Catch a Tiger Team by the Tail: Patient Consent at the Intersection of HIE, PHI and CYA

Michael Bilancieri
Feb 03, 2012

Catching up on some reading after a few weeks on the road, most notably at VMworld 2010, I read Joseph Goedert’s Health Data Management article on the Privacy and Security Tiger Team’s recommendations for privacy issues that were sent to The Office of the National Coordinator for Health Information Technology (ONC). The core recommendations focus on how to empower patient consent and how to ensure appropriate use and exchange of personal health information (PHI) by care givers and business associates – all in the name of good data stewardship – as ONC encourages adoption of healthcare IT.

I blogged previously about the July 2010 Privacy and Security Tiger Team meeting that detailed technologies that enable consumers to choose whether or not to share their information in health information exchanges (HIEs). Following on that, the Tiger team formed their recommendations that Joseph’s article summarized (a high-level worthwhile read).

The Tiger Team continues to drive for patient rights with regard to how PHI is used, handled, disseminated and protected. Their coverage is broad to include providers, researchers, and other third-party providers who may need access to PHI, trying to cover the potential gaps in protecting PHI. While the use of technologies to protect patient data is certainly in their sights, the necessary technologies for managing and adhering to patient consent are still some time off in the future.

As the Tiger Team states, trust between the patient and their provider is of utmost importance. With providers being responsible for their patients medical records, and without a broad implementation of robust electronic consent systems, patients are at the mercy of their providers to ‘do the right thing’ when it comes to storing, protecting and using their PHI. When it comes to patient consent, the Tiger Team appears to be looking intently at how to best enable this without robust electronic systems yet in place, recommending policies and processes with regard to patient education on their granting and not granting consent.

The Tiger Team’s common directive across the various users of PHI is accountability, and in my opinion is definitely the place to start... Whether through electronic or manual means, providers and other 3rd-parties must be held accountable for their use and protection of PHI. As patients, we certainly want to (and need to) have the utmost trust in our care providers, from the actual care they provide us to the respect they have for the privacy of some our utmost confidential information; details of our physical and mental health and well being. Accountability is the foundation upon which trust can be formed.

I’m keen on seeing how the ONC acts upon the Tiger Team’s recommendations, and plan on continuing to blog about the developments that result from these important patient rights issues.