Empowering AI-Driven Health Data Sovereignty for Ethical Transformation

Image: Depositphotos

Cognitive World Member Article

The Health Data Dilemma

As artificial intelligence (AI) reshapes healthcare, ethical and effective health data management emerges as a pivotal challenge. One critical asset will determine the true potential of AI in healthcare: health data. This deeply personal information holds immense power to fuel groundbreaking innovation, drastically improve patient outcomes, and create profound value for individuals, healthcare professionals, and enterprises alike.

Yet today, health data is frequently mishandled in ways that undermine trust and progress because health data is traded without owners’ knowledge or consent, exposed to relentless cybersecurity threats, and locked away in fragmented, institutionally siloed systems. These failures amplify risks on every front by diminishing individual benefits and control, eroding patient autonomy and privacy, inviting costly litigation, and obstructing seamless global interoperability, which is evident in the uneven adoption of frameworks like Europe's General Data Protection Regulation (GDPR) and the U.S.'s Trusted Exchange Framework and Common Agreement (TEFCA). 

In an era where AI could transform healthcare like never before, flawed health data governance does not just slow innovation, it threatens to derail it entirely. The urgent question is no longer whether health data matters, but who truly owns and controls it, and what happens if we continue to get this wrong.

The Clinician’s Perspective

From a clinical perspective, the primary obstacles to achieving safe, effective, and scalable AI in healthcare are not advanced foundational models or sophisticated algorithms, but rather the misalignment of incentives and the lack of comprehensive aggregation of all relevant data into a single, reliable source of truth. Healthcare data remains fragmented, inconsistently structured, and costly to share, as institutions are incentivized to retain value from data rather than facilitate its fluidity. Despite the national expansion of TEFCA, inconsistent participation and adoption rates continue to force physicians to manually compile patient histories across disparate portals and in some cases, even faxes, thereby diminishing AI’s practical value at the point of care (RCE, 2025; DxF, 2025). Concurrently, the documentation burden imposed by current electronic health record (EHR) systems persists unabated, even with the proliferation of ambient AI tools. On average, physicians dedicate approximately 3.4 hours to EHR documentation for every 8 hours of scheduled patient encounters, often extending into after-hours commitments. Consequently, AI solutions that introduce additional steps without addressing underlying workflow incentives are likely to be disregarded (Holmgren, 2024; JGIM, 2024; Obermiller, 2025).

Recent surveys, including a 2025 AMA analysis, indicate that 65% of physicians cite data fragmentation as the top EHR pain point, with HL7 FHIR-compliant pilots demonstrating up to 25% reductions in documentation time (AMA, 2025; HL7, 2024).

Self-Sovereignty and Market Dynamics 

Self-sovereign data (SSD) is a model where an individual has full ownership and control over their personal data, including the autonomous ability to manage it (autonomy) across multiple systems (portability), decide access permissions with informed consent (control and consent), and ethically license or revoke its use (monetization and revocation), all independently of any centralized authority or institution (Rosenstrauch et al., 2023).

The healthcare data monetization market, valued at $580 million in 2025, is forecasted to reach $1.16 billion by 2030 at a compound annual growth rate (CAGR) of 14.9% (Markets and Markets, 2025). North America holds a 41.6%, market share bolstered by the Health Insurance Portability and Accountability Act (HIPAA) and the 21st Century Cures Act, TEFCA and the United States Core Data for Interoperability (USCDI), yet gaps persist as patients often remain unaware of unauthorized data sales (Market.us, 2025). The patient-generated health data (PGHD) market is surging as a key segment. Valued at $6.8 billion in 2024, it is projected to reach $33.6 billion by 2034, growing at a CAGR of 17.4% from 2025 to 2034, driven by wearables, remote monitoring, and digital tools (Insight Ace Analytic, 2025).

Current health data marketplace practices underscore the need for health data self-sovereignty as a 2023 Duke University study revealed at least 37 data brokers are actively trading mental health data, with 11 confirming sales of sensitive records (Kim, 2023). Brokers like LexisNexis sell data on about 280 million patients in the USA annually, often without consent, generating billions in revenue for the enterprise but not for the health data owner (Shortform, 2021; Kim, 2023). This commodification erodes trust and raises ethical concerns, fueling demand for user-centric models. Europe's GDPR has imposed cumulative fines exceeding €5.88 billion by early 2025 for data violations, with health sector breaches contributing significantly, highlighting stricter enforcement compared to U.S. frameworks (EDPB, 2025).

