Blog Data governance and privacy

Healthcare Consent Management Demands Newfound Respect for the Checkbox

Last Published: Jun 29, 2022 |
John Wenzel
John Wenzel

 

Senior Manager, Presales - Healthcare

We are all familiar with the endless and repetitive paperwork required at each doctor’s office visit. We complete them as quickly as possible and check the boxes with often just a brief scan. However, those little check boxes on the forms are about to play a much bigger role in how payer and provider organizations, along with commercial businesses, interact with our healthcare data. The Centers for Medicare and Medicaid Services (CMS) and Office of the National Coordinator for Health Information Technology (ONC) have published final rules for interoperability that unequivocally say the patient is in control of their healthcare data.  So that little check box asking for a patient’s consent to use and share their data with others—along with new ways for patients to give their consent for data sharing—takes center stage in the final rule

healthcare consent management

Consent management done well can be the catalyst for unleashing the potential of member, patient, and consumer data. Traditionally, consent has been managed at a high level (e.g., “I give permission to use my data for billing”), and the use of data has been largely dictated by regulations such as HIPAA. Such high-level consent meant that data could be used only for very specific purposes, like providing and paying for care. Responsible organizations took a conservative view of consent and were reticent to use data for things like high-value operational activities related to care coordination with third parties or advanced analytics.

But the new CMS and ONC interoperability rules mean the individual consumer, patient, or member can consent to far broader and more valuable uses of their data for artificial intelligence, machine learning, consumer health applications, and the like. When patients, on a large scale, consent to share diet and exercise data, for example, with providers and research institutions, what impact might that have on population health analytics and medical research in general? What that may look like to consumers could ultimately be better, more informed and more personalized decisions about their care.

Savvy healthcare organizations will leverage the new rules to their advantage. What do you think it means to a payer organization to get access to a member’s entire claims history, from all previous policies, from all previous payers? Then add to that picture data from MyFitnessPal, Jenny Craig, Fitbit, and all the other wearable devices and smart phone apps streaming data about a member’s every move? Impossible? The patient has only to check the right box. Advantage can be gained only if organizations are able to capture and manage the consent so they can use the patient’s or member’s data with confidence that all appropriate permissions have been granted.

Expanding Data Sharing to Third Parties

Managing member and patient consent for the use of their data has always been important. But in the past this consent has been limited by HIPAA, and the use of the data has largely been internal to an organization. The new interoperability rules expand the sharing of data to include third parties designated by the patient or member. This external sharing of data creates far greater risk for the payer if their tracking and managing of consent is inaccurate. The new need to manage consent for sharing ePHI (electronic personal health information) with third parties is in addition to an already growing importance of consent management that has largely been left unaddressed by many payers.

The proliferation of data volume, data sources, and data types has made consent management much more challenging—and much more integral to the data management architecture for providers and payer organizations. Add in the complexity created when data is used for the secondary purposes of analytics and artificial intelligence and doing consent management becomes critical to enabling exciting new product features while reducing organization exposure and risk. The end result creates an entirely more demanding consent management landscape than ever before—one that has implications beyond compliance and privacy but is also used to significantly enable and accelerate business objectives.

I am working on a white paper that explores the complex requirements of consent management. It requires assembling many of the core capabilities of a robust data management platform into seamless end-to-end processes that can be orchestrated with member, patient, or consumer consent as a mission-critical business process. As I work on that white paper, it is clear that consent management is a complex data management challenge:

  • We must know who the consumer is accurately and unequivocally
  • We must capture and document their consent for use of their data for specific purposes, in whatever form and wherever that consent may be collected
  • We must have automated, scalable, reliable processes that allow that consent to be reviewed, verified, and updated

Consent management is definitely a data management—and data governance—challenge, but like most things related to data management, consent management should include IT, but not be owned by IT. It’s potential impact to the business is far too great. Today we see consent management often falling under data privacy—part of a broader compliance picture. Tomorrow, I suggest that it will be owned by the executive responsible for data governance or, in the case of healthcare payer organizations, it could fall under the purview of Chief Actuary Officer, where most of the key data science and analytics work is done today. Regardless, healthcare organizations need to start preparing themselves for consent management operations with people, budget, and a newfound respect for that little checkbox.

Next Steps

View more info at www.informatica.com/healthcare

First Published: Jun 10, 2020
Read more blogs like this one
Informatica Recognizes the Most Influential Chief Data Leaders of 2024

Mar 17, 2024

Informatica Named a Leader in the Gartner® Magic Quadrant™ for Augmented Data Quality Solutions

Mar 11, 2024

AI-Powered Data Access Management: Where Intelligent Governance Meets Enforcement

Feb 29, 2024

See All Blogs

United States

Cloud Platform

Intelligent Data Management Cloud Data Integration & Engineering API & App Integration Customer 360 Data Catalog Governance & Privacy Data Quality and Observability MDM & 360 Applications CLAIRE AI Engine – Intelligent Automation Pricing

Get Started

Free Cloud Data Integration Free Data Loader Live Demos Request Personal Demo Contact Sales Data Warehouse Trial API Lifecycle Management

Resources

Events Blog Customer Success Stories Community Documentation Certification & Training Cloud Data Glossary

Learn Data Integration

ETL Cloud Data Integration What is iPaaS? Data Warehouse Data Governance Framework What is Data Quality? Customer 360 Application Integration

Company

About Us Careers News Investor Relations Awards & Recognition Contact Sales Customer Support
Facebook
LinkedIn
YouTube
Instagram

United States

© Informatica Inc.

Legal Privacy Policy Do not sell or share my personal information

© Informatica Inc.