Patient Privacy, Consent, and Identity Management in Health Information Exchange

Issues for the Military Health System

Susan D. Hosek, Susan G. Straus

ResearchPublished May 22, 2013

Cover: Patient Privacy, Consent, and Identity Management in Health Information Exchange
Order a print copy

The Military Health System (MHS) and the Veterans Health Administration (VHA) have been among the nation's leaders in health information technology (IT), including the development of health IT systems and electronic health records that summarize patients' care from multiple providers. Health IT interoperability within MHS and across MHS partners, including VHA, is one of ten goals in the current MHS Strategic Plan. As a step toward achieving improved interoperability, the MHS is seeking to develop a research roadmap to better coordinate health IT research efforts, address IT capability gaps, and reduce programmatic risk for its enterprise projects. This report contributes to that effort by identifying gaps in research, policy, and practice involving patient privacy, consent, and identity management that need to be addressed to bring about improved quality and efficiency of care through health information exchange. Major challenges include (1) designing a meaningful patient consent procedure, (2) recording patients' consent preferences and designing procedures to implement restrictions on disclosures of protected health information, and (3) advancing knowledge regarding the best technical approaches to performing patient identity matches and how best to monitor results over time. Using a sociotechnical framework, this report suggests steps for overcoming these challenges and topics for future research.

Key Findings

Research is needed to determine how to best implement established principles for ensuring the protection of patient privacy and rights over personal information while realizing the benefits of health information exchange (HIE).

  • A large majority of Americans support health information exchange to improve health care.
  • Many individuals feel they "own" their health records and should be asked for permission to release protected health information, but there is no consensus about the meaning of consent and the most effective mechanisms for obtaining it.
  • Successful HIE requires identifying the same individual across health care organizations using specified identifiers, but there is a gap in knowledge regarding the approaches to accurate patient matching.

Methods for protecting patient privacy, obtaining patient consent, and ensuring accurate patient matching in HIE need to be tested in a realistic environment.

  • The predominant technical challenge with respect to patient consent is recording patients' preferences and designing procedures to reliably implement restrictions on disclosures of protected health information.
  • Meaningful patient consent requires determining how to effectively educate patients about their consent options and the procedures for recording consent.
  • There are many different types of patient identifiers and algorithms to perform patient identity matches, but there is very little information from clinical settings to guide the choice of patient identifier, matching algorithm, match criteria, and procedures to review results of automated matching.

Recommendations

  • If the Department of Defense (DoD) determines there should be some kind of consent for HIE through the Virtual Lifetime Electronic Record, research addressing people, process, and organizational issues will be needed to guide decisions about the type of consent, beneficiary outreach and education, and procedures to administer and verify consent at the point of care.
  • More research on patient identity matching is needed to evaluate the performance of approaches involving different combinations of identifiers and algorithms. The research should use actual identifying data from DoD data systems, test performance at scale, and pilot promising approaches in clinical settings.

Order a Print Copy

Format
Paperback
Page count
102 pages
List Price
$19.95
Buy link
Add to Cart

Topics

Document Details

  • Availability: Available
  • Year: 2013
  • Print Format: Paperback
  • Paperback Pages: 102
  • Paperback Price: $19.95
  • Paperback ISBN/EAN: 978-0-8330-7790-5
  • DOI: https://doi.org/10.7249/RR112
  • Document Number: RR-112-A

Citation

RAND Style Manual
Hosek, Susan D. and Susan G. Straus, Patient Privacy, Consent, and Identity Management in Health Information Exchange: Issues for the Military Health System, RAND Corporation, RR-112-A, 2013. As of October 11, 2024: https://www.rand.org/pubs/research_reports/RR112.html
Chicago Manual of Style
Hosek, Susan D. and Susan G. Straus, Patient Privacy, Consent, and Identity Management in Health Information Exchange: Issues for the Military Health System. Santa Monica, CA: RAND Corporation, 2013. https://www.rand.org/pubs/research_reports/RR112.html. Also available in print form.
BibTeX RIS

Research conducted by

The research described in this report was sponsored by the United States Army Medical Research and Materiel Command, Telemedicine and Advanced Technology Research Center (TATRC). It was conducted jointly by RAND Health and RAND Arroyo Center, a federally funded research and development center for the U.S. Army.

This publication is part of the RAND research report series. Research reports present research findings and objective analysis that address the challenges facing the public and private sectors. All RAND research reports undergo rigorous peer review to ensure high standards for research quality and objectivity.

This document and trademark(s) contained herein are protected by law. This representation of RAND intellectual property is provided for noncommercial use only. Unauthorized posting of this publication online is prohibited; linking directly to this product page is encouraged. Permission is required from RAND to reproduce, or reuse in another form, any of its research documents for commercial purposes. For information on reprint and reuse permissions, please visit www.rand.org/pubs/permissions.

RAND is a nonprofit institution that helps improve policy and decisionmaking through research and analysis. RAND's publications do not necessarily reflect the opinions of its research clients and sponsors.