A July 3 article in VT Digger, an independent organization covering investigative news in the state, revealed a stimulating story about concern regarding health information exchange (HIE) patient privacy. The piece, written by Erin Mansfield, noted that officials from the Vermont Information Technology Leaders (VITL), the publicly-funded Montpelier-based organization that operates the Vermont Health Information Exchange (VHIE), and warehouses patients’ electronic health records (EHRs) across the state, is considering a policy alteration that would change the HIE’s patient consent process from “opt-in” to “opt-out,” despite concerns from the American Civil Liberties Union (ACLU) of Vermont.
Of course, within an HIE, an opt-out policy means that patients must manually remove their records if they choose not to participate in their state’s HIE (the default is for patients’ health data to be included from the start), while under the current opt-in policy in Vermont, patients must give doctors permission to view their records. VITL is required to discuss the policy change with the Office of the Health Care Advocate at Vermont Legal Aid, and the ACLU Union of Vermont, according to the report.
For the patient consent process, there is no single national law, but rather policies vary state by state. According to Office of the National Coordinator for Health Information Technology (ONC) data, as of September 2013, seven states had an opt-in policy, 30 had an opt-out policy, and 13 had either a combination of both, a hybrid model or rules were pending.
In Vermont, with the opt-in policy, about 96 percent of patients still give doctors access to their records, according to Rob Gibson, the vice president of marketing for VITL, per the VT Digger story, and the remaining 4 percent don’t want to share records. But Gibson said his organization is now hearing complaints from doctors who say that the policy causes an administrative burden, the story stated. Mansfield reported, “What we’re starting to hear from people is that having a requirement like we do now, with having everybody being required to opt in creates extra work and administrative burden and sort of limits the flow of information sometimes,” Gibson said.
For provider members of an HIE, not having to ask each patient for consent is undoubtedly a time saver. Doctors also point to the idea that it could be tough to remember which patients opted in or out when they transmit the EHR data to an HIE. On the contrary, Allen Gilbert, executive director of the ACLU of Vermont, told VT Digger that “There is a greater likelihood of informed consent when people have to make a decision to ‘opt in,’ and the ‘opt out’ starts with a default that the person is in, and it requires no fault to have the person essentially enrolled in the system.” He added that with an opt-in policy, patients will be more likely to know what they’re agreeing to.
We should also keep in mind the HIPAA Privacy Rule’s Individual Choice Principle, which states that “Individuals should be provided a reasonable opportunity and capability to make informed decisions about the collection, use, and disclosure of their individually identifiable health information.” To this end, in the VT Digger story, Kristina Choquette, vice president of operations for VITL, recently told state regulators that doctors describe the current opt-in patient consent policy as “HIPAA on steroids.”
For me, a lot of this comes down to patient education. If consumers are informed and educated up front about the policy of the HIE, and where their data might be going, choices will become easier and trust will be gained. According to a 2014 Medical Economics article on patient consent, the Massachusetts eHealth Collaborative (MAeHC) built HIEs in three communities and incorporated an opt-in policy. Front-desk staff in doctors’ offices gave patients brochures about the HIEs and asked them to sign consent forms. More than 90 percent of patients consented, the article stated.
I recently spoke with Christina Galanis, president and CEO of HealthlinkNY, which operates the HIE in the southern tier of New York and the Hudson Valley, who feels that patients need to have the right to choose where their data goes. Galanis said that even if the patient chooses “deny,” that’s something the organization has to comply with. “I have been doing this for nearly 12 years, and I know that you have to go to the patient first, and the patient has to be educated,” she told me. For HealthlinkNY, an opt-in HIE, patients don’t have to say “yes” to the whole HIE, but they can choose which provider organization their data goes to, she added.
According to the ONC’s website, the U.S. Department of Health and Human Services (HHS) does not set out specific steps or requirements for obtaining a patient’s choice whether to participate in an HIE. The agency also doesn’t take a stance on opt-in versus opt-out. However, it says that adequately informing patients of these new models for exchange and giving them the choice whether to participate is one means of ensuring that patients trust these systems. Providers are therefore encouraged to enable patients to make a “meaningful” consent choice rather than an uninformed one, ONC states.
Clearly, the waters are pretty muddied when it comes to patient consent and HIEs. There are arguments on both sides of the table, but I have to imagine that most logical people would agree on two core points: 1) patients should not be surprised by where their records go and 2) to accomplish the fundamental goal of health information exchange, providers will need to see the information they need to provide the highest quality of care.
And with that, a level of trust between providers and patients must be established. Betty Rambur, a nurse practitioner and member of the Green Mountain Care Board, overseer of VITL, said it perfectly in the VT Digger story: “It is really this complicated balance between providers having the data they need and the people having the privacy that they deserve.” So while patient consent issues might not be totally ironed out in the immediate future, it’s good to know that multiple states are considering the effects of both policies, and most importantly, how they each affect the patient.
