President-Elect Trump recently announced: “for every one new regulation, two old regulations must be eliminated.” Regulatory capture, the topic of a recent THCB post by Nortin Hadler, has enabled many regulations based on HITECH that restrict competition by allowing information blocking. Many other regulations around quality measures, documentation, decision support, contract transparency, and kickback safe harbors are now needed to counteract EHR vendor consolidation through regulatory capture.

One regulation designed to establish a patient-controlled interface (a patient-controlled API) to health records will enable competition for all aspects of the institutional EHR by decentralizing access to the patient information. The impact on health reform, ACA reform, and medical research would be immense.

“Give me the place to stand, and I shall move the earth.” If Archimedes were moving healthcare practices and politics then data would be his lever. The data to move healthcare is much more than a hospital’s EHR will ever be trusted with. It includes the social determinants of health, it includes employment and exposure, it includes your genome and family, it includes personal beliefs.

The data to move healthcare practices and politics does not split cleanly between research and clinical uses. Sync for Science is not enough to provide independent decision support at the point of care. Access to detailed personal data spanning the full range of human experience and aggregated over a lifetime is now technologically possible. Who can be trusted with this formidable power?

Nobody but ourselves. Regardless of how well-regulated and well-organized our healthcare and government institutions might be (need we review the cybersecurity track record of either hospitals or government?), the only one to be trusted with knowing everything about me is me.

The world is full of institutions and people that know something about me. Some, I know about. The vast majority are hidden data brokers. Surescripts, Acxiom, Lexis-Nexis, Optum, IMS, All Payer Claims Database, and Prescription Drug Monitoring Programs are all collecting and selling as much about me as they can. It’s their only business and I am the product. Even as the patient surveillance industry has boomed along with my out-of-pocket costs, transparency of health care quality or cost is as elusive as ever.

As Doc Searls recently commented: “Economically speaking, the American health care system is not built for patients, because patients aren’t the ones paying for it directly. Insurance companies are.” This well-known technology journalist speaks in favor patient-centered health records.

Technology now makes it possible for each of us to control more and better data than the hospitals and data brokers. That means each of us as patients would have more leverage to move health care and health insurance practices. Instead of buying our information from hospitals and data brokers, our providers, researchers, and regulators would be getting the information by asking us. By asking us.

Which leaves one major contingency: Who would pay to give us patients the ability to control our own health records? A less regulated, more market-driven health system is now technically possible but it requires investment and a sustainability plan. In the long run, patients facing many thousands of dollars in out-of-pocket expenses will see the wisdom of spending a few hundred to inform their spending. More immediately, and aligned with whatever policies a Trump administration brings to health and human services, we might see pharmaceutical companies, insurance companies, and public institutions – anyone that would benefit from better access to patient records in a value-based payment system – invest in patient-centered health records. It all starts with one well-designed regulation to replace information blocking with “Just ask me”.

Adrian Gropper is Chief Privacy Officer of the Privacy Rights Foundation.