P. 1
Rethinking the Role of Consent in Protecting Health Information Privacy

Rethinking the Role of Consent in Protecting Health Information Privacy


|Views: 5|Likes:
Published by Bart Collet
This paper advocates for a new generation of privacy protections that allow personal health information
to flow among health care entities for treatment, payment, and certain core administrative tasks without
first requiring patient consent, as long as there is a comprehensive framework of rules that governs
access to and disclosure of health data. Patient consent is one important element of this framework,
but relying on consent would do little to protect privacy. This paper also suggests how a framework of
protections can provide patients with more meaningful opportunities to make informed choices about
sharing their personal health information online.
This paper advocates for a new generation of privacy protections that allow personal health information
to flow among health care entities for treatment, payment, and certain core administrative tasks without
first requiring patient consent, as long as there is a comprehensive framework of rules that governs
access to and disclosure of health data. Patient consent is one important element of this framework,
but relying on consent would do little to protect privacy. This paper also suggests how a framework of
protections can provide patients with more meaningful opportunities to make informed choices about
sharing their personal health information online.

More info:

Published by: Bart Collet on Jan 28, 2009
Copyright:Attribution Non-commercial


Read on Scribd mobile: iPhone, iPad and Android.
download as PDF or read online from Scribd
See more
See less


C E N T E R F O R D E M O C R A C Y & T E C H N O L O G Y

Keeping the Internet Open, Innovative, and Free
1634 I St., NW, Suite 1100, Washington, DC 20006 • v. +1.202.637.9800. • f. +1.202.637.0968 • http://www.cdt.org
Rethinking the Role of Consent in
Protecting Health Information Privacy
January 2009
This paper advocates for a new generation of privacy protections that allow personal health information
to flow among health care entities for treatment, payment, and certain core administrative tasks without
first requiring patient consent, as long as there is a comprehensive framework of rules that governs
access to and disclosure of health data. Patient consent is one important element of this framework,
but relying on consent would do little to protect privacy. This paper also suggests how a framework of
protections can provide patients with more meaningful opportunities to make informed choices about
sharing their personal health information online.
SIovIy bul sureIy, lhe U.S. heaIlh syslem is undergoing ma|or changes in hov
palienls' heaIlh informalion is coIIecled, slored and shared. Iunding and
inilialives lo eslabIish eIeclronic heaIlh informalion exchange among providers,
as veII as belveen palienls and providers, are undervay. A consensus is
emerging lhal quaIily heaIlh care depends on easy access lo reIiabIe and
compIele palienl informalion. A number of crilicaI poIicy issues, hovever,
conlinue lo be lhorny, nol lhe Ieasl of vhich is hov lo fosler lhe fIov of heaIlh
informalion lo lreal palienls and pay for lheir care, as veII as lo improve lhe
quaIily of our heaIlh care syslem and more fuIIy engage palienls in lheir ovn
heaIlh care, vhiIe al lhe same safeguarding privacy and securily.
AIlhough nev innovalions in heaIlh informalion sharing hoId greal promise for
more effeclive and efficienl care, lhey aIso ampIify privacy risks. A syslem lhal
makes grealer voIumes of informalion avaiIabIe more efficienlIy lo improve care
viII be an allraclive largel for lhose vho seek personaI heaIlh informalion for
commerciaI gain or inappropriale purposes. A significanl ma|orily of lhe pubIic
has aIready expressed concern aboul lhe privacy risks associaled vilh heaIlh IT,
and poIicymakers viII find IillIe pubIic supporl for buiIding e-heaIlh syslems if
lhose concerns are nol addressed.
Il is essenliaI lhal a poIicy framevork enabIe lhe appIicalion of informalion
lechnoIogy for lhe improvemenl of heaIlh care vhiIe aIIoving peopIe lo make
meaningfuI choices aboul lhe sharing of lheir heaIlh informalion. Some
advocales have argued lhal requiring palienl consenl for every exchange vilhin
heaIlh care is lhe soIulion lo lhe privacy conundrum. Hovever, such an
C E N T E R F O R D E M O C R A C Y & T E C H N O L O G Y
approach viII, in effecl, provide fever privacy safeguards and impose grealer
burden on individuaIs, vhiIe undermining quaIily of care and access lo services.
Whal is needed is a nev generalion of privacy proleclions lhal aIIov personaI
heaIlh informalion lo fIov among heaIlh care enlilies for lrealmenl and
paymenl and cerlain Iimiled adminislralive lasks vilhoul requiring palienl
consenl upfronl. Such proleclions vouId aIso aIIov dala lo be galhered for
imporlanl heaIlh care quaIily and pubIic heaIlh purposes. Hovever, for mosl
uses oulside of lhis core heaIlh care environmenl, peopIe shouId be given lhe
opporlunily lo make meaningfuI, informed choices aboul hov lheir idenlifiabIe
heaIlh informalion is accessed, used and discIosed. SimiIarIy, vilh respecl lo
giving individuaIs grealer abiIily lo access and slore lheir ovn heaIlh
informalion, lhese consumer-facing looIs and services shouId simiIarIy provide
grealer palienl conlroI.
This paper begins vilh a summary of hov lhe currenl HIIAA Irivacy RuIe
deaIs vilh palienl consenl or aulhorizalion. An earIier version of lhe RuIe did
require consenl for a broad range of uses and discIosures of personaI heaIlh
informalion, bul lhe finaI version requires palienl aulhorizalion for a narrover
sel of uses and discIosures. WhiIe al lhe lime CDT's HeaIlh Irivacy Iro|ecl
agreed vilh privacy advocales vho vigorousIy opposed lhe narroving of lhe
consenl requiremenl, our lhinking has evoIved. As expIained in more delaiI
beIov, ve nov beIieve lhal overreIiance on consenl Ieads lo veak privacy
proleclion. Inslead of consenl for each and every use, e-heaIlh syslems shouId
be governed by a comprehensive framevork of ruIes, based on fair informalion
praclices, lhal fiII lhe gaps in exisling Iav, cIearIy sel forlh vho can access heaIlh
informalion and for vhal purposes, and are vigorousIy enforced. Ialienl
consenl is one componenl of lhis comprehensive sel of proleclions, and lhe
second haIf of lhe paper suggesls in vhich circumslances palienls musl be
provided vilh more meaningfuI opporlunilies lo make informed choices aboul
lhe sharing of lheir personaI heaIlh informalion on-Iine.
The Role of Individual Consent or Authorization under
the Privacy Rule
The HIIAA Irivacy RuIe is based on fair informalion praclices and sels forlh
specific ruIes governing access, use and discIosure of individuaIIy idenlifiabIe
heaIlh informalion (or prolecled heaIlh informalion (IHI)) heId or lransmilled
C E N T E R F O R D E M O C R A C Y & T E C H N O L O G Y
by ´covered enlilies,¨ vhich incIude heaIlh pIans, heaIlh care cIearinghouses,
and mosl heaIlh care providers vho submil heaIlh care cIaims eIeclronicaIIy.

In summary, lhe Irivacy RuIe permils covered enlilies

lo access, use and
discIose personaI heaIlh informalion vilhoul firsl oblaining a palienl's consenl
for purposes of lrealmenl,
and heaIlh care operalions.
The RuIe aIso
permils covered enlilies lo access, use and discIose personaI heaIlh informalion
vilhoul palienl consenl or aulhorizalion
for cerlain IavfuI pubIic heaIlh
purposes, as required by Iav, for reporling abuse or domeslic vioIence, for
heaIlh oversighl aclivilies, for |udiciaI and adminislralive proceedings, and
cerlain Iav enforcemenl purposes, as Iong as proper processes are foIIoved lhal
provide individuaIs an opporlunily lo inlervene. Covered enlilies may discIose
informalion lo famiIy members, and in heaIlh faciIily or office direclories, as
Iong as lhe palienl does nol ob|ecl.

