data |volume=6 |issue=1 |pages=54 |doi=10.1186/s40537-019-0217-0 |issn=2196-1115 |s2cid=256408780 |doi-access=free }}. Where there is a deficit in the provision of basic human needs or instability in governance and political systems, health data sovereignty may not be practical, achievable, and a priority for citizens, health providers, and government agencies. Where a nation does not prioritise spending on health digital technologies, progressing the objectives of health data sovereignty is unlikely to be achieved. Additionally, the storage and management of digital health data may present unsustainable economic costs over time due to expanding data volumes. In mid-2020 it was estimated that the quantity of global health data storage was approximately 2,300 exabytes, with volumes growing at 48% annually{{Cite web |title=On the way to the moon: From the first digital X-ray images to the digital assistance |url=https://www.medmuseum.siemens-healthineers.com/en/stories-from-the-museum/digitalization |access-date=2023-05-27 |website=www.medmuseum.siemens-healthineers.com |series=Discover (hi)stories |language=en}}.

Fragmented and non-uniform collection of health data into disparate non-interoperable technologies impedes availability, access and assertions over health data, limiting the enacting of health data sovereignty principles{{Cite journal |last=Berner |first=E. S. |date=2004-10-18 |title=Will the Wave Finally Break? A Brief View of the Adoption of Electronic Medical Records in the United States |url=https://doi.org/10.1197/jamia.M1664 |journal=Journal of the American Medical Informatics Association |volume=12 |issue=1 |pages=3–7 |doi=10.1197/jamia.m1664 |issn=1067-5027 |pmc=543824 |pmid=15492029}}. Greater health data access has resulted in challenges balancing rights over health data sovereignty with security requirements. The digitising of health data and rapid expansion of internet connected devices accessing this data has increased the attack surface, allowing exploitation by bad cyberactors{{Cite journal |last1=Kiser |first1=S |last2=Maniam |first2=B |date=2021 |title=Ransomware: Healthcare industry at risk |journal=Journal of Business and Accounting |volume=14 |issue=1 |pages=64–81}}{{Cite journal |last1=Neprash |first1=Hannah T. |last2=McGlave |first2=Claire C. |last3=Cross |first3=Dori A. |last4=Virnig |first4=Beth A. |last5=Puskarich |first5=Michael A. |last6=Huling |first6=Jared D. |last7=Rozenshtein |first7=Alan Z. |last8=Nikpay |first8=Sayeh S. |date=2022-12-29 |title=Trends in Ransomware Attacks on US Hospitals, Clinics, and Other Health Care Delivery Organizations, 2016-2021 |url=https://doi.org/10.1001/jamahealthforum.2022.4873 |journal=JAMA Health Forum |volume=3 |issue=12 |pages=e224873 |doi=10.1001/jamahealthforum.2022.4873 |issn=2689-0186 |pmc=9856685 |pmid=36580326}}. Healthcare data cyberattacks in the USA cost USD$21 billion in 2020{{Cite web |title=The growing threat of ransomware attacks on hospitals |url=https://www.aamc.org/news/growing-threat-ransomware-attacks-hospitals |access-date=2023-05-28 |website=AAMC |language=en}}, with healthcare data breaches in the USA doubling between 2019 and 2022{{Cite web |last1=Office of Information Security |last2=Health Sector Cybersecurity Coordination Center |date=2023-09-23 |title=2022 Healthcare Cybersecurity Year in Review, and a 2023 Look-Ahead |url=https://www.hhs.gov/sites/default/files/2022-retrospective-and-2023-look-ahead.pdf }}.

Political systems dictate how health data sovereignty is prioritised and enacted. Health data is recognised by governments as an asset that can be shared or withheld in response to political ideation or global politics{{Cite journal |last=Liu |first=Lizhi |date=2021-03-01 |title=The Rise of Data Politics: Digital China and the World |url=https://doi.org/10.1007/s12116-021-09319-8 |journal=Studies in Comparative International Development |language=en |volume=56 |issue=1 |pages=45–67 |doi=10.1007/s12116-021-09319-8 |issn=1936-6167 |pmc=7976668 |pmid=33758435}}. Governing bodies may not provide citizens with rights to health data access or may act against health data sovereignty for certain population groups.

Health Data Sovereignty intersects with several domains, most notably digital technology. Efforts are either planned or underway to create nationally-accessible electronic health records{{Cite book |last1=Appenzeller |first1=Arno |last2=Rode |first2=Ewald |last3=Krempel |first3=Erik |last4=Beyerer |first4=Jürgen |title=Proceedings of the 13th ACM International Conference on PErvasive Technologies Related to Assistive Environments |chapter=Enabling data sovereignty for patients through digital consent enforcement |date=2020-06-30 |chapter-url=https://doi.org/10.1145/3389189.3393745 |series=PETRA '20 |location=New York, NY, USA |publisher=Association for Computing Machinery |pages=1–4 |doi=10.1145/3389189.3393745 |isbn=978-1-4503-7773-7 |s2cid=220252717}}{{Cite journal |last1=Dobson |first1=Rosie |last2=Baty |first2=Chris |last3=Best |first3=Georgia |last4=Wells |first4=Susan |last5=Wang |first5=Keming |last6=Hallett |first6=Karen |last7=Andrew |first7=Penny |last8=Whittaker |first8=Robyn |date=2022-06-10 |title=Digital solutions for providing patients access to hospital-held health information: what are the design issues that need to be addressed? |url=https://researchspace.auckland.ac.nz/bitstream/handle/2292/60508/Patient%20access_NZMJ.pdf?sequence=1&isAllowed=y |journal=New Zealand Medical Journal {{!}} te Ara Tika O te Hauora Hapori |volume=135 |issue=1556 |pages=114–23 |issn=1175-8716}}.  Enabling access to digital sources for health data opens up possibilities for research and monetisation.  Recent legislative moves and regulations such as the GDPR (EU), HIPAA (US), and [https://privacy.org.nz/privacy-act-2020/codes-of-practice/hipc2020/ HIPC] (NZ) attempt to provide some level of consumer protection although these are not always successful in preventing the use of big data for commercial benefits{{Cite journal |last=Mueller |first=Ryan |date=2022-10-01 |title=Big Data, Big Gap: Working Towards a HIPAA Framework that Covers Big Data |url=https://www.repository.law.indiana.edu/ilj/vol97/iss4/10 |journal=97 Indiana Law Journal 1505 (2022) |volume=97 |issue=4 |issn=0019-6665}}

Widespread digitisation has led to understanding health consumers as “sovereign patients” who wish to be involved in decisions about how their health information is used.  Future developments in Health Data Sovereignty are likely to include further app-based developments to increasingly enable people to view information on mobile devices, based on extensible technology standards and specialised health communication protocols, including Fast Healthcare Interoperability Resources (FHIR) and GDPR-compliant tools to record informed consent.

The related field of Indigenous Data Sovereignty will likely lead to opportunities for self-determination that align with values of Indigenous peoples and frameworks that support diverse views of health data. Such views are especially important for all population groups who have been researched without the ability to control how data about them has subsequently been used.

{{reflist}}