ONC: More guiding principles needed for adopting HIE consent models
It is critical that appropriate guidance--in the form of higher-level principles or recommendations--are used in selecting and applying a particular consent model for electronic health information exchange (HIE), according to a whitepaper developed by George Washington University under contract with the Office of the National Coordinator for Health IT (ONC).
“At present, the evidence from emerging electronic exchanges is insufficient to determine the consequences associated with policy decisions that allow for greater or lesser levels of patient choice with regard to the electronic exchange of their data,” wrote Melissa M. Goldstein, JD, associate research professor at the Department of Health Policy in the School of Public Health and Health Services at George Washington University in Washington D.C., and Alison L. Rein, MS, director of Washington, D.C.-based AcademyHealth.
According to the authors, the document is meant to represent a starting point for discussion related to consent. “It is imperative that future deliberations are informed by further research regarding the effectiveness and impact of various consent options, consideration of the broader policy landscape and assessment of the needs of those most affected by the consent decision,” Goldstein and Rein wrote.
There are five core consent models for electronic exchange, according to the authors:
“States and other entities engaged in facilitating the exchange of electronic health information are struggling with a host of challenges, chief among them the establishment of policies and procedures for patient participation in their exchange efforts,” noted the authors. “While some have adopted policies enabling patients to exercise individual choice, others have prioritized the needs and concerns of other key stakeholders, such as providers and payors.”
According to the authors, to enhance patient participation, numerous electronic exchanges have employed tactics such as:
In addition, the authors noted that electronic exchanges have employed the following methods of ensuring adequate provider participation:
Other issues of significance were cited in regard to progress (or lack thereof) toward the proliferation of electronic exchange:
“Until the time when we are confident that we can protect health information in a systematic and thorough way, prudent use of the mechanism of consent appears to be one of the most reliable ways to pursue that goal,” the authors concluded.
The full report can found on ONC's health IT web portal.
“At present, the evidence from emerging electronic exchanges is insufficient to determine the consequences associated with policy decisions that allow for greater or lesser levels of patient choice with regard to the electronic exchange of their data,” wrote Melissa M. Goldstein, JD, associate research professor at the Department of Health Policy in the School of Public Health and Health Services at George Washington University in Washington D.C., and Alison L. Rein, MS, director of Washington, D.C.-based AcademyHealth.
According to the authors, the document is meant to represent a starting point for discussion related to consent. “It is imperative that future deliberations are informed by further research regarding the effectiveness and impact of various consent options, consideration of the broader policy landscape and assessment of the needs of those most affected by the consent decision,” Goldstein and Rein wrote.
There are five core consent models for electronic exchange, according to the authors:
- No consent: Health information of patients is automatically included, patients cannot opt out;
- Opt-out: Health information of patients is included automatically, but the patient can opt out completely;
- Opt-out with exceptions: Health information of patients is included, but the patient can opt out completely or allow only select data to be included;
- Opt-in: No patient health information is included; patients must actively express consent to be included, but if they do so then their information must be all in or all out; and
- Opt-in with restrictions: No patient health information is made available, but the patient may allow a subset of select data to be included.
“States and other entities engaged in facilitating the exchange of electronic health information are struggling with a host of challenges, chief among them the establishment of policies and procedures for patient participation in their exchange efforts,” noted the authors. “While some have adopted policies enabling patients to exercise individual choice, others have prioritized the needs and concerns of other key stakeholders, such as providers and payors.”
According to the authors, to enhance patient participation, numerous electronic exchanges have employed tactics such as:
- Active engagement of patients in the development of the exchange entity;
- Marketing of exchange efforts through effective channels;
- Initial and ongoing education (largely from providers) about the effort; and
- Adoption of an opt-out or no-consent model, along with tight restrictions on data access and/or use, including stringent penalties for misuse.
In addition, the authors noted that electronic exchanges have employed the following methods of ensuring adequate provider participation:
- Minimization of administrative burdens, sometimes coupled with financial or other incentives;
- Maximization of value (i.e., access to as much useful information as possible, as often as needed); and
- Provision of key infrastructure and service components (for example, a record locator service or consent management tool).
Other issues of significance were cited in regard to progress (or lack thereof) toward the proliferation of electronic exchange:
- Numerous and sometimes inconsistent federal and state laws regarding patient consent generally, and disclosure of sensitive information specifically;
- Provider workflow challenges associated with obtaining and managing consent;
- The lack of (or difficulty in achieving) technical and procedural capacity to segment and manage data in the manners desired by various constituents;
- The concern that existing security and privacy provisions are inadequate; and
- The need to balance multiple and often conflicting stakeholder interests to ensure adequate participation.
“Until the time when we are confident that we can protect health information in a systematic and thorough way, prudent use of the mechanism of consent appears to be one of the most reliable ways to pursue that goal,” the authors concluded.
The full report can found on ONC's health IT web portal.