The growing scale of electronic health information exchange has brought us face-to-face with the question about the extent to which patient should be able to control access to their health information. With paper records patients had “privacy through obscurity.” They could decide to not tell one doctor about other doctors they were seeing, or not to tell one doctor what medications were prescribed for them by other doctors. This is being fundamentally changed by the ability to search for electronic health information and then collect and collate it.

Various stakeholders in the debate have positions on the subject. Some patient advocates and providers of health care services in sensitive areas, like mental health and reproductive health, insist that without patient control over health information the health care system will not be trusted and patients will engage in “privacy-protective behavior” such as avoiding treatment and lying to their doctors. Many physicians resist giving patients control over their data because they want to provide the best possible care (and because they are concerned about potential liability associated with making incorrect decisions). Researchers and public health officials resist because they want perfect data in order to create better, more effective interventions.  

Several efforts are under way to find acceptable solutions to the question of patient control. The National Committee on Vital and Health Statistics (NCVHS) has held hearings on the subject and proposed for consideration different levels of patient control over different types of data or giving patients greater control over older data than current data. The Office of the National Coordinator for Health Information Technology (ONC) and the Security and Privacy workgroup of the Health Information Technology Policy Committee  have been working to address implementation and management of consumer preferences. HITSP has been working on technical standards for recording, transmitting, and managing consumer preferences.

A March 2010 report to the ONC detailed consumer consent options for electronic health information exchanges and called for more research in order to determine which model is most effective. The report highlighted five consent options starting with “no consent,” where health information of patients is automatically included in the exchange, through “opt-in with restrictions,” where no patient data is automatically included and patients must actively grant their consent to participate and can chose to make all or just some of their data available. Different health information exchanges in the US are using different models, as are different countries that are deploying health information networks.

As we refine our thinking about policy for consumer control of health information, several facilitating technologies will enable effective policy implementation. We will need to create a system in which consent and authorization documents can be easily accessed and digitally signed to assure patients and physicians that getting appropriate permissions will allow the wishes of patients to be respected without hindering the process of providing care. We will need to ensure that the people who are providing access consent are who they claim to be—whether they are patients authorizing access to their own information or authorized representatives granting access to the information of those whom they represent. We will need to ensure that physicians, pharmacists, researchers and others gaining access to health information can do so only with appropriate authentication and with appropriate audit trails being kept. Whichever consumer consent options are adopted, Identity management and authentication will be essential enablers of trust in the world of electronic health information.