Meaningful Consent Overview

Electronic health information exchange (eHIE) — the way that health care providers share and access health information using their computers — is changing rapidly. One way some providers share and access information is through a third-party organization called a health information exchange organization (HIE).

HIEs help route information among various participating providers. In some HIEs, a provider can send out a broadcast query that asks all provider participants whether they have information on a particular patient. This method of asking for patient information is different from one provider directly contacting another to request a patient's information.

As eHIE increases, patient trust in HIEs must be ensured and patients may more frequently be asked to make a “consent decision." This consent decision concerns the sharing and accessing of the patient’s health information through an HIE for treatment, payment, and health care operations purposes. Consent decisions may allow patients to determine the following, depending on the eHIE taking place:

• if their health information will be released,
• under what circumstances the release will take place (e.g., any time or emergencies only?), and
• by whom (e.g., health care providers? HIEs?).

Providers may choose to offer one or a combination of the following general types of consent policies [PDF - 733 KB]:

• Opt-in – Default is that patient health information is not shared. Patients must actively express their consent to share.
• Opt-out – Default is for patient health information to automatically be available for sharing. Patients must actively express their desire to not have information shared if they wish to prevent sharing.

Patients may choose to give providers and HIEs full access to their information, limited access, or no access at all.

When patients are asked to make consent decisions, we encourage providers, HIEs, and other health IT implementers to help patients make the consent decision meaningful.

What is Meaningful Consent?

Consent should not be a “check-the-box” exercise. Meaningful consent occurs when the patient makes an informed decision and the choice is properly recorded and maintained. Specifically, a meaningful consent decision has six aspects. The decision should be:

• made only after the patient has had sufficient time to review educational material,
• commensurate with circumstances for why health information is exchanged (i.e., the further the information-sharing strays from a reasonable patient expectation, the more time and education is required for the patient before he or she makes a decision),
• not used for discriminatory purposes or as condition for receiving medical treatment,
• commensurate with circumstances for why individually identifiable health information is exchanged,
• consistent with patient expectations, and
• revocable at any time.

What Do I Need to Know to Implement Meaningful Consent?

Implementers can enable meaningful consent by ensuring they consider the key parts displayed in the image below:

1. Patient Education and Engagement– including educating patients about their consent options, who may release their information and how, and the significance of the consent choice.
2. Technology– using technology to capture and maintain patient consent decisions, identify which sensitive portions of patient information are restricted from access, and communicate these restrictions electronically with others.
3. Law and Policy – ensuring alignment with federal and state law and other legal and policy requirements pertaining to consent, individual choice, and confidentiality.