The Future of Patient Health Data: From Passive Records to Active Assets

The Fragmentation Problem

Imagine you are Dr. Adriana Vasquez, a clinical researcher at the University of Michigan. You have designed what could be a landmark longitudinal study on the early biomarkers of type 2 diabetes. You have secured funding, assembled a team, and enrolled five thousand patients willing to share their health records. Then you discover the problem: those records are scattered across forty different electronic health record systems, owned by hospitals, clinics, specialty practices, and urgent care chains, each running incompatible software, each governed by different data-sharing agreements, and each charging thousands of dollars in extraction fees you did not budget for. Your five-year study becomes a seven-year study. Your findings arrive late, after tens of thousands of preventable diagnoses have already been made. This is not a hypothetical. This is Tuesday.

The fragmentation of patient health data is one of the most consequential and least discussed crises in modern medicine. A 2022 analysis by the Office of the National Coordinator for Health Information Technology found that the average American patient with a chronic condition sees between seven and nine distinct providers over a five-year period. Each of those providers generates records. Lab results, imaging, prescriptions, clinical notes, referral letters, procedure codes. Almost none of it flows automatically to the others. Almost none of it flows to you.

The consequences of this fragmentation are not abstract. Duplicate testing costs the US healthcare system researchers estimate anywhere from 8 to 25 billion dollars annually. Adverse drug interactions caused by incomplete medication histories account for a meaningful share of preventable hospital admissions. And at the level of population health, the inability to link records across institutions means we are running medicine largely blind, identifying trends years after they emerge, and missing patterns that a unified dataset would render obvious within months.

You are, in a very real sense, walking around with a story about your own body that no one has ever been able to read in full, including your doctors. The question of who actually owns your medical records sits at the center of this crisis, and the answer is more complicated than most people expect.

The FHIR Standard That Could Connect Everything

The technical solution to fragmentation has a name: FHIR. Fast Healthcare Interoperability Resources, developed and maintained by HL7 International, is a standard for representing and exchanging health information electronically. Think of it as a universal language for health data, a common grammar that allows systems built by Epic, Cerner, Allscripts, and hundreds of smaller vendors to speak to one another without requiring custom translation layers for every possible combination of systems.

FHIR has been under development since around 2011, when Grahame Grieve, an Australian health informatics expert, began working on what he called a "fresh look" at health data exchange. The standard structures data as modular "resources": a Patient resource, a Medication resource, an Observation resource, each carrying a defined set of fields and a consistent representation in JSON or XML. When you request your records through an app that uses FHIR, the hospital's system does not need to know anything about the app. It just needs to speak FHIR.

The regulatory scaffolding arrived in 2020, when the Centers for Medicare and Medicaid Services finalized the Interoperability and Patient Access Rule, commonly called the CMS Interoperability Rule. The rule requires Medicare Advantage plans, Medicaid programs, and CHIP programs to implement FHIR-based APIs by which patients can access their own claims data. Subsequent rulemaking extended these requirements toward clinical data and raised the compliance bar for hospitals and health systems. The practical effect is that for the first time in the history of American healthcare, providers face a legal obligation to make your data portable.

The implementation, however, is uneven. FHIR adoption is highest among the largest health systems, which have the IT resources to build and maintain compliant APIs. Smaller rural hospitals and independent practices lag considerably. The data that flows through FHIR APIs also varies in completeness: claims data is relatively standardized, but clinical notes, imaging files, and genomic data involve far more complexity. The standard is necessary but not sufficient. It is the road. The vehicles still need to be built.

Aggregators Pulling Records Together

Into this gap have stepped a generation of health data aggregators: companies and platforms designed to pull your records from multiple sources into a single, patient-accessible view. Apple Health Records, launched in 2018 and available through the Health app on iPhone, allows you to connect to participating hospitals and download your clinical data directly to your device. By 2025, Apple had established connections with thousands of health institutions across the United States, and the integration with FHIR made the technical lift lower than it had ever been before.

CommonHealth, a project supported by the Commons Project Foundation, takes a similar approach but is designed for Android users and emphasizes interoperability with research platforms. Where Apple Health lives on your device and is tightly integrated with Apple's ecosystem, CommonHealth is built to be platform-agnostic and explicitly oriented toward enabling patients to contribute their data to medical research on their own terms.

On the infrastructure side, Particle Health operates as a network-of-networks, connecting to hundreds of hospitals, labs, and data sources and providing API access to health technology companies building patient-facing products. Particle is not a consumer product in the way Apple Health is. It is plumbing: the layer that allows a care management app or a telehealth platform to retrieve a patient's longitudinal record from wherever that record happens to live.

The aggregator model raises important questions about custody and incentives. When your health records live on Apple's servers, Apple becomes a steward of extraordinarily sensitive information about you. Apple has made strong public commitments to privacy and has architected Health Records to store data on-device rather than in the cloud by default. But the precedent of a technology company holding medical records at scale is genuinely new, and the long-term governance questions remain open. What happens to your health records if you switch from iPhone to Android? What happens if Apple is acquired? What rights do you have to audit how your data is used?

