The following appeared last week.
Monday, November 19, 2012
Patient Consent for Information Exchange Comes Into Focus
by Ken Terry, iHealthBeat Contributing Reporter
Federal and state laws require that patients give permission or be allowed to withhold consent for health information exchanges to use their individually identifiable health information (IIHI) for purposes other than direct patient care. Consequently, as health care providers start to adopt new care delivery models that necessitate clinical data exchange, patient consent is becoming a hot issue.
Despite the existing regulations -- or because of them, in some cases -- patient consent involves legal, technical and practical issues that are far from being resolved. Which circumstances require patient consent, which parties can be allowed to access particular information and whether patients must opt in to health information exchange or should be allowed to opt out are all open questions.
One reason for the lack of clarity is varying state requirements. According to the Office of the National Coordinator for Health IT, for example, slightly more than half of states are planning to deploy an opt-out model in their statewide HIEs. The rest are using or plan to use various kinds of opt-in approaches.
While the federal HIPAA law allows treating providers to exchange patient information directly without a patient's consent, some states place restrictions on those direct exchanges, according to Micky Tripathi, CEO of the Massachusetts eHealth Collaborative. There also are differences among states in whether they require prior consent for the aggregation of data by an HIE, he pointed out.
But moves are afoot to introduce some national uniformity in this area. Last March, ONC issued a program information notice to its state HIE grantees that includes guidance on patient consent. The key concept in this guidance is "meaningful choice," described as follows:
"Where HIE entities store, assemble or aggregate IIHI beyond what is required for an initial directed transaction, HIE entities should ensure individuals have meaningful choice regarding whether their IIHI may be exchanged through the HIE entity. This type of exchange will likely occur in a query/response model or where information is aggregated for analytics or reporting purposes."
ONC and the Health IT Policy Committee, a federal advisory body, say that states can use opt-in or opt-out models as long as they offer patients meaningful choice, which requires advance notice, "full transparency and education" and revocability, among other things. Simply providing a "boilerplate form" in a physician's office or directing patients to read material posted on a website is not enough, Kathryn Marchesini, senior analyst and adviser to ONC's chief privacy officer, said.
"We're focusing on engaging the patient in an interactive manner so they understand the options that they have," she said.
Lots more here:
Here are some useful links from the article.
MORE ON THE WEB
- "Meaningful Choice: Patient-Centered Decision Making in Electronic Health Information Exchange" (Marchesini, "Health IT Buzz," ONC, 10/3).
- ONC guidance on state HIEs
- Massachusetts eHealth Collaborative
The article provides a really useful summary of the consent issues that can be faced - including by the NEHRS / PCEHR which is (after all) at core just a Health Information Exchange on a rather grand level.
It is interesting that among the US States about ½ have gone for an opt-out approach and the other half an opt-in.
The full article is well worth a read for all the wrinkles experienced.
David.