1 SpecificaIIy, HIIAA appIies lo any heaIlh care provider vho lransmils heaIlh informalion in eIeclronic
form for lhose lransaclions for vhich lhe Secrelary has adopled slandards (i.e., lransaclion code sels). See
U.S. Deparlmenl of HeaIlh and Human Services (HHS), Office of CiviI Righls Irivacy ßrief, Summary of
lhe HIIAA Irivacy RuIe, hllp://vvv.hhs.gov/ocr/privacysummary.pdf (´Office of CiviI Righls Irivacy
ßrief, Summary of lhe HIIAA Irivacy RuIe¨).
2 Trealmenl is lhe provision, coordinalion, or managemenl of heaIlh care and reIaled services for an
individuaI by one or more heaIlh care providers, incIuding consuIlalion belveen providers regarding a
palienl and referraI of a palienl by one provider lo anolher. 45 C.I.R. §164.501.
3 Iaymenl incIudes aclivilies of a heaIlh pIan lo oblain premiums, delermine or fuIfiII responsibiIilies for
coverage and provision of benefils, and lo furnish or oblain reimbursemenl for heaIlh care deIivered lo a
palienl. 45 C.I.R. §164.501.
4 HeaIlh care operalions incIude: (1) Conducling quaIily assessmenl and improvemenl aclivilies,
popuIalion-based aclivilies reIaling lo improving heaIlh or reducing heaIlh care cosls, and case
managemenl and care coordinalion: (2) Revieving lhe compelence or quaIificalions of heaIlh care
professionaIs, evaIualing provider and heaIlh pIan performance, lraining heaIlh care and non-heaIlh care
professionaIs, accredilalion, cerlificalion, Iicensing, or credenliaIing aclivilies: (3) Undervriling and olher
aclivilies reIaling lo lhe crealion, renevaI, or repIacemenl of a conlracl of heaIlh insurance or heaIlh
benefils, and ceding, securing, or pIacing a conlracl for reinsurance of risk reIaling lo heaIlh care cIaims: (4)
Conducling or arranging for medicaI reviev, IegaI, and audiling services, incIuding fraud and abuse
deleclion and compIiance programs: (5) ßusiness IIanning and deveIopmenl, such as conducling cosl-
managemenl and pIanning anaIyses reIaled lo managing and operaling lhe enlily: and (6) ßusiness
managemenl and generaI adminislralive aclivilies, incIuding lhose reIaled impIemenling and compIying
vilh lhe Irivacy RuIe and olher Adminislralive SimpIificalion RuIes, cuslomer service, resoIulion of
inlernaI grievances, saIe or lransfer of assels, crealing de-idenlified heaIlh informalion or a Iimiled dala sel,
and fundraising for lhe benefil of lhe covered enlily. 45 C.I.R. §164.501.
5 The HIIAA Irivacy RuIe uses lhe lerm ´aulhorizalion¨ vhen referring lo inslances vhere palienl
consenl is required before informalion can be accessed, used or discIosed. Such aulhorizalions musl be in
vriling and conlain specific eIemenls. Throughoul lhis paper, ve use lhe lerm consenl lo refer generaIIy lo
requiring some form of palienl permission prior lo accessing heaIlh informalion: ve use lhe lerm
aulhorizalion vhen ve inlend lo refer lo lhe parlicuIar aulhorizalion requiremenls in lhe Irivacy RuIe. See
lhe appendix for a more delaiIed expIanalion of hov aulhorizalion and consenl are lrealed in lhe Irivacy
C E N T E R F O R D E M O C R A C Y & T E C H N O L O G Y
The Irivacy RuIe requires prior palienl aulhorizalion lo use personaI heaIlh
informalion for markeling purposes (aIlhough lhe definilion of markeling
incIudes some exceplions), and for lhe use of heaIlh informalion for mosl
research (excepl under cerlain circumslances). Iurlher, in recognilion of lhe
parlicuIar sensilivily of cerlain lypes of menlaI heaIlh dala, lhe RuIe prohibils
lhe discIosure of psycholherapy noles vilhoul palienl aulhorizalion excepl in
cerlain emergency silualions. ImporlanlIy, aII uses and discIosures of heaIlh
informalion lhal are nol addressed by a specific provision in lhe Irivacy RuIe
require prior palienl aulhorizalion. Covered enlilies seeking aulhorizalion for a
use or discIosure cannol deny lrealmenl or coverage lo lhose palienls vho
In addilion, HIIAA expressIy does nol preempl slale heaIlh dala
privacy Iavs lhal are more slringenl lhan HIIAA, lhus palienl consenl
provisions in slale Iav are preserved. Covered enlilies are aIso free lo
voIunlariIy adopl consenl poIicies lhal are more slringenl lhan lhose in lhe
Irivacy RuIe. Ior exampIe, a physician or hospilaI couId decide lo oblain
palienl consenl before sharing informalion for lrealmenl purposes or before
sending informalion lo lhe palienl's insurance company.
IinaIIy, covered enlilies are required lo provide individuaIs vilh a nolice of
lheir righls under lhe Irivacy RuIe and hov lheir informalion may be accessed,
used and discIosed for cerlain purposes vilhoul lheir consenl.
WhiIe such
enlilies musl allempl lo oblain signalures from individuaIs acknovIedging
receipl of lhe nolice, oblaining a signalure is nol required.

In sum, lhe overaII slruclure of lhe HIIAA Irivacy RuIe aIIovs personaI heaIlh
informalion lo be shared easiIy for a number of core heaIlh care funclions -
incIuding lrealmenl, paymenl, pubIic heaIlh, quaIily improvemenl, and heaIlh
oversighl ÷ as veII as lo meel cerlain needs of lhe IegaI syslem. Ior uses of
informalion oulside of lhose core funclions ÷ for exampIe, markeling and olher
commerciaI uses of palienl informalion ÷ aulhorizalion is required. ßy adopling
lhis generaI approach, lhe RuIe meels lhe needs of lhe heaIlh care syslem for
heaIlh dala lo fIov for a vide variely of heaIlh-reIaled purposes, vhiIe
preserving some palienl conlroI and requiring aulhorizalion for non-heaIlh care
OveraII, lhis approach slrikes lhe righl baIance belveen lhe needs of lhe
heaIlhcare syslem lo access informalion and lhe righls of palienls lo exercise
some conlroI over lhis highIy sensilive informalion. As lhe demands for access
lo personaI heaIlh dala expand, poIicymakers musl decide vhich funclions are

6 45 C.I.R. §164.508(b)(4).
7 45 C.I.R. §164.520(a) and (b).
8 45 C.I.R. §164.520(c)(2)(II). OnIy covered heaIlh care providers lhal have a direcl reIalionship vilh a
palienl are required lo make a good failh efforl al vrillen acknovIedgemenl.
C E N T E R F O R D E M O C R A C Y & T E C H N O L O G Y
core heaIlh funclions lhal shouId be aIIoved vilhoul requiring palienl consenl
and vhich shouId require prior palienl aulhorizalion.
The HeaIlh Irivacy Iro|ecl has nol aIvays endorsed lhis approach. As noled
above, an earIier version of lhe Irivacy RuIe, pubIished on December 28, 2000,
required prior palienl consenl for mosl rouline uses and discIosures of prolecled
heaIlh informalion.
Hovever, lhis version vas harshIy crilicized by members
of lhe heaIlh care induslry, vho argued lhal lhe requiremenls vouId hinder lhe
deIivery of lrealmenl, lhe processing of paymenls, and olher rouline aclivilies
by repealedIy requiring consenl lo be oblained.
In response, HHS issued a
nev version of lhe Irivacy RuIe on Augusl 14, 2002, vhich adopls lhe currenl

Some privacy advocales, incIuding severaI of lhe aulhors of lhis paper,
prolesled lhe change lo lhe ruIe because il vas perceived as a Ioss of palienl
A number of privacy advocales are sliII caIIing for reinslalemenl of lhe consenl-
based provisions from lhe earIier version of lhe RuIe. The posilion of CDT's
HeaIlh Irivacy Iro|ecl has evoIved. CDT endorses lhe approach in lhe currenl
RuIe vilhoul fuIIy embracing hov lhe approach has been appIied, as expIained
in more delaiI beIov. AIIoving informalion lo be shared among heaIlh care
enlilies vilhoul requiring prior consenl for a sel of core heaIlh funclions ÷ and
requiring aulhorizalion for uses and discIosures lhal are nol parl of lhis heaIlh
care ´core¨ - is good pubIic poIicy and prolecls privacy. Requiring consenl for
each and every use of heaIlh informalion vouId relurn informalion poIicy lo lhe
pre-HIIAA days, vhen, in the absence of privacy safeguards, providers and payers
required patients to sign broad authorizations and then used those authorizations to
justify broad information sharing. Those practices created a record of privacy violations
that led policymakers to focus on building privacy and security protections into HIPAA.
The originaI provisions requiring prior consenl for nearIy every use of heaIlh
informalion vouId have provided al besl onIy a perceplion of privacy, bul nol
meaningfuI privacy proleclion.
The seclion beIov provides a more delaiIed expIanalion of vhy over-reIiance on
consenl achieves very IillIe in lerms of privacy proleclion ÷ bul lhe lvo key
faclors are:

