There are at least seven computerized consent-management software systems either operational or under development that let patients segment their sensitive healthcare information and control and audit who sees or uses their electronic health records.
Govt., vendors show off consent-management tools
Today's existing messaging standards are sufficient for allowing patients to communicate their privacy preferences to these systems, according to government and private-sector developers of privacy-protection software systems who testified and demonstrated their wares Monday in Washington at a daylong, HHS-sponsored hearing.
The most sophisticated of these consent management systems let patients exert unprecedented levels of so-called "granular" control over their medical information.
The missing link to wide deployment of these systems, many of the developers said, is not the technology but the lack of a uniform national policy on what level of control patients should enjoy as providers continue to adopt EHR systems and regional and state organizations seek to link them in a proposed national health information network.
The hearing was held before the Privacy & Security Tiger Team, a new work group of the federally chartered Health IT Policy Committee. The committee and its companion Health IT Standards Committee were created pursuant to the American Recovery and Reinvestment Act of 2009 to advise the Office of the National Coordinator for Health Information Technology at HHS on health IT issues.
Links to the written presentations of participants and a webcast of the hearing is available at the Tiger Team Web page.
Three of the seven systems featured during the hearing were open-source or public-domain software projects. Two were government-sponsored initiatives.
One is the Clinical Management of Behavioral Health Services system developed by the Texas State Health Services Department. In Texas, the 10-year-old, Web-based system is used by 250 licensed substance-abuse treatment providers and contains more than half a million patient records. It allows patients to mask all or some groupings of their medical records.
The other government initiative is a joint project of the Defense and Veterans Affairs departments, developed as part of their effort to create lifetime EHRs for military personnel and veterans.
In written testimony, Duane DeCouteau, a senior technologist at the VA's Office of Health Information and a senior software architect with Dayton, Mont.-based Ascenda Healthcare, said the VA "is committed to the vision that consumer choice can be provided through open, mature, adaptable, service-based architecture and standards."
The VA and Defense Department's joint consent-management system "is inherently designed to be interoperable, and fundamentally there are no overt barriers to interoperability from the HIE perspective," DeCouteau wrote. "What is missing, however, is a consistent patient policy view across organizations. Patients currently need to negotiate their choices with each provider. Lack of interoperability for consumer choices places a significant burden on consumers that leaves them dependent upon healthcare organizations that see little benefit in restricting the essentially unfettered access they currently enjoy."
DeCouteau said during his presentation that the system is being designed to group sensitive data elements, such as HIV laboratory test orders, results, prescriptions and diagnostic codes, so that one consent control can be invoked to manage all elements of a specific condition. The system also will be able to automatically adapt its rules to accommodate new medical knowledge, such as future determinations of genetic susceptibility to various diseases. The VA is working on a pilot of the system in San Diego along with Kaiser Permanente. VA-wide deployment is expected by late 2011, he said. DeCouteau said that, as currently envisioned, patients could be counseled in how to set up their consent-management profiles.
Robert Shelton is the chairman, CEO and founder of Private Access, an Irvine, Calif., company that currently offers a Web-based consent-management service facilitating patient recruitment and consents in pharmaceutical research. Shelton said work is well under way to adapt that system for use as a consent management layer for EHRs and health information exchanges. Release of these broader-market products is expected later this year, Shelton said.
To be successful, however, patient consent-management systems will have to be consumer-friendly. The user interface will have to be designed in such a way that it helps patients simplify their choices, Shelton said. To that end, Private Access hired video-game designers to develop its interface.
“People have questioned the advisability of high granularity,” Shelton said. “I don't believe a consumer can get their head around all the complexities of granularity if there is not some technology to help them. Their eyes will glaze over and they'll be left to opt in or opt out.”
Monday's hearing was the fifth meeting of the Tiger Team since its 15 members were selected by ONC head David Blumenthal June 8 to expedite federal privacy and security policy development . The Tiger Team members were drawn largely from the ranks of two earlier privacy and security work groups the ONC created last year.
Send us a letter
Have an opinion about this story? Click here to submit a Letter to the Editor, and we may publish it in print.