archive-org.com » ORG » M » MARKLE.ORG

Total: 1237

Choose link from "Titles, links and description words view":

Or switch to "Titles and links view".
  • Policy and Technology Checklists for Procurers and Implementers | Markle | Advancing America's Future
    s Moment Archive Media Releases Member Commentary President s Letters Videos About Markle Page Sections About Markle A Message from Zoë Baird Our Principles Our Impact Board of Directors Senior Team Our History Quick Links Conference Space Events Markle in the News Media Releases Past Initiatives President s Letters Rework America Page Sections About Rework America A Message from Rework America Opportunity for All Our Impact Initiative Members Expert Advisors Quick Links Rework America Connected Our Book America s Moment Initiative Overview Latest News Letters to Members Member Commentary Personal Stories Rework America Library Health Page Sections About Health Our Impact Steering Group Consumer Work Group HIE Committee Quick Links Blue Button Common Framework Health IT Health Library National Security Page Sections About National Security Post 9 11 Legacy Our Impact Task Force Quick Links National Security Library Reports and Recommendations Sharing and Collaboration The Lawfare Blog Library Quick Links Our Book America s Moment Archive Media Releases Member Commentary President s Letters Videos Policy and Technology Checklists for Procurers and Implementers Publication Date Friday April 20 2012 The recommended policies and practices of the Markle Connecting for Health Common Framework for Networked Personal Health Information are designed to protect consumers and to guide services organizations applications or health information exchanges that collect store or share personal health information on the individual s behalf The Markle Common Framework for Networked Personal Health Information proposes a set of practices that when taken together encourage appropriate handling of personal health information as it flows to and from personal health records PHRs and similar applications or supporting services The Policy and Technology Checklists for Procurers and Implementers document derived from this framework provides recommended practices that may be used in requests for information RFI requests for proposals RFP procurement requirements or implementation checklists

    Original URL path: http://www.markle.org/publications/1759-policy-and-technology-checklists-procurers-and-implementers (2016-02-10)
    Open archived version from archive


  • Collecting And Sharing Data For Population Health: A New Paradigm | Markle | Advancing America's Future
    Blue Button Common Framework Health IT Health Library National Security Page Sections About National Security Post 9 11 Legacy Our Impact Task Force Quick Links National Security Library Reports and Recommendations Sharing and Collaboration The Lawfare Blog Library Quick Links Our Book America s Moment Archive Media Releases Member Commentary President s Letters Videos About Markle Page Sections About Markle A Message from Zoë Baird Our Principles Our Impact Board of Directors Senior Team Our History Quick Links Conference Space Events Markle in the News Media Releases Past Initiatives President s Letters Rework America Page Sections About Rework America A Message from Rework America Opportunity for All Our Impact Initiative Members Expert Advisors Quick Links Rework America Connected Our Book America s Moment Initiative Overview Latest News Letters to Members Member Commentary Personal Stories Rework America Library Health Page Sections About Health Our Impact Steering Group Consumer Work Group HIE Committee Quick Links Blue Button Common Framework Health IT Health Library National Security Page Sections About National Security Post 9 11 Legacy Our Impact Task Force Quick Links National Security Library Reports and Recommendations Sharing and Collaboration The Lawfare Blog Library Quick Links Our Book America s Moment Archive Media Releases Member Commentary President s Letters Videos Collecting And Sharing Data For Population Health A New Paradigm Publication Date Sunday March 1 2009 Publication Source Health Affairs Health information technology IT has great potential to transform health care and inform population health goals in clinical research quality measurement and public safety To fully realize the benefits of health IT for population health we must focus on new models that maximize efficiency encourage rapid learning and protect patients privacy In this paper we explore the advantages of a networked model for analyzing population health information providing several examples Although broadening the

    Original URL path: http://www.markle.org/publications/1463-collecting-and-sharing-data-population-health-new-paradigm (2016-02-10)
    Open archived version from archive

  • Aligning Health IT and Health Reform: Achieving an Information-Driven Health Care System | Markle | Advancing America's Future
    investments in health IT can be a vital step toward our nation s health reform objectives improving health and reducing unsustainable cost growth but only if we make smart decisions now that align these efforts Alignment starts with setting the right goals for health IT efforts Success will be measured in lives saved quality of health care improved and growth in costs slowed The time is now to set the bar Markle the Center for American Progress and the Engelberg Center for Health Care Reform at Brookings seek a dialogue that builds on the comments they submitted jointly to the Office of the National Coordinator for Health IT ONC The comments supported by a broad range of organizations reflect a goal based results driven approach to the definition of meaningful use of health IT Under the Act providers and hospitals will receive financial incentives for meaningfully using IT a standard now being drafted by the U S Department of Health and Human Services The Achievable Vision for 2015 presented by an ONC advisory committee offers clear health and cost goals that will serve as a compelling north star for Recovery Act investments We strongly support targeting these goals and goals like them Achievable Vision for 2015 1 Prevent 1 million heart attacks and strokes Reduce heart disease so that it s no longer the leading cause of death in the US Reduce preventable medication errors by 50 percent Reduce the racial ethnic gap in diabetes control by 50 percent Reduce preventable hospitalizations and re admissions by 50 percent Provide all patients with access to their own health information Follow patient preferences for end of life care more often Provide all health departments with real time situational awareness of outbreaks We propose adding two 2015 goals to specifically address reducing growth in health care costs Identify duplicative services and reduce them by 50 percent Reduce the number of hours spent by physicians on administrative tasks by 50 percent Top public and private sector leadership must firmly embrace these goals We must keep this big picture clearly in mind as we prioritize the measures and actions that will most indisputably drive progress Our comments emphasize that the optimal standard for meaningful use should meet five key criteria Set Clear and Achievable Health and Cost Goals Tie Payment Tightly to Results Engage Patients in Achieving Meaningful Use Goals Focus on Information Use Not Technology Functions or Features Ensure that Standards and Certification Directly Support Meaningful Use and Foster Innovation Implications Recovery Act funds must pay for results improved health patient engagement better care processes rather than simply paying for technology and or meeting technical standards Innovation will be necessary to achieve these results Therefore the definition of meaningful use and of the standards and certification regimens that support it must encourage technology and care delivery innovation not discourage it by locking in current approaches One of the opportunities of the meaningful use definition is to align requirements with existing quality improvement efforts minimizing

