For its project, CORHIO rounded up the usual "stakeholders" at six focus groups around the state. That’s how it's done—wrapping "consensus" around a policy—in this case, to eliminate patients' rights to control their behavioral health records.
The feds have quietly supported multiple efforts to wipe out state consent laws, but they want to do it without the clamor of seeking pre-emptive federal legislation. I'll talk about that tomorrow. In the CORHIO case, it meant ending Coloradans' control over the movement of their mental-health records.
Colorado once had a stringent privacy law in its Mental Health Practice Act. Like similar patient privacy laws in multiple states, it barred Colorado mental-health professionals from disclosing "any confidential communications made by the client, or advice given to the client" without patient consent.
This law, according to the CORHIO report, was deemed a barrier to information exchange. So in early 2011, even before finishing with its focus groups, CORHIO collaborated with "a coalition of provider and consumer groups" to gut the Colorado law, subordinating it to the federal Health Insurance Portability and Accountability Act, which allows disclosure for multiple uses without patient consent.
The CORHIO report also calls for overcoming another "barrier," the federal rule that requires patient consent for disclosure of patient records by federally funded drug- and alcohol-abuse treatment providers.
Then, in a triumph of inconsistency, the CORHIO report says Colorado patients and providers want to restore control over the exchange of mental-health records by developing "an operationally feasible method for exchanging behavioral health information through a granular consent model."
CORHIO identified methods for doing this, including "opt-in," whereby patients would sign consents to have their information exchanged. Another would segregate patient data by provider, restricting behavioral-health information to behavioral-health providers.
Under a third method, patients would "select who has access to what information at a very granular level, giving the patient the ultimate control over information," CORHIO said, adding that "a great deal of technical work would be needed to make this feasible."
So, at best, CORHIO got its priorities reversed. It's not alone among exchanges in doing so.
Before amending state and federal patient consent laws, RHIOs and statewide exchanges ought to operationalize available consent management technologies and then incrementally improve them.
Only when providers, exchanges and their technology vendors are able to meet the basic consent requirements of state and federal laws should sensitive patient medical records be made accessible to regional or statewide disclosure.
Follow Joseph Conn on Twitter: @MHJConn.