Patient Consent in the Era of HIEs
The Office of the National Coordinator (ONC) for Health IT is trying to develop a more adequate method of documenting patient consent, when it comes to sharing and forwarding health information from one party to another, in the age of Health Information Exchanges (HIEs). The ONC just announced a $1.2 million award for the development of an “E-Consent Trial Project” that will try to address patient consent in the new era.
The questions that this Trial Project will attempt to answer are (1) what background information do patients desire and need when making decisions regarding electronically sharing their health information; (2) do patients understand the choices they make? How can we determine the level of their understanding; and (3) are there means of electronically facilitating, obtaining, and recording consent to assist health care providers who are engaged in this process?
The traditional method – point-to-point fax connection
Traditionally, when a patient gives consent to share information, it is for the patient’s physician to either send information to another physician, or to request information from some source (e.g. a hospital), for the purpose of clinical care. Typically, a signed consent form is sent (if the information is requested from somewhere else) via fax, and some or all of the chart is then faxed – all relevant data is sent, though local state law may require redaction of some information (like mental health chart notes, or HIV test results, or drug/alcohol treatment records) unless there is specific higher-level explicit consent for it.
In this traditional setting, where the information is sent via fax, a copy of the information is sent point-to-point (from one fax machine to another). The telecom company connecting the two fax machines may keep track of the transaction (for billing purposes), but does not keep any actual copy of the content of the fax sent.
The Direct Project uses this same premise – data is transferred in a secure and encrypted way from one point to another (communicators that are already known to each other), and no storage of that data is kept in any intermediary location.
The “library” approach to HIE
Some methods of health data exchange involve simple point-to-point data transmission, without storing that data by the connection intermediary, like described above. However, some newer technologies might be thought of as “library-style” health information exchange.
A “library style” approach involves a centralized data repository where data is uploaded from multiple subscribing sources – a doctor’s EHR, a hospital’s system, perhaps lab systems, etc. The resulting data store is independent of any given EHR, and contains data from multiple sources for a given patient. When any subscribing party then queries that data later, all the collected information from all sources can be retrieved. Yes, the data can be meta-tagged on upload, so that only those people with the proper role-based permissions can see it, and this tagging can be quite granular (allowing for redaction of certain protected elements, just like with fax-based traditional data sharing).
This is a powerful new approach to sharing health data. Some formal Health Information Exchanges have wanted to do this – by “formal” HIEs, we mean the “public utility” model of regional HIE designation, with ONC grants to get started, though there is considerable skepticism that such efforts will survive as going-forward businesses once the ONC grant money has run out. Other private companies (e.g. Health 2.0) start-ups) have also taken this approach, and may be a powerful force in the market in the upcoming years.
Impact on consent
The impact of “library-style” health information exchange raises new issues in patient consent. Now, when a patient gives a referring doctor permission to send clinical information to a consulting recipient doctor, that data transmission might not be the simple point-to-point connection of the past – the data may be uploaded and stored in a secure storage location, to be accessed by the consultant(s) at a later time. On the one hand, this is more clinically useful, and breaks down the fragmentation of healthcare data that has vexed health care historically. On the other hand, there needs to be an acknowledgement, and consent, to do this.
Some questions arise with this new technology. What happens if a patient does not want his/her data uploaded into a third-party “library” storage area for data sharing among practitioners (we will assume that only the specific practitioners given permission by the patient will have the ability to access the common-storage blended data in the Exchange)? Must EHRs and practitioners always have a point-to-point option (preserving the fragmentation of clinical data, as is the problem now)?
These are the kinds of issues that the E-Consent Trial Project will need to address. Likely, as this new kind of technology matures, there will be initial hesitation based mainly on fear (fear of unconsented disclosure of Protected Health Information). But with the kinds of sophisticated meta-tagging of data in these “library-style” Exchanges, where really only the intended recipients will have access to a patient’s PHI data, the hesitation should calm down with experience.
After all, if I (as a referring primary care physician) am referring a patient to a consultant (such as a cardiologist, for example), I would want that cardiologist to see my chart data, the lab data, and any hospital data that may exist, in order that the cardiologist can render the best care (and not duplicate tests that have already been done). And, in return, I will want to retrieve the data back from the cardiologist, any other consultants, the hospital, etc., and have that all in an EHR dashboard when I see the patient again (“closing the loop”). The “library-style” of Health Information Exchange that is emerging will accomplish this better than any traditional point-to-point connection could ever achieve.
We will be keeping a close eye on this kind of work occurring at the ONC and other federal policy circles. The policy impact on these important new technologies can be significant – and hopefully, will result in a sane and streamlined process that protects the public interest, describes consent properly, and allows end-to-end permission in one single gesture.