Wednesday, August 25, 2010

Consent Recommendations from the Privacy Tiger Team

I've written several blog posts about the need for consent policy and technology.

For 2011, the Meaningful Use Stage 1 data exchanges are a "push" of data from provider to public health, quality registries, and other providers. Consent is obtained by the provider when the patient is present during an episode of care. The consent process will be driven by Federal/State policy and workflow rather than technology.

For 2013, the data exchanges are likely to be "pull" based on patient controlled consent for release of information from institutions. The consent process will be a marriage of policy and technology.

On August 19, the Privacy and Security Tiger Team released its recommendations for the consent policy to support Stage 1 data exchanges.

Key points include:

When the decision to disclose or exchange the patient�s identifiable health information from the provider�s record is not in the control of the provider or that provider�s organized health care arrangement (�OHCA�), patients should be able to exercise meaningful consent to their participation.

where meaningful consent is defined by

Advanced knowledge/time
Not compelled, or used for discriminatory purposes
Full transparency and education.
Commensurate with Circumstances
Consistent with Patient Expectations

Although granular consent is a desirable future goal (i.e. line item redaction of medications depending on the recipient of the data), technology has not yet evolved to the point where this is widely implementable. It is important that ONC find evidence (such as through pilots) for successful models and not rely on theoretical possibilities. In the interim, patient education is paramount. Realistic expectations about privacy need to be established.

State Health Information Exchanges are busy defining their own policies and technologies to support Meaningful Use Stage 1 Data Exchanges:

Core Set
1. Provide patients an electronic copy of their ambulatory, ED or inpatient summary of care record record
2. Transmit prescriptions
3. Capability to exchange key clinical information among care providers and patient authorized entities
4. Report clinical quality measures

Menu Set (must include at least one public health reporting transaction)
5. Incorporate clinical lab tests results into EHRs as structured data
6. Provide summary of care record for patients referred or transition to another provider or setting
7. Capability to submit data to immunization registries, provide syndromic surveillance and lab data to public health agencies

The guidance from Privacy and Security Tiger Team provides a valuable framework to inform state activities. In Massachusetts, we have Chapter 305, which requires opt-in consent for data sharing.

By adopting a national policy that ensures providers educate their patients about Meaningful Use data exchanges and obtain consent before sharing information with outside organizations, we will ensure that patient privacy is protected.
Load disqus comments