Tuesday, September 23, 2008

Patient Consent in Health Information Exchange – A Discussion Paper

The New York eHealth Collaborative has produced an interesting discussion document on patient consent in health information exchange.

Comments Sought on How Patient Consent Will Work in Electronic Exchange

Draft recommendations released this week by the New York eHealth Collaborative (NYeC) describe how patient consent should be obtained before a patient’s health information is exchanged electronically between entities participating in a regional health information organization (RHIO). The recommendations are part of a draft white paper released for public comment, developed by NYeC’s privacy and security workgroup.

NYeC is a public-private health information technology (HIT) stakeholder group aimed at developing consensus on key HIT policies and collaborating on state on regional HIT implementation efforts. The NYeC workgroups develop policies, technical standards, and operational guidance for health IT projects in New York and the Statewide Health Information Network for New York (SHIN-NY).

The NYeC privacy and security workgroup paper asserts that given state law regarding disclosure of certain health information, “affirmative consent from the patient to exchange health information via SHIN-NY governed by a RHIO is required under existing state law for non-emergency treatment.”

The full release is found here:

http://www.hanys.org/news/index.cfm?storyid=537

The report is found here:

http://www.nyehealth.org/files/File_Repository16/pdf/Consent_White_Paper_Public_Comment.pdf

Given that after addressing privacy issues this topic is of critical importance it is timely that this paper appear.

What I found particularly insightful was the following from page 3 of the 59 page report.

“In pursuing its health IT investment program, New York is cognizant that its success will not only be measured by technical, financial and clinical achievements, but also by the policies governing the exchange, measurement and reporting of personal health information as well as accountability mechanisms ensuring adherence to such policies. In fact, establishing public trust with respect to the privacy and security of health information is the single most important goal of New York’s health IT investment program.

In pursuing this goal, New York benefits from policy thinking developed by several important projects that have addressed privacy and security, including: the Markle Foundation’s Connecting for Health initiative; the California Healthcare Foundation’s policy briefs on privacy and consumer attitudes and policy forums; studies performed by such organizations as the American Health Information Management Association (AHIMA), eHealth Initiative, Healthcare Information Management Systems Society (HIMSS), National Alliance for Health Information Technology (NAHIT), the Health Information Security and Privacy Collaborative (HISPC); and the Certification Commission on Healthcare Information Technology’s (CCHIT). New York’s investment program builds on the collective foundation of these policy efforts while seeking to go one step further. Because New York is setting policy in the context of live implementations and is doing so through a statewide public-private collaborative model, there is a unique opportunity to stress-test new concepts that to date have largely been considered in either much smaller settings, on a theoretical basis, or in connection with proprietary or narrow technological approaches. Hopefully, New York’s experience will provide all stakeholders a richer understanding of what works and what does not, and will help to inform and shape emerging state and national policy.

As I have often noted, again we find privacy and consent issues being recognised as a ‘rate limiting step’ in the development of Health Information Networks.

This document is really more that a discussion of consent – covering as it does what almost amounts to a NY Health IT Network Strategy. (It is funded at $200M so it is pretty serious stuff!). It has clearly been carefully considered and researched.

Recommended reading.

David.

1 comment:

  1. There is a significant underlying issue here - how do practitioners gain informed consent when consumers' understanding of the technologies being used is limited? At the moment, it is difficult (not to mention time consuming) for a GP to explain the full consequences of electronic information sharing to a person who has never used a computer.

    One solution is to simply not use the technology for those people who cannot give properly informed consent, but this is not really practical either. I have always argued that it should have been one of the primary responsibilities of NeHTA to address this "rate limiting step" head on. There is no point in developing and promulgating standards if they cannot be used because some fundamental practical issues have not been addressed satisfactorily.

    ReplyDelete