9 Slandards for Irivacy of IndividuaIIy IdenlifiabIe Informalion: IinaI RuIe, 67 Ied. Reg. 53,182 (Augusl 14,
2002), hllp://vvv.hhs.gov/ocr/hipaa/privruIepd.pdf (IinaI RuIe, 67 Ied. Reg. 53,182¨).
10 HHS, HIIAA IrequenlIy Asked Oueslions, Aboul lhe Irivacy RuIe (November 2006),
11 IinaI RuIe, 67 Ied. Reg. 53,182.
C E N T E R F O R D E M O C R A C Y & T E C H N O L O G Y
• !"#$%#&'(#)%*'&+%',*%-."($'-%*$."#'"/'&+%'0(1%'23$'#"&'4%3#.#5/(16''
Under lhe prior version of lhe ruIe, providers couId refuse lo lreal ÷ and
heaIlh pIans couId refuse lo cover ÷ any individuaI vho faiIed lo consenl
lo rouline uses of lheir heaIlh informalion. Thus, lhe pover given lo
palienls by requiring consenl for lrealmenl, paymenl, and operalions
vas iIIusory, because lhere vouId have been no meaningfuI righl lo
• !"#$%#&'(#)%*'&+%',*%-."($'-%*$."#'"/'&+%'0(1%'2"(1)'+3-%'+34,%*%)'
&+%',*"-.$."#'"/'3#)',374%#&'/"*'+%31&+'83*%6''If consenl vere required
for every rouline use, providers vouId be unabIe lo reviev a palienl's
record lo prepare for a visil, unIess lhe consenl covered such a use. Care
coordinalion among providers couId be disrupled, as providers vouId
need lo seek consenl over and over again. CIaims paymenls vouId be
deIayed, as providers delermined vhelher lhe consenl covered lhe
informalion required by lhe pIan for paymenl, and lhe pIan delermined
vhelher lheir consenl covered access lo informalion lo pay lhe parlicuIar
cIaim. ßecause covered enlilies vouId be heId responsibIe for accessing
or discIosing any informalion nol covered by a palienl's consenl form,
lhe ruIe vouId have eilher unnecessariIy chiIIed informalion-sharing
even for core heaIlh purposes Iike lrealmenl and paymenl or resuIled in
lhe use of broad bIankel consenls.
Comprehensive Policy Framework Protects Privacy
UnforlunaleIy, discussions aboul hov lo provide privacy proleclions for
eIeclronic heaIlh informalion have been driven by lhose seeking lo reinslale lhe
consenl provisions under lhe earIier version of lhe Irivacy RuIe. Iocusing on
vhal vas ´Iosl¨ in 2002 pils privacy againsl informalion sharing for imporlanl,
core heaIlh care funclions ÷ and bolh are crilicaI lo reaping lhe benefils of heaIlh
IT. Inslead, heaIlh and privacy advocales musl |oinlIy advance poIicy soIulions
lhal bolh buiId pubIic lrusl and promole lhe sharing of heaIlh informalion for
lrealmenl and improving our heaIlh care syslem. SpecificaIIy, heaIlh IT musl be
supporled by a comprehensive poIicy framevork lhal sels cIear paramelers for
access, use and discIosure of personaI heaIlh informalion for aII enlilies engaged
in e-heaIlh and lhal is vigorousIy enforced. Ialienl consenl is one imporlanl
eIemenl of lhis framevork ÷ bul il shouId nol be lhe Iinchpin of privacy
The efficienl and effeclive e-commerce markelpIace provides a cIear exampIe of
vhy a comprehensive poIicy framevork vorks beller lhan consenl aIone lo
eslabIish lrusl and faciIilale lhe sharing of personaI informalion. Today, peopIe
use credil cards and shop on-Iine, and many pay biIIs on-Iine. Hovever, lhese
C E N T E R F O R D E M O C R A C Y & T E C H N O L O G Y
syslems vork because enlilies engaged in e-commerce are required lo
impIemenl secure lechnoIogies lo lransfer financiaI informalion and because
federaI Iav Iimils our personaI IiabiIily if financiaI informalion is sloIen. The
consumer impIiedIy consenls up fronl by engaging in lhe lransaclion (|usl as a
palienl impIiedIy consenls up fronl by seeking care or enroIIing in an insurance
pIan). Hovever, lhe privacy and securily of lhese lransaclions is nol assured
because lhe individuaI's consenl is soughl every lime financiaI informalion
changes hands: il is assured because lhere is a framevork of ruIes lhal Iimils
access lo dala, punishes lhose vho vioIale lhe Iavs, and compensales
individuaIs vho suffer financiaI harm because lheir informalion is
inapproprialeIy accessed.
A comprehensive policy framework should implement core privacy principles
based on fair information practices, but it also should incorporate trusted network
design characteristics and establish strong oversight and accountability
System design and other technological features offer
opportunities to provide stronger protections for personal health information than
is possible with paper records. At the network level, electronic health
information exchange among providers and health plans can be achieved without
creating large, centralized databases that may be more vulnerable to breaches.
Strong user authentication and audit trails can control and track access to
electronic health information automatically, limiting inappropriate uses and
providing a mechanism for detecting those who inappropriately access records.
Encryption and other security tools, properly used, erect obstacles to sensitive
data access in the event of a breach.
However, such technologies will only be effective if deployed within a strong
policy framework. Decisions about technology and standards in the absence of
clear policies will de facto establish information policy – and likely will be
biased in favor of the interests of data holders. Employing stronger technological
safeguards will not build trust in e-health systems if policies permit overly broad
access to data. Ideally, security and other technical standards must implement a
policy infrastructure that promotes information sharing for core health functions
and protects privacy.

The HIIAA Irivacy RuIe refIecls fair informalion praclices. The reguIalions
provide a good slarling poinl for deveIoping lhe core privacy principIes, bul
lhey are inadequale even as lo lradilionaI heaIlh records and are inappropriale

12 See hllp://vvv.conneclingforheaIlh.org for a more delaiIed descriplion of lhe Common Iramevork.
Olher polenliaI sources for poIicy recommendalions incIude lhe GAO, lhe NalionaI Commillee on VilaI
and HeaIlh Slalislics (NCVHS) and lhe NalionaI Governor's Associalion Slale AIIiance for eHeaIlh.
13 See CaroI C. Diamond and CIay Shirky, HeaIlh Informalion TechnoIogy: A Iev Years Of MagicaI
Thinking` HeaIlh Affairs Web IxcIusive (Augusl 19, 2008).
C E N T E R F O R D E M O C R A C Y & T E C H N O L O G Y
lo cover lhe nev and rapidIy evoIving e-heaIlh environmenl. To buiId
consumer lrusl and ensure lhal heaIlh IT and eIeclronic heaIlh informalion
exchange move forvard vilh sufficienl proleclions for privacy and securily,
poIicymakers musl slrenglhen HIIAA for records kepl by lradilionaI heaIlh
syslem parlicipanls: fiII gaps in HIIAA's coverage vhere appropriale: eslabIish
addilionaI IegaI proleclions lo reach nev aclors in lhe e-heaIlh environmenl: and
address lhe increased migralion of personaI heaIlh informalion oul of lhe
lradilionaI heaIlhcare syslem.

Why Consent Alone Offers Inadequate Privacy
The abiIily of individuaIs lo exercise conlroI over lheir personaI heaIlh
informalion is one imporlanl eIemenl of privacy proleclion, and a
comprehensive privacy and securily framevork shouId sel oul circumslances
vhere palienl consenl or aulhorizalion musl be oblained. Hovever, consenl is
nol a panacea. As appeaIing as il may seem in concepl, in praclice over-reIiance
on consenl puls lhe burden for dala privacy on consumers and provides very
veak proleclion for personaI heaIlh informalion in a digilaI environmenl.
In isoIalion, vilhoul olher IegaI Iimils, mandaling consenl is more IikeIy lo Iead
lo overbroad informalion-sharing lhan lo lhe proleclion of palienl privacy.
Over-reIiance on consenl can confer disproporlionale bargaining pover on
providers and olhers seeking approvaI for discIosure. This is especiaIIy lrue if
palienls are offered aII-or-nolhing discIosure oplions in circumslances in vhich
lhey are unIikeIy lo vilhhoId consenl, or even lo undersland lhe choices lhey
are making. In parlicuIar, vhen palienls are seeking care or appIying for
insurance, lhey oflen aulhorize discIosures vilhoul a fuII apprecialion of lhe
scope of lheir consenl and vilh an inadequale underslanding of hov lheir
privacy is being prolecled.
Consenl oblained al lhe lime of receiving heaIlh services or signing up for
benefils is parlicuIarIy suspecl. The palienl's primary goaI al lhal momenl is lo
gel lrealed. To lhe palienl, lhe privacy of heaIlh informalion is peripheraI lo

14 Ior more informalion on hov HIIAA can be slrenglhened, see Cenler for Democracy & TechnoIogy
(CDT), Comprehensive Irivacy and Securily: CrilicaI for HeaIlh Informalion TechnoIogy (May 2008),
hllp://vvv.cdl.org/heaIlhprivacy/20080514HIframe.pdf (´CDT, Comprehensive Irivacy and Securily:
CrilicaI for HeaIlh Informalion TechnoIogy¨): CDT, Slalemenl of Deven McGrav before lhe House Inergy
and Commerce Commillee on lhe Discussion Drafl of HeaIlh Informalion TechnoIogy and Irivacy
LegisIalion (Iune 4, 2008), hllp://vvv.cdl.org/leslimony/20080604mcgrav.pdf: CDT, Slalemenl of Deven
McGrav before lhe Subcommillee on HeaIlh, Commillee on Ways & Means on Iromoling lhe Adoplion
and Use of HeaIlh Informalion TechnoIogy (IuIy 24, 2008), hllp://cdl.org/leslimony/20080724mcgrav.pdf
(´CDT, Ways & Means Teslimony¨).
C E N T E R F O R D E M O C R A C Y & T E C H N O L O G Y
lhal lransaclion. Ialienls are nol focused on lhe vays lheir informalion mighl be
used in lhe fulure. Il is queslionabIe vhelher a palienl is making an informed
choice in consenling lo discIosure al lhal lime.

