A white paper published this year by the New York eHealth Collaborative (NYeC) proposes that the Statewide Health Information Network for New York (SHIN-NY) consider broadening its consent policy to enable care coordination, quality improvement, and other population health efforts.
One of the key principles agreed upon in the development of SHIN-NY almost a decade ago was that, subject to limited exceptions, patient information maintained by a regional health information organization (RHIO) can be accessed by a RHIO participant only if the patient signs a written consent form authorizing such access. In 2016 NYEC surveyed RHIO and conducted a series of focused interviews about the impact of the consent policy. Among its findings were:
• A substantial majority of SHIN-NY participants (75 percent) believe that, from a policy standpoint, the current consent model strikes the appropriate balance between facilitating clinical information sharing and protecting patient privacy. In practice, however, many participants experience workflow problems associated with obtaining patient consent that impede the flow of health information for important clinical purposes.
• Many participants primarily use the SHIN-NY to access the results of laboratory, radiology, and other tests they have ordered. In these cases, the current consent model does not serve as a barrier because participants can rely on the patient’s implicit consent for these “one-to-one exchanges” and are not required to obtain a formal written SHIN-NY consent. In contrast, participants that seek to pull a comprehensive history of a patient’s medical care from a RHIO face more significant impediments to obtaining consent, especially if they want to access the patient’s records in advance of an initial visit.
• Care coordination, quality improvement, and other population health efforts face the greatest barriers because participants are seeking to obtain information from a broad class of patients, many of whom rarely engage with the healthcare system and are unlikely to have signed a SHIN-NY consent form.
It appears that the greatest obstacles created by the current consent model arise in connection with population health activities conducted by insurers, individual providers, or multi-provider ventures such as Accountable Care Organizations (ACOs). In these use cases, the healthcare organization often seeks to pull comprehensive data about a large cohort of patients to identify those who may be underutilizing the healthcare system or otherwise receiving sub-optimal care. Since many of these patients are disengaged from the system, it is often difficult to obtain their consent.
There is a strong interest among many providers in receiving “alerts” from the SHIN-NY about important clinical events involving their patients, such as an emergency room visit or an admission to the hospital. The current consent model restricts the ability of providers to receive alerts in cases where an event triggering an alert occurs prior to a patient visit with the provider seeking access to such alert.
• Technological challenges also complicate the process of obtaining consent. For example, in many hospitals the registrar responsible for collecting consent forms does not have access to the RHIO system to determine whether a patient has previously granted consent to the hospital. This limitation results in duplicative consent requests. The lack of an easily accessible central registry to track consents undermines the efforts of RHIOs to utilize a RHIO-wide consent model under which one participant can obtain consent on behalf of all other participants.
• Patients typically lack familiarity with RHIOs and the SHIN-NY, and are not likely to have a good understanding of the significance of granting or denying consent.
The NYeC identified three primary alternatives to the current consent model for further consideration:
• SHIN-NY Wide Consent Model: This model requires the patient to sign a written SHIN-NY consent, but it differs from the current model by allowing patients to sign a single consent form that covers all participants in the SHIN-NY, not just a single participant or all participants in a given RHIO. Under this model, the consent form would not have to list all SHIN-NY participants, but instead, could refer patients to a website where they could view such a list as it changes from time to time.
• Opt-Out Model: Under this model, a patient’s information could be exchanged for all purposes permitted by HIPAA and any other applicable federal laws unless the patient signs a form requesting to opt out of such exchanges. Patients would be notified of their opt-out rights through various means.
• Flexible Consent Model: Currently, only a SHIN-NY-specific written consent is sufficient to authorize access to information through the SHIN-NY. Under a flexible consent model, any consent that covers the purposes for which information will be accessed through the SHIN-NY would qualify as a valid SHIN-NY consent. For example, the broad consent signed by all Medicaid beneficiaries as part of the State’s Medicaid enrollment application would be adequate to permit the exchange of their information through the SHIN-NY for the purposes described in that consent.
The NYeC noted that the current model and the above alternatives are not necessarily mutually exclusive. Given the varying levels of privacy risk associated with different uses of the SHIN-NY, a blended model may be appropriate. For example, an opt-out model could be utilized for alerts about inpatient or emergency room discharges that contain limited clinical information while the current model or the SHIN-NY wide consent model could be employed for comprehensive queries for all SHIN-NY records. This approach would facilitate easier access to time-sensitive information about discrete clinical episodes while requiring affirmative consent for more intrusive inquiries into a patient’s entire medical history.
The NYeC white paper recommended that a SHIN-NY Consent Workgroup reconvene and focus on the three primary alternatives that are outlined in this report and evaluate the potential combination of models. It also recommend that the workgroup consider other issues related to consent management, such as:
• The development of a statewide mechanism for tracking patient consents.
• The ability of patients to grant/revoke consent through an online portal.
• Patient education efforts, including the sharing of best practices for patient education among RHIOs and their participants as well as investigation of successful education programs in other states.
• The development of technology allowing users to access RHIOs through their participant’s electronic health record system.
• The development of technology that improves the ability to segment Part 2 and other sensitive health information from other forms of patient information.
• The sharing of best practices for staff training related to consent.
• The simplification of language in the current consent form.
