who legally owns the data in a database?

By dkforbus ·
I have a client that has an EMR (electronic medical records) system. The client is trying to port over the data from her existing system to a new system. The vendor for the old system refuses to give us the user ID and password to the server because they say it will give us access to their proprietary information. I say the data and server belong to the Dr since she had to buy the hardware and software. But the vendor insists that they will not give us the user ID and password to the server and if we want the data, we have to pay $1 per patient to give us a PDF report of the data.

Question - does anybody know of any legal cases that we can use to reference that gives us the legal right to the data?

Or, does anybody know how to hack into a SCO Unix box so we can access the database.

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Answers

Collapse -

Request for Clarification

by Charles Bundy In reply to Clarifications

I need a little clarification here.

Are you saying they have locked her out of the old system with respect to logon, or do you want an administrative account (e.g. 'root')

Do you have receipts for the server and software? A contract for services? Terms?

The reason I ask is that I'm not certain your question accurately reflects what they consider proprietary. It may be something above and beyond the EMR database if you are asking for admin access to either the system or the database. Regardless I would assume ultimately EMR data belongs to patients and if they have cut off access completely I would gently remind them that they may not like litigation from any number of directions other than the doctor...

BTW why hack the DB/SCO? Do you not have access to recent system backup media?

Collapse -

proof of purchase

by PurpleSkys In reply to who legally owns the data ...

I'm of the thought that if the Doctor has proof of purchase and a signed contract with said people, she has grounds to charge them if they are in breach of contract.

Collapse -

I agree

by markp24 In reply to who legally owns the data ...

If you have the signed contract showing that you purchased the hardware and software, and the data was entered by you. i dont see how the vendoer can hold the data. Does you client have a legal dept to discuss this with? the Laws also depend on what country your in.

Collapse -

Here it depends on the License of the Software in use

by OH Smeg Moderator In reply to who legally owns the data ...

And what is actually happening.

Of course if there is a Contract involved that will clearly spell out what is owned by who and so on but to be perfectly honest here it sounds like a system remotely hosted by another company where the Doctor has no expenses in Maintaining, Updating or running the system.

In effect what is now called a Cloud Solution and if that's the case I'm willing to bet that the Jury is still out on who owns what and what the person/Company who physically holds the Data can do with it. Things like On-Sell it to Authorities, competition and so on have yet to be determined particularly if there are Receivers Involved.

A couple of other things that you should be aware of as well is that the possibility of the Data being Portable to another application may be simply impossible and it all needs to be reentered to the new application and that if this is one of those Options that was built to make the Doctors Life easier and allow them to be a Doctor not an IT Specialist the entire idea was to lock the medical partitioner into using their product for all the time so what you are being told may be perfectly correct.

Like any Long Term Contract there are Penalties to get out and what is quite common with Medical Programs is that you???ll need to reenter all of the records to the new app as you are unable to transfer it from the old application. This is very common with all Specialist Programs no matter the field.


Collapse -

Well at worst the original vendor

by Tony Hopkinson In reply to who legally owns the data ...

has no option but to extract the 'user' data for the client in a usable format and supply that to you for the migration.
Otherwise they are denying the client their data, someone is being a twit, not a chance of winning this, could quite easily end up losing badly.

Collapse -

Data owned by the Dr but extract owned by the vendor

by Niall Baird In reply to who legally owns the data ...

I believe there is case law here in Australia that the patient information is owned by the Doctor, however when you need to move from one doctor to another, and request your patient information be sent to your new doctor, they are allowed to charge for the effort in retrieving the data & sending it to the new doctor. (most don't charge though)

Using this as a corollory, the vendor is quite within their right to charge for extracting the data, regardless of whether your client has purchased the system or not. I would actually be asking for the cost for extracting the data in CSV format, rather than PDF, because (a) its much more useful to you in CSV, and (b) you could extract it yourself into PDF without using the server. Alternatively, you could research the contract and licensing terms to see if it is possible that you can ask for an extract of the data with no charge.

I certainly don't think the issue is the data, its only how you can access it that is the issue.
You might also want to ask them if they can provide your client with a username & password that is restricted to getting information from the relevant tables - that should allay any of their fears that you would be able to see proprietary information.
If all else fails, your client might have to front up with the cash.

As an aside, if you safe the resultant PDF's as an image (assuming that they will not fold and give you a csv extract), you can use MS One Note 2010 to extract the text from the pdf image.

Hope you didn't sign onto this as a fixed price contract....

Collapse -

Use a linux boot disc

by andrew In reply to who legally owns the data ...

I'd be surprised if linux couldn't read the SCO partition, in which case a linux boot disc would get you in. Boot up using, say, an ubuntu desktop disc in 'live' mode. That'll get the computer running, yet it's guaranteed not to modify any data on the SCO machine's hard disc. Then mount the partition and that'll give you access to the database files.

Then it's just a case of what database they're using. If it's one of the standard ones you'll be able to copy them off to another machine and access them there. If it's proprietary then things could be trickier!

Because the above doesn't involve modifying the SCO hard drive then it should be pretty safe - if it doesn't work you just remove the linux boot CD and reboot into SCO as usual.

Failing that you might be able to hack the username/password on the SCO box using linux by mounting the SCO drive and editing the password/shadow/security files, but if you mess that up then you're in trouble :)

Collapse -

Reponse To Answer

by Charles Bundy In reply to Use a linux boot disc

I wouldn't follow the above unless I knew there were solid backups somewhere. And if you have those, ya don't need to mess with a physician's production system.

Collapse -

thanks for the feedback

by dkforbus In reply to who legally owns the data ...

Thanks for the replies.

The doctor physically has the server in her office. Like most small (1 to 3) doctor offices, they have purchased a system from a vendor for a set price. The server is purchased by the doctor as well as the software. The doctor then pays a set amount per year for maintenance of the system (i.e. technical support, upgrades, bug fixes, etc). In this case, the doctor has not paid a maintenance fee for about 2 years because she knew she would be changing to a newer system.

I guess the real answer lies in the contract. Problem is, she does not know where it is. Typical end user, huh.

Collapse -

Reponse To Answer

by Charles Bundy In reply to thanks for the feedback

Ahh that clarifies possession from my earlier request. I'd say a contract is moot at this point if they haven't been paying for the service for two years. So, as this is onsite and hasn't had any support for two years, who does the backups? Backup tapes would be your ticket to data extraction. Assuming they exist...

Gosh I hate to say this but while the contractors sound like extortionists, the provider sounds like a deadbeat as she admits there was a contract, she doesn't know the terms and just decided to stop paying...

Related Discussions

Related Forums