    Original URL path: http://www.markle.org/publications/899-aligning-health-it-and-health-reform-achieving-information-driven-health-care-syste (2016-02-10)
    Open archived version from archive

  • Linking Health Care Information: Proposed Methods for Improving Care and Protecting Privacy | Markle | Advancing America's Future
    Commentary President s Letters Videos About Markle Page Sections About Markle A Message from Zoë Baird Our Principles Our Impact Board of Directors Senior Team Our History Quick Links Conference Space Events Markle in the News Media Releases Past Initiatives President s Letters Rework America Page Sections About Rework America A Message from Rework America Opportunity for All Our Impact Initiative Members Expert Advisors Quick Links Rework America Connected Our Book America s Moment Initiative Overview Latest News Letters to Members Member Commentary Personal Stories Rework America Library Health Page Sections About Health Our Impact Steering Group Consumer Work Group HIE Committee Quick Links Blue Button Common Framework Health IT Health Library National Security Page Sections About National Security Post 9 11 Legacy Our Impact Task Force Quick Links National Security Library Reports and Recommendations Sharing and Collaboration The Lawfare Blog Library Quick Links Our Book America s Moment Archive Media Releases Member Commentary President s Letters Videos Linking Health Care Information Proposed Methods for Improving Care and Protecting Privacy Publication Date Tuesday February 1 2005 Introduction This document outlines a strategy for linking patient information across multiple sites of care developed by the Working Group on Accurately Linking Information for Healthcare Quality and Safety a part of the Connecting for Health effort sponsored by the Markle Foundation and the Robert Wood Johnson Foundation The linking of vital information as patients receive care from a fragmented healthcare system is a problem that has consistently plagued interoperability efforts in healthcare The privacy technical and policy issues involved need to be addressed in order to effectively share information across multiple organizations Making the information available will help to prevent drug interactions and adverse events avoid medical errors and help inform decision making for the patient and clinician It will also enable the support of public health efforts improvements in research better physician and organizational performance and benchmarking and greater empowerment of patients and families as active participants in their own healthcare among other benefits The linking problem is simple to describe but hard to solve how does a healthcare professional link a patient with their health files and how do they know that any two files stored in different places refer to the same person This problem occurs every time a care provider asks to have a patient s file pulled or updated and every time a patient moves or changes doctors visits a new lab or specialist or falls ill while traveling At its core the linking problem is one of identity how can we say for sure that a patient in the office is to be matched with a particular set of records or that two sets of records can be merged because they belong to the same patient The goal of the Linking Working Group was to address these issues proposing practical strategies for improving healthcare through improved linking of information in a secure and efficient manner and in a way that allows healthcare professionals much improved access to

    Original URL path: http://www.markle.org/publications/863-linking-health-care-information-proposed-methods-improving-care-and-protecting-priv (2016-02-10)
    Open archived version from archive

