Skip to content Skip to navigation

The Conundrum of Consent in Health Information Exchange

January 22, 2014
by Mark Hagland
| Reprints
Patient consent issues became a major focus of a recent discussion on health information exchange

A significant portion of a panel discussion on health information exchange focused on patient consent issues, during the Health IT Summit being held Jan. 21-22 at the Manchester Grand Hyatt Hotel in San Diego.

The discussion among a group of healthcare IT leaders delved deeply into some of the complexities of HIE, during the second day of the conference. The event is sponsored by the Institute for Health Technology Transformation, which since December has been a partner with Healthcare Informatics and its parent company, Vendome Group LLC.

The panel, titled “Health Information Exchange and Interoperability: The Journey Ahead,” was led by Kenneth Kleinberg, managing director, research and insights, at The Advisory Board Company (Washington, D.C.). The participating panelists were Daniel Chavez, executive director of the San Diego Regional Healthcare Information Exchange; Bill Beighe, CIO, Physicians Medical Group of Santa Cruz (Calif.), and of the Santa Cruz Health Information Exchange; David Chou, CIO, University of Mississippi Medical Center (Jackson); and Brian Frerichs, a vice president at the Alpharetta, Ga.-based MDdatacor.

panel members (l. to r.): Chavez, Beighe, Chou,
Frerichs, Kleinberg

One significant portion of the overall discussion ended up focusing strongly on the issue of patient consent in health information exchange (HIE) operations. Below are excerpts from that discussion.

Kenneth Kleinberg: Is consent a huge issue in HIE?

Daniel Chavez: It depends on your governance model and the precepts around which you structure HIE. In San Diego, we have a hybrid model that allows for each physician group to choose: opt-in, opt-out, or emergency use; or the null option. And some choices are dictated by the vendors, because some vendors aren’t able to accommodate all choices. Furthermore, workflow has to accommodate informing the patients. We’ve had mixed success with this; we probably have the most complex model of consent that there is. I think if you can agree as a community how you’re doing to do consent, it simplifies the process. We provided the maximum flexibility, which led to maximum complexity.

 I think the key all this is to constantly iterate with governance. The key to consent is scalability. We talk about scalability in terms of technology and operations. But it’s absolutely key to scale your consent model. Right now, our consent model in San Diego County doesn’t sale. So we’re working on it, monthly.

Bill Beighe: Well, Santa Cruz took a different approach, because we were very early in our development of our HIE, back in the 1990s. So we chose an opt-out model, which means the patient’s information is shared unless they don’t want it shared. Now, the clinician needs to click through and say that they have a care relationship with the patient, and that the patient consents; but we haven’t put in a front-door consent thing into it.

We’re involved in a statewide study of consent issues, and the results should be out relatively soon. I’ll say something that’s probably heresy, but until we get clear laws about consent, and until the vendors back those elements into their products—it’s the implementation that will kill you, both at the implementation and practice levels. So we took a very simple approach. The patient is presented with a form and so if you say yes, we’ll share your data; if no, it can only be shared in an emergency, per HIPAA. And the opt-in rate is northward of 99.9 percent. We have not found this [refusal to consent] to be an issue. But I think we’re ten years away from real consent, at the atom level.

David Chou: Governance is going to be very crucial. Patients will go to different facilities and organizations for care.

Bill Beighe: The vast majority of patients expect their data to be available. They’ll say, I was over with Dr. So-And-So, and why don’t you have the lab data from him? They’re shocked that the data isn’t readily available to the providers who need it. I think it all has to do with context and governance. Everyone has all their other data, such as financial, all over the place. So it comes back to governance, and how you explain consent to patients.

Kleinberg: How do you handle the issue of sensitive data?

Chavez: We are currently advising patients that if they have sensitive data in their record, that they choose not to have their information shared, because the technology is not sophisticated enough to cordon off pieces of it right now.