States, Feds Still Grappling With HIE Consent | [node:field-byline] | Healthcare Blogs Skip to content Skip to navigation

States, Feds Still Grappling With HIE Consent

November 15, 2011
by David Raths
| Reprints
Consent models move from opt-in or opt-out to more of a hybrid

Opt in or opt out? That is the million-dollar question state health information exchange leaders and federal policymakers continue to grapple with regarding how patients consent to share their health data.

“Consent is going from theoretical to the implementation phase and adjustments are having to be made,” Ree Sailors, program director of health IT for the National Governors Association, told me for a story earlier this year. Some states that started with Medicaid as the lead agency began with opt-out as the default and have had to adjust as the public learns more about health data exchange, she added. Other state HIEs determined that not enough people would sign up in an opt-in format.

On Nov. 14, I listened to a lively webinar panel discussion on patient consent hosted by the National eHealth Collaborative. That discussion reinforced Sailors’ observation that consent seems to be moving from opt-out to hybrid models. For instance, Holt Anderson, executive director of the North Carolina Healthcare Information and Communications Alliance, described an HIE in his state involving 16 hospitals that had an opt-out model. But it has since linked up with a Veterans Administration hospital in Asheville with an opt-in policy. Queries to the VA are not acted upon unless the veteran has opted in. “It is a hybrid model and the mixture seems to be working,” Anderson said. 
Devore Culver, executive director and CEO of Maine’s HealthInfoNet, said its opt-out consent model, arrived at in 2007 after extended debate, is now becoming something of a hybrid, too, as it deals with restrictions around behavioral health and HIV information. Legislation passed in the state’s last legislative session allows that that data to be released as long as it is sequestered until a patient consents. Instead of blocking that information, the HIE system is being redesigned to treat it in a different manor. “All the risk has moved upstream to the exchange,” Culver said, “and that has me a little bit nervous.”

Many state health IT executives have expressed a desire for the federal government to weigh in, but progress has been slow. Although the Health IT Policy Committee sent recommendations to the Office of the National Coordinator in September 2010, no policy decisions have been made yet. Joy Pritts, chief privacy officer for ONC, said her office is reviewing those recommendations with a Health and Human Services interdivision work group and with other federal agency partners. ONC is also running a pilot project focused on identifying elements of consent that individuals need to make “meaningful” decisions about it and to measure the burdens to providers in having lengthy conversations about privacy and consent with patients.

Deven McGraw, director of the Health Privacy Project at the Center for Democracy and Technology and a member of the Health IT Policy Committee, described a few of those recommendations. She said the committee made a distinction between different types of architecture. If all you are doing is peer-to-peer exchange and basically digitizing what has been done previously via paper and fax, she said, the committee suggested there isn’t need to offer patients consent beyond what they have today. But if you are setting up an exchange architecture in which providers can “pull” data from other providers or from a central source, patients should be given some options as to whether their data is part of this or not. A lot of states are struggling with whether to have several consent models based on architecture or have one size fit all. “It’s an interesting debate,” McGraw said, “and it is tying people up in knots.”

More important than opt in or opt out, she added, is transparency about what you are doing. Patients need to understand that there is HIE infrastructure being built, and that they have an opportunity to make a choice in advance of that data being accessible.

It still remains to be seen which model will prevail: the opt-out model that many states have chosen (because it’s easier) or the more challenging option the Policy Committee recommends that involves more upfront choices for consumers. Stay tuned.

The Health IT Summits gather 250+ healthcare leaders in cities across the U.S. to present important new insights, collaborate on ideas, and to have a little fun - Find a Summit Near You!


See more on

betebettipobetngsbahis bahis siteleringsbahis