The Iimils of consenl vere iIIuslraled recenlIy by reporls of heaIlh and Iife
insurers oblaining personaIIy idenlifiabIe prescriplion drug informalion from
commerciaI dala miners.
The reveIalion vas greeled vilh expressions of
concern, bul lhe lransaclions vere in facl based on consenl: individuaIs had
consenled lo lhe reIease of lheir dala as a condilion of insurance, and lhe dala
miners had oblained lhe drug records IegaIIy pursuanl lo lhal consenl.
SimpIy slaled, consenl is nol lhe sine qua non of privacy proleclion. Iqualing
privacy vilh consumer consenl reIieves lhe hoIders of palienl dala of lhe
responsibiIily for adopling comprehensive privacy proleclions. If lhe heaIlh
care induslry vere direcled simpIy lo soIve privacy concerns vilh consenl, il
vouId have Iess incenlive lo design and impIemenl syslems vilh lechnoIogicaI
and operalionaI proleclions for privacy. In olher vords, if induslry can reIy on
a consenl form lo aulhorize aII polenliaI uses and discIosures of personaI heaIlh
informalion, lhere is IillIe reason lo design nelvorks lo minimize risks lo
privacy, spend scarce resources on ensuring lhal syslems incorporale lhe Ialesl
securily lechnoIogies (such as encryplion or roIe-based access conlroIs), or lrain
slaff in lhe permilled uses and discIosures of heaIlh informalion. Iurlher, lhe
roIe of enforcemenl vouId be reduced lo a mere check on vhelher lhe use or
discIosure vas covered by lhe consenl form inslead of ensuring lhal dala
hoIders are foIIoving cIear ruIes regarding hov heaIlh informalion can be used
and discIosed.
The probIem is exacerbaled by consenl forms and privacy nolices lhal are
vrillen in Ianguage lhe average person cannol undersland. A ´consenl for
every use¨ approach means privacy viII depend on an individuaI's abiIily lo
read and fuIIy undersland a consenl form and lhe polenliaI uses of lheir heaIlh
informalion covered lherein. RareIy do individuaIs focus on lhe delaiIs of
consenl forms, and many do nol undersland lhem. Iurlher, many palienls
vrongIy assume lhal lhe exislence of a ´privacy poIicy¨ means lhal lheir

15 IrisciIIa Regan, The RoIe of Consenl in Informalion Irivacy Iroleclion, in Considering Consumer
Irivacy: A Resource for IoIicy Makers and Iraclilioners, ediled by IauIa ßruening, pg. 25 (2003),
16 Chad Terhune, They Knov Whal's In Your Medicine Cabinel, ßusiness Week, IuIy 23, 2008,
hllp://vvv.pnhp.org/nevs/2008/|uIy/lhey_knov_vhals_in_.php: see aIso IIIen Nakashima, Irescriplion
Dala Used To Assess Consumers, Washinglon Iosl, Augusl 4, 2008, hllp://vvv.vashinglonposl.com/vp-
C E N T E R F O R D E M O C R A C Y & T E C H N O L O G Y
personaI informalion viII nol be shared, even vhen lhe poIicy and lhe
accompanying consenl form say |usl lhe opposile.

Iven vhen forms are vrillen in simpIer Ianguage, loo oflen lhey are drafled lo
persuade palienls lhal compromising lheir privacy is lo lheir advanlage.
sheer voIume of forms lhal can confronl a palienl is aIso a faclor. Ialienls can
face ´consenl faligue¨ upon encounlering loo many consenl forms, and
informalion overIoad makes il Iess IikeIy lhal palienls viII even lry lo
undersland lhe lerms of discIosure.
Iresenled vilh fruslralingIy compIex
papervork, palienls are Iess IikeIy lo expend lhe efforl necessary lo undersland
lhe lerms of each form.

Strengthening the Role of Consent
Hovever, |usl because consenl aIone is an inadequale safeguard does nol mean
il has no roIe in prolecling privacy. Ialienl consenl shouId be vieved as one
eIemenl of a comprehensive framevork of privacy proleclions for personaI
heaIlh informalion, and any requiremenls for palienl consenl or aulhorizalion

17 NalhanieI Good, Rachna Dhami|a, Iens GIokkIags, David Thav, Sleven Aronovilz, Deirdre MuIIigan,
and Ioseph Konslan, Slopping Spyvare al lhe Gale: A User Sludy of Irivacy, Nolice and Spyvare,
hllp://vvv.icsi.berkeIey.edu/pubs/bcis/Spyvare.pdf: see aIso Ioseph Turov, Deidre K. MuIIigan, and
Chris Iay HoofnagIe, Research Reporl: Consumers IundamenlaIIy Misundersland lhe OnIine Adverlising
MarkelpIace, Universily of IennsyIvania Annenberg SchooI for Communicalions and UC ßerkeIey Lav's
SamueIson Lav, TechnoIogy & IubIic IoIicy CIinic (Oclober 2007),
18 Ior exampIe, a popuIar insurance company in lhe Washinglon, D.C. area recenlIy senl forms lo ils
enroIIees seeking lheir consenl lo parlicipale in a compIeling a ´free, confidenliaI survey,¨ lhal vouId
resuIl in lhe generalion of a ´confidenliaI personaI heaIlh profiIe¨ lhal couId be vieved anylime by lhe
individuaI and revieved vilh a physician. Al lhe very end of lhe Ieller vas lhe foIIoving:
AII personaI heaIlh informalion exchanged belveen you and |name of heaIlh profiIe company] viII be kepl
confidenliaI. The informalion viII onIy be shared vilh your group heaIlh pIan and/or your empIoyer for
purposes of adminislering lhe group heaIlh pIan.18
The Ieller lries lo assure pIan enroIIees lhal lheir informalion viII be kepl confidenliaI: bul il aIso aulhorizes
lhe use of lhe personaI heaIlh informalion provided by lhe enroIIee in compIeling lhe heaIlh profiIe for a
polenliaIIy broad range of ´adminislralive¨ aclivilies. The average consumer, vho doesn'l have a
sophislicaled underslanding of lhe heaIlh care syslem, is unIikeIy lo grasp lhe breadlh of uses lhal couId be
made of informalion voIunlariIy provided by lhe consumer vho is seeking lo oblain lhe benefils of
compIeling lhis profiIe. (Leller on IiIe vilh CDT).
19 Marie IoIIio, The Inadequacy of HIIAA's Irivacy RuIe: The IIain Language Nolice of Irivacy Iraclices
and Ialienl Underslanding, 60 N.Y.U. Ann. Surv. Am. L. 579 (2005),
20Amichai-Hamburger el aI., The Iffecls of Learned HeIpIessness on lhe Irocessing of a Iersuasive
Message, 22 Currenl IsychoIogy 1: 37- 46 (2003).
C E N T E R F O R D E M O C R A C Y & T E C H N O L O G Y
shouId be an ad|uncl lo cIear ruIes lhal Iimil hov lhe informalion can be
accessed, used and discIosed and lhal are adequaleIy enforced. There is much
lhal poIicymakers shouId do lo slrenglhen lhe roIe of palienl consenl. ßeIov ve
discuss hov lhe Irivacy RuIe can relain ils generaI approach - aIIoving core
heaIlh funclions lo lake pIace vilhoul requiring consenl - and yel sliII enhance
lhe roIe of individuaI conlroI in ils framevork of proleclions. Ior exampIe, ve
• Tighlening lhe definilion of ´markeling¨ in lhe HIIAA ruIe lo slrenglhen a
palienl's righl nol lo have personaI heaIlh informalion used for markeling
purposes vilhoul consenl:
• Narroving lhe calegory of heaIlh care operalions:
• Ixpanding consenl vilh respecl lo having informalion accessibIe lhrough
heaIlh informalion exchanges: and
• Slrenglhening lhe roIe of consenl in personaI heaIlh records.
Iach is discussed in more delaiI beIov.
IoIicymakers shouId aIso consider selling slandards or issuing guidance or besl
praclices for consenl, in order lo respond lo lhe Iimils and veaknesses of
consenl described in lhis paper. Ior exampIe, consenl shouId ideaIIy be parl of a
process of palienl educalion, nol |usl a form lo sign or a box lo check.
belveen provider and palienl can enhance underslanding of vhal is al slake in
giving or vilhhoIding consenl.
Consenl forms and privacy nolices aIso shouId
be simpIified and more readabIe.
The recenl and subslanliaI grovlh of heaIlh IT presenls an unprecedenled
opporlunily lo inlegrale consenl more fuIIy inlo lhe palienl experience, provide
individuaIs vilh meaningfuI consenl managemenl mechanisms, and move
beyond bIankel consenls lhal have deprived palienls of lhe more nuanced
choices necessary lo prolecling lhe privacy of heaIlh informalion in lhe digilaI
era. The same lechnoIogicaI crealivily and innovalion lhal have spurred lhe
deveIopmenl of eIeclronic heaIlh informalion can and shouId be appIied lo lhe
crealion of nexl-generalion consenl mechanisms and privacy conlroIs. A crilicaI
and compIemenlary lask lo lhal of crafling appropriale poIicy responses is
idenlifying hov lo besl Ieverage lechnoIogy lo pul individuaIs in conlroI of lheir
heaIlh informalion.

