Granular patient consent policies - adopted despite HIPAA allowing certain data to be shared without explicit patient consent - can lead to less data being exchanged by healthcare entities, says researcher Julia Adler Milstein of the University of Michigan.
The university's study of 11 hospitals involved in a health information exchange collaborative effort in California found that those that required more granular consent from patients shared fewer records with others, Milstein explains in an interview with Information Security Media Group. Milstein is co-author of a report on the study published in the Journal of the American Medical Informatics Association.
Under the HIPAA Privacy Rule, covered entities, such as hospitals and clinics, are permitted to disclose patient information to other CEs for purposes related to healthcare treatment, payment or business operations. But some organizations implement policies that require patients to give explicit consent before allowing the exchange of their health data with others. Institutions often choose to make these policy decisions "because there is some ambiguity in HIPAA about what falls under treatment, payment and operations," Milstein says.
Researchers studied the information sharing activities of members of the Northern California HIE Collaborative, a group that had formed in recent years to connect organizations that had previously adopted electronic health records systems from Epic Systems.
Because each of the institutions was using Epic's HIE technology platform, interoperability between the organizations was not a major potential obstacle to the technical aspects of data exchange. The study examined how the volume of patient data exchanged has influenced participating institutions' policy decisions, including granular patient consent for sharing data.
The study found that institutions with no HIE-specific consent requirement demonstrated higher rates of HIE growth compared to those healthcare entities with explicit patient consent requirements.
Granular patient consent policies can run counter to the fundamental goal of electronic health information exchange, which is to provide clinicians with complete, accurate and timely health information - from multiple sources - so that the medical errors and misjudgments can be avoided, Adler-Milstein argues.
"When we rely on manual approaches - fax and phone - information slips through the cracks or is never communicated, and that compromises the quality and safety of care," she says. "The question is whether the standard of care will evolve as [electronic] HIE becomes an option. [For instance,] if a provider is missing a piece of information, will it be held liable if there is an adverse event or patient safety failure?"
In the interview, Adler Milstein also discusses:
- Other findings from the study;
- Why there is still often a great deal of manual work involved in electronic health information exchange;
- How differences between state regulations can potentially impact health information exchange;
- Lessons learned from the research.
Adler-Milstein is an assistant professor at the School of Information at the University of Michigan with a joint appointment in the university's School of Public Health, Department of Health Management and Policy. Her research focuses on policy and management issues related to the use of IT in healthcare delivery. Adler-Milstein holds a PhD in health policy from Harvard University.