The Veterans Affairs and Defense departments are working on consent management tools that would let patients control access to their personal health information - including medication lists, lab test results and diagnoses - during health information exchanges between the two agencies.
Kaiser Permanente, a partner with VA and DOD in the Virtual Lifetime Electronic Record (VLER) Community data-sharing project now underway in the San Diego area, will also deploy consent tools next year as a part of the multi-organization health information exchange pilot.
The use of consent tools in the VLER project was among the privacy control techniques discussed June 29 at a meeting of the Privacy and Security Tiger Team, a special workgroup formed to help resolve some of the thornier privacy and security challenges that have arisen as the health IT incentive program nears reality.
Consumer choice in sharing their information is critical to building trust and confidence in health information exchange, according to tiger team members.
"People are often stigmatized when they have conditions related to mental health, HIV or certain genetic information," and may not want to share that health information, even for purposes of clinical treatment, said Joy Pritts, chief privacy officer at the Office of the National Coordinator for Health IT and the ONC's representative on the tiger team.
Access controls in healthcare, including consumer consent techniques, are not as mature or broadly developed as identity verification, authentication and data integrity, said Duane DeCouteau, a VA senior technologist and a contractor from Ascenda Healthcare, who spoke at the meeting.
And while technology can enforce rules regarding consumer sensitivities, he said, defining those sensitivities, "is a function best left to clinical experts and consumers themselves."
Texas's Department of State Health Services (DSHS) uses a consent management system at its 250 treatment locations that lets consumers scale those sensitivities. Its Clinical Management for Behavioral Health Services (CMBHS) system is a Web-based, open source electronic health record that lets a patient decide which parts of the record can be released to other providers. The consent form is then integrated with the patient's record in the EHR system.
In another example, Tim Kwan, technical advisor to the Brooklyn Health Information Exchange (BHIX), described using InterSystems's Healthshare platform to perform a number of exchange tasks, including consumer consent. InterSystems is a provider of software for connected healthcare.
IIn the BHIX system, a consent registry stores the consent information entered about a patient's preferences and a consent service retrieves the patient policy to identify if the system can disclose the patient data to the organization requesting it. Regional health information exchange organizations can "play a role to match consumer identities and consumer consent policies," he said.