  • Resources | Markle | Advancing America's Future
    paradigm described in the Markle Common Framework For example to achieve health information sharing the Markle Common Framework describes a network of networks distributed approach where data does not have to be centralized in order to be shared From a technology perspective access to patient data involves an intentional two step process The requester Uses a record locator service index RLS index to find where the patient s data is located Makes the request for the patient s data at which point the data holder determines how to respond Refer to P3 Notification and Consent When Using a Record Locator Service and T1 The Markle Common Framework Technical Issues and Requirements for Implementation A hallmark of the RLS system is that the RLS index has no clinical data or metadata The index has only demographic information and pointers to the location of the patient s information This separation of clinical and demographic data is a technical requirement that was developed specifically to fulfill a policy objective to leave decisions about what to share at the edges of the network with the entity that has the relationship with the patient rather than technical models where the decision about what to share is made centrally This structure leaves intact the foundation for trust in health information sharing i e the relationship between the patient and health care provider The data holder ultimately implements the patient s choices with respect to sharing information consistent with law and policy and the data holder s relationship with the patient Back to top III Where and How to Start Federal and State Law Compliance As a threshold matter health information sharing efforts must comply with federal privacy laws and the laws of the state in which they are located or doing business The Health Insurance Portability and Accountability Act HIPAA does not require individual consent for many routine collection use and disclosure of health information activities defined as treatment payment and health care operations but several states impose consent requirements that apply to collection use and or disclosure of health information some pertaining to all health information and some only to specific types of health information 3 Further federal regulations governing federally assisted substance abuse treatment facilities and governing certain educational institutions impose stricter consent requirements and may apply to some health care data holders Implementers will need to keep up to date with all relevant laws and regulations that apply to them Relevant changes to HIPAA as amended by HITECH are covered in Key Laws and Regulations Changes Relevant to the Markle Common Framework As federal regulators continue to respond to programmatic efforts such as the Meaningful Use program through the promulgation of regulations and policy guidance implementers should also be aware of activities underway among relevant federal policy advisory bodies regarding health information sharing and their suggested policies and practices In addition key federal agencies with jurisdiction over consumer privacy have begun to suggest policy options and best practices that can inform health information sharing efforts For some health information sharing efforts applicable state law will set explicit consent policy that must be followed However for some states there are no additional legal requirements requiring individual consent to be obtained In either case health information sharing efforts will need to determine whether to adopt a policy on consent that goes beyond what the law may require Jenny Smith Louisiana Health Care Quality Forum past Addressing consent is more complex than we expected it to be We discovered many layers to state laws that surfaced technical and legal questions For example we learned that under Louisiana law consumers have the right to consent But we needed to understand what that means Does the law require consent to share the data or consent to use the data Can we aggregate data in a health information exchange without individual patient consent or do we need consent before this data is aggregated The process to address the complexity of this topic requires a very significant level of legal expertise financial resources and time Developing a consent policy based on FIPPs A three step process Consent policy development must account for other important technical and policy attributes of information sharing and is effective only when considered within the entirety of the circumstances of exchange that occur in any particular health information sharing effort Consequently setting effective policy on individual consent will be nearly impossible if the issue is taken up first before the basic boundaries objectives and model of information sharing have been established This Policies in Practice recommends a sequence for developing privacy and security policy Step 1 Initiate a policy setting process based on sound governance principles Step 2 Consider all of the FIPPs based privacy principles together to develop a set of specific baseline policies Step 3 Address the FIPPs based privacy principles of Individual Participation and Control and Openness and Transparency last when determining policies with respect to consent Consent is last in the sequence above because this set of policies what choices people will have and how they will exercise them should only be made once the circumstances of the health information sharing and the other key data sharing policies are considered Thus its placement in the sequence reflects its innate dependency on other foundational policy decisions This sequence also describes a process that can be deployed to re evaluate decisions on consent as circumstances change Consent policy development is not a one time process Such policies must be revisited or refreshed from time to time such as in response to changes in law or policy technology decisions for example an expansion of acceptable uses of the network or the addition of new technical functionalities or the scope or purpose of information sharing The expectations of individuals about the uses of their data may also change over time based on increased participation in health information sharing by providers Individuals may also change their data sharing preferences in response to changing life circumstances for example health status or marriage status Implementation at both the policy and technology levels needs to accommodate the ability for individuals to change their choices over time and have them prospectively honored Back to top IV Sequencing of Decisions Getting to the Details Step 1 Initiate a Policy Setting Process Based on Sound Governance Principles Coming to agreement on workable information sharing policies requires broad objective and inclusive involvement from various participants and the public at large in order to get appropriate and relevant feedback and to secure early buy in as well as ongoing support Public trust will occur through both sound policies and an inclusive process which also includes having consumers at the decision making table For more information on policies and practices for trust and interoperability with meaningful consumer participation see Governance of Health Information Sharing Efforts Achieving Trust and Interoperability with Meaningful Consumer Participation Step 2 Consider all of the FIPPs based privacy principles together to develop a set of specific baseline policies Purpose Specification and Minimization principle Determining the purposes for sharing heath information is the critical first step in determining the appropriate data sharing policies that will accomplish those purposes Many initiatives start by information sharing for individual treatment purposes only and limiting information sharing to those who are involved in the individual s treatment Some initiatives broaden the permissible uses to include other lawful purposes for data sharing such as for payment operations public health and other research In addition the types of entities permitted to participate in information sharing may broaden as the purposes for information sharing expand Still other initiatives permit sharing for any lawful purpose without additional policy limitations Regardless of whether the permitted purposes for information sharing are broad or more confined this information is part of the risk benefit calculus for information sharing and will be critical to determining whether and to what extent individuals will have choices with respect to whether their information is part of or shared through a health information sharing effort Collection and Use Limitation principles The minimization principle is reflected to some extent in the HIPAA minimum necessary standard and will likely vary depending on the purposes for which data is to be collected accessed or disclosed For example the information needed in order to treat an individual who seems to be suffering from flu symptoms will be different from the information needed to report a case of the flu to public health authorities In the Markle Common Framework Policy Guide P2 Model Privacy Policies and Procedures for Health Information Exchange SNO Policy 400 describes potential purposes for information sharing and policies for data minimization SNO Policy 600 specifically addresses the policy of minimum necessary Joe Heyman solo gynecologist Wellport Health Information Exchange Steering Committee member Massachusetts To start the consent policy conversation we began by identifying what data would be available through the health information exchange This took months Ultimately we decided that we would exchange the shared health summary or Continuity of Care Record CCR We had a lot of hearty discussion and conversation about whether additional information beyond that which is included in the CCR should be shared For example we debated whether we should include smoking status and alcohol use and certain sensitive categories of information These discussions took time But it was all with an eye toward how we were going to address consent In addition to addressing what data would be shared critical decisions were made about the specific purposes for which the data were being shared We decided to only permit users to view patient information when they were taking care of that patient We explained the permitted uses to the patient when we sought consent Our patient consent form details the purposes for use of the data and makes clear that the information won t go beyond the medical community i e those providers directly involved in the patient s care Once participants have determined the permissible purposes for sharing of health information policies and technology must be implemented to limit the collection and use of information to those purposes Implementing the principle of collection and use limitations also includes establishing internal policies regarding which individuals and entities have the right to access information consistent with the permissible purposes In P2 Model Privacy Policies and Procedures for Health Information Exchange SNO Policy 400 describes the use and disclosure policies SNO Policy 700 describes policies with respect to workforce agents and contractors Security Safeguards and Controls principle Once the policies are set regarding i permissible purposes for information sharing and ii collection and use limitations that are limited to those purposes the next step is to consider the security policies and protocols that will support compliance with those policies For example participants in a health information sharing initiative can deploy technical tools like role based access and audit logs to ensure access to information only by persons who are authorized to do so Encryption can help protect information from theft or loss Individuals will want to understand the reasonable security safeguards that will be in place to protect their information P5 Authentication of System Users P7 Auditing Access to and Use of a Health Information Exchange and P8 Breach of Confidential Health Information provide examples of security policy issues to be addressed Data Integrity and Quality principle The quality of health care depends on accurate health information Accurately matching individuals with their health information is critical to maintaining data quality Inaccurate health information can also adversely affect an individual s benefits and protections Does Consumer Control Lead to Incomplete Information Often providers are concerned that patients may choose to withhold important information and that without complete information the system will be less useful In reality however complete information about any patient is an aspiration at best No one can assume that any information derived from a fragmented delivery system used by patients over many years can ever provide an absolutely complete patient record whether on paper or electronically Clinicians know well that in the analog world information is