Healthcare providers usually obtained individuals permission so they can disclose there health information to entities outside their organizations. However as a rule it did not obtain the individual's permission to use or disclose the said information for treatment, healthcare operations or disclosures authorized by law. This led to amendments and changes being made in the sections of the privacy rule to make it more flexible while at the same time avoiding any unnecessary exploitations of the said consent by the healthcare providers or the individual writing the consent. We shall look at the challenges that have faced these consents by individuals to healthcare providers while at the same time the solutions provided.
In December 28, 2000 the new federal standards for privacy of individually identifiable health information was published which introduced the concept of consents for treatment, payment and healthcare operations that was intended to grant individuals seeking healthcare services the right to give permission to covered entity to use their individually identifiable healthcare information for treatment, payments and healthcare operation prior to the occurrence, but the members of the healthcare industry expressed operational concerns leading to the reconsideration and withdrawal of this consent requirement. They feared for the interruption in efficiency delivery of healthcare services and operations while permission to use protected health information was being sought. The opposing opinions that individual privacy rights would be compromised with the relaxation of the consent requirements was also put in consideration.
The privacy Rule section 164.506 was amended in August 14, 2002 eliminating the requirement for consent, leaving covered entities the option to use it. Nothing in the preamble and the amended rule discouraged a covered entity from implementing the optional consent when determined prudent and desirable. Those choosing to implement the consent have complete freedom in structure, process and format providing the individual states the flexibility in exercising regulatory directives. A covered entity at its own indiscretion may also choose to apply the original consent requirement published in December 28, 2000.
Other sections were strengthened and reinforced like section 164,520 which now requires a written acknowledgement of receipt of notice of privacy practices by the individual or documentation by the covered entity of reasonable effort to obtain written acknowledgement. The rule states that the consent is not to be used as a substitute for compliance with the authorization requirements addressed in section 164.508. In The absence of a consent requirement, there are implementation guidelines to be followed.
The modified rule clarifies more the optional consent as differing from informed consent for treatment within state laws by renaming it consent for uses and disclosures of information.
While the consent for use and disclosure of information has gone through many changes and amendments, there is still more to be done to avoid misuse of the information and unnecessary disclosures by healthcare providers. Healthcare organizations leaders should be involved in evaluating philosophy and suitability to implement the consent while any state requirement for the use and disclosure of health information should be considered. Any organization should also ensure reliable policies and procedures for obtaining written acknowledgement of receipt of the notice of privacy practices and handling of restrictions to privacy practices whether or not they implement the consent option.