Opt-In Policy Best For HIE Patient Privacy - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Healthcare // Analytics
09:18 AM

Opt-In Policy Best For HIE Patient Privacy

John Halamka, CIO for Beth Israel Deaconess Medical Center, believes health information exchanges should use an 'opt-in to disclose' policy to safeguard patient data.

8 Health Information Exchanges Lead The Way
8 Health Information Exchanges Lead The Way
(click image for larger for slideshow)
Healthcare providers have yet to agree on the best way to protect the privacy of personal health information (PHI) in health information exchanges (HIEs), but John Halamka, MD, has an opinion.

As CIO at Beth Israel Deaconess Medical Center (BIDMC) in Boston, Halamka recently announced in a blog post that BIDMC will have all of its 1,800 affiliated ambulatory care providers ask their patients to "opt in for data sharing among the clinicians coordinating their care." This would allow data exchange, not only within BIDMC, but also with outside clinicians who provide care for those patients. The patients who opt in now will still be able to opt out later.

The blog entry noted that the statewide HIE is moving in the same direction; while BIDMC will document the patient consent itself, the state will start recording all consents in 2014.

Massachusetts law already requires opt-in consent for information exchange, Halamka told InformationWeek Healthcare, but BIDMC has selected a particular variety that he calls "opt-in to disclose." The other major type of opt-in consent, he said, is "opt-in to view," which would require patients to consent every time their information is viewed by a clinician other than their personal doctor.

State privacy laws, he added, override the HIPAA consent forms that patients are asked to sign. And there's no uniform national policy on how HIE privacy should be handled. So providers are trying various approaches in different states.

[Most of the largest healthcare data security and privacy breaches have involved lost or stolen mobile computing devices. For possible solutions, see 7 Tools To Tighten Healthcare Data Security.]

For example, California healthcare organizations are using an opt-out approach that allows any patient's data to be exchanged unless the patient requests that it not be. Mark Savage, an attorney with Consumers Union, told FierceHealthIT recently that the California solution has been "to limit the use of HIE to treatment by trusted doctors, with strong security protocols. In that context, opt-out has been an OK solution for us, because the structure built around the consent mechanism is strong enough to protect consumer privacy."

But that wouldn't work in Massachusetts, Halamka said. "In Massachusetts, consumers believe that the data shouldn't be exchanged about them until they give permission for that to occur. Because of our state laws and our culture, the notion of opting in makes more sense for us."

Due to limitations in current technology and processes, Halamka said, BIDMC can only implement the initial phase of what he calls "meaningful consent," which allows patients to control which data their treating physicians can view. In the first phase, patients can choose whether to disclose their data to BIDMC, but they can't control what kinds of data may be exchanged. The only exception is what Halamka calls "lock-box data," which includes information about mental-health treatment and is normally sequestered even within BIDMC. That data won't be available to non-BIDMC providers. Otherwise, if patients opt in, all of their data will be available to treating practitioners who request it from BIDMC.

With current electronic health records, Halamka noted, it's difficult to give patients more granular control. Even if the program specifies that a particular patient's HIV diagnosis and medications should not be exchanged, he notes, the diagnosis might be revealed or alluded to in free text. Moreover, if certain medications were not disclosed, doctors could not rely on the medication list when prescribing new drugs.

"So a patient needs to understand that if he or she chose not to consent, there are consequences, like drug-drug interactions or incomplete treatment," Halamka said.

Indications are that most patients will opt in. Several years ago, Halamka noted, the Massachusetts eHealth Collaborative asked all of the adults in North Adams, Mass., to opt in as part of an experimental health information exchange. "We achieved a 98% consent to opt in to everything," he recalled, as a result of educating patients "about the benefits of good, safe, quality care."

Will BIDMC providers go along with the policy, despite the extra work it will impose on them? Halamka believes they will. Aside from the fact that it requires only a one-time conversation with each patient, he noted, "The providers recognize that opt in to consent for disclosure is something that plays well in the media and with consumer groups. It sounds very patient-centric, and it's something that's going to be easy to have a conversation with the patient about."

Get the new, all-digital Healthcare CIO 25 issue of InformationWeek Healthcare. It's our second annual honor roll of the health IT leaders driving healthcare's transformation. (Free registration required.)

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Apprentice
9/8/2012 | 11:17:01 PM
re: Opt-In Policy Best For HIE Patient Privacy
It's interesting how dramatically different the culture of opting in vs out throughout different states. What will be truly telling is how much these exchanges improve (or don't) clinical outcomes & patient care. Once those numbers begin to be known, my guess is there won't be nearly as much of a debate around them.
Jay Simmons
Information Week Contributor
How COVID is Changing Technology Futures
Jessica Davis, Senior Editor, Enterprise Apps,  7/23/2020
10 Ways AI Is Transforming Enterprise Software
Cynthia Harvey, Freelance Journalist, InformationWeek,  7/13/2020
IT Career Paths You May Not Have Considered
Lisa Morgan, Freelance Writer,  6/30/2020
White Papers
Register for InformationWeek Newsletters
Current Issue
Special Report: Why Performance Testing is Crucial Today
This special report will help enterprises determine what they should expect from performance testing solutions and how to put them to work most efficiently. Get it today!
Flash Poll