Survey: 'Opt-In' for HIE Consent is RareMore Exchanges Take 'Opt-Out' Approach
Only 18 percent of health information exchanges surveyed confirmed that they have a policy requiring patients to "opt-in" and give formal consent before any of their records are shared via the networks.
Of the 199 HIEs surveyed, 36 said they take the opt-in approach, while 81, or 41 percent, reported they have an opt-out policy, where patients' data is automatically included, but they can choose to withdraw. The others surveyed didn't provide information on the consent issue.
The Washington-based eHealth Initiative, an advocacy organization, conducted the survey, which confirmed there are 73 HIEs that are operational, transmitting data that's being used by stakeholders, such as hospitals and physicians. That's up from 57 in 2009. The group estimates there are 234 HIEs across the country, including a majority that may have policies on consent or other issues in place but are not yet fully operational.
Fuel for Policy DebateThe survey results, unveiled July 22, are timely because federal advisers are considering whether the government should mandate a particular approach to obtaining patient consent for exchanging their health information.
On July 21, the HIT Policy Committee, which drafts policy recommendations that often find their way into federal healthcare regulations, determined that the consent issue requires further discussion and analysis before any policy is recommended.
In arguing for the opt-out approach, committee member Neil Calman, M.D., president and CEO of the Institute for Family Health, a family practice organization serving Harlem, expressed concerns about the "administrative burden" that would be imposed by asking every patient to sign a consent form. "How many years would it take to get the 100,000 patients in my network to opt in?" he asked.
In advocating the opt-in approach, consumer advocate Gayle Harrell, a former Florida state legislator, noted: "We have a very distinct right to privacy that's not only guaranteed in our Constitution, but has been upheld in our courts. And there's nothing more private than your healthcare information....Once it's been divulged, there's no way to retrieve it."
An Evolution?The opt-out approach now dominates the HIE environment because "it's the easiest to do initially," says Jennifer Covich Bordenick, CEO of the eHealth Initiative. But she expects more HIEs may shift to the opt-in approach as they learn of other exchanges that have had success with that model.
Government guidelines on obtaining patient consent would prove helpful to the nation's emerging HIEs, she acknowledges. "But there's always the issue of whether you want polices at the federal or the state level. You can make a case for both."
In August, federal regulators plan to issue a "request for information" on issues, such as patient consent, related to the National Health Information Network, a set of standards for secure information exchange. A proposed rule on NHIN "governance" issues will be introduced in early 2011, says Mary Jo Deering of the Office of the National Coordinator for Health Information Technology. The proposal will address a wide variety of interoperability issues, including how to handle patient consent and identity verification, she explained.
Regulators ultimately must also determine whether to mandate that all health information exchanges use the NHIN standards, she added.
Other Survey ResultsOther highlights of the eHealth Initiative's HIE survey include:
- 86 of the networks (including those that are operational and those still in the planning stages) now have policies that enable patients to decide which providers can have access to their data.
- 13 HIEs enable patients to grant access permission down to the level of individual data elements.
- 35 HIEs have an electronic means for obtaining and managing patient consent information sharing, but 82 plan to initiate one.
Another way to build patient support for HIEs, Bordenick says, is to demonstrate the value the exchanges offer. "Patients need to understand the consequences of not having data available at the critical moment of time when they're in the ER," she notes. "But we still must make sure that we are all very cautious and thoughtful in ensuring we protect patient privacy."