Consent Management: Why It’s Not as Simple as You Think
In this episode of The Dish on Health IT, host Tony Schueth sits down with two of the industry's sharpest minds leading the charge to fix one of health IT’s most persistent headaches: digital consent management. Janice Reese, Senior Consultant at Point-of-Care Partners and Program Manager for the FHIR at Scale Taskforce (FAST), and Mohammad Jafari, Co-Lead of FAST’s Consent Work, offer an unflinching look at why consent is still so messy—and what it’ll take to make it scalable, interoperable, and actually work for patients.
The conversation kicks off with a reality check. While the question “Who can access what data and when?” might sound simple, it quickly falls apart in practice. Consent today is often paper-based, fragmented, non-interoperable, and rarely computable. Mohammad explains how even digitized forms—often scanned PDFs—are barely better than paper when it comes to machine-readability and cross-system portability. The burden lands on both sides: patients are stuck filling out redundant forms at every touchpoint, and providers face access barriers that can delay or limit care.
But the episode isn’t just a critique, it’s a roadmap forward. Janice and Mohammad walk listeners through how FAST is approaching consent differently. Rather than focusing on the content of specific consents (like for research or behavioral health), the team is building a foundational infrastructure: a FHIR-based implementation guide that supports core consent operations, like requesting and revoking consent, delegating authority, and syncing consent decisions with digital identity and security frameworks. In other words, FAST is working on the plumbing that everyone else can build on.
What sets this work apart is its real-world grounding. The team has prioritized broad stakeholder input through public calls and is actively incorporating lessons from pilot participants. Janice highlights that many organizations don’t even know where to start—some have APIs, patient portals, or identity systems in place, but lack a cohesive strategy for managing consent. That’s where FAST can help, not just with standards but with education and architectural guidance.
The discussion also tackles the elephant in the room: policy fragmentation. With states having vastly different rules—sometimes even conflicting ones within the same region—scaling consent can feel impossible. But rather than trying to standardize policy, FAST is focused on standardizing structure. That means creating frameworks flexible enough to accommodate policy differences without hardcoding for each new rule change. Mohammad notes this kind of flexibility is key to making systems resilient and future-proof.
Both guests agree the time to act is now. Technology has matured, regulators are engaged, and public expectations for privacy and control over personal data are higher than ever. As Janice puts it, the stars are aligning. With CMS showing growing interest in digital identity and consent, and with FAST’s security IG set to be required for FHIR under TEFCA in 2026, organizations can’t afford to sit this one out.
Whether you’re a health plan, HIE, health tech vendor, or public health department, this episode makes one thing clear: scalable, patient-centered consent management isn’t just possible—it’s already underway. And FAST is laying the groundwork.
To get involved, attend a public call (2nd & 4th Fridays at 1:00 Central/2:00 Eastern), reach out to Janice directly at janice.reese@pocp.com, or contact the team at fast@hl7.org. Now’s the time to shape the future of consent—before it shapes you.