Should You Be Paid for Your Health Data?

Here is a number that should give you pause: the global health data analytics market is projected by researchers to exceed 100 billion dollars by the end of this decade. Pharmaceutical companies pay data brokers and health information organizations hundreds of millions of dollars annually for access to de-identified patient data, which they use to identify trial candidates, understand real-world drug performance, and build predictive models for drug development. The data they are buying is, at its origin, yours.

The de-identification step is supposed to sever the link between you and the record. In practice, researchers have demonstrated repeatedly that de-identified health records can be re-identified using combinations of demographics, geography, and clinical events. A 2019 study by Yves-Alexandre de Montjoye at Imperial College London found that 99.98 percent of Americans could be uniquely re-identified in any dataset using just fifteen demographic attributes. When the dataset contains medical diagnoses, procedure codes, and prescription histories, the re-identification risk climbs further.

The argument for patient compensation is not purely about fairness, though it is partly about that. It is also about alignment. If patients are active participants in the value chain of health data, they have an incentive to keep their records complete, accurate, and current. Completeness is precisely what makes health data valuable to researchers. A longitudinal record that includes twenty years of lab results, imaging, prescription history, and clinical notes is worth orders of magnitude more than a partial record with three years of claims data. A compensation model that rewards completeness would, in theory, produce better data for everyone.

The counterargument is practical: the logistics of individual compensation are immensely complex, and the value of any single patient's record is small relative to the aggregate. Proponents of the compensation model respond that this is exactly why collective structures, rather than individual market transactions, are the right mechanism.

The Data Cooperative: A European Model

Midata, a Swiss nonprofit, is among the most prominent examples of this model in practice. Founded in 2013 by a group that included computer scientists, ethicists, and public health advocates, Midata allows individuals to pool their personal data, including health data, in a cooperative structure where members hold governance rights. Researchers can apply to access the pool; the cooperative's governance structure decides which requests to approve and on what terms; revenues generated by licensing are distributed to members and reinvested in the cooperative's mission. Midata has expanded into a European network, with affiliated cooperatives in several countries.

The Lake Nona Impact Forum, an annual convening in Orlando focused on the intersection of technology and community health, has repeatedly highlighted cooperative and community-owned health data models as one of the most promising structural innovations in population health management. The forum's discussions have centered on how geographically defined communities, neighborhoods, cities, and regions, could collectively own longitudinal health data about their populations and use it to negotiate with health systems, insurers, and pharmaceutical companies from a position of collective strength rather than individual atomization.

The cooperative model also addresses something that purely technical interoperability frameworks tend to elide: the question of trust. Many communities, particularly communities with historical reasons to distrust medical institutions, are skeptical of health data sharing even when the technical mechanisms are sound. A cooperative owned and governed by community members offers a different relationship to that data, one where the community sets the terms rather than being subject to terms set by hospitals, insurers, or technology companies.

Decentralized Health Records

Beyond cooperatives, a more radical set of proposals places health data sovereignty at the individual level using decentralized architectures. The concept of decentralized health data infrastructure has attracted interest from cryptographers, patient advocates, and a growing number of health technology entrepreneurs who argue that the fundamental problem with current health data systems is not just fragmentation but custody: data is held by institutions rather than by patients.

Tim Berners-Lee, the inventor of the World Wide Web, has been working for years on a project called Solid (Social Linked Data), which proposes that individuals store their personal data in personal online datastores called Pods. Instead of your data living in Facebook's servers, or Google's servers, or your hospital's EHR system, it lives in your Pod, which you control. Applications request permission to access data in your Pod; you grant or revoke permissions. Applied to healthcare, the Solid model would mean your medical records live in your Pod, and your hospital, your insurer, and your fitness app each have permission to read or write specific portions of that data, with permissions you can audit and revoke.

Berners-Lee's company Inrupt has been working with health systems in the UK and elsewhere to pilot Solid-based health data infrastructure. The NHS in England has been among the institutions exploring this model, and several European health IT initiatives have incorporated Solid principles into their architectures. The technical challenges are significant: building applications that work with distributed data is harder than building applications that work with centralized databases, and the user experience of managing a Pod requires a degree of technical literacy that cannot be assumed across a general population.

Blockchain-based approaches have also attracted considerable attention, though the record of blockchain implementations in healthcare is mixed. The core appeal is that a blockchain provides a tamper-evident, distributed ledger that does not require trust in any central authority. Ocean Protocol, a data marketplace built on blockchain infrastructure, has been proposed as a mechanism for patients to share health data with researchers while retaining cryptographic proof of provenance and the ability to audit usage. Whether these mechanisms can scale to the complexity and volume of real-world health data remains an open empirical question.

