A couple of weeks ago, I found myself in a deeply unsettling situation. Like millions of others, I had entrusted my genetic data to 23andMe to learn about my ancestry and health predispositions. Now, with the company filing for bankruptcy and seeking acquisition, I was horrified to discover that I couldn't fully download or delete my information due to servers overloaded by fleeing customers. My DNA — perhaps the most intimate data I possess — suddenly felt out of my control.

This might sound like a first-world problem, at least for now. But lack of data sovereignty or control is not new to me or unique to the developed world. During years of building digital health solutions across a dozen developing countries, I have repeatedly seen how the rush to digitize healthcare often prioritizes institutional convenience over individual agency. In most of the systems I helped build, patients had little or no access to their own records. Consent was rarely sought. Information was siloed in “walled gardens” with poor interoperability and minimal cybersecurity—because budgets were barely enough to build the tools, let alone secure them. As a result, millions in Bangladesh, myself included until recently, have to carry stacks of medical papers from one provider to another—yet continuity of care remains elusive.

Why this matters now

While there are many urgent issues in global health, control over personal health data is becoming pivotal due to three converging and urgent factors:

1. AI is here. As I explored in previous posts (singularities; self-care), AI is set to deeply personalize healthcare. Tech giants like Google, Apple, and OpenAI —and countless startups—are already building AI health coaches that will rely on, and accumulate, unprecedented volumes of personal data. Who owns and controls that data will shape healthcare for decades and expose people to immense risks.

2. The economics of data are shifting. There’s a growing financial incentive to centralize health data, driven by AI’s hunger for it. The more information Google or OpenAI has about your health, the more personalized your experience, and the less likely you are to switch to another AI companion. Patient-centered alternatives, like personal data ownership, offer better outcomes—but lack the same profit motive; if anything, it runs counter to all the financial incentives! Such perverse incentives have historical precedence in the adoption of closed EHR systems like Epic, which prioritized internal efficiency over patient agency and continuity across systems.

3. The Global South is on the cusp. Only 35% of lower-middle income and 15% of low income countries have national EHRs today, but many are newly digitizing. Their decisions will shape health systems for generations, so it is very important to get it right.

First Gen Mistakes we must learn from

In developed nations, health digitization was driven by goals like efficiency and data-driven care. While 96% of U.S. hospitals now use certified Electronic Health Records, this impressive statistic masks critical flaws:

• Centralization creates vulnerability: Epic Systems alone holds records of 78% of U.S. patients - about 325 million individuals. It also controls 3% of all non-US health records (285 million people).

• Patients lack control: Only 54% of U.S. adults have been offered access to their medical records, and of those, only 57% actually accessed them.

• Systems don’t talk to each other: 70% of hospitals report issues with data exchange. Four out of ten still rely on printouts.

These failures affect me personally. My medical history from living in Boston (2010-2013) is inaccessible in my current MyChart, which only starts in 2023 (when I was 39 years old!). Records from Bangladesh? Completely missing! I had to repeat a full set of MRIs at significant cost and discomfort (I get claustrophobic inside MRI machines) after moving to the US—because my fairly recent reports from Bangladesh were not accessible/acceptable.

The Risks of centralization

And the risks of all this centralization goes far beyond just poor continuity of care. Let’s look at the mounting evidence:

⚠️ Massive Breaches

Even sophisticated tech giants like Facebook and Google have reported breaches of their client databases. Here are some breaches reported by various health systems, but given the lack of mandatory reporting requirements in most countries, this is likely a gross underestimate:

• Change Healthcare ransomware attack (2024): exposed data of 190 million patients - more than half the U.S. population

• 23&Me (2023): exposed genetic data of 6.9 million individuals.

• SingHealth (Singapore, 2018): Compromised 1.5 million patients' records, including the Prime Minister's!

• AIIMS (India, 2022): up to 40 million patient records potentially exposed

🕵🏽‍♂️ Government Misuse and Abuse

Even governments cannot be fully trusted to be effective stewards of their citizen’s health data, both due to widespread incompetence and poor governance, and (occasionally) sinister motivations.

• Brazil: 243 million health records leaked online and undetected for six months, due to credentials uploaded mistakenly to Github by an employee. Very few Ministries of Health have basic security measures in place, let alone strong cybersecurity teams to fend off malicious attacks.

• China's COVID health codes were weaponized against protesters

• The UK's NHS partnership with Palantir raised privacy alarms

• In Bangladesh, the deposed Prime Minister’s son was sued for selling the citizen’s national ID database for personal profit!

If all of this does not ring an alarm bell for you, for a moment imagine being a persecuted minority — queer in Uganda, Uyghur in China, or Venezuelan migrant in present-day USA. Entrusting your data to governments that could persecute you is not just irrational — it is an existential threat!

