Privacy, security 'tiger team' split on when patients must consent for HIE

An HHS "tiger team" tasked with finding ways to ensure privacy and security of protected health information in the context of government-funded health information exchange has recommended several models, depending on whether or not a patient must give consent.

The team presented the Health IT Policy Committee last week with a list of factors that trigger the need to obtain express consent to exchange patient-specific data. HIE, according to the tiger team's co chair Paul Eggerman, is "a voluntary process where there are opportunities for patients to say if they don't want to participate in exchange and opportunities for providers to not participate," Government Health IT reports.

Ideally, the Office of the National Coordinator for Health Information Technology should adopt a policy of requiring consumer choice in HIE, Eggerman, a software entrepreneur, added. "Ultimately, with health information exchange of electronic health records, we need to earn the trust of consumers and physicians that it is occurring correctly," he said.

However, members of the tiger team were unable to agree on one model over another, so they recommended that ONC allow HIEs to use either one. Ultimately, according to co-chair Deven McGraw--director of the Health Privacy Project at the Center for Democracy and Technology, a not-for-profit aimed at keeping the Internet open and free--patients "should not be surprised to learn what happens to their data."

Next month, the tiger team will present the HIT Policy Committee with recommendations on how patients should offer consent for handling "more sensitive" information, Government Health IT reports. The committee will vote in September on a series of policies related to consumer choice.

For further details:
- take a look at this Government Health IT story