The State of California Office of Health Information Integrity (CalOHII) is taking a unique approach to educating covered healthcare organizations and providers in the state about matters of patient consent and authorization for health information exchange. Dubbed the HIE Consent & Authorization Decision Tree, the tool currently is open for the public to test and provide feedback to CalOHII.
Like other states, Californian providers must abide by patient privacy rights mandated by both federal and state laws intended to safeguard patient medical information. In the case of California, the patient authorization and consent are defined by HIPAA and the California Medical Information Act (CMIA). At the forefront of ensuring the confidentiality and appropriate use of these sensitive data is an understanding of the difference between authorization and consent.
As CalOHII has indicated in the introduction of the tool, the difference is not altogether clear. For one, the Privacy Rule actually names authorization in “referring to instances where patient consent is required before information can be accessed, used or disclosed.”
The same cannot be said of consent, as CalOHII explains:
Consent is not defined in HIPAA, but guidance from HHS defines it as written permission from individuals to use and disclose their health information. It is generally applied to situations in which authorization is not required by law, but there is a consensus that patient approval should be obtained before an action is taken. Since consent is not further defined in current healthcare law, organizations have taken a variety of approaches in the development of a consent policy for situations they deem to require consent, such as the electronic exchange of health information.
The creation of the HIE Consent & Authorization Decision Tree represents the culmination of efforts on the part of the State of California to enable effective and efficient HIE while at the same time allaying concerns about the privacy and security of patient health data.
“To assist in ensuring that exchange occurs in a trusted and secure environment, CalOHII determined there was a need to help providers understand and navigate the applicable laws and regulations that outline when authorization must legally be obtained,” states the department’s website. “More importantly, CalOHII recognized the need to ensure data that flowed prior to the advent of electronic exchange technology would continue to flow and the healthcare delivery system didn’t experience unnecessary roadblocks because of the complex network of privacy laws.”
The public has 60 days to provide comments. Considering that the tool is only intended for providers in California, comments should bear in minds its state-specific purpose when submitting feedback. Comments on due June 28, 2013, at 5PM PT.
For more information about the HIE Consent & Authorization Decision Tree, visit the CalOHII website.