State HIEs wrangle with thorny 'patient consent' issue

By Mary Mosquera
04:27 PM

Oregon and Illinois are two states that will launch their initial health information exchange core services in early 2012. Both states will shortly publish contractor proposals to help them develop the systems and databases they will need to support their health information exchanges (HIE).

For Oregon, a vendor will set up a provider directory at the individual and entity level, which will also include a certificate authority, and a statewide health information service provider to offer Direct Project addresses to any state provider or consumer for free, said Carol Robinson, state coordinator for health IT, Oregon Health Authority.

Oregon will onramp its exchange participants with messaging services using Direct protocols, which are secure email designed for simple exchanges between providers or between a provider and a patient.

[Government Health IT cover story: The Direct route to more pertinent patient information.]

"We’re considering that as our gateway to the health information exchange. We think that this will help providers begin to experience some of the value of HIE, but we know it’s not enough,” Robinson said June 23 at a state healthcare IT conference.

The HIE will expand its services as quickly as communities support them, but “it is a finance issue more than anything,” Robinson said. 

Oregon will launch Direct pilots by early 2012 and establish grants to test some of the work and create measures “that we can point to and tell stories of success,” she said.

The Office of the National Coordinator for Health IT has funded statewide health information exchanges to assist providers in sharing data to improve care as part of the meaningful use of electronic health records (EHRs). ONC has approved the exchange plans of all states.

In Illinois, state officials anticipate putting its initial services in production in April 2012. These core HIE services will include a master patient index, which will be comprised of multiple repositories in the state starting with the Medicaid database, said Ivan Handler, CTO of the Illinois Office of Health IT.

Other services will be a master provider directory, a public health entity directory, and a record locator service so patient data can be consolidated in ways that are useful for the healthcare provider. 

One of the more sensitive challenges is whether to make patient consent opt-in or opt-out for electronic exchange of their health information. With opt-in, the onus is on providers to enroll their patients, a time-consuming process in which to engage patients. With opt-out, individuals are automatically included until they withdraw consent.

Indeed, Maine's existing HealhtInfoNet sparked some criticism this month from providers, even though the HIEs communications manager, Amy Landry, explained that it has always practiced opt-out.

Much like Maine, Oregon has an opt-out, with some specially protected categories that will have to be opt-in. These include categories such as behavioral health issues and some conditions, such as HIV, to protect a patient’s privacy.

“However, there was a strong discussion among stakeholders about consumer choice and how to inform patients about this. There was also a very high value put on the need to have the information in the system and about the ability for physicians to provide better care at the time of care with that information,” Robinson said.

[Q&A: ONC's Mostashari on the innovation electronic data will spark.]

Oregon will conduct an education campaign around providers about what consent and opt-out means. “Consent is all over the map right now. Having a process of education that will standardize consent in our state will be an advantage,” Robinson added.

Illinois passed legislation so that those who receive Medicaid are automatically included in exchange. “They can’t opt out because the state is paying for them and has a stake in their health," Handler said. "It’s not clear so far about what will happen with those who are not on Medicaid."

He said it is possible that the state may need a rules-based consent system, such as an XML-based framework, to apply to various situations.