Governance Models Comparison

SSD offers the most direct path to individual control, but it is not the only solution. Other models exist, each with trade-offs:

Clinical, Economic and Security Impacts

Medical debt is the leading cause of personal bankruptcy, and about 20 million U.S. people face $220 billion in medical debt, exacerbated by redundant care from siloed or fragmented data (Peterson-KFF Health System Tracker, 2024). Medical errors, the third leading cause of death in the U.S., costing an estimated $17 billion to $29 billion annually (historical baseline) (Rodziewicz et al., 2024; Peterson-KFF Health System Tracker, 2025). Diagnostic errors occur in 11.1% of cases, underscoring the dangers of siloed systems and exposing healthcare organizations to liability risks (Newman-Toker et al., 2023).

Cybersecurity Urgency

Cybersecurity threats have increased the urgency for stronger protections in healthcare. In 2025, the U.S. experienced 508 major healthcare data breaches by August 31, with each incident costing an average of $10.93 million and exposing millions of individuals to risks such as identity theft and ransomware attacks (HIPAA Journal, 2025; IBM Cost of a Data Breach Report, 2025). Among these breaches, hacking and information technology security incidents accounted for 87.9% of the cases reported in August, a trend that has been steadily increasing since 2009 (HIPAA Journal, 2025).  

The rise of interconnected systems, electronic health records (EHRs), and Internet of Things (IoT) devices has made safeguarding patient data and healthcare processes increasingly complex (Baskaran & Ramalingam, 2024). It is essential for healthcare organizations to prioritize cybersecurity, implementing robust measures to protect patient data and prevent disruption of critical healthcare services (Sharma & Kaur, 2024).

Compliance

From a regulatory standpoint, authorities now mandate comprehensive lifecycle governance such as the National Institute of Standards and Technology (NIST) AI Risk Management Framework and U.S. Food and Drug Administration (FDA) Predetermined Change Control Plans, imposing upfront compliance costs that health systems can no longer defer (NIST, 2023/2024; FDA, 2024/2025). Moreover, international guidelines emphasize that synthetic data and large multimodal models (LMMs) demand thorough assessments for bias, utility, and privacy, underscoring the need for incentives that prioritize responsible data stewardship over mere model performance (WHO, 2025).

Consumer-Centric Self-Sovereign Tool

In this environment of growing threats, self-governance models that prioritize the individual user's control, rights, autonomy, and active participation in managing their personal health data are essential to improve security and trust.

While implementing self-sovereign models faces potential obstacles such as user fatigue, digital literacy requirements, and the difficulty of universal platform adoption by healthcare institutions, the HÄLSA™ platform aims to mitigate these through a secure, user-friendly smartphone application accessible at any time, simplifying management and promoting adoption and consumer trust.

Self-sovereign consumer-centric health data management addresses these challenges and risks by providing secure personal health data containers for medical, biometric, genomic, and environmental data, compliant with GDPR, HIPAA, Health Level Seven International (HL7) and Fast Healthcare Interoperability Resources (FHIR). AI enables tokenization, anonymization, and un-learning to revoke data from models, allowing selective sharing while preserving privacy (Rosenstrauch et al., 2023). A 2024 NIST-aligned study on revocable AI models shows bias reductions of 15-20% in healthcare datasets, enhancing equity (NIST, 2024; MIT, 2024). Modeled outcomes suggest HÄLSA™ could lower diagnostic errors by 10-15% through real-time access, building on Newman-Toker et al.'s 11.1% baseline.

HÄLSA™ Health Data Agency is an all-in-one secure smartphone application accessible at any time. It hands individual health data owners complete self-governance of their data via patent-pending AI technology. For individuals, self-sovereign consumer-centric health data management reclaims control, can reduce medical errors, and alleviate financial burdens through self-governance and the option of ethical monetization. Features like QR-code emergency access enhance the efficiency of medical care.

To enterprises, which might have relied on synthetic data, data sovereignty tools offer access to high-quality, authentic, and ethically sourced data for clinical trials and drug discovery to securely train ethical AI. At the same time researchers gain reliable, authentic and consented datasets, accelerating equitable outcomes (Market.us, 2025). This converts passive data into revenue streams, aiding ethical AI and drug discovery.

Healthcare professionals can rely on integrated, up-to-date and accurate patient information to provide safer, high-quality, equitable and more cost-effective care with the potential of alleviating medical lawsuits. This also decreases the extra cost of duplication of tests and services and improves quality of care.

Self-Sovereign Solution and Implementation Considerations

Self-governance models provide secure personal health data containers compliant withGDPR,HIPAA, andFHIR.AI powers functions liketokenizationanddata revocation, enabling selective sharing while preserving privacy (Rosenstrauch et al., 2023). Modeled outcomes suggest this real-time access could significantly enhance clinical decision-making, potentially loweringdiagnostic errors by 10-15%. Realizing these benefits requires addressing key implementation challenges.Active heath date management by consumers is central to SSD, which introduces the risk of a Digital Divide and User Fatigue among less digitally adept populations, potentially creating an equity gap. Furthermore, the model faces an Implementation Risk known as the "Walled Garden" problem: if major EHR systems do not fully integrate SSD frameworks, new data silos might form. To protect users, robust governance frameworks are necessary to mitigate the risk of financial coercion associated with Ethical Monetization of sensitive data. Finally, the system design must ensure data resilience and secure emergency access protocols to prevent loss of control if an individual misplaces their primary access key.

