In or out? HIE patient consent 101
By Glenn Keet, June 2012
How to populate a successful HIE with the right data, while simultaneously maintaining patient privacy and ensuring patient comfort.
As healthcare organizations continue to implement health information exchanges (HIEs), task forces are challenged with determining how to best attain the keystone of the operation: patient consent. For an HIE to be successful, patient data is critical, but it’s not as simple as just collecting it. Here are some things that healthcare organizations should keep in mind in order to populate a successful HIE with the right data, while simultaneously maintaining patient privacy and ensuring patients’ comfort:
Know the options. HIE access can be controlled, so make a decision and stick with it.
- No consent: All patient health information is available, and patients are unable to opt out.
- Opt out: Patient health information is available unless a patient explicitly chooses to opt out.
- Opt out with exceptions: Similar to opt out, but the patient can selectively exclude certain categories of data, certain providers or the use of his/her data for specific purposes.
- Opt in: Patient health information is available to clinicians if and only if the patient has specifically opted to make it so.
- Opt in with restrictions: Similar to opt in, but the patient is able to refine his/her consent in one or more ways: by provider, data type, intended use of information, date, etc.
- Hybrid: This model blends capabilities from two or more of the models above. For example, the organization may choose the opt-out model for “consent to access” and the opt-in model for “consent to disclose.”
Understand local laws. Federal and state laws guide how patient information must be treated, and since some laws can seem to conflict or be open to interpretation, it is important for HIE implementors to work within the regulations of each state they operate in.
Research the exceptions. Sensitive health information – such as substance abuse and mental health treatment, HIV/AIDS status and abortion services – may fall under separate confidentiality regulations that impact how and by whom it can be accessed. Health information for minors can also be more strictly regulated. Addressing these special cases with the consent model prevents tricky privacy disputes down the line.
Consider emergencies. Because emergency situations can and will arise with patients who have opted out or not opted in, organizations must determine under what circumstances, if any, healthcare personnel can “break the glass” to obtain the patient’s health information in an emergency.
Talk to other HIE implementors. Other HIEs have been there before. Other providers have gone through the patient consent model selection process and know what has worked and what hasn’t. Using others as a resource can help providers refine their selection and reap the maximum benefits.
Don’t forget the patients. Access to data is important for deriving the benefits of HIEs, but no one should forget whose data it is. Patients need to be educated on an HIE and what it all means to them. Whether the HIE communicates with patients directly or through providers, patients need to feel confident that their privacy is ensured if the HIE is to be successful.
About the author
Glenn Keet is SVP, business development, OptumInsight. For more on OptumInsight, click here.