The KHIT Blog: What does "obtain consent" mean with respect to HIT?

Tuesday, July 26, 2011

What does "obtain consent" mean with respect to HIT?

Some assume that in Nevada "consent" axiomatically connotes a requirement of express (written) affirmative "opt-in" to override a comprehensive default circumstance of one having passively opted out.

Interesting. Really? Well, consider...

Nevada does not provide a single, consistent approach to the privacy and security of health information. [pg 2]...

...Nevada does not have a comprehensive statutory framework in place to address health information and HIT issues. Instead, the existing statutes concerning these issues are scattered throughout NRS, and have often been adopted and amended independently of each other. In addition, these statutes, for the most part, do not specifically address issues involving electronic health information... [pg 14]

An interesting 98 page read traversing the gamut of Nevada statutes pertaining to PHI. It was the precursor to the May 23rd, 2011 Nevada HIE Strategic and Operational Plan I discussed my in prior post. Nothing I can find materially changed in the interim with respect to ePHI "consent." Let me add this to the Ops Plan excerpts I cited in my prior post:

The objectives related to these overarching [HIE] goals are to:

...Employ Nevada Open Meeting Law to ensure transparency and openness about policies, procedures, and technologies that directly affect individuals and/or their individually identifiable health information, including how that individually identifiable health information is collected, used, and disclosed and whether and how [emphasis mine] they can exercise choice over such collections, uses, and disclosures, in compliance with federal and state laws... [4.2 NV HIE Goals and Objectives, pp. 6-7]

The minimal regulatory/procedural mechanics of State HIE ePHI "consent" remain to be determined, IMHO. That, however, does not constrain the HealthInsight HIE from promulgating consent policies, with the knowledge that they may at some point(s) be in need of revision to conform to subsequent NAC and/or NRS requirements.
___

AUG 2nd UPDATE:
"COGNITIVE TRAP" MEA CULPA

In a prior post I cited recent publishing and discussion regarding some of the heuristic liabilities that afflict "reasoning." A common one is that of "confirmation bias" -- i.e., most of us, even "experts," tend to stop shopping for evidence once we find enough that fits with what we already assume to be the case.

In my prior post I cited some details from the Nevada SB 43 pertaining to patient options with respect to ePHI disclosure consent for purposes of health information exchange.

To recap:

Sec. 7. 1. The Director shall by regulation prescribe standards:

(a) To ensure that electronic health records and the statewide health information exchange system are secure;

(b) To maintain the confidentiality of electronic health records and health-related information, including, without limitation, standards to maintain the confidentiality of electronic health records relating to a child who has received health care services without the consent of a parent or guardian and which ensure that a child’s right to access such health care services is not impaired;

(c) To ensure the privacy of individually identifiable health information, including, without limitation, standards to ensure the privacy of information relating to a child who has received health care services without the consent of a parent or guardian;

(d) For obtaining consent from a patient before transmitting the patient’s health records to the health information exchange system, including, without limitation, standards for obtaining such consent from a child who has received health care services without the consent of a parent or guardian...

and

Sec. 15. NRS 439.538 is hereby amended to read as follows:

439.538 1. If a covered entity transmits electronically individually identifiable health information in compliance with the provisions of [the]:

(a) The Health Insurance Portability and Accountability Act of 1996, Public Law 104-191; and

(b) Sections 2 to 12, inclusive, of this act and the regulations adopted pursuant thereto, which govern the electronic transmission of such information, the covered entity is, for purposes of the electronic transmission, exempt from any state law that contains more stringent requirements or provisions concerning the privacy or confidentiality of individually identifiable health information.

2. A covered entity that makes individually identifiable health information available electronically pursuant to subsection 1 shall allow any person to opt out of having his or her individually identifiable health information disclosed electronically to other covered entities, except:

(a) As required by the administrative simplification provisions of the Health Insurance Portability and Accountability Act of 1996, Public Law 104-191.

(b) As otherwise required by a state law.

(c) That a person who is a recipient of Medicaid or insurance pursuant to the Children’s Health Insurance Program may not opt out of having his or her individually identifiable health information disclosed electronically...

