Getting Permission to Exchange EHRs

Report analyzes patient consent options
Getting Permission to Exchange EHRs
Giving patients control over who can access their records via Health Information Exchanges could prove vital to building public trust in the security of the emerging networks. A new federally commissioned research report outlines the options for obtaining patient consent for transmitting electronic health records via HIEs, but it stops short of endorsing any approach.

Researchers at George Washington University Medical Center prepared the report for the Office of the National Coordinator for Health Information Technology at the Department of Health and Human Services.

Carrying out a mandate in the HITECH Act, HHS recently issued grants to every state to help support HIEs.

The new report describes in great detail the options regarding patient consent for exchanging data among healthcare organizations. The options include:

  • No consent: Automatically allowing the exchange of records without patient consent and without an opt-out clause;
  • Opt-out: Offering patients only an all-inclusive opt-out option;
  • Opt-out, with exceptions: Offering varying levels of opt-outs, such as allowing only selected data to be exchanged;
  • Opt-in: Requiring that patients explicitly grant permission for the exchange of all of their information; and
  • Opt-in, with restrictions: Enabling patients to grant permission for the exchange of specific subsets of their records.

The consent model chosen can directly affect the privacy and security of personal health information, the report acknowledges.

"While this document represents a starting point for discussion related to consent, it is imperative that future deliberations are informed by further research regarding the effectiveness and impact of various consent options, consideration of the broader policy landscape and assessment of the needs of those most affected by the consent decision," the report states.

"Until the time when we are confident that we can protect health information in a systematic and thorough way, prudent use of the mechanism of consent appears to be one of the most reliable ways to pursue that goal."

About the Author

Howard Anderson

Howard Anderson

Former News Editor, ISMG

Anderson was news editor of Information Security Media Group and founding editor of HealthcareInfoSecurity and DataBreachToday. He has more than 40 years of journalism experience, with a focus on healthcare information technology issues. Before launching HealthcareInfoSecurity, he served as founding editor of Health Data Management magazine, where he worked for 17 years, and he served in leadership roles at several other healthcare magazines and newspapers.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.