often missing Sometimes patients withhold information from new providers until they establish a relationship This basic paradigm will be true in the digital world as well Using technology to override this or any policy expectation that individuals may have can quickly erode trust Giving individuals some informed control over how their information is shared is critical to building trust among patients and providers Within P2 Model Privacy Policies and Procedures for Health Information Exchange see SNO Policy 300 Individual Participation and Control of Information Posted to the RLS In addition implementers should consult T5 Background Issues on Data Quality and P4 Correctly Matching Patients with Their Records for further assistance Providing individuals with a way to review and request corrections to their health information also can improve data integrity and quality Policies regarding individual access to health data and requesting amendments to health data can be found at P6 Patients Access to their Own Health Information and P2 Model Privacy Policies and Procedures for Health Information Exchange SNO Policy 800 Amendment of Data Accountability and Oversight and Remedies principles Privacy and security policies have little effect if violators are not held accountable for compliance failures Employee training privacy and security audits and other oversight tools can help to identify and address violations and breaches by holding accountable those who violate privacy requirements and by identifying and correcting weaknesses in security systems In addition remedies must exist to help hold violators accountable and to make recompense to persons who are aggrieved by privacy violations Relevant model policies in P2 Model Privacy Policies and Procedures for Health Information Exchange include SNO Policies 100 Compliance with Law and Policy 700 Workforce Agents and Contractors and 1000 Mitigation also relevant are P7 Auditing Access to and Use of a Health Information Exchange and P8 Breach of Confidential Health Information Step 3 Address the FIPPs based privacy principles of Individual Participation and Control and Openness and Transparency last when determining policies with respect to consent Individual Participation and Control principle Once implementers have established policies defining the context for sharing information including how individuals and entities will be held accountable for complying with such policies implementers can meaningfully consider whether and how individuals should be provided with choices regarding information sharing Relevant model policies in P2 Model Privacy Policies and Procedures for Health Information Exchange include SNO Policy 300 Individual Participation and Control of Information Posted to the RLS P3 Notification and Consent When Using a Record Locator Service also provide details on consent policy when using a Record Locator Service model for health information exchange This principle also addresses individual access to health information and the right to request an amendment Consent for Patient mediated Exchange This Policies in Practice focuses on whether and how to implement consent with respect to the sharing of electronic health information typically among health care professionals health care institutions like hospitals and health plans However the implementation of the Health Information Technology for Economic and Clinical Health HITECH is likely to facilitate even greater sharing of health information directly with and by patients HITECH amended the HIPAA Privacy Rule to make it clear that patients have the right to receive an electronic copy of their health information when their health information is maintained in electronic form Refer to Key Laws and Regulations Changes Relevant to the Markle Common Framework In addition the Meaningful Use program requires some affirmative sharing of health information with patients and these requirements may increase in later stages of that incentive program At present the Department of Veterans Affairs Centers for Medicare and Medicaid Services Department of Defense and an increasing number of private sector entities are offering individuals the opportunity to view and download electronic copies of their health information This capability can facilitate patient initiated health information sharing Markle Connecting for Health has developed a set of consensus policies specifically for the download capability that build on the Markle Common Framework for Networked Personal Health Information See also Individual Access Connecting Patients with Their Health Information What Granularity of Choice to Offer Implementers deciding to provide individuals with choices regarding information sharing will need to consider how granular those choices should be For example choice can be all in or all out or at the more granular level choice of health information sharing participation may be by individual provider or type of provider or by type of data State and federal law varies with regard to requirements related to granularity For example some states require granularity on the level of individual choice because they require specific consent for certain types of information Similarly federal law requires explicit consent for substance abuse treatment data in some circumstances and requirements enacted by Congress in 2009 provide individuals with the right to restrict disclosures to health plans See Key Laws and Regulations Changes Relevant to the Markle Common Framework Other policy recommending bodies have called for more granular choice For example in Recommendations Regarding Sensitive Health Information the National Committee on Vital and Health Statistics recommended that electronic health records have the capability to sequester or segregate data in specific sensitive categories Relevant model policies in P2 Model Privacy Policies and Procedures for Health Information Exchange include SNO Policy 500 Information Subject to Special Protection and SNO Policy 900 Requests for Restrictions Yet there is a limit to how granular consent can be implemented in today s complex environment Health information streams are complex and involve an ever growing number of users Even medical professionals are unlikely to understand the full scope of information sharing that occurs in day to day health care delivery For example CT1 Technology Overview Appendix A Data Flow Scenarios follows the data trail of a single drug prescription the most common clinical transaction Just to put the pills in the bottle under the simple scenario there are 10 different electronic copies of the information stored in various databases 4 In addition greater innovation and development of technology is needed to allow for consent at the more granular levels ONC s Health IT Policy Committee conducted a hearing on consent technologies and concluded that promising models were in development but not necessarily in widespread use We may be years away from widely deployed reliable solutions In the meantime policies on choice need to reflect both what is desirable and what can be accomplished HHS is piloting more granular consent technologies Making Individual Choice Meaningful and Understandable But is it Opt in or Opt out Many discussions about consent policy options become focused on the sole question of whether health information sharing entities should require opt in or opt out by individuals Unfortunately this paradigm is a gross oversimplification of the complex data sharing decisions that provide the foundation for policies on individual consent It doesn t reflect how the context of data sharing can influence appropriate and effective consent policy Merely saying opt in or opt out says nothing about the context of data sharing For example providing individuals with choices based on whether or how much of their information can be accessed or queried for what purposes with what protections whether and how its made available for sharing with other providers and whether a database that contains copies or summaries of provider records is used is essential to consider and a much more complex decision than a binary choice In addition opt in or opt out also says nothing about whether meaningful choice is provided or presented in a way that individuals understand The choice provided should be meaningful and understandable to individuals including informing them about the data sharing practices and discussing the benefits and risks of participating or not participating The federal Health IT Policy Committee recommended that individuals be provided with meaningful choice when their information is made accessible through certain types of exchange structures The elements of meaningful choice include Allows the individual advance knowledge time to make a decision e g outside of the urgent need for care Is not compelled or is not used for discriminatory purposes e g consent to participate in a centralized HIO model or a federated HIO model is not a condition of receiving necessary medical services Provides full transparency and education i e the individual gets a clear explanation of the choice and its consequences in consumer friendly language that is conspicuous at the decision making moment Is commensurate with the circumstances i e the more sensitive personally exposing or unexpected the activity the more specific the consent mechanism Activities that depart significantly from patient reasonable expectations require greater degree of education time to make decision opportunity to discuss with provider etc Must be consistent with reasonable patient expectations for privacy health and safety Must be revocable i e patients should have the ability to change their consent preferences at any time It should be clearly explained whether such changes can apply retroactively to data copies already exchanged or whether they apply only going forward The Appendix includes a brief description of how the Committee s recommendations are consistent with the Markle Common Framework Joe Heyman solo gynecologist Wellport Health Information Exchange Steering Committee member Massachusetts In our consent process we knew it would be critical for individuals to understand both the benefits and risks of participation as part of the consent process In my practice we describe to patients the potential benefits of participation in any health information sharing network or infrastructure The potential for providers to be able to access information about you in advance of a visit including but not limited to emergencies Possible elimination of duplicate tests or office visits Ability to update information more easily Greater ability to obtain copies of your health information or information about loved ones Potential risks of participation in any health information sharing network or infrastructure may include Although the information is protected with security controls and participation is limited to treating providers it is possible that someone with whom you would not want to share information may see or infer something about your health from your records Information disclosed to other providers with your consent may be subject to different laws and policies when it is incorporated into the records of other providers Your record may contain errors that are then shared with other members of the medical community Though unlikely unauthorized electronic access to large health care databases may occur Openness and Transparency principle In order to achieve this principle individuals must be advised how their health data can be accessed used and disclosed in a way that is easy to read understandable and brief a difficult challenge indeed Often consent forms err on the side of trying to cover everything But sacrificing brevity often means a long document that individuals do not understand or do not have time to digest Forms that err on the side of brevity risk providing individuals with insufficient information to prepare them to make a meaningful choice about information sharing Blanket consent forms that provide little real information about actual data sharing its specific purposes and information uses do little to protect an individual s privacy 5 Recent reports from FTC6 and the Department of Commerce7 also discuss the ongoing challenges of providing full transparency to individuals about data practices and consent rights and the importance of clear and understandable communication with the public Openness and transparency about data sharing is essential for trust even in circumstances where explicit consent of the individual is not required or sought as a matter of policy Individuals should never be surprised about what happens to their health information The absence of a consent policy or requirement should never be interpreted as permission for information sharing that is beyond what individuals would reasonably expect Layered Notice A promising way to achieve the balance between readability and full transparency is to provide layered notice In a layered notice approach individuals are provided with