- “Opt Out” systems; in which a population is informed that unless individuals request otherwise, their records will be made available to be shared.
- “Opt in” systems; in which patients are asked to confirm that they are happy for their records to be made available when clinicians wish to view them.
- Hybrid consent models that combine an implied consent for records to be made available and an explicit consent to view.
Sunday, May 15, 2016
Enrico Coiera Discusses The Consent Models In The Era Of Digital Health Records.
This appeared as a blog last week:
May 8, 2016
There are few more potent touchstones for the public than the protection of their privacy, and this is especially true with our health records. Within these documents lies information that may affect your loved ones, your social standing, employability, and the way insurance companies rate your risk.
We now live in a world where our medical records are digitised. In many nations that information is also moving away from the clinician who captured the record to regional repositories, or even government run national repositories.
The more widely accessible our records are the more likely it is that someone who needs to care for us can access them – which is good. It is also more likely that the information will might seen by individuals whom we do not know, and for purposes we would not agree with – which is the bad side of the story.
It appears that there is no easy way to balance privacy with access – any record system represents a series of compromises in design and operation that leave the privacy wishes of some unmet, and the clinical needs of others ignored.
Core to this trade-off is the choice of consent model. Patients typically need to provide their consent for their health records to be seen by others, and this legal obligation continues in the digital world.
Patient consent for others to access their digital clinical records, or e-consent, can take a number of forms. Back 2004, working with colleagues who had expertise in privacy and security, we first described the continuum of choices between patients opting in or out of consent to view their health records, as well as the trade-offs that were associated with either choice .
Three broad approaches to e-consent are employed.
Opt in models assume that only those who specifically give consent will allow their health records to be visible to others, and opt out models assume that record accessibility is the default, and will only be removed if a patient actively opts-out of the process. The opt-out models maximises ease of access to, and benefit from, electronic records for clinical decision making, at the possible expense of patient privacy protections. Opt-in models have the reverse benefit, maximising consumer choice and privacy, but at the possible expense of record availability and usefulness in support of making decisions (Figure 1).
There is much more to be read here:
The last two paragraphs seems to cover a lot of ground. To quote:
“So, whilst we need to be clear about the risks opt in versus opt out, we should also recognise that it is only half of the debate. It is the mechanism of governance around the consent model that counts at least as much.
For consumer advocates, “winning the war” to go opt-in is actually just the first part of the battle. Indeed, it might even be the wrong battle to be fighting. It might be even more important to ensure that there is stringent governance around record access, and that it is very clear who is reading a record, and why.”
In reading the article I think the thing that is missing is the recognition of the importance of individual attitudes and history in all this and in the debate about what consent model is appropriate.
Many individuals have widely divergent life stories and these stories and their life experience can have a major impact on their comfort with a consent model and their preferences.
Individuals also vary greatly in their attitudes to disclosure of, and trust with, their personal information with some adopting a highly disclosive approach and others the reverse - often related to their individual experiences and illnesses.
Taken overall, and recognising the critical importance of governance and technical security, I think it unlikely agreement is ever likely to be reached unless we can properly response in the individual’s level of trust, personality and the risk of discrimination, shaming and embarrassment should their information be disclosed.
Given the importance of the proper protection of information the individual wants to keep to themselves, we need to develop systems that meet these needs.
Posted by Dr David G More MB PhD at Sunday, May 15, 2016