HIO Architecture and Consent
HIO architecture, governance and the process by which patients consent to sharing information can have significant implications for participation rates, the value of the information being exchanged and the ultimate success of HIOs. Therefore, states considering developing new HIOs or reconfiguring existing operations should consider the pros and cons associated with different HIO architecture and consent models.
HIOs typically have one of three primary architectures:
- Decentralized HIO. A decentralized HIO facilitates data sharing and exchange among independent databases. It does not store information but rather facilitates the transfer of information between providers without the need for multiple interfaces.
- Centralized HIO. A centralized HIO facilitates data sharing and exchange by collecting and storing information from diverse databases in a central repository. Under the centralized model, data are stored according to defined standards and allow for population-based analytics of shared information.
- Hybrid HIO. A hybrid HIO incorporates variations of decentralized and centralized architectures.
States and organizations may adopt opt-in or opt-out laws or policies for HIOs to collect patient consent before providers exchange electronic health information. Such laws and policies affect the ease by which providers can share information. Opt-out policies tend to increase the amount of information being exchanged because no patient action is required for data that are not subject to Part 2 or more restrictive state laws to flow, while opt-in policies tend to limit information flow because they require affirmative patient consent to exchange data.61
Some HIOs have implemented technological solutions to allow for granular choice, or the ability for patients to individually select the data they do and do not want shared, and have that choice reflected in what providers can view. In addition, states and HIOs sometimes distinguish between “consent to share” information and “consent to view” information. In other words, some HIOs may have one consent policy that governs the basic flow of information to a centralized data warehouse or cloud-based system and another consent policy that governs which providers can access or view data under what circumstances.63 Descriptions of the major types of consent policies that may be required by HIOs, or by states in governing HIOs, as well as examples of states and organizations that have such policies, are discussed below.
No-Consent (i.e. HIPAA Protections Control)
A “no-consent” HIO model abides by the HIPAA standard and automatically shares or stores patient information without obtaining patient consent for participation.64 Delaware’s HIO, the Delaware Health Information Network (DHIN), has a no-consent policy for storing patient information. All patient laboratory data, radiology reports, primary care clinical data and hospital ADT data are uploaded to the system without patient consent, but DHIN allows patients to opt out of allowing providers to view their clinical data—including emergency department providers—by completing a written opt-out request (which can later be rescinded at a patient’s request). 65
In a full opt-out model, patients’ information is included in the HIO by default and is available for providers to share unless the patient proactively opts out. Under the full opt-out model, if a patient does not opt out, all of his or her health information that is not subject to special protections under existing law, such as Part 2, will be available to share across treating providers. If the patient does opt out, none of his or her information will be available for exchange. It is an “all-or-nothing” proposition. Virginia’s ConnectVirginia HIE, Inc. is an example of a full opt-out HIO in that all patient information is available for exchange unless patients specifically request through the opt-out process that their data not be shared. 66
Opt-Out With Exceptions
Some HIOs that use opt-out consent models have implemented technological solutions to offer some level of granular choice. Under this model, data are automatically included in the HIO, but patients must be offered the option to fully or partially opt out. Partial opt-out, or opt-out with exceptions, allows patients to limit what is shared or the specific circumstances under which information is shared. For instance, patients may be able to opt out of participation for all information except their medication summaries, or they may be able to stipulate a set of select providers who can view their information while denying access to all others. Alaska’s HIO, the Alaska eHealth Network, has an opt-out with exceptions policy that allows patients to opt out completely, in which case their information is not stored and cannot be accessed, or to partially opt out, in which case their information is stored and available only in an emergency (commonly referred to as a “break the glass” policy).67
Opt-In With Restrictions
An opt-in with restrictions model requires patients to proactively consent to allow their health care providers to share their information with an HIO and gives some choice as to who can access their information. For example, in Rhode Island, by law, participation in the statewide HIO is voluntary. Individuals must enroll to have their information shared with Rhode Island’s HIO, the Rhode Island Quality Institute. In addition, patients can choose to allow all organizations involved in their care to access the information, authorize only certain providers or organizations or only allow access to their information in the event of an emergency.
In a full opt-in model, patients must consent to having any information available for sharing between providers, and there is no granularity of choice for which information is shared. Just as with full opt-out policies, it is an all-or-nothing model. Massachusetts is an example of a state that has a full opt-in model. In Massachusetts, patients must sign a consent form opting in before any information is stored or shared in the statewide HIO, the Mass HIway. After a patient opts in, all information about that patient can be stored and shared in the HIO.68