Conclusion

In conclusion, self-sovereign health data management empowers individuals with control and monetization of their data, provides enterprises with ethically sourced, high-quality insights, and enables healthcare professionals to deliver safer, more efficient, and equitable care through real-time, integrated patient information. Realizing this transformation requires overcoming technical and social hurdles, ensuring universal access, and establishing strict ethical governance to mitigate the known risks of data-driven systems.

This Member Article requests you consider participating in HÄLSA™.

Join the Transformation of Self-Sovereign Data

Leverage Data Now to Benefit and Shape the Future of Health Data Management!

The successful shift to Self-Sovereign Data is a global transformation requiring collective action. We call on consumers, patient advocates, AI experts, cybersecurity professionals, and health data enthusiasts, clinicians and all stakeholders interested in Health Data Management to join the transformation of ethical health data governance.

Contribute Your Voice by completing this brief survey to share your priorities and influence the future of health data management at https://docs.google.com/forms/d/e/1FAIpQLSeFjEuirKSLux5lLGayaB7Uj4AfXt8KiIerXP3U_NIUmW3FHw/viewform?usp=sharing&ouid=105981034851464142988

Join the Effort by collaborating on solutions, email us at HDA@drdoro.com. Your participation is essential to ensure every individual controls their most valuable asset: Your Health Is Your Wealth!

Article References

American Medical Association. (2025). Physician Electronic Health Record Burden Survey.
https://www.ama-assn.org/practice-management/physician-health/doctors-work-fewer-hours-ehr-still-follows-them-home

Baskaran, R., & Ramalingam, S. (2024). Challenges and complexities in healthcare cybersecurity: The impact of interconnected systems and Internet of Things. Semantic Scholar.
https://pdfs.semanticscholar.org/e93a/e6bb1a824045db6f2d8a875b2d0cd39c7374.pdf

California Data Exchange Framework. (2025). California Data Exchange Framework Status Report. California Health and Human Services Agency.
https://dxf.chhs.ca.gov

Cobalt.io. (2025). Healthcare data breach statistics: 2025 roundup.
https://www.cobalt.io/blog/healthcare-data-breach-statistics

European Data Protection Board. (2025). General Data Protection Regulation Enforcement Report.
https://www.edpb.europa.eu/our-work-tools/our-documents/annual-report/edpb-annual-report-2024_en

Health Insurance Portability and Accountability Act Journal. (2025). August 2025 Healthcare Data Breach Report.
https://www.hipaajournal.com/august-2025-healthcare-data-breach-report/

Health Level Seven International. (2024). Fast Healthcare Interoperability Resources Pilot Outcomes.
https://www.astho.org/topic/report/accelerating-data-exchange-in-public-health/

Holmgren, A. J. (2024). Physician Electronic Health Record time and burnout: A national study. Annals of Internal Medicine
https://pubmed.ncbi.nlm.nih.gov/39496090/

Insight Ace Analytic. (2025). Patient-Generated Health Data Market Growth Opportunities.
https://www.insightaceanalytic.com/report/patient-generated-health-data-market-/2319

International Business Machines Cost of a Data Breach Report. (2025). International Business Machines.
https://www.ibm.com/reports/data-breach

Journal of General Internal Medicine. (2024). Journal of General Internal Medicine Special Issue on Electronic Health Record Burden. Springer Nature.
https://doi.org/10.1007/s11606-024-08930-4

Kim, J. (2023). Data brokers and the sale of Americans' mental health data. Duke University Sanford School of Public Policy. 
https://techpolicy.sanford.duke.edu/wp-content/uploads/2023/02/Kim-2023-Data-Brokers-and-the-Sale-of-Americans-Mental-Health-Data.pdf

Market.us. (2025). Healthcare Data Monetization Market Trend Analysis. 
https://media.market.us/healthcare-data-monetization-market-news/

Markets and Markets. (2025). Healthcare Data Monetization Market Growth, Drivers, and Opportunities.
https://www.marketsandmarkets.com/Market-Reports/healthcare-data-monetization-market-56622234.html

Massachusetts Institute of Technology. (2024). Debiasing Artificial Intelligence Techniques in Healthcare.
https://www.oxjournal.org/the-impact-of-bias-in-ai-driven-healthcare/

National Institute of Standards and Technology. (2023/2024). Artificial Intelligence Risk Management Framework (Artificial Intelligence Risk Management Framework 1.0).
https://www.nist.gov/publications/artificial-intelligence-risk-management-framework-ai-rmf-10

