TRENDING:

Survey: HIE Patient Consent Evolving

More Networks Offering More Granular Consent Howard Anderson (ismg_editor) • July 14, 2011    
Survey: HIE Patient Consent Evolving
More organizations that run health information exchanges are offering patients the opportunity to provide more specific levels of consent for the exchange of their records, a new survey by the advocacy group eHealth Initiative shows.

Rather than simply asking patients to indicate approval for exchange of all information in all circumstances, some HIEs are offering more granular consent. For example, 56 percent of the 196 HIE operators surveyed said they offer patients the opportunity to decide which providers can have access to their data, up from 43 percent last year. Of those that offer this level of consent, 64 percent provide it using the opt-out model, while 36 percent use the opt-in model.

In the opt-out model, patients' data is automatically available for exchange unless individuals choose to withdraw their permission. In the opt-in model, patients must give formal consent before their records are shared via a network.

Twenty-five percent of the HIE operators said they offer patients the opportunity to consent to the exchange of specific data fields or data elements, up from seven percent in 2010. Of these, the vast majority - 82 percent - use the opt-out model.

Opt-Out Still Common

In general, a majority of HIEs continue to rely heavily on the opt-out model for all types of patient consent, says Jennifer Covich Bordenick, CEO of eHealth Initiative. And in most cases, HIEs rely on participating provider organizations to obtain patient consent, the survey shows.

The eHealth Initiative estimates there are 255 health information exchanges in the United States, up about 9 percent from last year. These include federally funded statewide initiatives, community networks serving a broad range of participants as well as HIEs that only serve members of a particular organization, such as an integrated delivery system.

The survey finds that 85 HIEs are fully operational, transmitting data that's used by stakeholders, such as hospitals and physicians. That's up from 73 in 2010. The remainder are in earlier stages of development, although many already have adopted patient consent policies, as described in the survey.

Privacy a Top Concern

For the eighth year in a row, the eHealth Initiative's HIE survey finds that "addressing privacy and security issues," including HIPAA, was among the top five concerns of HIE developers.

"If patients are to be engaged in their care, they have to trust that their information can be securely exchanged," the survey report states. A key way to build trust, according to the report, is by offering patients the ability to use consent models that give them much more control over what information can be shared, and with whom.

"We find again and again that privacy is a key issue for patients," Covich Bordenick says. "The more that HIEs can show that they are taking this seriously, the more successful they are going to be."

Federal Guidelines

Federal guidelines for patient consent for health information exchange are still in the works. The Health IT Policy Committee last year approved "meaningful consent" recommendations from the Privacy and Security Tiger Team, which stop short of advocating an opt-in or opt-out approach (see: Patient Consent Guidelines Endorsed). The recommendations, for example, call for providing a clear explanation of consent choices and their consequences and enabling patients to revoke consent at any time.

These meaningful consent provisions are likely to be included in a pending Nationwide Health Information Network governance rule, which could come out later this year. NwHIN is not an actual network, but what amounts to a "brand" that signifies participants "comply with a set of policies, standards and services that enable the Internet to be used for secure and meaningful exchange of health information," according to the official government definition. The idea behind NwHIN is to pave the way for the exchange of electronic health records and other information coast-to-coast by linking various health information exchanges and other networks that all adhere to the same standards.

Components of the NwHIN governance rule, such as patient consent guidelines, also could potentially wind up as requirements for future stages of the HITECH Act electronic health record incentive program.

Studying Patient Consent

Meanwhile, the Office of the National Coordinator for Health Information Technology plans to hire a contractor to study the patient consent issue and explore options for obtaining consent (see: Contractor to Study Patient Consent ).

The contractor to be hired will spend up to two years working on such issues as educating individuals about their right to consent to information exchange. The contractor also will explore options for electronically obtaining and recording patient consent. The eHealth Initiatives survey found that only 56 HIE initiatives have the ability to obtain consent electronically.

ONC also is studying the use of metadata to tag individual data elements within EHRs with additional information, such as patient consent for exchange(see: ONC Wants Feedback on MetaData Use). The President's Council of Advisors on Science and Technology has endorsed the use of mandatory metadata tags to describe specific data elements within EHRs to ease information exchange.

Previous
FFIEC: First Steps Toward Compliance
Next
Senate Allies Split Over Cybersecurity Jurisdiction

About the Author

Howard Anderson

Howard Anderson

Former News Editor, ISMG

Anderson was news editor of Information Security Media Group and founding editor of HealthcareInfoSecurity and DataBreachToday. He has more than 40 years of journalism experience, with a focus on healthcare information technology issues. Before launching HealthcareInfoSecurity, he served as founding editor of Health Data Management magazine, where he worked for 17 years, and he served in leadership roles at several other healthcare magazines and newspapers.



Around the Network

How 'Security by Default' Boosts Health Sector Cybersecurity
How 'Security by Default' Boosts Health Sector Cybersecurity
How the NIST CSF 2.0 Can Help Healthcare Sector Firms
How the NIST CSF 2.0 Can Help Healthcare Sector Firms
Is It Generative AI's Fault, or Do We Blame Human Beings?
Is It Generative AI's Fault, or Do We Blame Human Beings?
Safeguarding Critical OT and IoT Gear Used in Healthcare
Safeguarding Critical OT and IoT Gear Used in Healthcare
Protecting Medical Devices Against Future Cyberthreats
Protecting Medical Devices Against Future Cyberthreats
Properly Vetting AI Before It's Deployed in Healthcare
Properly Vetting AI Before It's Deployed in Healthcare
Identity Security and How to Reduce Risk During M&A
Identity Security and How to Reduce Risk During M&A
Medical Device Cyberthreat Modeling: Top Considerations
Medical Device Cyberthreat Modeling: Top Considerations
Evolving Threats Facing Robotic and Other Medical Gear
Evolving Threats Facing Robotic and Other Medical Gear
Transforming a Cyber Program in the Aftermath of an Attack
Transforming a Cyber Program in the Aftermath of an Attack

Continue »

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.com, you agree to our use of cookies.