As the healthcare industry strives to make interoperability a reality, there remains a great deal of friction in getting patient data from point A to point B. However, many providers are at a crossroads, as the 21st Century Cures Act intersects with HIPAA. Providers have been understandably protective of patient data to uphold mandates under HIPAA. However, the Cures Act requires providers to quickly facilitate patient data transfer requests. Clearly, maintaining HIPAA and 21st Century Cures Act, two seemingly opposing regulations, can be challenging.
A key to satisfying both regulations is implementing best practices for gaining patient consent to share their information. That said, patient consent has historically required a considerable amount of time for the organization that owns the data and for the patient. Today, we’re all familiar with digital consent forms in our day-to-day life, from downloading new apps to applying for credit cards. As providers look to implement digital patient consent, there are three areas they must keep in mind: simplicity, trust, and patient benefits.
Simplifying patient consent
An effective patient consent process would address the core requirements of identity, authentication, and informed consent while striving to be as intuitive as possible. Rather than completing different paper forms at every healthcare provider, effective patient consent should be as easy as using digital forms we complete nearly every day. The consent form should offer enough information for the patient to understand the nature of the request but not so much data that the process feels like a burden.
The consent engine should be configured so that the patient understands what’s being requested and is prompted through a set of yes/no questions to provide informed consent. Making the process simpler will drastically reduce the time necessary to gain consent, allowing the requester to complete the task for which the medical records are needed.
Engendering trust
As a society, we’ve become accustomed to clicking “I agree” without giving much thought to what we agree to and future consequences. But should blind trust be the norm? Medical records represent some of the most personal information a person can own, so it is incumbent upon providers to be completely up front about why they’re requesting the records and demonstrate that they’re using the records responsibly for their intended purpose.
The “5 Ws” are the basis of any journalism student’s education, and the concept is an excellent basis for earning patient trust when requesting medical records:
- Who needs their records?
- What records do you need?
- When will you use them (and for how long)?
- Where are they being sent?
- Why do you need them?
Articulating the answers to these questions during the digital patient consent process will help make those patients feel more comfortable with providers sharing their data with another party.
To that end, it makes sense to explore technologies that will further build trust — perhaps even with emerging trustless technologies that can carry out a patient’s consent directives with more certainty, security, and privacy than the current human-heavy processes can. For example, with consent engine technology at the center of controlling data access, patients would be able to opt in to timeline updates that notify them of how their data is being used at any moment.
Communicating the Benefits
Beyond the 5 Ws, providers should clearly articulate how the person giving consent to their medical records will benefit from doing so. In many cases, sharing their medical records will help another provider better understand the patient’s history, improving care and outcomes.
In other instances, their data may be used for medical research, leading to breakthrough therapies or a greater understanding of combatting a condition. Or as we’ve seen throughout the pandemic, patient data can create invaluable insight necessary to improve community health. Whatever the benefits are, clear communication can further motivate a patient to offer consent.
Simplicity, trust, and benefits are necessary to facilitate the flow of medical records and are heavily intertwined. If any of the three is compromised, the entire consent ecosystem becomes vulnerable. Implementing these best practices is key to unlocking the promise of interoperability while also maintaining compliance.
About the author
Co-founder and COO of Medchart, Derrick Chow is an aerospace engineer turned consumer health entrepreneur. He is passionate about solving big system problems and envisions a future where the value and power of consumer data is distributed back into the consumer’s control. He holds a MASc in Aerospace Engineering and an MBA.