21 American MedicaI Associalion, Informed Consenl, hllp://vvv.ama-
22 SuniI KripaIani el aI., CIinicaI Research in Lov-Lileracy IopuIalions: Using Teach-ßack lo Assess
Comprehension of Informed Consenl and Irivacy Informalion, IRß: Ilhics & Human Research: Mar/Apr
2008, VoI. 30 Issue 2, p.13-19.
C E N T E R F O R D E M O C R A C Y & T E C H N O L O G Y
AIlhough HIIAA aIready prohibils use of heaIlh informalion for markeling
vilhoul palienl aulhorizalion, lhe definilion of markeling incIudes significanl
These exceplions permil lhe use of a palienl's personaI
informalion vilhoul consenl lo faciIilale communicalions from heaIlh care
providers and pIans lhal can be characlerized as palienl educalion (for exampIe,
informalion on lrealmenl aIlernalives, or benefil oplions, or care managemenl
looIs). As a resuIl, lhere are fev communicalions senl by HIIAA covered
enlilies lhal are nol covered by one of lhe exceplions. In facl, lhe onIy heaIlh-
reIaled communicalions lhal are cIearIy markeling ÷ and prohibiled vilhoul
express palienl aulhorizalion ÷ are lhose made direclIy by a lhird parly seIIing a
producl or service, vhere lhe covered enlily has provided lhe lhird parly vilh
lhe personaI informalion lhal faciIilales lhe making of lhe communicalion.

Hovever, if lhe communicalion aboul lhal same producl or service is senl by
lhe covered enlily lo lhe palienl, il is nol markeling ÷ even if lhe covered enlily
is paid by lhe lhird parly lo make lhe communicalion on ils behaIf.
Tighlening lhe ruIes regarding use of personaI heaIlh informalion for markeling
purposes vouId grealIy enhance palienl lrusl. A 2006 MarkIe Ioundalion sludy
examining individuaIs' vievs aboul having lheir heaIlh informalion on-Iine
shoved lhree-fourlhs of consumers vere concerned lhal lheir heaIlh
informalion vouId be used for markeling purposes.

IoIicymakers shouId cIose lhe reguIalory IoophoIe lhal aIIovs oulside enlilies lo
have lheir producls and services markeled lo palienls vilhoul lheir consenl.
IoIicymakers couId aIso narrov lhe definilion of markeling or more preciseIy
describe lhe lypes of communicalions lhal may be senl vilhoul aulhorizalion.
Ior exampIe, lhe RuIe couId permil lhe use of personaI informalion lo send
reminders lo palienls aboul refiIIing currenl prescriplions or gelling an annuaI
fIu shol in Iieu of a more broadIy vorded heaIlh exceplion lhal is easiIy
expIoiled. Ior communicalions lhal poIicymakers vanl lo exempl from
aulhorizalion because lhey are arguabIy beneficiaI lo a palienl's heaIlh,
poIicymakers aIso couId Iimil lhe lypes of personaI informalion lhal can be used
for lhis purpose lo mereIy demographic informalion (nol acluaI heaIlh
informalion), or lhey couId al Ieasl aIIov palienls lo opl-oul of lhese educalionaI
communicalions. AII of lhese oplions vouId give palienls grealer pover over
having lheir informalion used lo generale unvanled soIicilalions.

23 45 C.I.R. §164.501.
24 Office of CiviI Righls ßrief, Summary of lhe HIIAA Irivacy RuIe, p. 9-10.
25 Lake Research parlners, American Vievpoinl, and MarkIe Ioundalion, Survey Iinds Americans Wanl
IIeclronic IersonaI HeaIlh Informalion lo Improve Ovn HeaIlh Care (November 2006),
C E N T E R F O R D E M O C R A C Y & T E C H N O L O G Y
Under lhe currenl Irivacy RuIe, palienl consenl is nol required for covered
enlilies lo use personaI heaIlh informalion for heaIlh care operalions. The
definilions of lrealmenl and paymenl are reIaliveIy narrov: hovever, heaIlh
care operalions encompasses a much vider range of aclivilies, incIuding cerlain
adminislralive, financiaI, IegaI, and quaIily improvemenl aclivilies.
and consumer advocales have Iong been concerned lhal heaIlh care operalions
permils lhe use of personaI heaIlh informalion for a broader range of purposes
lhan shouId be permilled under fair informalion praclices.
Some have proposed requiring palienl consenl for heaIlh care operalions as a
vay lo Iimil lhe use of palienls' idenlifiabIe informalion for purposes beyond
vhal is fair and appropriale. Hovever, consislenl vilh lhe informalion-sharing
approach oulIined in lhis paper, palienl consenl shouId nol be required for
lhose aclivilies vilhin ´heaIlh care operalions¨ lhal are necessary lo supporl lhe
core heaIlh care funclions of lrealmenl and paymenl. Requiring consenl for
lhese core heaIlh care operalions is nol lhe correcl approach, for lvo key
reasons. Iirsl, providers and payers vouId IikeIy condilion lrealmenl or
paymenl on use of informalion for lhese purposes, because lhey are core lo
lrealmenl and paymenl. Second, covered enlilies mighl use consenl lo
circumvenl currenl ruIes lhal are designed lo minimize lhe amounl of dala
accessed or discIosed for a parlicuIar purpose. A broadIy vorded consenl for
use of informalion for operalions purposes couId resuIl in broader access lo or
discIosure of dala lhan occurs loday under lhe ´minimum necessary¨ slandard
in lhe RuIe.
HHS shouId re-examine lhe heaIlh care operalions definilion vilh a framevork
approach in mind, aIIoving uses vilhoul consenl for a core sel of heaIlh care
operalions, sub|ecl lo lhe minimum necessary slandard, and requiring palienl
aulhorizalion for lhose lhal may be desirabIe bul are nol necessary lo faciIilale
core lrealmenl and paymenl funclions. HHS shouId aIso consider crafling more
narrov definilions of, or providing more delaiIed guidance regarding, some of
lhe broad lerms used in heaIlh care operalions (such as ´case managemenl and
care coordinalion¨) lo ensure lhey are defined lo incIude onIy core funclions.
Iurlher, HHS shouId consider vhelher fuIIy idenlifiabIe palienl dala is needed
lo accompIish aII of lhe aclivilies currenlIy incIuded in heaIlh care operalions,
and vhelher dala scrubbed of common palienl idenlifiers, vhich provides
grealer privacy proleclion for palienls, couId serve covered enlilies' needs lo
access dala vilhoul being unduIy burdensome. Ior exampIe, loday covered
enlilies may use fuIIy idenlifiabIe dala for quaIily assessmenl and improvemenl
aclivilies, peer reviev of heaIlh professionaIs, accredilalion or credenliaIing,
performing audils, and business pIanning. Ior each of lhese aclivilies, covered

26 See foolnole 4 for lhe definilion of heaIlh care operalions.
C E N T E R F O R D E M O C R A C Y & T E C H N O L O G Y
enlilies need access lo dala aboul lhe care lhal vas provided, bul in mosl cases
lhey do nol need informalion lhal is idenlified lo a parlicuIar palienl. Using
dala lhal has been slripped of key palienl idenlifiers can heIp prolecl privacy
vhiIe aIIoving lhe use of dala for imporlanl heaIlh-reIaled funclions. The
Irivacy RuIe incIudes provisions for lvo lypes of anonymized dala ÷ lhe Iimiled
dala sel and de-idenlified dala. Hovever, lhese dala sels IikeIy require lhe
masking of loo much dala lo be usefuI for many operalions purposes. HHS
shouId examine addilionaI oplions for use of dala slripped of common palienl
idenlifiers for operalions purposes.
Expanding Consent with Respect to Data Accessible Through Health
Information Exchanges
The vehicIes for eIeclronic heaIlh care informalion exchange provide addilionaI
opporlunilies lo slrenglhen lhe roIe of consumer consenl in e-heaIlh. Slale and
regionaI eIeclronic heaIlh informalion exchanges ÷ oflen caIIed RegionaI HeaIlh
Informalion Organizalions (or RHIOs) or HeaIlh Informalion Ixchanges (HIIs)
÷ lypicaIIy faciIilale lhe eIeclronic exchange of personaI heaIlh informalion
among providers and oflen belveen providers and pIans. The modeIs for lhese
exchange enlilies are sliII in deveIopmenl, bul HHS' overaII pIan (begun during
lhe ßush Adminislralion) is lhal lhese enlilies viII be Iinked up lo form lhe
NalionaI HeaIlh Informalion Nelvork (NHIN), vhich viII provide a secure,
nalionvide, inleroperabIe heaIlh informalion infraslruclure connecling
providers, consumers, and olhers invoIved in supporling heaIlh and

ßul vhiIe RHIOs and HIIs may change lhe heaIlh care Iandscape by improving
care and decreasing cosls, issues reIaled lo privacy and securily presenl
subslanliaI chaIIenges and even barriers for lhese exchanges. Il is imperalive
lhal adequale poIicies and slandards are in pIace lo prolecl lhe privacy of
palienls vhose informalion is heId in, managed by, or exchanged lhrough a
heaIlh informalion exchange. In selling appropriale privacy and securily
poIicies and slandards for heaIlh informalion exchanges, poIicymakers musl
consider lhe degrees of risk posed by lhe differenl exchange modeIs. The
archileclure of a parlicuIar exchange raises differenl privacy and securily risks,
vhich require laiIored poIicy responses lo approprialeIy address lhem. Ior
exampIe, lhe MarkIe Ioundalion's Common Iramevork Resources for
ImpIemenling Irivale and Secure HeaIlh Informalion Ixchange, reIeased in
2006, sels forlh differenl lypes of poIicies nelvorks can adopl lo prolecl palienl
privacy and securily. Ior exchange among providers and pIans, lhe Common
Iramevork recommends a ´nelvork of nelvorks¨ approach lhal heIps ensure

