Monday, January 21, 2008

Respecting patient privacy preferences

One of the greatest challenges for healthcare information exchanges is to ensure continuity of care for patients while also respecting patient privacy preferences. In Massachusetts, our model has been Opt-In which means we will not exchange patient information among healthcare organizations unless a patient specifically consents us to do so. The educational materials from the Massachusetts eHealth Collaborative for this Opt-In consent are found here.

A patient signs a consent at each institution and then the data from that institution is shared on a need to know basis with clincians directly caring for the patient. The data is never sold or data mined.

Over time, the types of consent that we'll be asked to support will be much more granular. You can imagine patient preferences such as

If I'm unconscious in an emergency room, share everything including mental health, substance abuse and HIV status data.

If I'm visiting a Minuteclinic do not include my mental health and substance abuse history.

If I'm sharing my data for a population-based research study, do not include my HIV status.

Ideally, each patient would be able to declare their preferences for sharing data and have these preferences universally accessible to all healthcare information exchanges or institutions which need consents. To solve this problem, I recently proposed a technology called the Consent Assertion Markup Language (CAML) which is described in detail here.

The basic idea is that a Consent Wizard could be created on the web to record and transmit all patient privacy preferences. Such an electronic consent document could be stored on the patient's personal health record, at their insurer, or at a third party secure website.

The alternative to CAML is making the patient the steward of their own data. Some patients would welcome the opportunity to manage their own records by gathering source data from clinics, hospitals, labs and pharmacies then applying their privacy preferences and sharing the resulting data with caregivers as needed. The next generation of Personal Health Records such as Microsoft Health Vault and Google's rumored healthcare offerings are likely to support this kind of data exchange.

In the meantime, Massachusetts is working on a consent wizard prototype as part of the Mass Health Data Consortium's participation in the HISPC project. We'll experiment with CAML and report back how well it works.

1 comment:

Benjamin Wright said...

John: I have published some analysis that is consistent with your "Consent Wizard" idea. What do you think of patient-record "terms of use" to help patients protect the privacy of their health records? http://hack-igations.blogspot.com/2008/02/contracts-for-patient-privacy.html