As the electronic collection, storage and availability of patient records increases exponentially at state and regional health information exchanges (HIEs), the protection of patient information must be ensured. LANES defines consent as the sharing and accessing of the patient’s personal health data through an HIE for treatment, payment and healthcare operations purposes.
Consent is “by source” at LANES, meaning that LANES recognizes opt-in and opt-out status for every each provider participant and patient in its HIE network. Patients may be opted in at one provider participant and opted out at another, based on their personal decision. Patients are automatically enrolled in the LANES clinical repository of electronic health records (EHRs); but, they have the right and opportunity to opt out of having their health data stored or disclosed or both at any time.
LANES honors patient consent. The health records of Los Angeles County-based patients who choose to opt out will not be shared with community providers; however, allowance is immediately granted to an opted-out patient who, if treated by a provider participant, re-authorizes sharing their health data to help inform clinical decisions, which can lead to higher quality outcomes.
Activities to continually refine the LANES Patient Consent Policy include:
- Examination of state and federal legislation. LANES regularly conducts due diligence regarding new patient consent and authorization rules.
- Continuous alignment with state and federal legislation and policies across the provider community and HIE ecosystem.
- Review of consent use cases and recommended revisions.
The LANES Privacy & Security Advisory Board reviewed and approved use cases and recommended revisions to the policy at its Dec. 8th meeting.
Also most recently, LANES updated its Patient Consent Policy to specify that provider participants must forward the opt-out flag notification to LANES authorizing their patients’ decision of not sharing their documented encounter data.
The provider participant’s role in patient consent compliance
Every provider participant enrolled in LANES is accountable for managing consent with their patients as well as notifying the HIE if a patient decides to opt out. Providers inform patients of their own involvement in LANES in addition to apprising them of their rights to participate, such as the choice to opt out and guidance on how best to exercise their consent preference.
To assist onboarding Southern California provider participants with policy adherence, LANES offers the following reference materials:
- Sample language for the Notice of Privacy Practices for Participating Providers
- An adaptable frequently asked questions (FAQ) document detailing the HIE’s patient consent practices to give to patients and;
- Change of Consent (opt-out) form template.
“Consent is one of the core principles of data protection and privacy,” said Jenn Behrens, LANES Chief Information Security Officer. “LANES is proactively committed to safeguarding every individual’s right to privacy including consent. We work diligently to examine and uphold the complexities of patient consent in a statewide HIE ecosystem through continual consultation with legal experts in HIPAA and our key community privacy and security stakeholders who participate on our Privacy & Security Advisory Board.”