💸 Corporate Exploitation

Similar to 23 & Me’s current situation, there are numerous possibilities for data in corporate hands being misused beyond its original intention and authorization.

• Google's Fitbit acquisition raised concerns about health data being used for advertising

• The GEDMatch genealogy database was acquired by a forensic genetics company for use in law enforcement, raising privacy concerns

• Insurance companies gaining access to genetic data such as 23&Me’s could use it to deny coverage for pre-existing conditions

Overall, the key takeaway is that centralized health data amplifies power, and power can be misused. But what's even more concerning to me are the "lygometric" risks no one is talking about — those hard-to-anticipate, emerging threats that become plausible as technology advances. In the current political climate, it is not inconceivable for conservative US states to identify who got an abortion from their period-tracking app data (just this week IRS agreed to share tax records with ICE to aid in deportations). Using rapidly advancing and democratized tools like CRISPR and AlphaFold, genetic data could be used by even non-state rogue actors to develop targeted bioweapons (FYI — the 2023 attack on 23andMe’s servers specifically targeted the genetic profiles of Ashkenazi Jews!). AI systems analyzing health records could predict and manipulate voting behavior, similar to the Facebook-Cambridge Analytica scandal of 2016.

Health records, unlike credit cards or passwords, can't be changed once exposed. The impact of these breaches can even cascade across generations - affecting not just individuals but their children and grandchildren through their genetic information.

What can we learn from this?

Above, we have established the myriad grave risks of centralizing health data, following the Western model. Without going into too much detail into the history, it is sufficient to conclude that there were missteps made on the path to digitization in developed nations, which has caused path dependencies that are hard to course correct or reverse. For example, one of the core drivers of centralized health records were the strong incentives for systems to have “internal interoperability” (e.g. various parts of a hospital system talking to each other), but there was little corresponding motivation for “external interoperability” (different systems talking to each other) which would actually benefit patients.

Newly digitizing countries in the global South have the benefit of learning from these mistakes. They also have newer technology paradigms to start their journey with; for example, standards like the Fast Health Interoperability Resources (FHIR) did not exist before 2012, a gap that partly contributed to the data fragmentation in the West. In contrast, Jean Philbert, the Chief Digital Advisor of Africa CDC, declared with characteristic gusto during the Open Digital Health Summit conference in Nairobi in December 2024 — “We are going to put Africa on FHIR!” This is undoubtedly an exciting prospect.

We have seen this “leapfrogging” effect before with mobile phone adoption and digital wallets, and this is another huge, and time-critical, opportunity to bypass failed legacy systems altogether.

Core principles, examples, and design of a patient-centered health data architecture

Starting from first principles, we must first acknowledge the basic patient rights when it comes to health data:

• Right to access and understand their data.

• Right to consent before data is collected, shared or used.

• Right to delete or correct data (including right to be “forgotten”).

• Right to be informed about risks, including secondary findings in genetic testing.

• Right to benefit from data use (e.g. in shared research gains, personalized AI, etc.).

• Right to protection from misuse or exploitation.

Any system we advocate for or build must at a minimum fulfill these principles. Thankfully, there are a few early experiments in different parts of the world that we can learn from.

Early experiments and bright spots

Estonia offers perhaps the clearest example of what's possible through decentralization:

• Every citizen owns their health data and can give granular permissions to access it.

• There is an auditable log of every time their records have been accessed and by whom. This promotes accountability to patients.

• Records stay with providers, not in a monolithic database, but can be pulled into an unified view on demand through a secure data exchange network called X-road

• Blockchain technology ensures transparency and prevents unauthorized changes

• 99% of health data is already digitized, and 99% of prescriptions are electronic, while maintaining patient control

India's ambitious Ayushman Bharat Digital Mission (ABDM) is attempting something similar at massive scale, with over 670 million health accounts created. There are however questions about infrastructure readiness in rural areas and whether the system will exacerbate digital divides. While too early to call it an unqualified success, it demonstrates that even large, complex health systems can prioritize patient consent and control.

Beyond India and Estonia, many countries now have Smart Health Cards which enable people to have portable but verifiable digital clinical records, such as vaccinations or test results, developed in response to the COVID-19 pandemic.

Innovative startups are also emerging in this space. HealthTAG in Thailand is using blockchain to enable patients to own and access their medical records across providers. They've developed an NFC card system where patients can access their consolidated records by scanning the card and entering a PIN. Providers store data locally, while blockchain indexes and enables sharing based on patient consent. HealthTAG is also exploring data monetization models where patients can sell anonymized data for research—essentially becoming "CEOs of their health data."

