Survey: HIE Patient Consent EvolvingMore Networks Offering More Granular Consent
Rather than simply asking patients to indicate approval for exchange of all information in all circumstances, some HIEs are offering more granular consent. For example, 56 percent of the 196 HIE operators surveyed said they offer patients the opportunity to decide which providers can have access to their data, up from 43 percent last year. Of those that offer this level of consent, 64 percent provide it using the opt-out model, while 36 percent use the opt-in model.
In the opt-out model, patients' data is automatically available for exchange unless individuals choose to withdraw their permission. In the opt-in model, patients must give formal consent before their records are shared via a network.
Twenty-five percent of the HIE operators said they offer patients the opportunity to consent to the exchange of specific data fields or data elements, up from seven percent in 2010. Of these, the vast majority - 82 percent - use the opt-out model.
Opt-Out Still CommonIn general, a majority of HIEs continue to rely heavily on the opt-out model for all types of patient consent, says Jennifer Covich Bordenick, CEO of eHealth Initiative. And in most cases, HIEs rely on participating provider organizations to obtain patient consent, the survey shows.
The eHealth Initiative estimates there are 255 health information exchanges in the United States, up about 9 percent from last year. These include federally funded statewide initiatives, community networks serving a broad range of participants as well as HIEs that only serve members of a particular organization, such as an integrated delivery system.
The survey finds that 85 HIEs are fully operational, transmitting data that's used by stakeholders, such as hospitals and physicians. That's up from 73 in 2010. The remainder are in earlier stages of development, although many already have adopted patient consent policies, as described in the survey.
Privacy a Top ConcernFor the eighth year in a row, the eHealth Initiative's HIE survey finds that "addressing privacy and security issues," including HIPAA, was among the top five concerns of HIE developers.
"If patients are to be engaged in their care, they have to trust that their information can be securely exchanged," the survey report states. A key way to build trust, according to the report, is by offering patients the ability to use consent models that give them much more control over what information can be shared, and with whom.
"We find again and again that privacy is a key issue for patients," Covich Bordenick says. "The more that HIEs can show that they are taking this seriously, the more successful they are going to be."
Federal GuidelinesFederal guidelines for patient consent for health information exchange are still in the works. The Health IT Policy Committee last year approved "meaningful consent" recommendations from the Privacy and Security Tiger Team, which stop short of advocating an opt-in or opt-out approach (see: Patient Consent Guidelines Endorsed). The recommendations, for example, call for providing a clear explanation of consent choices and their consequences and enabling patients to revoke consent at any time.
These meaningful consent provisions are likely to be included in a pending Nationwide Health Information Network governance rule, which could come out later this year. NwHIN is not an actual network, but what amounts to a "brand" that signifies participants "comply with a set of policies, standards and services that enable the Internet to be used for secure and meaningful exchange of health information," according to the official government definition. The idea behind NwHIN is to pave the way for the exchange of electronic health records and other information coast-to-coast by linking various health information exchanges and other networks that all adhere to the same standards.
Components of the NwHIN governance rule, such as patient consent guidelines, also could potentially wind up as requirements for future stages of the HITECH Act electronic health record incentive program.
Studying Patient ConsentMeanwhile, the Office of the National Coordinator for Health Information Technology plans to hire a contractor to study the patient consent issue and explore options for obtaining consent (see: Contractor to Study Patient Consent ).
The contractor to be hired will spend up to two years working on such issues as educating individuals about their right to consent to information exchange. The contractor also will explore options for electronically obtaining and recording patient consent. The eHealth Initiatives survey found that only 56 HIE initiatives have the ability to obtain consent electronically.
ONC also is studying the use of metadata to tag individual data elements within EHRs with additional information, such as patient consent for exchange(see: ONC Wants Feedback on MetaData Use). The President's Council of Advisors on Science and Technology has endorsed the use of mandatory metadata tags to describe specific data elements within EHRs to ease information exchange.