The consent registry is a repository that stores and manages patients consent directives based on roles and access rules that are pre-defined. A consent directive is defined as express instruction(s) from a health care client regarding the collection, use, or disclosure of their personal health record (PHI). Healthcare clients will be able to create, modify, and revoke their consent directives. All consent-related updates and overrides will be logged, and notifications of override transactions will be provided according to business rules and law.2
What is Meaningful Consent?
Meaningful consent occurs when the patient makes an informed decision and the choice is properly recorded and maintained. There are six aspects of meaningful consent decisions:
- made with full transparency and education;
- made only after the patient has had sufficient time to review educational material;
- commensurate with circumstances for why health information is exchanged;
- not used for discriminatory purposes or as a condition for receiving medical treatment;
- consistent with patient expectations; and
- revocable at any time.
Patients may choose to give HIEs full access to their information, limited access, or no access at all. This can be in the form of:
- Opt-in – Default is that patient health information is not shared. Patients must actively express their consent to share.
- Opt-out – Default is for patient health information to automatically be available for sharing. Patients must actively express their desire to not have information shared if they wish to prevent sharing.3
- Personal Health Information and Consent
- Consent Management in Health Care Privacy
- Informed Consent: Express or Implied Consent?
- Express Consent Versus Implied Consent
Key Aspects of Implementing Meaningful Consent
This includes educating patients about their consent options, who may release their information and how, and the significance of the consent choice in an accessible and clear understandable format.
Technology is used to capture and maintain patient consent decisions, identify which sensitive portions of patient information are restricted from access, and communicate these restrictions electronically with others.
The use of electronic health records (EHRs) and other health IT will play an increasing role in electronically capturing and maintaining patient consent.
Law and policy help to ensure alignment with federal and state law and other legal and policy requirements pertaining to consent, individual choice, and confidentiality.3
Canada Health Infoway embarked on the Consent Management Project to solve the challenge of how to respect consent/disclosure directives throughout an individual’s interaction with the health system, particularly in electronic systems designed to make information available to other electronic systems. The discussion of potential Consent Management Solutions (CMS) deployment models was accessed as possible answers to this challenge. CMS allows a consent directive recorded in one system to be applied as the individual expects. Canada Health Infoway has published a paper which identifies both high-level business and functional architectural requirements:
A number of different consent models selected for the electronic exchange of information can be used in an HIE. The issues, nuanced considerations, and possible tradeoffs associated with the various consent options to help facilitate informed decision making are discussed in further detail in the resources listed below:
- Consumer Consent Options for Electronic Health Information Exchange: Policy Considerations and Analysis
- Patient Privacy, Consent, and Identity Management in Health Information Exchange
A Health Information Exchange (HIE) helps route information among various participating providers. This involves sending out an electronic broadcast query that asks all provider participants for information on specific patients.
Health information distributed through an HIE for treatment, payment, and health care operations purposes involves a high level of patient trust. An HIE must ensure patients make meaningful decisions on the concerns of sharing and accessing their health information.
Implementers can enable meaningful consent by ensuring patient education and engagement, utilizing technology and abiding by relevant law/policy.1