OHDAPA

Data ransom practices regularly lock hospitals out of their own patient records. A bill like this could fix that, save Ohio hospitals millions of dollars every year, and lay the groundwork for transformative healthcare reform across the state.

Draft Bill/Framework

FAQ

How did this problem of “data ransom” start?

In the 1990s, a lot of start-up companies began selling electronic health record (EHR) systems to hospitals for storing patient data. When better technology came along, most of these companies locked the old data behind encryption and started charging hospitals to access it. Today, laws require hospitals to keep these records—but there’s no law to ensure affordable access. This allows vendors to make millions from outdated software simply by holding hospitals’ own data hostage.

What’s the big deal? Can’t hospitals just save the data to a hard drive?

Not exactly. Converting all historical data during an EHR switch is stunningly complex and expensive. Most health systems only migrate the most critical data and keep the old systems online for legal compliance and occasional clinician lookups. That means they’re still paying the old vendor for data storage for data in which >99.9999% will never again be touched.

Why should I care?

Until the legacy system problem is solved, no major healthcare technology (AI, precision medicine, advanced diagnostics) can fully flourish. Outdated, siloed systems keep critical patient data locked away, scattered across hundreds of incompatible applications, and often inaccessible when it’s needed most. This fragmentation slows innovation, drives up costs, increases errors, and leaves patients and providers working with an incomplete picture of care. Fixing legacy systems is the foundation for every other meaningful healthcare advancement.