Meaningful Consent Overview

Home

Electronic health information exchange (eHIE) — the way that health care providers share and access health information using their computers — is changing rapidly. One way some providers share and access information is through a third-party organization called a health information exchange organization (HIE).

HIEs help route information among various participating providers. In some HIEs, a provider can send out a broadcast query that asks all provider participants whether they have information on a particular patient. This method of asking for patient information is different from one provider directly contacting another to request a patient's information.

As eHIE increases, patient trust in HIEs must be ensured and patients may more frequently be asked to make a “consent decision." This consent decision concerns the sharing and accessing of the patient’s health information through an HIE for treatment, payment, and health care operations purposes. Consent decisions may allow patients to determine the following, depending on the eHIE taking place:

Providers may choose to offer one or a combination of the following general types of consent policies [PDF - 733 KB]:

Patients may choose to give providers and HIEs full access to their information, limited access, or no access at all.

When patients are asked to make consent decisions, we encourage providers, HIEs, and other health IT implementers to help patients make the consent decision meaningful.

What is Meaningful Consent?

Consent should not be a “check-the-box” exercise. Meaningful consent occurs when the patient makes an informed decision and the choice is properly recorded and maintained. Specifically, a meaningful consent decision has six aspects. The decision should be:

What Do I Need to Know to Implement Meaningful Consent?

Implementers can enable meaningful consent by ensuring they consider the key parts displayed in the image below:

  1. Patient Education and Engagement– including educating patients about their consent options, who may release their information and how, and the significance of the consent choice.
  2. Technology– using technology to capture and maintain patient consent decisions, identify which sensitive portions of patient information are restricted from access, and communicate these restrictions electronically with others.
  3. Law and Policy – ensuring alignment with federal and state law and other legal and policy requirements pertaining to consent, individual choice, and confidentiality.