tag:blogger.com,1999:blog-4384692836709903146.post567717440402797236..comments2024-03-27T09:55:23.143-07:00Comments on Dispatch from the Digital Health Frontier: HIE Consent PolicyJohn Halamkahttp://www.blogger.com/profile/04550236129132159307noreply@blogger.comBlogger7125tag:blogger.com,1999:blog-4384692836709903146.post-17182180310396059792012-03-01T06:39:39.318-08:002012-03-01T06:39:39.318-08:00I agree with the opt-in model for many reasons, es...I agree with the opt-in model for many reasons, especially for safety and privacy rights.<br /><br />My questions are: <br /><br />1. How does the consumer opt-in (What is the process)? <br /><br />2. Must all hospitals and providers require consumer consent? <br /><br />3. Are all providers in Massachusetts committed to this process? I recently had my mammogram done and I do not remember being educated about an opt-in consent.<br /><br />Thank you,<br />Vanessa SarmientoVanessa Sarmientonoreply@blogger.comtag:blogger.com,1999:blog-4384692836709903146.post-89913648691566895142012-02-25T06:35:21.705-08:002012-02-25T06:35:21.705-08:00We have created an open source patient consent pol...We have created an open source patient consent policy management tool in the cloud that is available for your use now.<br /><br />Essentially it allows the patient to designate who they want to share data with (e.g., by name, institution, referral relationship to PCP, etc.) and what data they wish to share (e.g. allergies) and for what purposes (treatment, research, etc.). <br /><br />When a request for data is received, there is a policy reasoner that examines the request and presents the record holder with the relevant patient policies for that request (e.g., "The request is from an allowed physician but only allergy data is allowed to be communicated". <br /><br />Clearly this is just the beginning of national-scale consent management tool development, but it is a reasonable platform for initial capabilities and can be scaled for your own institutional use if you like. <br /><br />Full details here: http://sourceforge.net/projects/kaironconsents/<br /><br />Jean Stanford<br />MITRE<br />jstanford@mitre.orgJean Stanfordnoreply@blogger.comtag:blogger.com,1999:blog-4384692836709903146.post-42004076202354397782012-02-21T11:36:11.266-08:002012-02-21T11:36:11.266-08:00We're doing some qualitative research under th...We're doing some qualitative research under the HHS SHARPS grant with HIV and privacy perceptions as EMRs go from paper to electronic. I'd love to see a pointer to the current and proposed MA law that requires frequent opt-in consent.joebeonehttps://www.blogger.com/profile/11435127775692776239noreply@blogger.comtag:blogger.com,1999:blog-4384692836709903146.post-55231531256812261602012-02-21T10:27:44.623-08:002012-02-21T10:27:44.623-08:00Thanks. So I understand you are talking about (a)....Thanks. So I understand you are talking about (a). <br /><br />Yes, this is the most easy to enforce. It needs only be enforced by data holders. Thus there is no need to even communicate the consent to the data requester. The data requester either gets data, because there is a consent on file; or they don't. Not needing to communicate the consent or the rules of the consent greatly simplify.<br /><br />This is the model used in the NwHIN-Exchange today. <br /><br />The data requester should then use their own rules for governing the data once they get their hands on it. <br /><br />Typically it is best to have an overall governance policy that prohibits re-disclosure in original form. Meaning that you don't republish the original document that you didn't originally author; but are allowed to author new documents that might contain and reference the original document.John Moehrkehttps://www.blogger.com/profile/04526719420117446030noreply@blogger.comtag:blogger.com,1999:blog-4384692836709903146.post-5171648103876848372012-02-21T08:35:49.697-08:002012-02-21T08:35:49.697-08:00Does Opt-IN include Behavioral Health & substa...Does Opt-IN include Behavioral Health & substance abuse/addiction data?Anne Kellyhttps://www.blogger.com/profile/13918985657342860578noreply@blogger.comtag:blogger.com,1999:blog-4384692836709903146.post-40196443780241402382012-02-21T07:55:35.193-08:002012-02-21T07:55:35.193-08:00To clarify what I mean by "Opt in consent to ...To clarify what I mean by "Opt in consent to disclose at each institution" - the patient opts in to disclose data at the institution where the data was generated. The requestor does not obtain consent to view, it just accepts the consent to disclose from the institution that is sending the data.John Halamkahttps://www.blogger.com/profile/04550236129132159307noreply@blogger.comtag:blogger.com,1999:blog-4384692836709903146.post-78009583552001307772012-02-21T05:42:48.663-08:002012-02-21T05:42:48.663-08:00John,
I agree that Opt-IN is a reasonable approac...John,<br /><br />I agree that Opt-IN is a reasonable approach and one that would leave the patient the least surprised. What I am not clear on is exactly what you mean by 'Opt in consent to disclose at each institution'.<br /><br />Is this:<br />a) at the custodian institution. That is they get a Opt-IN to share with anyone that asks. Classic where the paperwork is captured at the publishing organization on their own paper.<br />b) at each requesting institution. That is each institution that wants access gets an Opt-IN to request data. So the paperwork is done at the requesting organization on the requesting organization paper.<br />c) the Opt-IN authorizes one requesting institution as recorded at the custodian institution. (Key-HIE does this) The paperwork is done at the requesting organization on the custodian's paper.<br />d) other<br /><br />I ask because each of these is doable, but some are far more easy than others. In the (a) case there is no need to communicate consent information at all, where as (c) requires multiple rounds of communication and a whole new legal landscape.John Moehrkehttps://www.blogger.com/profile/04526719420117446030noreply@blogger.com