• linkedin
  • Increase Font
  • Sharebar

    Health information exchanges introduce patient consent questions

    Experts offer advice on technical, legal and ethical implications

    As physicians, hospitals and health systems increasingly share patient data between providers and across healthcare organizations, the issue of patient consent becomes critical. Should patients be required to opt in or opt out of health information exchanges (HIEs)? And what are physicians’ legal obligations in making sure this data is exchanged securely and accurately?

    Although meaningful use stage 2 has been effectively delayed, physicians who wish to attest to it this year or next will have to exchange patient information electronically at transitions of care, including referrals. Physicians might also be asked to send records online to other doctors when patients self-refer to them.

    Depending on how this information is exchanged and what is exchanged, patient privacy issues may come into play. Physicians need to be aware of state and federal legal requirements and should follow best practices to ensure patient privacy and avoid liability. This includes understanding the role of patient consent in the exchange process.

    In general, the federal Health Insurance Portability and Accountability Act (HIPAA) rules allow treating providers to exchange information about patients they have in common, regardless of whether they are part of the same organization. Patients are already asked to sign HIPAA privacy notices and consent forms that allow their information to be disclosed to designated individuals. Depending on the state, patients may also have to give specific consent for information to be exchanged through HIEs that transfer electronic data between participating providers or provide access to it online.

    Nearly half of the states have or plan to have these “opt in” requirements for health information exchange in their statewide HIEs, according to the Office of the National Coordinator of Health IT (ONC). Most of the other states have “opt out” policies that allow patients to choose not to have their information exchanged online.


    You must be signed in to leave a comment. Registering is fast and free!

    All comments must follow the ModernMedicine Network community rules and terms of use, and will be moderated. ModernMedicine reserves the right to use the comments we receive, in whole or in part,in any medium. See also the Terms of Use, Privacy Policy and Community FAQ.

    • SeanMason
      You have Florida listed as an Opt-in state. Specifically what state law make it an Opt-in state? I've spoken with AHCA, and there interpretation is also that Florida is an Opt-in state, however when I look at the state law,395.3025(4), F.S., it doens't appear to support that assertion.
    • SeanMason
      duplicate post
    • DorotheaHowe
      Ken - On your article about health information exchanges, you list Ohio as "other" but our statewide CliniSync health information exchange has an opt-in policy that we are now starting to implement as we go towards query-based exchange. There's a smaller HIE in Cincinnati that I don't believe will have query capability. I just wanted to make sure you knew this. I couldn't email you directly. Dottie Howe, Communications Director, Ohio Health Information Partnership/CliniSync HIE

    Latest Tweets Follow