Well, seems from all of those provisions that the precise legal/regulatory parameters of ePHI/HIE disclosure "consent" remain TBA in the wake of final passage of SB 43, no?

But, then, there's this contrary little wrinkle I'd missed:

Sec. 11. 1. Except as otherwise provided in subsection 2 of NRS 439.538, a patient must not be required to participate in a health information exchange. Before a patient’s health care records may be transmitted electronically or included in a health information exchange, the patient must be fully informed and consent, in the manner prescribed by the Director, to the transmittal or inclusion.

Section 11, which rather clearly infers a requirement for express affirmative (written?) "opt-in" consent that I'd failed to read (and might rightfully be construed as dictating what the Director "shall by regulation prescribe" regarding disclosure permission), seems to be at direct odds with 15(2)(c).*

* And, the fact that HIEs are not "covered entities" with respect to HIPAA is an irrelevant technicality. It will not be HIE employees in the providers' offices collecting consents. Moreover, HIEs are bound by the requisite Business Associates Agreements in any event.

I'm left with feeling a twinge of having fallen into the trap of "confirmation bias" in all of this, perhaps in part of function of the "Anchoring Effect" of having read so much HIE consent literature from other sources pertaining to the feds and other states. The convenience of "keyword/phrase" search has its hazards here as well; you think you've found what you need without reading every word.

HIE REPORT JUST RELEASED

SECRETS OF HIE SUCCESS REVEALED (PDF)
Lessons from the Leaders

"[The] National eHealth Collaborative (NeHC) recently conducted a study of 12 fully operational HIEs that demonstrate through their innovative strategies and business models that HIEs can benefit multiple stakeholder groups, and can, in the process, become growing, self-sustaining business enterprises."

From "Critical Success Factors" in the Executive summary:

...Consent and security policies and mechanisms must meet the requirements of various types of stakeholders and, in some cases, variations in regulations among multiple states. The HIE’s information infrastructure and operations must also ensure that patient information is accurate and reliable. Managing the framework of trust can be daunting for an HIE, as data originating from a variety of disparate locations must be verified in a way that is simple and efficient, with no margin for error. One executive interviewed calls health information exchange a “zero-defect” business...

Also from the Executive summary, numero uno in the "Barriers" piece:

BARRIERS TO GROWTH AND SUSTAINABILITY

Policies and procedures designed to meet complex privacy requirements tend to impede an Hie’s efforts to achieve the critical mass of patient records needed to accelerate adoption. Managing patient consent in particular is a major challenge that gains complexity as the footprint of these HIEs expands. With one exception, the HIE teams raising consent as an issue believe that requiring patients to opt-in to the HIE is a barrier to progress. In contrast, operating in an environment where opt-out consent is accepted by the community was identified as an important factor of success.

Interesting. The report goes on to discuss the "consent management" issues (where applicable) confronted by and policies of:

Availity
Big Bend RHIO
HealthBridge
HealthInfonet
Inland Northwest Health Services
MedVirginia
Quality Health Network
Rochester RHIO
Sandlot
SMRTnet
Taconic Health Information Network and Community
U.S. Department of Veterans Affairs

I'm still reviewing all of this at the moment. One example (Availity):

Patient consent. Managing patient consent is a significant challenge that will persist and become more complex as Availity’s geographic footprint and number of users expands. Tracking consents and revocations at the source of the data in a multi-state environment where laws, policies, and preferences often vary, requires significant investments in expertise, collaboration with stakeholders, and education of distributors and consumers.

One more (Rochester RHIO):

Complex patient consent requirements. The complexity of policies to protect patients’ privacy and consent procedures in New York presented significant challenges that the Rochester RHIO needed to overcome to achieve its healthcare provider adoption and consumer participation goals. To streamline the consent process while making the most information available in the shortest period, the Rochester RHIO has implemented the New York Department of Health-approved patient consent model, known as “consent to view.” All patient data available electronically from the RHIO’s data distribution partners is accessible by the HIE regardless of patients’ consent. However, a specified patient’s data cannot be viewed by a user without an informed consent from the patient on file authorizing that user to access that patient’s information. With this model, as soon as a patient grants consent, all historical information on that patient available from data suppliers via the HIE can be accessed by his or her providers. To streamline the process, patients can complete informed consents online. Leadership at the Rochester RHIO considers it vitally important to invest the resources necessary to assist physicians’ offices to operationalizing the patient consent procedures. These strategies have helped the Rochester RHIO obtain consent for more than one-third of the market’s patient population to date.

