Exchanging health information requires individuals to grant permission for their records to move from one provider to another. The process of, and requirements for, obtaining individual consent for sharing information places more or less control of information use and disclosure in the individual’s hands, and can vary by types of information, duration of consent, and other variables. Differences in federal and state consent laws are often challenging for states, Health Information Organizations (HIO) and providers to reconcile, creating one of the major obstacles to smooth and regular electronic health information exchange (HIE).
As states and state designated entities begin collecting and exchanging electronic health information across state lines, they need to develop consent policies that comply with federal polices and align across state laws to ensure the adequate protection of health information while ensuring the information is available to providers to utilize in delivering care.
The risk manager in me appreciates that Christiansen's IT Law has released a report of their review of existing literature and nine case studies of HIOs and associations currently involved in HIE. The case studies identify various consent options utilized by organizations with existing HIE; serving as a collection of best practices.
The authors also created a Consents Toolkit, which is intended to support the development and implementation of consent processes consistent with the most stringent requirements of Federal and state law, from identification and assessment of applicable laws through their reconciliation into policy requirement, to a decision‐making process for identifying the consent policy which applies to a specific type of disclosure.