a brief statement of the essential data sharing elements with the ability to link to or otherwise easily obtain more details The Markle Common Framework for Networked Personal Health Information includes recommendations for how to fulfill the openness and transparency principle with respect to consumer based health tools that may be instructive for implementing patient choice with respect to health information sharing For example it recommends that general consent be sought initially when the consumer first voluntarily signs up for the service Such consent would cover the uses of health information that are consistent with consumers reasonable expectations in signing up for the service such as routine maintenance or uses necessary to facilitate opening the account However independent specific consent should be sought for uses that would not be reasonably expected or involve more sensitive data as described in CP3 Consumer Consent to Collections Uses and Disclosures of Information The Federal Trade Commission s FTC report Protecting Consumer Privacy in an Era of Rapid Change also recommends that companies seek independent consent for data uses that go beyond consumers reasonable expectations see pages 76 77 In addition the FTC report Protecting Consumer Privacy in an Era of Rapid Change pages 52 79 sets out recommendations for how to make consent particularly on the Internet more understandable and meaningful to individuals This information may be helpful to implementers who deploy on line mechanisms for securing patient consent Even when the consent form follows the recommended layered notice approach openness and transparency can rarely if ever be effectively achieved solely through written documentation Individuals must be able to discuss these issues with the providers they trust or their staff the written documentation can provide the back up support for that conversation offering links to more details and providing the necessary proof in circumstances where affirmative consent is required to be obtained in advance that the individual has provided that consent Gina Bianco Perez Advances in Management Inc Delaware We take a multi pronged approach to informing patients about the Delaware Health Information Network DHIN We give a toolkit to the providers that includes information they need to educate their patients We emphasize the importance of the patient provider relationship to building trust in health information sharing We have an informative website and brochures for provider offices The provider offices also have stickers for their window that say We proudly participate in the DHIN Each practice also receives talking points for the staff to use with their patients With all that being said it s at the point of care that patients learn about the DHIN When a patient walks into a provider s office the provider s office may have brochures and the sticker Some doctors actually say You know I m looking at your information It came from the Delaware Health Information Network I m seeing this lab that you had done by Dr Smith and they ll then speak to the patient about the DHIN Back to top Conclusion Determining policies around individual consent is often a significant policy challenge for implementers But it can be addressed effectively if done within the context of the full complement of policies that govern information sharing Before establishing consent policies implementers should first work to set the basic parameters of information sharing such as who can access and use health information and for what purposes what basic security measures are followed and how participants are held accountable Once these issues have been addressed implementers can consider the issue of choice Back to top Appendix The HITPC Tiger Team Recommendations are consistent with the Markle Common Framework Policy choices on consent may vary depending on the circumstances The Health IT Policy Committee in work initiated by its Privacy and Security Tiger Team recognized that the foundation of trust in health information exchange is the patient provider relationship they subsequently recommended that point to point exchange between providers should not necessarily require additional consent beyond what current law might already require just because the exchange of information is electronic However before setting policy on consent the Policy Committee had already assumed an exchange environment that involved only exchange for treatment public health and aggregate quality reporting for meaningful use stage 1 The Committee also recommended clear limits on how intermediaries who help facilitate the exchange of health information can access use and disclose that data This helped the Committee to conclude with confidence that individual consent would not be required in this set of circumstances They noted however that not requiring consent did not eliminate the responsibility for openness and transparency about data sharing practices with patients The Policy Committee did recommend that additional meaningful consent should be provided if an individual s health information is shared in ways that they would not reasonably expect or that subject their data to being accessed without the intervention of their trusted providers Examples offered were a centralized health information sharing entity where the patient s data is sent to and accessible from a centralized database or some federated models where the data can be accessed from the provider s records such as through an edge server without an individualized decision to disclose being made by the patient s provider In these circumstances the context for sharing data had changed and therefore the Committee reasoned that individuals should have some meaningful choice before their information would be included in those types of exchange arrangements Health IT Policy Committee recommendations consistent with the Markle Common Framework The federal Health IT Policy Committee addressed consent in 2010 starting with two core values the trust individuals typically place on their providers to be good stewards of their health information and that individuals should not be surprised to learn about how their information is shared The Committee determined that merely digitizing the type of provider to provider information exchange that occurs today on paper need not require additional consent beyond what may be required by law This is particularly the case when the purposes for information sharing are limited to those the individual or patient would reasonably expect like treatment care coordination and sending information to payers for billing purposes Back to top The Policies in Practice apply the term health information sharing effort broadly to refer to any initiative that supports the electronic exchange of health information between data holders Similar terminology includes health information exchange HIE regional health information organization RHIO and sub network organization SNO See Markle Connecting for Health Beyond Consumer Consent Markle Foundation Last modified February 1 2008 http www markle org publications 852 beyond consumer consent accessed on February 22 2012 It describes the dangers of singling out consent Implementers should seek expert advice to determine which laws are applicable to them Many health information privacy laws apply only to certain entities or certain types of information further a health care provider in one state likely will not be legally bound by health privacy laws in other states even if that provider is receiving information across state lines As another example almost 150 different people including doctors nursing staff X ray technicians and billing clerks access at least part of a patient s health record during a single hospital visit and that there are roughly 600 000 entities with the ability to access at least some part of a patient s information Judy Foreman At risk of exposure In the push for electronic medical records concern is growing about how well privacy can be safeguarded Los Angeles Times Last modified June 26 2006 http articles latimes com 2006 jun 26 health he privacy26 accessed on January 8 2011 See Markle Connecting for Health Beyond Consumer Consent Markle Foundation Last modified February 1 2008 http www markle org publications 852 beyond consumer consent accessed on February 22 2012 It discusses the dangers of overreliance on consent and blanket consent Protecting Consumer Privacy in an Era of Rapid Change A Proposed Framework for Businesses and Policymakers Preliminary FTC Staff Report Federal Trade Commission Last modified December 2010 http www ftc gov os 2010 12 101201privacyreport pdf accessed on February 22 2012 Commercial Data Privacy and Innovation in the Internet Economy A Dynamic Policy Framework The Department of Commerce http www commerce gov sites default files documents 2010 december iptf privacy green paper pdf accessed on February 22 2012 2012 Markle Foundation This work was originally published as part of the Markle Connecting for Health Common Framework Policies in Practice for Health Information Sharing and is made available subject to the terms of a License You may make copies of this work however by copying or exercising any other rights to the work you accept and agree to be bound by the terms of the License All copies of this work must reproduce this copyright information and notice PiP Overview The document you are reading is part of the Markle Connecting for Health Common Framework for Private and Secure Health Information Exchange Markle Common Framework The Markle Common Framework includes a set of foundational policy and technology guides published in 2006 In April 2012 a set of Policies in Practice was published to further specify these foundational documents and address a range of critical health information sharing implementation needs identified by experts working in the field Since the launch of Markle Connecting for Health in 2002 a nationwide interoperable private and secure health information sharing environment has become widely recognized as necessary for achieving high quality health care Such an environment in which information is available to enable each participant to make better health and health care decisions holds promise for dramatic improvement in the quality and cost effectiveness of care Those implementing health information sharing efforts1 quickly learn that achieving such a health information sharing environment for high quality cost effective care will require trust A recent survey commissioned by the Markle Foundation found that the privacy of health information is a significant concern for the American public and for doctors Overwhelming majorities of both groups expressed concerns about privacy and support privacy protective practices such as letting people see who has accessed their records notifying people affected by information breaches and giving people mechanisms to exercise choice and to correct their information 2 The Markle Connecting for Health Common Framework for Private and Secure Health Information Exchange Markle Common Framework published in 2006 describes a threshold set of policy and technology practices for health information sharing to establish core privacy principles sound network design and accountability and oversight while supporting variation and encouraging innovation A diverse group of health care leaders developed the principles policies and practices of the Markle Common Framework based on U S Fair Information Practice Principles FIPPs to lay a blueprint for an integrated and comprehensive framework of trust The Markle Connecting for Health Common Framework Policies in Practice for Health Information Sharing Policies in Practice is an addendum to the Markle Common Framework The Markle Common Framework schematic shows a visual representation of the relationship of these Policies in Practice resources to the original Markle Common Framework The Policies in Practice were developed through a collaborative process by a diverse group of health care leaders with hands on experience implementing health information sharing efforts including state health IT leaders legal experts technology experts and consumer representatives This compendium of practices further specifies the Markle Common Framework to address a range of critical implementation needs for health information sharing in today s rapidly changing environment The Policies in Practice address the following areas Key Laws and Regulations Changes Relevant to the Markle Common Framework Highlights modifications to relevant privacy laws over the last five years and addresses them in the targeted policy areas of the Markle Common Framework Consent Implementing the Individual Participation and Control Principle in Health Information Sharing Provides context for implementing the privacy principle of Individual Participation and Control and suggests ways for health information sharing efforts to establish their own policies and best practices Individual Access Connecting Patients with Their Health