Big Bend RHIO:

Patient education. Big Bend has found that it is necessary to help patients understand and accept the policy options related to patient opt-in versus opt-out models.

HealthInfonet:

Consensus on patient consent management. Achieving consensus among the community’s stakeholders for an opt- out patient consent model is considered to be an important factor in growth of clinician adoption. HealthInfoNet will remove all clinical data belonging to a patient who decides to opt-out of the HIE. As of early 2011, approximately 6,000 patients – less than 0.6 percent of patients in the database – have opted-out of the HIE. Patients are able to opt-out of the HIE via an online form available at HealthInfoNet’s website.

And, finally, the Veterans Administration:

Patient consent requirements. Sharing of veterans’ health information with private sector entities requires patients to explicitly provide consent (i.e., opt-in). Every VA region requires a different approach and outreach to veterans to invite their participation in VLER, which is a worthy but significant effort and investment.

___

OK, THIS IS A DOOZY...

Recall back in April I'd made some observations about "Comparative Effectiveness Research" (CER, cited earlier here as well)? The potential Big Picture long-term data-mining payoff of HIE? Well, recently from the Pacific Research Institute:

...under conservative assumptions, R&D investment in new and improved pharmaceuticals and devices and equipment would be reduced by about $10 billion per year over the period 2014 through 2025, or about 10-12 percent. This reduction in the advance of medical technology would impose an expected loss of about 5 million life-years annually, with a conservative economic value of $500 billion, an amount substantially greater than the entire U.S. market for pharmaceuticals and devices and equipment. This finding suggests that an expanded CER process may be very unwise in a policy context and that a renewed emphasis upon a “bottom-up” process of experimentation by many millions of practitioners and patients would be a more fruitful approach for the acquisition of information about the comparative effectiveness of alternative clinical approaches...

...This finding suggests that an expanded CER process at the federal level—a top-down process—may be very unwise in a policy context, and that a renewed emphasis upon a “bottom up” approach of experimentation by many millions of practitioners and patients would be a more fruitful vehicle for the acquisition of information about the comparative effectiveness of alternative clinical approaches.

So many Straw Men, so Little Time. So, clinical practice advances wrought by data mining from in-the-trenches clinical results (however imperfect) will make us signifcantly worse off? "CER kills"? Basically, they're accusing the government of an inexorable cost-driven biased agenda essentially characteristic of the old "Soviet Science."

I ran this stuff by the esteemed Joe Flower and J.D. Kleinke. Have yet to hear back from J.D. but here's how Joe responded.

I haven't read the study. I don't need to, since it is so obviously true, if we just make certain assumptions, such as:
Every dime spent on R&D for drugs and devices is wisely spent, on advances that will save and improve lives.
Every dime spent on finding out whether those drugs and devices actually work as advertised, and don't actually kill people, and do it better or cheaper than other drugs and devices, is a dime wasted. CER just slows down legitimate, helpful research.
Experience does not show us any examples of wasteful or unnecessary drugs or devices. Those multiple peer-reviewed research papers showing that we waste hundreds of billions of dollars every year on useless complex back surgeries, the 22% of implanted defibrillators that are unnecessary, tens of millions of unnecessary scans, coronary stents put in people with stable heart disease and no heart pain, the heartburn surgeries that work no better than over-the-counter drugs—those studies are all false, wrong, some kind of mumbo-jumbo that we can safely ignore.
If we just make those few simple assumptions, the study has a valid point. If we don't accept those assumptions, we have to wonder about the mental state, motivations, and personal finances of someone who would cook up such an obvious bit of flim-flam.

See Joe's post "Comparative effectiveness research kills?"

BTW, Joe's post quickly got picked up by The Health Care Blog. My subsequent comment:

OK, I’ve been closely through the entire “study” with yellow highlighter and red pen for underlining and margin notes. It could have been done as a short Powerpoint deck of the usual [1] “ell ‘em what you’re gonna tell ‘em, [2] tell ‘em, [3] and finish by telling them what you told them” format.

