One of the thornier issues regarding the establishment of public Health Information Exchanges (HIEs) is how to manage consumer consent of personal health information (PHI) sharing. Today, there is no single standard approach across the US. Some states have an opt-in process, others an opt-out. Granularity of data shared, use cases for data sharing, etc. also vary widely from state to state. These are just some of the findings of an extensive report (92 pgs) that was published this week by HHS’s Office of the National Coordinator (ONC), the ones responsible for funding the multitude of state-led HIEs under ARRA as well as the National Health Information Network (NHIN).
The report looks at the consumer consent policies (and challenges to implement) in eight states as well as three countries based on interviews and an extensive amount of secondary research. While a tad long, there is some good information tucked inside the report if one spends the time to dig it out. A good place to start is the Appendix that provides an overview of the consumer consent policies in the various states (HIEs) profiled.
Do not be too surprised if findings and conclusions of this report end up directing future policy, particularly as it pertains to the NHIN as it struggles to define an overarching common data use agreement and self governance model for the sharing of PHI.
[scribd id=28993279 key=key-sqsixdiume14tgcqg40 mode=list]
“There is no need to choose between the benefits of technology and our rights to health privacy. Technologies already exist that enable each person to choose what information he is willing to share and what must remain private. Consent must be built into electronic systems up front so we can each choose the levels of privacy and sharing we prefer.”
It would be interesting to find the points of intersection between this research project (I think it was actually done by people at George Washington University for ONC) and the recent Wall Street Journal opinion article – Your Medical Records Aren’t Secure http://online.wsj.com/article/SB10001424052748703580904575132111888664060.html
Electronic record systems that don’t put patients in control of data or have inadequate security create huge opportunities for the theft, misuse and sale of personal health information. The public is aware of these problems. A 2009 poll conducted for National Public Radio, the Kaiser Family Foundation and the Harvard School of Public Health asked if people were confident their medical records would remain confidential if they were stored electronically and could be shared online. Fifty nine percent responded they were not confident.
The privacy of an electronic health record cannot be restored once the contents are sold or otherwise disclosed. Every person and family is only one expensive diagnosis, one prescription, or one lab test away from generations of discrimination.
The solution is to insist upon technologies that protect a patient’s right to consent to share any personal data. A step in this direction is to demand that no federal stimulus dollars be used to develop electronic systems that do not have these technologies.
Some argue that consent and privacy controls are impractical or prohibitively costly. But consent is ubiquitous in health care. Ask any physician if she would operate on a patient without informed consent.
Thanks for sharing.
I was asked to create a PDF form;
“Authorization for the use of Disclosure of Protected Health Information”
The requirements were that;
The PDF file could be filled out and submitted online
The PDF File could be saved and filled out and submitted later
The PDF file could be printed and filled out by hand
http://www.myhealthcarestuff.com/files/Patient_Info_Authorization_aer_distributed.pdf
So, we might see something like this when normal mortals (patients) asking for copies of their health data and want digital (MU item 17)
interesting issues were
if I encrypt, the PDF file is not searchable
if i do not encrypt, the PDF file is not very HIPAA compliant (encrypt end to end)
Digital signatures require certificate exchange for validation
“Wet” signatures (digital) – like fingerprints – need a database and system to compare (for true validation)
PDF Forms on an iPhone are a lot of work to navigate and fill out.
Conclusion was everyone loves a pen and paper, the learning curve is pretty small.
I think files that what we will see for “digital file exchange” will be PDF files of scanned documents for a while.