    Original URL path: http://www.markle.org/publications?term_node_tid_depth=15&tid_1=All&date_filter[value]=&page=3 (2016-02-10)
    Open archived version from archive

  • Connecting Americans to their Health Care: Executive Summary | Markle | Advancing America's Future
    Our Book America s Moment Archive Media Releases Member Commentary President s Letters Videos About Markle Page Sections About Markle A Message from Zoë Baird Our Principles Our Impact Board of Directors Senior Team Our History Quick Links Conference Space Events Markle in the News Media Releases Past Initiatives President s Letters Rework America Page Sections About Rework America A Message from Rework America Opportunity for All Our Impact Initiative Members Expert Advisors Quick Links Rework America Connected Our Book America s Moment Initiative Overview Latest News Letters to Members Member Commentary Personal Stories Rework America Library Health Page Sections About Health Our Impact Steering Group Consumer Work Group HIE Committee Quick Links Blue Button Common Framework Health IT Health Library National Security Page Sections About National Security Post 9 11 Legacy Our Impact Task Force Quick Links National Security Library Reports and Recommendations Sharing and Collaboration The Lawfare Blog Library Quick Links Our Book America s Moment Archive Media Releases Member Commentary President s Letters Videos Connecting Americans to their Health Care Executive Summary Publication Date Thursday July 1 2004 Publication Source Markle From January 2004 through June 2004 within the framework of Phase II of Connecting for Health the Working Group on Policies for Electronic Information Sharing Between Doctors and Patients examined the barriers to adoption of interoperable health information systems that provide for significant patient access and control The Working Group encountered enthusiastic patients clinicians and technologists united in their passion to permit individuals to be more engaged and successful managers of their own health all of whom recognized that the long term goals of safe affordable and high quality healthcare are unlikely to be achieved without tools that permit patients and families to be more active and successful The review of these early PHR projects and

