HIT Perspectives – August 2022
eConsent: The Key to Interoperability’s Next Big Step
Headline-making tech acquisitions highlight the important role eConsent will play in furthering health data exchange efforts.
By Pooja Babbrah, Practice Lead, PBM Services
- Oracle completed a $28 billion acquisition of Cerner with the intention of creating a national health records database
- If this national health records database comes to fruition, eConsent will be foundational
- Emerging standards for eConsent will be critical in freeing informed consent from the walled gardens of health systems to follow the patient from provider to provider
- There are several innovators doing work related to eConsent
- Office of the National Coordinator for Health IT is holding an eConsent Discovery session indicating the agency recognizes the importance of solving eConsent challenges
- Consumer education related to managing informed eConsent and how it may impact their care is an important factor
- Momentum is building in the industry around solving eConsent. The time is now
Oracle’s $28 billion acquisition of Cerner wrapped up June 8th, giving healthcare technology pundits an excuse to finally exhale after months of waiting with bated breath for the deal to close. Announced in late 2021 (though rumored for several months before that), the acquisition has provided a platform for many to weigh in on the ability of a “big tech” company like Oracle to positively impact healthcare through its purchase of the second largest hospital electronic health record (EHR) vendor in the United States (US).
Naysayers abound, of course, as is always the case when “outsiders” sashay into healthcare with panacea-like answers to the field’s biggest problems. Oracle Executive Chairman and Chief Technology Officer Larry Ellison proclaimed that the newly combined Oracle Cerner will create a national health records database to aggregate patient data from thousands of hospitals. His announcement is still generating skepticism among the health information technology (health IT) cognoscente. They’ve seen technology companies like Google, Microsoft and Amazon make headlines with promises of healthcare-related, pie-in-the-sky projects before, none of which have come to pass as promised.
And yet Oracle’s grand vision of a national database – whether it comes to fruition or not – includes a component that could truly transform the way a patient’s information is gathered, stored and shared: digital informed consent (“eConsent”). Though Ellison only briefly mentioned the need for patient consent during his press conference, he did stress that providers will be able to access identifiable data from the database only with patient authorization. In other words, eConsent will be foundational to the development and successful utilization of such a database and, by extension, any system that interacts with it.
eConsent – once thought of as a “nice to have” feature of EHR, practice management, and patient engagement systems –will soon become a “must have” feature of successful interoperability efforts. Medical information, behavioral health data, social services and advanced care planning will all require healthcare stakeholders to include eConsent in any computerized process that uses or shares identifiable personal data. Use of emerging eConsent standards will allow these data to follow the patient from provider to provider and to include community service agencies that may use both clinical and social determinants of health data.
Current eConsent Efforts
Informed patient consent is, of course, not a new concept. Paper-based consent forms continue to be required of patients, providers and payers alike. Digital consent forms and processes aren’t new, either. Like nascent EHRs in the early days of meaningful use, eConsent software and processes today tend to live in walled gardens, starting and stopping within a single healthcare organization. There are, however, innovative healthcare technology vendors and organizations that are extending a patient’s eConsent across multiple systems and agencies, bringing true interoperability to patient care.
Several organizations came together to form the eConsent Collaborative, a community of practice focused on the use of eConsent in healthcare with an initial focus on advanced care planning (ACP). ACP was chosen as the initial use case because it is rife with consent challenges. ACP patients receive services in multiple settings and may have multiple versions of advanced directive documents saved in the EHR. This reduces caregiver confidence they are acting according to the most recent version.
Founding members include BPM+ Health, Interoperability Institute and Object Management Group. Point-of-Care Partners has been serving as an expert consultant to support the convening of this community of practice. While this group is still coalescing toward this common goal, it is a good time to engage and become a member to help shape and inform the work moving forward.
The nonprofit Stewards of Change Institute (SOCI) is working to develop a consent service utility that would enable people to have greater control over their data using open-source technology. Such a service could help prevent the age-old problem of a patient having to fill out a paper consent form for the umpteenth time to receive care for the same condition. SOCI President Daniel Stein likens the utility to a “trusted entity that can be the traffic cop and authorize the flow of information and access based on roles to say this person is granted access to this information for this purpose, for this period of time.” Stewards of Change released a well-researched and informative report called “Modernizing Consent to Advance Health and Equity” that not only focuses on consent in healthcare but explains how it can bridge the gap between clinical care and human services.
The Michigan Health Information Network has developed the Interoperable Referrals Pledge to give healthcare organizations an opportunity to commit to eradicating information silos. CareAdvisors, findhelp, PCE Systems, RiverStar, Unite Us and WellSky have signed on, committing to, among other principles, giving consumers access to their data with full transparency as to who will have access if they consent to a service.
