HHS advisory panel considers patient consent framework

Framework allows for at least 12 types of consent

An advisory group to the Health and Human Services Department today began considering a draft Basic Patient Privacy Consent technical framework that describes how health organizations should incorporate patients' consents and consent policies into their enterprises.

The Health IT Standards Committee’s privacy and security workgroup gave its members a draft patient consent framework. The draft was created with input from Integrating the Health Enterprise, an organization that promotes the coordinated use of technical standards.

The patient consents are needed for collecting and sharing patient health care data in electronic health record (EHR) systems to improve quality of care and public health. In many cases, data is de-identified to avoid identifying the patient. HHS currently is distributing $17 billion in incentives under the economic stimulus law to doctors and hospitals that adopt the electronic systems.

The goal of the basic patient privacy consent framework is to be human readable, machine readable and able to handle multiple types of consents and documents.

Under the framework, a health information exchange would develop a set of privacy and consent policies and start an access-controlled system to implement those policies supported by an EHR system. Patients would be given the policies and could “selectively acknowledge” which policies apply to their records.

The draft included at least 12 types of patient consents, including implicit and explicit opt-out and opt-in, authorizations for specific research projects and authorizations for use of the document but not for republishing.

The metadata for the consent would classify the level of confidentiality associated for the consent document.

About the Author

Alice Lipowicz is a staff writer covering government 2.0, homeland security and other IT policies for Federal Computer Week.

Reader comments

Tue, Apr 27, 2010 Deven McGraw

I co-chair the Health IT Policy Committee's privacy and security workgroup, and I have never seen this technical framework, nor has it been formally presented to the privacy and security workgroup members for their consideration.

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above