In sum:
Government BAD;
unfettered for-profit markets GOOD.
Y’see we can’t trust “the government” to produce unbiased scientific CER findings owing to their imperative to cut costs — inexorably at the expense of patients’ interests and market “innovation” and profits. BUT (implicitly), no such conflict of interest biases exist in the free market.

That’s really the essence of this paper, extensive footnotes, neat-o ECON algebra, and Blinding Glimpses of the Obvious undergrad 101 psych and biz school theory assertions (“incentives,” “ROI,” “opportunity cost,” “efficiency,” etc).

Gotta love the repetitive hedging phrase “to the extent that…” too.

This kind of stuff is akin to that of the “Concern Troll.”

To The Extent That my hops improve materially, I will be hammer-dunking during pickup.

The author's closing assertion (returning to where he began, verbatim):

...a “bottom up” approach of experimentation by many millions of practitioners and patients would be a more fruitful vehicle for the acquisition of information about the comparative effectiveness of alternative clinical approaches.

The final sentence in the paper. Permit me to ask: the aggregate "study designs" and scientifically administrative coordination of all these ad hoc, silo'ed n=1 experiments will be accomplished precisely how and by whom?

Simply "Let a Million Clinical Thomas Edisons and Ben Franklins Bloom"?

The author begs off that

...problems of analysis and application are not the central focus of this paper. Instead, we concentrate here on the implications of the CER process on R&D investment in new and improved medical technologies, as driven by federal policy-making in the context of the incentives of public officials...[pg 12]

"Not the central focus"? Forgive me for failing see where they're substantively addressed at all (with the exception of one briefly cited investigation -- the University of Texas ALLHAT Study).

UPDATE: I've asked the fine folks at ScienceBasedMedicine.org to take a fresh whack at this topic.
___

More to come...

No comments:

Brave New Health

Commonwell Health Alliance

Another important read (pdf)

I love this kind of stuff. It sustains and humbles me. "As politicians, advertisers, salesmen, and propagandists for various political, economic, moral, religious, psychic, environmental, dietary, and artistic doctrinaire positions know only too well, fallible human minds are easily tricked, by clever verbiage... Common language—or at least, the English language—has an almost universal tendency to disguise epistemological statements by putting them into a grammatical form which suggests to the unwary an ontological statement. A major source of error in current probability theory arises from an unthinking failure to perceive this."

Quotes

"An economist is a person who sees something that works in practice and tries to figure out whether it will work in theory."

- J.D. Kleinke, medical economist
___

"The only person who enjoys change is a baby with a wet diaper."

"Every misspent dollar in our health care system is part of somebody's paycheck.

- Brent James, M.D., M.Stat

“We could do healthcare, at markedly higher quality, for everyone in this country, without rationing or denying anybody the care that they need, without having the government dictate how doctors practice or whether hospitals could expand, at half the cost we do it now.”

- Health Care Futurist Joe Flower

Most of the sciences, unlike parts of medical science, are not concerned with the impossible. There is not complementary and alternative physics, or chemistry, or biochemistry, or engineering. These disciplines compare their ideas against reality, and, if the ideas are found wanting, abandoned."

- Mark A. Crislip, MD

"Q: How much alcohol is too much?
A: More than your doctor drinks."

- a physician I once heard speak during a CME presentation

“Just because science doesn’t know everything, doesn’t mean you get to fill in the gaps with whatever fairy tale most appeals to you.”

- Dara O’Briain

'[I]t is one small step from using the computer for "helping" doctors to monitoring them, judging them, dictating to them what to do, and withdrawing payment for computer non-compliance. The use of computer data is a multi-edged sword. It can be used for the "good," facilitating diagnosis and treatment and making it more accurate and up-to-date, and for “evil,” invading privacy, inviting security breechs, and making decisions based on the opinions of remote authorities rather than those present at the patient-doctor encounter.'

- Richard Reece, MD

“[T]here ARE statistics which are non-political. Just because The Washington Post/Fox News reports the temperature is 75 degrees doesn’t mean it’s really snowing and sunscreen is a liberal/conservative plot. Even if you earn a living being ideological.”

