Medical researchers and ethicists are calling for a shift toward “data rights” to modernize patient consent, arguing that traditional informed consent is insufficient for the era of big data and artificial intelligence. According to a perspective published in Nature Medicine, the current model of one-time consent fails to protect patient autonomy as health data is reused for purposes not envisioned at the time of collection.
Why is traditional medical consent failing?
Traditional informed consent relies on a specific agreement for a specific procedure or study. However, modern medicine uses “secondary use” of data, where information collected for clinical care is later used for research or AI training. The Nature Medicine analysis states that this creates a gap between the patient’s original intent and how their data actually functions in the digital ecosystem.
The American Medical Association (AMA) has previously highlighted the complexities of data privacy in the age of electronic health records (EHRs), noting that as data becomes more fluid, the “static” nature of a signed consent form becomes obsolete.
What are data rights in a medical context?
Data rights shift the focus from a single “yes/no” decision to a continuous set of permissions. Instead of signing away rights to a dataset, patients would hold ongoing authority over their information. This framework typically includes:

- Right to Portability: The ability to move health data between providers or platforms securely.
- Right to Erasure: The “right to be forgotten,” allowing patients to request the deletion of their data from research databases.
- Dynamic Consent: A digital interface where patients can update their preferences in real-time, opting in or out of specific new studies.
How does this differ from current HIPAA protections?
The Health Insurance Portability and Accountability Act (HIPAA) provides a legal floor for privacy in the U.S., but it often allows for the sharing of “de-identified” data without explicit patient consent. Critics argue that with modern AI, “de-identified” data can often be re-identified by cross-referencing other public datasets.
| Feature | Traditional Consent/HIPAA | Proposed Data Rights Model |
|---|---|---|
| Duration | Point-of-care or one-time signature | Ongoing and longitudinal |
| Control | Passive (opt-out or broad consent) | Active (granular, real-time control) |
| Scope | Limited to specific study/treatment | Applicable across the data lifecycle |
What are the risks of ignoring data rights?
Without a transition to a data-rights framework, the medical community risks a “trust deficit.” According to the World Health Organization (WHO) guidance on AI for health, transparency and accountability are essential to prevent bias and ensure that marginalized populations aren’t exploited by data harvesting.
If patients feel their data is being used for profit—such as by pharmaceutical companies or AI developers—without their knowledge, they may be less likely to share honest information with their doctors, directly compromising clinical outcomes.
Frequently Asked Questions
Can I withdraw my consent for a study already in progress?
Under current Office for Human Research Protections (OHRP) guidelines, participants generally have the right to withdraw from a study at any time. However, data already collected and analyzed may often remain in the study to maintain scientific integrity.

Who owns my medical data?
Legally, the healthcare provider usually owns the physical or digital medical record, but the patient has a legal right to access and obtain a copy of the information contained within that record.
Will data rights slow down medical research?
Proponents argue that while granular consent requires more infrastructure, it builds a more sustainable and ethical foundation for research. They suggest that high-quality, consensually shared data is more valuable than large datasets obtained through legal loopholes.