27 HHS, Cenlers for Medicare & Medicaid Services, Are you a Covered Inlily`,
C E N T E R F O R D E M O C R A C Y & T E C H N O L O G Y
lhe privacy and securily of informalion being exchanged.
SpecificaIIy, lhe
heaIlh informalion remains slored vilh lhe providers and inslilulions lhal have
lhe direcl reIalionships vilh palienls. Those enlilies make decisions, consislenl
vilh appIicabIe Iav, regarding poIicies for heaIlh informalion sharing - i.e., lhey
relain IegaI responsibiIily for lhe personaI heaIlh informalion lhey mainlain and
make IocaI delerminalions aboul vhal informalion viII be shared lhrough lhe
Al a minimum, heaIlh informalion exchanges shouId be required lo compIy
vilh HIIAA privacy and securily reguIalions, eilher as covered enlilies or
business associales depending on lheir slruclure and funclions. Ior exampIe,
exchanges lhal mereIy faciIilale lhe exchange of dala among covered enlilies
shouId be reguIaled as business associales for lhose aclivilies: exchanges lhal
coIIecl and slore dala or have independenl righls vilh respecl lo lhe dala lhey
hoId shouId be covered enlilies. (This is a simiIar approach lo hov lhe Irivacy
RuIe lreals heaIlhcare cIearinghouses.) RecenlIy, HHS issued guidance slaling
lhal exchanges lhal lransmil dala among covered enlilies musl be business
associales of lhose enlilies.
AIlhough lhis guidance is veIcome and Iong
overdue, il does nol address lhose exchanges lhal slore dala or lhal have
independenl righls lo access or discIose dala.
Hovever, ensuring lhal lhese exchanges are sub|ecl lo HIIAA ruIes is nol
sufficienl. HeaIlh informalion exchanges are sliII a nascenl seclor and lheir
business modeI is in fIux.
AIlhough lhese nev exchanges lypicaIIy begin by
coIIecling palienl dala onIy for lrealmenl purposes, many are Iearning lhal il is
difficuIl lo generale sufficienl operaling income lhrough dala exchange, and aIso
some are Iooking al lerliary uses of dala lo generale income. ßecause such uses
may one day become lhe induslry norm, and because of lhe ´game-changing¨
nalure of lhese nelvorks, il is prudenl lo aIso require palienl aulhorizalion as a
safeguard earIy in lheir deveIopmenl. Ialienls shouId be given a choice for uses
or exchanges of lheir informalion for purposes olher lhan lheir lrealmenl.
Ixchanges lhal do nol provide palienls vilh a meaningfuI choice shouId be
Iimiled lo sharing informalion for lrealmenl purposes onIy.
The Irivacy RuIe provides palienls vilh a righl lo requesl a reslriclion on lhe
uses and discIosures of lheir IHI for lrealmenl, paymenl or heaIlh care

28 MarkIe Ioundalion, Connecling for HeaIlh, hllp://vvv.conneclingforheaIlh.org.
29 HHS, Office of CiviI Righls, The HIIAA Irivacy RuIe and HeaIlh Informalion TechnoIogy,
30 Nev York Slalevide CoIIaboralion Irocess (SCI) and Nev York HeaIlh Informalion Securily and
Irivacy CoIIaboralion (HISIC), Recommendalions for Slandardized Consumer Consenl IoIicies and
Irocedures for RHIOs in Nev York lo Advance InleroperabIe HeaIlh Informalion Ixchange lo Improve
Care (Seplember 2008)(copy on fiIe vilh CDT)(´SCI and HISIC, Recommendalions for Slandardized
Consumer Consenl IoIicies and Irocedures for RHIOs in Nev York¨).
C E N T E R F O R D E M O C R A C Y & T E C H N O L O G Y
operalions, discIosure lo persons invoIved in a palienl's heaIlh care or paymenl
for care, or discIosure lo nolify famiIy members or olhers aboul lhe palienl's
generaI condilion, Iocalion, or dealh.
Hovever, covered enlilies are under no
obIigalion lo honor such requesls.
If a covered enlily does agree lo lhe requesl,
il musl compIy vilh agreed-upon reslriclions, excepl for purposes of lrealing
lhe palienl in a medicaI emergency.
Thus, if exchanges vere sub|ecl lo lhe
Irivacy RuIe, lhey vouId nol be required lo provide palienls vilh a righl lo
consenl lo having lheir dala incIuded in lhe exchange or lo honor any requesls
lo reslricl access lo dala via an exchange.
Wilhoul a meaningfuI righl lo reslricl dala, individuaIs vilh heighlened
concerns aboul having lheir personaI heaIlh informalion accessibIe lhrough a
regionaI or slalevide exchange, or lhe NalionaI HeaIlh Informalion Nelvork,
are Iefl vilhoul any recourse. They may be more IikeIy lo engage in ´privacy
proleclive¨ behaviors, incIuding paying oul-of-pockel for services, visiling
physicians oul of lhe nelvork, or sleering cIear of care aIlogelher, lo avoid lhe
risks associaled vilh having lheir personaI heaIlh informalion more easiIy
accessed lhrough a heaIlh informalion exchange.
A number of experls are recommending lhal palienls have some righl lo conlroI
vhelher or nol lheir informalion is incIuded in an eIeclronic exchange ÷ and a
number of exchanges are impIemenling poIicies and praclices lhal supporl some
IeveI of palienl consenl. The MarkIe Common Iramevork for HeaIlh
Informalion Ixchange recommends giving palienls conlroI by aIIoving lhem lo
creale a second or lhird idenlily for records lhey vanl lo keep oul of lhe
nelvorked eIeclronic records exchange.
In 2006, lhe NalionaI Commillee on
VilaI and HeaIlh Slalislics (NCVHS) recommended lhal HHS assess lhe
´desirabiIily and feasibiIily of aIIoving individuaIs lo conlroI access lo lhe
specific conlenl of lheir heaIlh records via lhe NHIN, and, if so, by vhal
appropriale means.¨
NCVHS foIIoved up earIy in 2008 recommending lhal
individuaIs have lhe righl lo keep cerlain sensilive calegories of heaIlh
informalion oul of a heaIlh informalion exchange.
Under NCVHS' proposed

31 45 C.I.R. §164.522(a)(1)(ß).
32 45 C.I.R. §164.522(a)(1)(ß)(ii).
33 45 C.I.R. §164.522(a)(1)(ß)(iii). In addilion, a reslriclion agreed lo by a covered enlily is nol effeclive
under lhis subparl lo prevenl uses or discIosures permilled or required under §164.502(a)(2)(ii),
§164.510(a), or §164.512. 45 C.I.R. §164.522(a)(1)(ß)(v).
34 MarkIe Ioundalion, Connecling for HeaIlh, hllp://vvv.conneclingforheaIlh.org/.
35 NalionaI Commillee on VilaI and HeaIlh Slalislics (NCVHS), Leller lo lhe Secrelary, Recommendalions
regarding Irivacy and ConfidenliaIily in lhe Nalionvide HeaIlh Informalion Nelvork, (Iune 22, 2006),
36 NCVHS, IndividuaI conlroI of sensilive heaIlh informalion accessibIe via lhe Nalionvide HeaIlh
Informalion Nelvork for purposes of lrealmenl (Iebruary 20, 2008), hllp://ncvhs.hhs.gov/080220Il.pdf.
C E N T E R F O R D E M O C R A C Y & T E C H N O L O G Y
approach, heaIlhcare providers accessing an individuaI's record lhrough an
exchange vouId nol see any informalion in lhe reslricled calegory, lhough
individuaIs vouId have lhe furlher oplion of consenling lo a specific provider's
access lo lhe sequeslered informalion.
Iroviders vouId see a nolalion in lhe
record indicaling lhal informalion vas bIocked: NCVHS Iefl for furlher
discussion vhelher lhe nolalion shouId be generaI or shouId indicale lhe
calegory of informalion bIocked.
NCVHS acknovIedged lhal impIemenling
lhe recommendalion vouId be chaIIenging bul argued lhal offering palienls lhis
IeveI of individuaI conlroI vas vorlh lhe underlaking.