Avaneer Health is a collaborative interoperability network currently including Aetna, Anthem, Cleveland Clinic, Sentara, IBM, PNC and HCSC that aims to develop a participant-controlled, utility-type network based on blockchain technology. eConsent will no doubt be a part of the new company’s mission, as Chief Executive Officer Stuart Hanson believes “the inability to lifecycle manage and effortlessly share data (with patient permission) is one of the biggest problems in our health system today.”
As we’ve pointed out before, the Office of the National Coordinator for Health IT (ONC) encourages and financially supports the development of consent-related processes in health IT under the umbrella of its Leading Edge Acceleration Projects (“LEAP”), which include:
- San Diego Health Connect LEAP Computable Consent Project
- UT Austin Patient Engagement Platform
- Scalable Consent Framework for the Advancement of Interoperability with FHIR-based APIs
Federal efforts to improve eConsent processes extend beyond LEAP as government agencies like ONC are beginning to recognize the importance of developing rules and regulations around the development, management, and enforcement of eConsent as part of health IT certification and privacy processes.
The office will host the half-day Discovery Workshop on eConsent: From Birth to End of Life virtually on August 16. Participants will explore technical standards and approaches to enable capturing, maintaining, and communicating a patient’s consent decision for sharing digital health data throughout different life stages, as well as explore capturing consent decisions to share digital data between providers and entities not covered under the Health Insurance Portability and Accountability Act (HIPAA).
Barriers of Concern
As healthcare organizations begin thinking more about eConsent, they will encounter barriers along the way. While development and implementation challenges may indeed surface, another more fundamental challenge will need to be addressed – that of gaining patient trust through education. “Big tech” companies like Facebook have made consumers all too aware of the potential pitfalls involved with sharing personal information. Healthcare has had its part to play, too, as evidenced by the recent news that 33 of Newsweek’s top 100 US hospitals have potentially violated HIPAA by sending Facebook the internet protocol (IP) addresses of patients who scheduled online appointments.
Stories like this make it paramount that organizations involved in eConsent processes spend time sooner, rather than later, on educating patients as to whom they are giving their consent, what kinds of personal data are available to be shared and with whom their data will be shared. The level of education will need to become even more detailed as eConsent to certain layers of data becomes more granular.
Patients and consumers must be educated about their ability to change their consent to the sharing of their data with certain groups, for certain amounts of time, for certain reasons. They should also be made aware that withholding consent for privacy reasons might negatively impact their care, especially in emergency situations.
As health data become more liquid and easily accessible, patients must understand eConsent processes so they don’t inadvertently create interoperability barriers that prevent their health data from easily following them along their healthcare journey.
High-level barriers to eConsent may also include a lack of effective identity management and of understanding state and federal privacy laws. Healthcare providers, unfortunately, have a history of interpreting regulations like HIPAA, which is meant to aid patients in obtaining their health information, too restrictively. It would be counterintuitive for eConsent processes to be developed and implemented with too heavy a hand.
ONC and other federal agencies are beginning to revisit HIPAA in light of the increasing digitization and sharing of health data. As their efforts become more concrete, healthcare organizations involved in the development, implementation, use and management of eConsent processes will need to work closely with them to ensure standards, regulations and enforcement policies reflect the interoperability goals with which they were designed.
The Time Is Now
While eConsent isn’t as high profile an innovation as other more “glamorous” technological moonshots, it is poised to truly transform the way in which patients receive care. Effective eConsent – that which is built into stakeholders’ interoperability roadmaps and other strategic plans – can help patients receive more appropriate care, more quickly, no matter where they are, with the added benefit of a patient knowing that their health data are being used according to their specific directives.
Though the early days of eConsent are waning, it’s not too late to become involved in its next phase. Now is the time to begin thinking about eConsent holistically rather than as an add-on to existing processes and technologies. Organizations big and small that focus on this fundamental interoperability building block today will help patients reap the benefits of better care access and outcomes tomorrow.
Join Point-of-Care Partners Senior Consultants Ed Daniels, PBM Services Practice Lead Pooja Babbrah and Payer/Practice Lead Jocelyn Keegan at ONC’s virtual Discovery Workshop on eConsent: From Birth to Life on August 16th. They will present the “Current State of Standards for eConsent” session and serve as panelists during the final panel discussion of the day. If you are experiencing challenges with eConsent and would like to chat, please reach out to firstname.lastname@example.org.