OHDAPA

The Problem: Hospital systems are regularly paying ransom to access legacy patient data 

• Hospitals are legally required to retain patient data for 7+ years

• Often this data is stored in applications and databases that have been replaced by newer technology

• Companies with the outdated technology encrypt the data and charge ongoing and unregulated “access fees” for data stored in them

• The access fees total millions of dollars spent annually

The Impact: Hospitals are trapped in an expensive loop, spending millions of dollars every year just to keep old data alive instead of investing those dollars on the future 

The Solution: A law that…

• Prohibits excessive legacy data access fees

• Requires reasonable data portability standards for legacy data 

• Defines data ransom pricing as a form of “information blocking”, tying it to federal initiatives

• Paves the way for a more integrated and unblocked healthcare data ecosystem

`Why Now?

• Federal focus is shifting toward enforcement of information blocking and promotion of interoperability

• Paying ransom for old patient data has become routine. Hospitals are paying for something they already own.

FAQ

How did this problem of “data ransom” start?

In the 1990s, a lot of start-up companies began selling electronic health record (EHR) systems to hospitals for storing patient data. When better technology came along, most of these companies locked the old data behind encryption and started charging hospitals to access it. Today, laws require hospitals to keep these records—but there’s no law to ensure affordable access. This allows vendors to make millions from outdated software simply by holding hospitals’ own data hostage.

What’s the big deal? Can’t hospitals just save the data to a hard drive?

Not exactly. Converting all historical data during an EHR switch is stunningly complex and expensive. Most health systems only migrate the most critical data and keep the old systems online for legal compliance and occasional clinician lookups. That means they’re still paying the old vendor for data storage for data in which >99.9999% will never again be touched.

How does this impact me?

Until the legacy system problem is solved, no major healthcare technology (AI, precision medicine, advanced diagnostics) can fully flourish. Outdated, siloed systems keep critical patient data locked away, scattered across hundreds of incompatible applications, and often inaccessible when it’s needed most. This fragmentation slows innovation, drives up costs, increases errors, and leaves patients and providers working with an incomplete picture of care. Fixing legacy systems is the foundation for every other meaningful healthcare advancement.