Currenl consenl praclices of exchanges across lhe counlry vary. Ior exampIe, as
of mid-2008, lhe Regenslrief-adminislered Indiana Nelvork for Ialienl Care
does nol require palienl consenl for parlicipalion in lhe exchange.
Ralher, palienls vho vish lo opl oul musl approach lheir provider for a HIIAA
requesl for reslriclion, vhich pursuanl lo lhe Irivacy RuIe does nol have lo be
granled. Hovever, physicians are nol required lo incIude a palienl's record in
lhe exchange: lhus, a provider may honor a palienl requesl lhal her records nol
be accessibIe lhrough lhe nelvork by nol upIoading or making lhem avaiIabIe lo
lhe exchange al lhe oulsel.
One lype of record is calegoricaIIy excIuded: INIC
does nol coIIecl or lransmil psycholherapy noles.
Nevada and Wisconsin aIso
do nol require palienl consenl lo exchange heaIlh informalion for lrealmenl

The Tennessee-based MidSoulh HeaIlh AIIiance
aIso does nol require palienl
consenl for ils dala exchange. Inslead, MidSoulh provides palienls vilh a
nolificalion form and aIIovs lhem lo opl-oul of lhe exchange al lhe hospilaI or
cIinic IeveI.
MidSoulh aIso has an exceplion lo ils generaI ruIe, as il operales a
DNA dalabank on an opl-in basis.
Olher exampIes of consenl praclices incIude Nev York, vhere a palienl musl
consenl lo lhe exchange of heaIlh informalion in lhe slalevide exchange SHIN-

37 Id.
38 Id al 5-6.
39 Id al 10.
40 Regenslrief Inslilule, Indiana Nelvork for Ialienl Care,
41 Id.
42 Id.
43 Krislin Rosali, Arizona HeaIlh-e Conneclion, Summary of Olher HII Approaches (Seplember 2008)(copy
on fiIe vilh CDT).
44 MidSoulh HeaIlh AIIiance, hllp://vvv.midsoulheha.org.
45 Id.
C E N T E R F O R D E M O C R A C Y & T E C H N O L O G Y
NY for non-emergency lrealmenl.
Rhode IsIand requires consenl for reIease of
heaIlh informalion lo lhe slale exchange and for provider access lo heaIlh
informalion in lhe exchange, vilh some exceplions.

In lhe absence of a nalionaI poIicy regarding consenl, muIlislale coIIaboralions
are vorking lo crafl soIulions. The HeaIlh Informalion Securily and Irivacy
CoIIaboralive (HISIC), eslabIished by RTI InlernalionaI in Iune 2006 under a
conlracl from HHS, vas formed lo address lhe privacy and securily chaIIenges
presenled by eIeclronic heaIlh informalion exchange.
In ApriI 2008 HISIC
began ils lhird phase, and nov incIudes 42 slales and lerrilories.
This Ialesl
phase is focusing on: 1) anaIyzing consenl dala eIemenls in slale Iav: 2)
sludying inlraslale and inlerslale consenl poIicies: 3) deveIoping looIs lo heIp
harmonize slale privacy Iavs: 4) deveIoping looIs and slralegies lo educale and
engage consumers: 5) recommending basic securily poIicy requiremenls: and 6)
deveIoping inler-organizalionaI agreemenls.
The resuIls of lhis vork couId
heIp inform poIicymakers al lhe IocaI, slale and nalionaI IeveIs.
Il may be premalure lo mandale a parlicuIar palienl consenl modeI al lhe
federaI IeveI lhal vouId appIy lo aII exchanges. Hovever, poIicymakers have
an imporlanl roIe lo pIay in lhe deveIopmenl of privacy and securily slandards
lo govern heaIlh informalion exchanges. Ixchanges may offer improvemenls lo
an increasingIy fragmenled and coslIy heaIlh care syslem, bul lhe risks of such
exchange are paIpabIe. In addilion lo ensuring lhal lhere is a slrong framevork
of ruIes governing lhe aclivilies of lhese exchanges, lhere are specific sleps
poIicymakers can lake lo expand consenl vilh respecl lo heaIlh informalion
exchange. Ior exampIe, lhey can require IocaI exchanges lo deveIop poIicies on

46 Nev York IubIic HeaIlh Lav, Seclion 18, requires consenl for use of informalion for aII purposes excepl
in an emergency: lhus, Nev York officiaIs concIuded lhal ils informalion exchanges vouId be opl-in. See
SCI and HISIC, Recommendalions for Slandardized Consumer Consenl IoIicies and Irocedures for
RHIOs in Nev York.
47 Rhode IsIand HeaIlh Informalion Ixchange,
48 HeaIlh Informalion Securily & Irivacy CoIIaboralion, hllp://privacysecurily.rli.org/: see aIso
49 During Ihase 1, lhe 34 parlicipaling slales and lerrilories (1) assessed varialions in organizalion-IeveI
business poIicies and slale Iavs lhal affecl heaIlh informalion exchange: (2) idenlified and proposed
praclicaI soIulions, vhiIe preserving lhe privacy and securily requiremenls in appIicabIe federaI and slale
Iavs: and (3) deveIoped delaiIed pIans lo impIemenl soIulions. In Ihase 2, each of lhe 34 parlicipanls
seIecled a foundalionaI componenl of lheir Iarger impIemenlalion pIan lo be compIeled in a 6-monlh lime
frame. During lhis phase, addilionaI slales and lerrilories vere encouraged lo parlicipale in HISIC's lhird
phase, vhich incIudes seven muIlislale coIIaboralive privacy and securily pro|ecls, and vhich began in
ApriI 2008. Id.
50 Id.
C E N T E R F O R D E M O C R A C Y & T E C H N O L O G Y
palienl consenl, and ensure lhal palienl and consumer organizalions have
meaningfuI roIes in deveIoping lhese poIicies. Iurlher, empIoymenl, insurance
coverage, or lrealmenl shouId nol be condilioned on palienl parlicipalion in an
eIeclronic exchange nelvork.
IersonaI heaIlh records (IHRs), vhich give consumers a mechanism for sloring
and sharing lheir ovn (or a famiIy member's) heaIlh informalion, provide
unique opporlunilies lo gel consumers more engaged in lheir ovn heaIlh care.
The informalion in a IHR may be a copy of a record dovnIoaded or senl by a
provider or pIan, or lhe palienl may enler il. There is no singIe common
definilion or modeI of a IHR.
A variely of lypes are being offered lo
consumers loday ÷ ranging from Inlernel-based heaIlh informalion pIalforms
being offered by GoogIe, Microsofl, and Dossia: lo IHRs offered by Kaiser
Iermanenle and olher payers and providers: lo heaIlh record banks, vhich are
independenl organizalions lhal furnish a secure eIeclronic reposilory for sloring
and mainlaining a palienl's medicaI and olher heaIlh records.

The HIIAA Irivacy RuIe covers IHRs offered by enlilies covered by HIIAA.

Inlernel-based IHRs suppIied by GoogIe, Microsofl, and Dossia are nol covered
by lhe RuIe, vhich means lhal lhe informalion in lhe IHR is nol prolecled by
any federaI heaIlh informalion privacy Iav.
CDT has argued againsl
appIicalion of lhe HIIAA Irivacy RuIe lo consumer-based heaIlh informalion
looIs and services. Inslead, lhe IederaI Trade Commission (ITC) and HHS

51 NCVHS, IersonaI HeaIlh Records and IersonaI HeaIlh Record Syslems (Iebruary 2006),

52 WiIIiam A. Yasnoff, IIeclronic Records are Key lo HeaIlh-Care Reform, ßusiness Week,

53 HHS, Office of CiviI Righls, IersonaI HeaIlh Records and The HIIAA HeaIlh Irivacy RuIe,

54 A variely of federaI and slale Iavs may appIy lo companies lhal offer IHRs lo consumers, incIuding
federaI and slale consumer proleclion Iavs enforced by lhe IederaI Trade Commission and slale consumer
proleclion agencies, and slale conlracl and negIigence (lorl) Iav enforced lhrough Iiligalion. ßroadIy
speaking, lhese Iavs require companies offering IHRs lo be fair in hov lhey adverlise fealures of lheir
IHRs and in hov lhey expIain lhe ruIes of use, Iimilalions, and risks of lheir IHR syslems. See
hllp://vvv.heaIlhprivacy.org/. Some IHRs aIso may be sub|ecl lo lhe provisions of lhe IIeclronic
Communicalions Irivacy Acl and Slored Communicalions Acl, vhich primariIy reguIale governmenl
access lo eIeclronic communicalions and records. None of lhese Iavs is sufficienl lo provide
comprehensive proleclions for consumers using IHRs, a concIusion CDT viII expIain in more delaiI in a
separale paper on IHRs lhal viII be pubIished in earIy 2009.

C E N T E R F O R D E M O C R A C Y & T E C H N O L O G Y
shouId deveIop privacy and securily requiremenls for IHRs lhal largel lhe
unique privacy risks faced by consumers using IHRs.

ßul, regardIess of vhelher a IHR is covered by lhe Irivacy RuIe, lhe mosl
common IHR modeIs loday are giving consumers soIe or a high degree of
conlroI over lhe personaI heaIlh informalion conlained in lhe IHR accounl.

