On October 5, the Office of the National Coordinator released the Consumer Preferences Draft Requirements Document which highlights the policy and technology requirements to ensure that all data exchange - PHRs, EHRs, HIEs, Public Health, Quality, and Research - protects confidentiality by following the preferences of the consumer for data sharing. It's an important document and definitely worth reading.
On October 13, HITSP held a Town Hall Meeting on Consumer Preferences to discuss the requirements document and collect public comments for submission to ONC. You'll find the audiocast here (as MP3) and the presentation here (as PDF).
At the October 14 HIT Standards Committee meeting, David Blumenthal emphasized that we need to expand the scope of our NHIN thinking to include consumer health information platforms in addition to the provider and government organizations that have been the focus to date.
What does this all mean? The focus on consumer consent, privacy, and security as the foundation of data exchange will accelerate interoperability.
A few thoughts:
1. As the Chairman of NEHEN, a Health Information Exchange in Massachusetts, I know that consent management (policy and technology) is a very important first step to implementing interoperability. To coordinate care, improve quality, and measure population health, we need data and patients need to trust our HIEs so that we can share data for their benefit.
2. Policymaking can constrain technological complexity. If every possible permutation of consent (opt in, opt out, segmentation of the record, approval for sharing at the institution level, approval for sharing at the provider level, approval based on the situation - emergent care or not, etc.) needs to be supported by every stakeholder exchanging data, then the number of standards needed will be significant. Ensuring comformance with a large number of standards at every point of data exchange will be challenging. In my experience, something simple such as opt-in consent for data sharing at the institution level, will result in much more privacy because the security technologies required to support it are simple and easy to understand.
3. Although provider to provider data sharing will always be important, the notion of sharing data with the patient who then shares it with others per their consent preferences is a viable alternative approach. However, we need to maintain the integrity of the data from its source to its use by ensuring the data is not modified or the context of the data changed along the way. Jamie Ferguson from Kaiser Permanente wrote a great blog about this issue.
My ideal plan for consumer preferences would be
1. We develop national policy which clearly delineates the types of consents we need to support. Ideally, this will be a short list. I prefer consumer opt-in at the institution level. To be compliant with ARRA and state laws I can imagine this being expanded a bit to include very basic segmentation of the record into mental health, HIV results, and everything else.
2. This consent will be recorded electronically and made available via a health information exchange, the PHR of the patient's choice, or via a mobile storage device such as a USB drive. When a patient presents for care, the consent is queried, and all data exchanges follow this declaration of confidentiality preferences.
3. The standard for recording consent would be XML-based and not require a "wet signature" or an image of a signature. I realize that some state laws still require handwritten consents, so policy work is needed here.
Given all this activity regarding consumer preferences, control, and empowerment, let's hope the policymaking gets done by 2011 and the standards to support the policy can be simple to deploy and manage. The more complex meaningful use data exchanges in 2013 and 2015 depend upon it.
Addendum: John Moehrke has published an excellent blog outlining how current HITSP standards can support this vision.
No comments:
Post a Comment