San Diego Health Connect Takes a Big LEAP Over the Barrier of Consent Management
Beth Ellinport and Brett Andriesen | April 12, 2022
Editor’s Note: On April 14, 2022 at the ONC Annual Meeting, San Diego Health Connect will be demo-ing their project in the exhibit hall.
How can we improve the ability of patient to convey their preferences regarding access to and use of their electronic medical record information? San Diego Health Connect – a recipient of an ONC Leading Edge Acceleration Projects in Health IT (LEAP) program award – developed a scalable consent framework for electronic health records to help answer this question. Their work focused on how to use Health Level Seven (HL7®) Fast Healthcare Interoperability Resources (FHIR®)-based application programming interfaces (APIs) to allow patients to electronically document and share their consent preferences to streamline availability of information relevant to their care.
Making Consent Automated and Scalable
A computable consent workflow allows a patient’s privacy preferences to be encoded as machine-readable rules that enable interoperable services. These can range from sharing patient information with a requester, or enrolling the patient in a research project. Computable consent enables automated decision-making and enforcement of a patient’s privacy preferences. This helps facilitate healthcare services and access to information that empower patients and throughout the healthcare journey.
This project focused on a wide variety of use cases involving different ways patients can express preferences about who has access to parts of their electronic health record. In addition to cases in which patients can directly dictate consent preferences themselves (i.e., consenting to a medical procedure or allowing providers access to their care plan), the project also focused on advance health directives (i.e., ensuring that preferences about future health care decisions are captured, outlining how decisions can be made by an appropriate party if and when an individual is unable to make their own decisions). The project also explored workflow solutions that allow for automation of consent for research purposes, including enrollment in clinical studies.
Scalability for Consent Management: Complexities and Challenges
While the technical solutions are straightforward, achieving a truly scalable consent framework requires understanding and navigating complex and often competing requirements. For example, the number of patient requests and preferences coupled with healthcare applications calling on data sources and patient portals for permissions makes volume issues and version control problematic. This leads to an increase in applications where consent capture and maintenance must be integrated, which in turn leads to a growing number of consent management transactions. Finally, variability in state and federal guidance, laws, and regulations means there is no one-size-fits-all solution.
A high-level overview of the architecture developed for the project is depicted in Figure 1 below and expanded upon in greater detail on the San Diego Health Connect GitHub. A patient can open an application with a dashboard containing all consent documents they currently have whether active or expired, in which the patient can then retrieve detailed information about that specific consent. They have the ability to view the signed human-readable form, or act on pending consent requirements. Because of the approach used to develop this framework and architecture, this work can be leveraged by other applications, by integrating the Consent Decision Service into their products using standard HL7 FHIR® APIs.
Figure 1. High-level architecture overview.
The architecture uses the HL7 FHIR® standard that is required by the 21st Century Cares Act. This work can be leveraged and utilized by other organizations and developers once the HL7 FHIR® Consent Resource is updated with changes identified through this project, or a formal Implementation Guide based on this work has been developed and balloted through HL7 processes.
Visit the San Diego Health Connect GitHub to learn more about the challenges of scalability in consent management.
Lessons Learned & Next Steps
The LEAP consent management project provided a proof-of-concept for a scalable and decentralized architecture for managing and enforcing computable patient consents. Computable consents, especially those with complex rules, are currently not widely implemented in the industry. This proof-of-concept architecture, as well as the publicly-available software and documentation artifacts it produced, provide substantive proof that computable consents are possible to implement and are the future of any scalable consent enforcement. That said, the growing complexity and sophistication of patients’ control over their health data requires efforts across government and the private sector to build a scalable consent management policy and regulatory architecture.
The LEAP consent management project provided a proof-of-concept for a scalable and decentralized architecture for managing and enforcing computable patient consents
Future areas of consideration include further development of technology solutions and standards, new application areas, and piloting the architecture used in this project.
This project’s results are informing the HL7 Community-Based Care and Privacy (CBCP) Working Group. Through the HL7 standards development community, further testing will be conducted with the goal of increased adoption by the industry.
If you are interested in learning about this work or have ideas about shaping next steps, join us for a live demo in the exhibit hall at ONC’s upcoming Annual Meeting on April 14 at 1:30PM ET. Additionally, stay tuned for more information on an upcoming workshop where we will discuss standards and frameworks supporting eConsent across the continuum of care.