    Original URL path: http://www.markle.org/publications/892-connecting-americans-their-health-care-executive-summary (2016-02-10)
    Open archived version from archive

  • Electronic Health Data Exchanges: Patient and Consumer Principles for System Design | Markle | Advancing America's Future
    Library National Security Page Sections About National Security Post 9 11 Legacy Our Impact Task Force Quick Links National Security Library Reports and Recommendations Sharing and Collaboration The Lawfare Blog Library Quick Links Our Book America s Moment Archive Media Releases Member Commentary President s Letters Videos About Markle Page Sections About Markle A Message from Zoë Baird Our Principles Our Impact Board of Directors Senior Team Our History Quick Links Conference Space Events Markle in the News Media Releases Past Initiatives President s Letters Rework America Page Sections About Rework America A Message from Rework America Opportunity for All Our Impact Initiative Members Expert Advisors Quick Links Rework America Connected Our Book America s Moment Initiative Overview Latest News Letters to Members Member Commentary Personal Stories Rework America Library Health Page Sections About Health Our Impact Steering Group Consumer Work Group HIE Committee Quick Links Blue Button Common Framework Health IT Health Library National Security Page Sections About National Security Post 9 11 Legacy Our Impact Task Force Quick Links National Security Library Reports and Recommendations Sharing and Collaboration The Lawfare Blog Library Quick Links Our Book America s Moment Archive Media Releases Member Commentary President s Letters Videos Electronic Health Data Exchanges Patient and Consumer Principles for System Design Publication Date Tuesday October 11 2005 Improving health and health care depends upon accurate timely understandable and relevant information in the hands of consumers patients and health professionals where and when they need it To improve quality and prevent medical errors health care professionals must shift away from today s reliance on paper health records and adopt trustworthy methods to gather store and share patient data electronically electronic health data exchanges New technologies networks and organizations are emerging to provide greater electronic connectivity and data exchange across health care