Since lhe purpose of IHRs is lo give consumers looIs lhey can use lo mainlain
and improve lheir heaIlh (and lhe heaIlh of lheir famiIy members), il is crilicaI
lhal IHRs conlinue lo offer consumers lhe highesl possibIe degree of conlroI
over lheir informalion ÷ and pubIic poIicies shouId reinforce lhis lrend. In 2008
lhe MarkIe Ioundalion's Connecling for HeaIlh inilialive reIeased a nev
Common Iramevork specificaIIy for consumer-facing lechnoIogies Iike IHRs.
The ´Common Iramevork for Nelvorked IersonaI HeaIlh Informalion¨
recommends lhal no informalion in lhe IHR be accessed or discIosed vilhoul
lhe consumer's consenl. The Common Iramevork aIso incIudes
recommendalions lo make such consenl more meaningfuI (for exampIe, by
recommending lhal il be readabIe as veII as amendabIe, revocabIe and
CDT's HeaIlh Irivacy Iro|ecl aIso vorked vilh a group of
empIoyers lo deveIop ßesl Iraclices for ImpIoyers Offering IHRs.
These ´besl
praclices,¨ reIeased in 2007, aIso incIude giving individuaIs (empIoyees) conlroI
over vho has access lo informalion in lheir IHR.

NCVHS aIso has recommended lhal consumers have lhe righl lo make an
informed choice concerning lhe uses of lheir personaI informalion vhen signing
up lo use any personaI heaIlh record producls or services.
Iurlher, lhe
ConfidenliaIily, Irivacy and Securily Workgroup of lhe American HeaIlh
Informalion Communily (AHIC) recenlIy recommended lhal uses and
discIosures of personaI heaIlh informalion in IHRs be sub|ecl lo consumer
and lhe eHeaIlh Inilialive's ßIueprinl: ßuiIding Consensus for

55 CDT, Comprehensive Irivacy and Securily: CrilicaI for HeaIlh Informalion TechnoIogy: see aIso CDT,
Ways & Means Teslimony.
56 See hllp://vvv.googIe.com/inlI/en-US/heaIlh/aboul/privacy.hlmI:
57 MarkIe Ioundalion, Connecling for HeaIlh, Common Iramevork for Nelvorked IersonaI HeaIlh
Informalion, hllp://vvv.conneclingforheaIlh.org/phli/.
58 See hllp://vvv.cdl.org/heaIlhprivacy/ for more informalion on lhis inilialive.
59 The ImpIoyers' Working Group on IHRs, vhich vas convened by lhe CaIifornia HeaIlhcare
Ioundalion and IßM and slaffed by lhe HeaIlh Irivacy Iro|ecl, incIuded DeII, GoogIe, Hevill Associales,
lhe MarkIe Ioundalion, Omnimedix Inslilule, Ifizer, Iilney ßoves, RevoIulion HeaIlh, WaI-Marl, and
60 NCVHS, IersonaI HeaIlh Records and IersonaI HeaIlh Record Syslems (Iebruary 2006),
61 Leller from CIS Workgroup lo HHS Secrelary Leavill (Seplember 23, 2008),
C E N T E R F O R D E M O C R A C Y & T E C H N O L O G Y
Common Aclion aIso incIuded provisions recommending consumer conlroI for
informalion in IHRs.

Nolvilhslanding lhe slrong roIe for consenl in lhese consumer-facing heaIlh IT
modeIs, CDT does nol recommend reIying on consenl as lhe soIe mechanism for
prolecling lhe privacy of personaI heaIlh informalion slored in or shared
lhrough lhese looIs, for aII of lhe reasons discussed in lhis paper. The MarkIe
Common Iramevork for Nelvorked IersonaI HeaIlh Informalion aIso sels forlh
a sel of privacy principIes for IHR providers, vhelher or nol lhey are covered
CDT has endorsed lhese principIes, as have ma|or IHR vendors
and a number of consumer organizalions.
The Cerlificalion Commission for
HeaIlh IT (CCHIT), vhich is seeking lo cerlify IHR syslems for lheir privacy
and securily fealures, is reIying on lhis Common Iramevork in deveIoping ils
cerlificalion crileria.
The ImpIoyer ßesl Iraclices for IHRs referenced earIier
couId aIso be used by poIicymakers lo crafl appropriale IegaI proleclions.
CDT's specific recommendalions for IegaI proleclions for personaI heaIlh
informalion in IHRs viII be deaIl vilh in more delaiI in a separale paper lo be
pubIished in earIy 2009.
Ialienls' abiIily lo exercise conlroI over lheir heaIlh care informalion is an
inlegraI parl of heaIlh informalion privacy, parlicuIarIy as lhe heaIlh care
syslem undergoes change in hov heaIlh informalion is coIIecled, slored, and
shared. Hovever, consenl shouId nol be lhe anchor for prolecling privacy.
Requiring consenl for every exchange vilhin heaIlh care vouId provide fever
privacy safeguards and impose a grealer burden on palienls, vhiIe
undermining quaIily of care and access lo heaIlh care services.
CDT advocales a nev generalion of privacy proleclions lhal aIIov personaI
heaIlh informalion lo easiIy fIov for lrealmenl, paymenl, and cerlain core
adminislralive lasks vilhoul requiring palienl consenl, vilh more meaningfuI

62 eHeaIlh Inilialive ßIueprinl, Ihase 1 (Oclober 10, 2007),
63 MarkIe Ioundalion, Connecling for HeaIlh, CI3: Consumer Consenl lo CoIIeclions, Uses, and
DiscIosures of Informalion, hllp://vvv.conneclingforheaIlh.org/phli/reporls/cp3.hlmI.
64 Indorsers incIude AARI, America's HeaIlh Insurance IIans, Dossia, GoogIe, Inluil, Microsofl, lhe
NalionaI Iarlnership for Women & IamiIies, and WebMD.
65 Cerlificalion Commission for HeaIlh Informalion TechnoIogy IersonaI HeaIlh Records Work Group,
Inlroduclion lo Iirsl Drafl 09 Crileria (Seplember 29, 2008),
C E N T E R F O R D E M O C R A C Y & T E C H N O L O G Y
consenl required in cerlain key conlexls. There musl be a comprehensive
framevork of ruIes, based on fair informalion praclices, lhal fiII lhe gaps in
exisling Iav and cIearIy sel forlh vho can access heaIlh informalion and for
vhal purposes, and lhal are vigorousIy enforced. Innovalive lechnoIogies lhal
creale a more robusl consenl experience and give individuaIs more nuanced
conlroI over lheir heaIlh informalion shouId serve lo supporl and compIemenl
lhese ruIes. Wilhin lhis framevork, lhere are vays lo slrenglhen lhe roIe of
consenl, parlicuIarIy vilh respecl lo lhe nev e-heaIlh lechnoIogies, vhiIe sliII
aIIoving for lhe fIov of informalion in core heaIlh exchanges. TechnoIogy can
heIp enhance palienl conlroI of informalion and ensure lhal, vhen consenl is
soughl, il is honored as informalion moves lhroughoul lhe heaIlh care syslem.

IIease conlacl: Deven McGrav, (202) 637-9800 x 119, deven+cdl.org

C E N T E R F O R D E M O C R A C Y & T E C H N O L O G Y
APPENDIX: Authorization and Consent
ConcepluaIIy, consenl and aulhorizalion accompIish lhe same goaI: ensuring
lhal an individuaI agrees lo parlicuIar uses and discIosures of lheir heaIlh
informalion. ßul lhe Irivacy RuIe lreals consenl and aulhorizalion differenlIy.
SpecificaIIy, consenl is nol required for discIosures for lrealmenl, paymenl or
heaIlh care operalions (TIO), bul covered enlilies may require such consenl
voIunlariIy (or in accordance vilh appIicabIe slale Iav). Aulhorizalion is
required for aII discIosures lhal are nol TIO and lhal are nol expressIy
aulhorized by a specific provision in lhe RuIe (e.g., discIosures for Iav
enforcemenl and pubIic heaIlh purposes). When aulhorizalion is required, il
musl be in vriling and incIude specific eIemenls. In mosl cases, lrealmenl or
paymenl may nol be vilhheId if a palienl decIines lo aulhorize lhe parlicuIar
use or discIosure.
Consenl is nol defined in lhe RuIe, bul guidance from HHS defines il as vrillen
permission from individuaIs lo use and discIose lheir heaIlh informalion.
conlenl of a consenl form or lhe process by vhich lhe enlily oblains consenl is
nol described in lhe Irivacy RuIe.

An aulhorizalion is required lo give covered enlilies or lhird parlies permission
for cerlain uses and discIosures of heaIlh informalion, mosl nolabIy for
markeling and use of psycholherapy noles.
Covered enlilies generaIIy may nol
condilion an individuaI's lrealmenl or coverage on providing aulhorizalion.

The requiremenls of a vaIid aulhorizalion are more slringenl lhan a voIunlary
Aulhorizalion musl specify cerlain delaiIs, incIuding a descriplion of
lhe prolecled heaIlh informalion lo be used and discIosed, lhe person
aulhorized lo make lhe use or discIosure, lhe person lo vhom lhe covered enlily
may make lhe discIosure, an expiralion dale, and, in some cases, lhe purpose for
vhich lhe informalion may be used or discIosed.¨
Aulhorizalion forms musl
be vrillen in ´pIain Ianguage.¨

66 Office of CiviI Righls Irivacy ßrief, Summary of lhe Irivacy RuIe, p. 5.
67 Id.
68 HHS, HIIAA IrequenlIy Asked Oueslions, Aulhorizalion Use & DiscIosure,
69 Id.
70 45 CIR §164.508(c).
71 Id.
72 45 C.I.R. §164.508(c)(3).

You're Reading a Free Preview

/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->