The World Health Organization-endorsed International Patient Summary (IPS) Standard provides an early blueprint of an globally interoperable summary health record that individuals can carry across borders. EPIC and other major EHR systems announced support for the IPS standard in 2024. Google has launched Health Connect, an open protocol for health data sharing across the 3B+ device Android ecosystem, although a cross-platform standard is still to be developed. The Open Wallet Foundation is convening an event in July to discuss how digital wallet protocols could provide more agency and control to individuals over their various forms of data (including health and financial).

It is important to learn from these early experiments and design robust and decentralized frameworks that can be adapted and adopted in different contexts. Abstracting away, we can identify the following basic requirements any system should fulfill to be future-proof:

• Technically decentralized and auditable (data stays with source systems, i.e. no central repository that can be hacked or exploited, any access logged).

• Based on open standards like FHIR, HL7, IPS so that it is completely interoperable across platforms and data stores

• Patient controlled and owned (support for granular, revocable data sharing, record deletion, exporting to other platforms, etc.)

• Inclusive (designed for various levels of digital literacy and access, such as through a voice AI interface in ones’ natural language)

• Politically robust (usable even in fragile or authoritarian states; i.e. prevents misuse and abuse by design)

• AI-ready (supporting personal health companions through protocols like MCP, but with strong governance of secondary data use)

Below is a simplified illustration of how such a model would be superior to current models:

Practical considerations

Implementing this vision faces significant challenges. First and foremost, no one model will serve all contexts — South Sudan and South Africa will have very different capabilities (resources, regulatory, governance, etc.) by definition, and so the overall approach may have to be adapted to each unique context.

However, irrespective of local variations and constraints, it is clear that left purely to market forces, the intrinsic incentives will dominate the choices, which in all likelihood will not lead to patient-centered systems. Even governments, except forward thinking and “benevolent” ones like Estonia, are unlikely to fully embrace a patient-centered paradigm. For example, critics point out that India’s Health Data Management Policy contains loopholes for use of data for surveillance and monetization purposes.

There is therefore a strong case for market shaping and policy approaches to ensure patient needs are prioritized. Multilateral organizations like WHO and Africa CDC, and funders of health systems such as World Bank and the Gates Foundation, have a major role to play in taking a stance on patient data rights, and defining conducive normative standards and reference architectures. Concerted efforts from these agencies and patient advocacy groups could force governments to set strong data protection laws, invest in basic digital health infrastructure, and require health sector players to comply with interoperability and data sovereignty requirements, including and particularly for the new breed of AI-for-health companies.

Another complication of decentralized ownership and management is that people often don’t understand the concept of data privacy, ownership and control in many parts of the world. The most poignant example of this I saw was while building a mHealth intervention for BRAC in the urban slums of Bangladesh. Contrary to our fears that pregnant women in a conservative Muslim country would be skeptical about sharing their data over the internet, they showed up excited and all dressed up because “the doctor is going to see my picture.”

We therefore need a lot of consumer advocacy and education — including the risks of having their data fall on the wrong hands. This is another important role for patient advocacy and support groups, who can support digital health literacy initiatives. I can imagine conversational AI tools greatly assisting in such patient education as well.

The third major complication of data decentralization is regarding access to consolidated data for research. Centralized databases (e.g. EPIC’s Cosmos dataset) are conducive to running research at a large scale. Under a decentralized model, there would have to be incentives built into systems to motivate patients to share non-sensitive information with researchers (e.g. through directly compensating patients for data sharing or participating in trials).

In summary…

We have two starkly different alternative futures ahead:

1. A future where tech giants and governments amass ever-larger health datasets, promising efficiency through centralization - but at the cost of individual autonomy, privacy and grave risks of breach, misuse and abuse.

2. A world where individuals own and control their health information, choosing when and how to share it - enabling personalized care while maintaining privacy and agency.

The Global South stands at a unique moment in history, where the choices made by countries today will determine which of those realities we inherit into the future. We must also protect at all costs against AI companies consolidating and “owning” patients’ health information simply by virtue of the private conversations people have with their chatbots and agents. [A small personal advice here: if you are using an AI chatbot for health conversations, make sure the organization’s business model does not involve directly monetizing your data in any shape or form. Personally, I feel much more comfortable with a monthly subscription fee!]

While the challenges of building patient-centered health data systems are significant, the cost of inaction — or of blindly following any variation of the North's centralized model — is far greater. We will have to iterate our way through the inevitable challenges and mistakes, but we must first lock our eyes on the goal.

I hope this post has given you something to think about. If you agree that patient sovereignty over health data is vital, share this with others who care about the future of healthcare and digital rights. And I'd love to hear your thoughts in the comments: Do you know of any new experiments and experiences with promoting patient data sovereignty? How could having true control over health data change people’s relationship with the healthcare system?

Share