Patient Authorization Policy Workgroup

This workgroup is now closed.

In many cases, healthcare providers may release the patient’s records without any specific consent or authorization. In some states, however, or for patients seen in certain facilities, authorization from the patient is needed in order to release the records. Today, there is no method via the Carequality Interoperability Framework to communicate that records could be released if authorization has been given, or to assert that specific authorization has, in fact, been obtained.

The Policy Workgroup will focus on applying Carequality’s trust principles to the patient authorization approach, and is best suited for those with knowledge of medical records practices, Carequality’s trust principles, or both.

Under the advice and guidance of the Steering Committee, and with input from the Advisory Council, the Patient Authorization Policy Workgroup will come to agreement regarding how to communicate patient authorization requirements and status. The Patient Authorization Policy Workgroup must focus on the broad needs for industry and remain grounded in existing capabilities implemented in production.  For more details, please review the Carequality Patient Authorization Wiki (free registration required).

The following individuals are members of the Patient Authorization Policy Workgroup:

  • Marty Prahl, SSA
  • Jay Nakashima, DaVita
  • Suzannah Lipscomb, Georgia Dept. of Community Health
  • Kristen Valdes, b.well
  • Anne Kimbol, HIE Texas
  • India Brim, Surescripts
  • Darren Mann, Intermountain Healthcare
  • Tom Morgan, NHS Human Services
  • Dan O’Mahoney, NorthShore University Health System
  • Susan Carey, Norton Healthcare
  • Peter DeVault, Epic
  • AJ Peterson, Netsmart
  • Daniel Fischer, athenahealth
  • Scott Stuewe, Cerner
  • TBD, San Diego HealthConnect

This workgroup shall:

  • Develop policy requirements around the optionality of the patient authorization structure
  • Develop an interpretation of the non-discrimination principle as it pertains to authorization
  • Develop specific policy requirements for requesters that assert collection of a form (what exactly do they need to have done in order to state that they have the completed form from the patient in hand, what are their responsibilities with respect to providing an actual form upon request, etc.)
  • Determine whether consensus can be reached on limiting the scope of the transactions for which patient consent can be required. Specifically, can consent be taken out of scope for the patient discovery transaction?
  • Consider alternative assertions to those involving an actual form, e.g., an assertion that is system-generated based on a defined care team relationship defined in the system. Consider whether this is/how this could be sufficiently differentiated from the Permitted Purpose assertion to add value.