    Original URL path: http://www.markle.org/publications/878-electronic-health-data-exchanges-patient-and-consumer-principles-system-design (2016-02-10)
    Open archived version from archive

  • Letter from the Personal Health Technology Council to the AHIC | Markle | Advancing America's Future
    Health Library National Security Page Sections About National Security Post 9 11 Legacy Our Impact Task Force Quick Links National Security Library Reports and Recommendations Sharing and Collaboration The Lawfare Blog Library Quick Links Our Book America s Moment Archive Media Releases Member Commentary President s Letters Videos About Markle Page Sections About Markle A Message from Zoë Baird Our Principles Our Impact Board of Directors Senior Team Our History Quick Links Conference Space Events Markle in the News Media Releases Past Initiatives President s Letters Rework America Page Sections About Rework America A Message from Rework America Opportunity for All Our Impact Initiative Members Expert Advisors Quick Links Rework America Connected Our Book America s Moment Initiative Overview Latest News Letters to Members Member Commentary Personal Stories Rework America Library Health Page Sections About Health Our Impact Steering Group Consumer Work Group HIE Committee Quick Links Blue Button Common Framework Health IT Health Library National Security Page Sections About National Security Post 9 11 Legacy Our Impact Task Force Quick Links National Security Library Reports and Recommendations Sharing and Collaboration The Lawfare Blog Library Quick Links Our Book America s Moment Archive Media Releases Member Commentary President s Letters Videos Letter from the Personal Health Technology Council to the AHIC Publication Date Monday March 6 2006 Publication Source Markle To Secretary Leavitt and the Members of the AHIC We the members of the Personal Health Technology Council commend your leadership in promoting Guiding Principles that emphasize consumer empowerment and the protection of personal health information We believe that these principles should inform the AHIC discussion and the process of developing policies for the emerging person centered networked health information environment We recognize that a clear and pragmatic approach that reflects fresh thinking and a deliberate participatory process will be

    Original URL path: http://www.markle.org/publications/868-letter-personal-health-technology-council-ahic (2016-02-10)
    Open archived version from archive



  •