Newman-Toker, D. E., Nassery, N., Schaffer, A. C., Yu-Moe, C. W., Clemens, G. D., Wang, Z., Zhu, Y., Saber Tehrani, A. S., Fanai, M., Hassoon, A., & Siegal, D. (2023). Burden of serious harms from diagnostic error in the United States of America. BMJ Quality & Safety33(2), 109–120.
https://doi.org/10.1136/bmjqs-2021-014130

Obermiller, J. (2025). Ambient Artificial Intelligence and Electronic Health Record documentation time: A multi-site analysis. Health Affairs.
https://journal.ahima.org/page/as-interest-in-ambient-ai-grows-hi-professionals-focus-on-clinical-documentation

Peterson-Kaiser Family Foundation Health System Tracker. (2024). The burden of medical debt in the United States.
https://www.healthsystemtracker.org/brief/the-burden-of-medical-debt-in-the-united-states/

Peterson-Kaiser Family Foundation Health System Tracker. (2025). How has the quality of the United States healthcare system changed over time
https://www.healthsystemtracker.org/chart-collection/how-has-the-quality-of-the-u-s-healthcare-system-changed-over-time/

Recognized Coordinating Entity. (2025). Trusted Exchange Framework and Common Agreement Participation and Adoption Metrics: National Summary. Office of the National Coordinator for Health Information Technology.
https://rce.sequoiaproject.org/tefca/

Rodziewicz, T. L., Houseman, B., & Hipskind, J. E. (2024). Medical error reduction and prevention. In Stat Pearls. Stat Pearls Publishing.
https://www.ncbi.nlm.nih.gov/books/NBK499956/

Rosenstrauch, D., & Gupta, A. (2023). Health data management: Systems and methods for self-governance and monetization of health data (United States Patent Application 20250125025A1). Patents.
https://patents.google.com/patent/US20250125025A1/en

Secure frame. (2025). 110+ of the latest data breach statistics to know for 2026 & beyond. https://secureframe.com/blog/data-breach-statistics

Sharma, D., & Kaur, H. (2024). Need for cybersecurity prioritization in healthcare organizations. International Journal of Research Publication and Reviews, 6(1). https://ijrpr.com/uploads/V6ISSUE1/IJRPR37782.pdf

Shortform. (2021). Selling your healthcare data: Who buys it & why. https://www.shortform.com/blog/healthcare-data

United States Food and Drug Administration. (2024/2025). Predetermined Change Control Plans for Artificial Intelligence-enabled Medical Devices: Guidance for Industry and Food and Drug Administration Staff. https://www.fda.gov/media/185050/download?attachment

World Health Organization. (2025). Guidance on ethics and governance of large multi-modal models in health. https://www.who.int/publications/i/item/9789240084759

Authors include:

Doreen Rosenstrauch, MD, PhD, RN, MPA-HCA, FAHA, FACHE, Founder, DrDoRo®Institute, and Founder, HÄLSA™ Health Data Agency, United States
https://www.linkedin.com/in/drdoro

Leah Houston, MD, Founder and CEO, Evercred, U.S.
https://www.linkedin.com/in/leahhoustonmd

Jake Lemeshko, Junior Associate, DrDoRo®Institute, and student, University of Houston, U.S.
https://www.linkedin.com/in/jake-lemeshko-aa9661398

Alan S. Young, MD, MBA, Co-Founder, Everyoung Group, Physician Consultant, ProNexuas Advisory, Chief Medical Officer, PeriOptima.ai, U.S.
https://www.linkedin.com/in/everyounghealthmd

Felix J. Bradbury, RN, ScD, FACHE, Founder and Chief Analytics Officer, Trinity Analytics Group, U.S.
https://www.linkedin.com/in/felixbradbury

Duke Otto Rosenstrauch-Ortiz, Junior Associate, DrDoRo®Institute, and student, TWHS, U.S.
https://www.linkedin.com/in/duke-otto-ro

Mikel Chamblee, PHD, MBA, CISA, Founder and CEO, NetShield IT, U.S.
https://www.linkedin.com/in/mikelchamblee/

Dr. Uli K. Chettipally, MD, MPH, Founder and President, Sirica Therapeutics, and Founder, InnovatorMD, U.S.
https://www.linkedin.com/in/ulichettipally/

Dr. Doreen RosenstrauchDoreen Rosenstrauch, Leah Houston, Jake Lemeshko, Alan S. Young, Felix J. Bradbury, Duke Otto Rosenstrauch-Ortiz, Mikel Chamblee, Uli K. ChettipallyArtificial Intelligence, Health Data Sovereignty, Self-Sovereign Data, Data Monetization, Ethical Healthcare