The AI Value of Complete Histories

All of these structural questions about ownership, custody, and compensation converge on a single technical reality: artificial intelligence systems that operate on health data are dramatically more powerful when that data is longitudinal, complete, and linked. A model trained on three years of claims data will produce different, and generally worse, predictions than a model trained on twenty years of integrated clinical, genomic, lifestyle, and environmental data. The non-linear nature of this relationship is critical.

Researchers at Stanford, Johns Hopkins, and several UK universities have published work in recent years demonstrating that the predictive value of health data does not scale linearly with the length of the record. A longitudinal record that spans fifteen years is not simply five times more valuable than a three-year record. The additional years capture transitions: the shift from healthy to pre-diabetic, from pre-diabetic to diabetic, from asymptomatic to symptomatic cardiovascular disease. These transitions, and the patterns that precede them, are precisely what predictive models need to learn. Without the full arc of a patient's history, models can identify correlations but struggle to model trajectories.

This is why the question of health data infrastructure is not only a policy question or an ethics question. It is a question about the ceiling on what AI can accomplish in medicine. The techniques described in work on federated learning in healthcare offer one approach to working with distributed data without centralizing it, allowing models to learn from records that stay within hospital systems rather than being aggregated in a single location. But federated approaches still depend on the quality and completeness of the records at each node. Garbage in, garbage out applies at the population level as much as at the individual level.

Consider what becomes possible with genuinely complete longitudinal data at scale. Early detection of Alzheimer's disease based on subtle changes in speech patterns, gait, and cognitive test results that precede clinical symptoms by years. Identification of individuals at elevated risk for rare autoimmune conditions before they have experienced diagnostic odysseys lasting years. Personalized cancer screening protocols calibrated to your specific genetic risk profile, lifestyle history, and environmental exposures rather than age-based population averages. These are not science fiction. They are what researchers believe becomes achievable when the data infrastructure problem is solved.

The 2030 Vision and Its Risks

The most optimistic vision of where patient health data is heading by 2030 looks something like this: you carry a health data wallet on your phone, something like a digital passport for your body. It contains your longitudinal record, aggregated from every provider you have ever seen, structured in FHIR and secured with cryptographic keys that only you hold. When you visit a new doctor, you grant access with a tap. When a researcher wants to include your de-identified data in a study, you receive a request, review the terms, and accept or decline. When a pharmaceutical company licenses data from the cooperative you have joined, you receive a quarterly payment. Your health insurer sees only what you choose to show them.

This vision is technically achievable. Several of the building blocks already exist. The regulatory momentum is real. The economic incentives, at least for patients and researchers, point in the right direction. But the path from today to that vision runs through a landscape of serious risks that deserve clear-eyed attention.

Surveillance capitalism is the first and most immediate risk. The same data that allows AI to predict your cancer risk also allows an insurer to predict your actuarial risk. The same longitudinal record that helps a researcher understand population trends is a detailed portrait of your vulnerabilities, your chronic conditions, your mental health history, your reproductive choices. The legal protections that currently govern health data, primarily HIPAA in the United States, were written before the age of large language models, data brokers, and the merger of health records with behavioral and location data from smartphones. The gap between what the law prohibits and what is technically possible has never been wider.

Insurance discrimination is a related and specific concern. In the United States, the Genetic Information Nondiscrimination Act provides some protection against genetic discrimination in health insurance and employment, but its coverage is incomplete and its enforcement is limited. Long-term care insurance, life insurance, and disability insurance are not covered by GINA. If your health data wallet makes your complete medical history technically accessible, the question of who can compel access to it under what circumstances becomes a matter of enormous practical consequence for your financial life, not just your medical care.

Employer access is a third axis of risk. Employers in the United States bear a significant share of employee health insurance costs, which creates a structural financial incentive to know about employees' health status. Current law prohibits most forms of employer access to medical records, but workplace wellness programs, voluntary health screenings, and wearable device programs have created grey zones where health data flows from employees to employers in ways that are technically voluntary but practically coercive in low-wage environments where program participation is tied to premium discounts.

The equity dimensions of health data reform deserve particular attention. Communities with limited access to digital technology, limited English proficiency, or historically founded distrust of medical institutions are least likely to benefit from patient-empowerment models that rely on smartphone apps, digital literacy, and comfort with sharing medical information. If the fruits of a better-connected health data ecosystem accrue primarily to the already-advantaged, the reform will have failed in its most important dimension. Building inclusive data cooperatives, investing in community health workers who can serve as data navigators, and designing patient-facing tools that work across languages and literacy levels are not optional features of health data reform. They are the condition of its legitimacy.

None of these risks argues against building better health data infrastructure. They argue for building it carefully, with patient governance at the center, with legal protections that match the actual technical landscape, and with equity as a design constraint rather than an afterthought. The fragmentation problem is real. The cost of that fragmentation, in delayed diagnoses, duplicate tests, missed research findings, and patients who cannot tell their doctors their own history, is enormous. The question is not whether to fix the plumbing. The question is who owns the pipes when the work is done.