Getting Granular: Patient Consent in HIEs | Jennifer Prestigiacomo | Healthcare Blogs Skip to content Skip to navigation

Getting Granular: Patient Consent in HIEs

September 2, 2010
| Reprints

Patient consent in health information exchange (HIE) is a fascinating area that is now unfurling on the healthcare stage. The ONC’s Tiger Team released their recommendations to HHS in a 19-page letter on August 19. I find the recommendations very interesting, especially regarding how to allow patients granular control over what personal health information is shared in a HIE and when. According to the Tiger Team the healthcare provider will be the primary educator for the patient regarding this consent:

“Based on our core values, the person who has the direct, treating relationship with the individual, in most cases the patients provider, holds the trust relationship and is responsible for educating and discussing with patients about how information is shared and with whom.”
—Tiger Team Recommendation Letter, August 19, 2010

In today’s healthcare exchange between doctor and patient, patients already get a too-brief snippet of time with their physician. And now this committee expects the doctor to be the primary educator for the extremely complex subject of privacy disclosure and information exchange. Maybe I’m being too cynical, but I don’t reasonably foresee a “meaningful consent,” as the Tiger Team phrases it, happening as long as the payment structure for doctors is still on a pay for procedure basis. There is simply not enough advantage currently for doctors to spend more time with individual patients to go over these very important, yet administrative details.

Granted the Tiger Team writes that other parties besides the healthcare providers will need to be in this educational process, including the “ONC, regional extension centers, and health information organizations” to “provide resources to providers, model consent language, and educational materials to demonstrate and implement meaningful choice.” But will there be ample funding for these materials to have the far reach necessary to educate the public? There is still a lot of work out there, and the Tigers admit to it:

“The technology for supporting more granular patient consent is promising but is still in the early stages of development and adoption…The goal in any related endeavor that ONC undertakes should not be a search for possible or theoretical solutions but rather to find evidence (such as through pilots) for models that have been implemented successfully and in ways that can be demonstrated to be used by patients and fulfill their expectations. ONC and its policy advising bodies should be tracking this issue in an ongoing way and seeking lessons learned from the field as health information exchange matures.”

I interviewed Jan Root, Ph.D., President and CEO of Utah Health Information Network (UHIN) last week about the recent EHNAC accreditation for her clinical HIE, and we got on to a really interesting topic of what happens when patients opt to only share certain parts of their health record. Take a listen below:

Jan brings up a really great question about how patient control of health information will balance with the goals of public health reporting and population study. I’m really curious to know your thoughts and insights, so please comment below.



Thanks for your comments Joe and Rob. Joe you bring up a good point about the "business standard and the professional standard" not necessarily being aligned. I spoke with Dev Culver with the Maine HIE (I'm posting my interview with him later today) yesterday and he made a comment about how the Maine hospitals had to come to a consensus to agree to not compete with patient data and comingling their data was a win-win for everyone involved. I'll have to take a deeper look at the unintended consequences you've been reading about, that sounds very interesting to pursue further. Thanks!

Rob, I understand your reaction to "patients have little to lose and much to gain from increased information exchange".

That phrase was qualified by:

"... there are areas where consent and disclosure are non-contentious ..."

It was a comment made by the CEO of caBIG, who made that point that patient's under thirty years old who are diagnosed with terminal illnesses WANT EVERYTHING ABOUT THEM SHARED. Their hopes are pretty clear. In their situation, they are not concerned with the ability to get health insurance later in life. And, they have bigger issues and values than the stigma associated with their situation, impact on employ-ability and other issues that are very real for other populations. This CEO brought up this group to remind us of the GAIN POTENTIAL for SOME POPULATIONS.

Patients-Like-Me and other condition-specific social networks are, as you know, already publishing experiential data on effectiveness and side-effect incidence of therapies on many conditions. Although not a randomized, placebo-controlled, double-blind, well designed clinical trial with cross-over designs, this "exchanged" information also is relativity free of the horrific biases sometimes prevalent in the former. The lead time is much shorter. And the biggest bias, i.e. publishing negative results is better dealt with.

(See Taleb's The Black Swan for an excellent treatment of human cognitive errors associated with retrospective accounts by academicians. He points out the need for forward looking journals to ensure we reach valid conclusions about predictability.)

My bad for not elaborating the context in my example in more detail. And, lets be careful about the context. My point was simply that there are areas where open, granular information exchange has been found to be non-contentious. For some populations, it's highly valuable and wanted / needed / and possible.


It is very interesting to see someone else thinking about the issue of privacy and who controls it.

It is hard to figure out the motives of those that push the current HIE architectures. From what I can tell they do not want to have anything that slows down deployment, even if it means patients really have no say in what gets shared with whom or when, or else they are the open health types.

In either case, the technology to implement patient driven granular consent and tracking of health information sharing is available and tested.

Just who is behind not requiring it not clear.

BTW, I completely disagree with the comment "patients have little to lose and much to gain from increased information exchange". Sure in many cases more health information sharing is fine and helpful, but do people really want everybody in town that works in a healthcare provider connected to the HIE to see everything about them.

Rob Tholemeier

That was an extremely interesting post. You raised several valid points that are worth kicking around:

1) Your point that healthcare providers often do not have enough time today in an encounter to be clinically thorough. To increase the role to include explaining the trust trade-offs of personal health data sharing seems unrealistic.

There are several areas in our lives today where we blindly agree to terms that we don't understand. That ranges from big things, like signing a mortgage documents, dozens of times to dozens of terms that we dont fully understand. We accept the terms when we install software or agree to use a service like iTunes. I know of no one who will actually read the 25 screens currently required on an iPhone before pressing Agree.

On a superficial analysis, it would seem that we would want to put health information into a more carefully considered system. Few of us knows enough when scared and sick to take the risk of opting out of a sharing relationship that a provider presents to us. So, I think you're raising a fundamentally valid concern.

2) I have a friend who has been building successful HIEs for several decades. He uses terms like "medical trading organizations" for referrals, labs, radiology, and a litany of other services like DME. The reality is that there are formal and informal business relationships that co-exist with HIEs. There is a moral hazard that cooperating (or co-owned) providers don't want information exchanged outside of their network. What do they tell patients about consent to exchange information? Don't HIEs fundamentally open the door to increased competition? The business standard and the professional standard are not necessarily aligned.

3) The related but distinct issue is "who is advantaged or disadvantaged by information exchange, both economically and in terms of care quality?" We are increasingly seeing articles in NEJM and elsewhere that transparency, for example of quality data, is leading to unintended consequences, like penalizing providers for risks and outcomes they cannot control or influence (genetics and compliance to name two.)

I am glad that there are areas where consent and disclosure are non-contentious, where patients have little to lose and much to gain from increased information exchange. I am also glad that there are additional techniques like VNHIDs to approach the granularity problem. So, patient consent in HIEs isn't a dismal topic, and it does require broader discussion in the HCIT community.

Thanks, JP, for bringing this conversation to the HCI blogs.