Wednesday, March 31, 2010

The ONC Whitepaper on Consent

Last week was a busy one for healthcare IT. In addition to the DEA Interim Final Rule on e-prescribing of controlled substances, the launch of NHIN Direct, and the introduction of new ONC interoperability framework processes, HHS released the Whitepaper on Consent.

The entire document and its 3 appendixes are worth reading. The Executive summary contains a great classification of consent models found throughout the world:

No consent
Health information of patients is automatically included—patients cannot opt out

Default is for health information of patients to be included automatically, but the patient can opt out completely

Opt-out with exceptions
Default is for health information of patients to be included, but the patient can opt out completely or allow only select data to be included

Default is that no patient health information is included; patients must actively express consent to be included, but if they do so then their information must be all in or all out

Opt-in with restrictions
Default is that no patient health information is made available, but the patient may allow a subset of select data to be included.

Appendix A is a very helpful list of State-Led Examples of Exchange in the U.S

For more details about the Massachusetts efforts to date, including the educational materials we used, see my blog about patient privacy preferences.

Appendix B is an overview of Selected State Laws which can be empowering as we implement consent models.

Appendix C contains examples of Exchange in Other Developed Countries.

I've worked closely with the county council in Jonkoping, Sweden which has a very high percentage of EHR and hospital information system adoption

The consent whitepaper was timed perfectly to align with the HIT Standards Committee review of existing standards for storing and transmitting consent preferences.

Well done!


Anonymous said...

I've read the White Paper as well, and agree that the paper is extremely well done. particularly in its discussion of competing interests relating to individual control over disclosure of IIHI, as well as its review of practical issues relating to "granular" controls over disclosure of IIHI, based on purpose, recipient, time, nature of record, and limits on re-disclosure. Kudos to Melissa Goldstein!

I'm a lawyer who is working with a behavioral health software vendor to try to figure out how its EHR should handle disclosures/re-disclosures of confidential information. This is particularly complicated in management of sensitive information. (For example, if a non-SA provider receives a record from a substance abuse program, can it use the SA record to populate fields in the receiver's EHR program (such as medications)? If so, is re-disclosure of the information in those fields subject to 42 CFR Part 2? What if the information is "incidental" to SA treatment, but doesn't specifically identify the consumer as a patient at a SA program?)

Problems such as these, and conflicts among state and federal privacy laws make it very difficult to safely establish privacy policies to inform a computerized approach to consent directive management.

I hope that ONC and the HIT Standards Committee will offer recommendations to other federal agencies and Congress about ways to handle these issues.

Dirk Stanley, MD, MPH said...

Great summary! Thanks for putting that one together!

Was just discussing this with a bunch of ED docs today who felt "Opt-In" is a BAD idea. Seems to have different opinions depending on which clinical tribe you ask. I think we need both national guidance and patient empowerment/awareness. (Perhaps a good goal for the team!) :)

Again, thanks for the summary!