- Michael L. Millenson

"It is a generally a fairly convincing argument that people shouldn’t have to be subsidized to undertake a change which is in their best interest.

The reconciliation seems to be that EHR is not supposed to make a doctor’s practice more efficient and higher quality. It is supposed to make the system of care more efficient and higher quality, which is not the same thing. Those of you who took calc recall that maximizing the total of variables is not achieved by maximizing any one variable and this is a perfect example of that.

Those of you have served in combat certainly noticed that too — if everyone works as a team the unit takes fewer casualties. If you try to save your own hide, you might, but at the expense of more casualties overall."

- Al Lewis

"There are two ideas to keep in mind about Bayesian reasoning and how we tend to mess it up. The first is that base rates matter, even in the presence of evidence about the case at hand. This is often not intuitively obvious. The second is that intuitive impressions of the diagnosticity of evidence are often exaggerated."

- Daniel Kahneman, "Thinking, Fast and Slow"

"Physicians apply advanced scientific knowledge, but they must do so without the favorable conditions that experimental scientists create for themselves. Multitasking is forced on physicians, often in chaotic environments and under severe time and resource constraints."

- Lawrence and Lincoln Weed, "Medicine in Denial"

"It’s time to stop the whining about Obama care and acknowledge we already have universal health care. We just pay for it in the stupidest way possible that ensures problems are that much more disastrous and complicated when they’re finally treated."

- Mark Hoofnagle, MD, PhD

"Every act of conscious learning requires the willingness to suffer an injury to one's self-esteem. That is why young children, before they are aware of their own self-importance, learn so easily."

- Thomas Szasz, MD
___

"Of course, one reason that process metrics* are so popular is that processes are much easier to define and measure than outcomes."

- The Skeptical Scalpel
___

"There is an “illusion of validity” for any random data point, a seductive sense that is colored by what we hope will be true. Mountains of pharmaceutical claims are often made from mere molehills of data."

- Danielle Ofri, MD
___

"Joy empowers people. It is a source of energy that enables people to hope and plan and change their lives for the better. Spend some time around someone who is relentlessly negative and how do you feel–drained, right? More and more research shows that joy is not something that just happens to you, like a bolt of lightening out of the blue. Joy is, instead, a habit to cultivate. Negative thinking and despair are the crabgrass of our souls–weeds that take root and spread, sometimes to all areas of life. Joy, in contrast, is a soul’s rose–hardy when cared for, able to put down roots over time and withstand disease and extremes. Like a rose, however, your joy can become blighted from neglect or harsh conditions. We all need to tend to our joy–to prune away the badness, and to know that, even though it may look like a prickly bare root, if you invest time in a joyous outlook, gorgeous things will bloom, even in the harshest conditions."

- Dr. Jan Gurley
___

"'Solutions' exist only in mathematics."

- Karen Martin
___

"The issue of how to regulate clinical software is, in the long run, indistinguishable from the issue of how to regulate medicine. The only difference is that medicine is practiced in the open, without secrecy, subject to peer review, and under a merit-based state license."

- Adrian Gropper, MD
___

"Economist, rope, tree: some assembly required."

- Source unknown

DISCLAIMER:

I write this blog wholly on my own time and my own dime. The views proffered are expressly my own as a concerned and active citizen/taxpayer (in addition to being the result of my substantive experience in the various IT fields), and in no way reflect any policy views of my former employer, notwithstanding that some of the thinking has indeed obviously been spurred by the implications of the work with which I have been doing for them.

FAIR USE POLICY
I cite a ton of news and web sources spanning the breadth of relevant technical and policy domains, sometimes at substantial length. I believe I remain well within the bounds of "Fair Use," as [1] I am not doing any of this for profit, [2] I always provide attribution and links -- which, [3] far from negatively impacting any copyright holders' commercial interests, might actually increase traffic to and interest in their offerings.

Nonetheless, should I post anything of yours regarding which you have any objection, just let me know and I will remove it forthwith.

The KHIT Blog

Search the KHIT Blog

Tuesday, July 26, 2011

What does "obtain consent" mean with respect to HIT?

No comments:

Post a Comment