Wednesday, March 17, 2010

The meaning of Opt-Out

Opt-Out means different things to different people/organizations, and with good reason. An article "Patients' medical records go online without consent" explains that in the UK:
Patients’ confidential medical records are being placed on a controversial NHS database without their knowledge, doctors’ leaders have warned.
It then does a good job of explaining that there is a way for patients to 'opt-out', but that this system requires that the patient take the initiative and either call a specific phone number, or use the internet. The patients receive a letter prior to their data being entered into the NHS system. Thus the NHS system is based on implied-consent. 

In one week, the article has accumulated 50 comments. All but 2 of the comments are very strongly against this implied-consent model. Most of the comments against are focused on two specific concerns
  1. The government will have access to the data and thus ultimately they will do bad things. This is the typical concern about the government having access to too much information. I think that in this case the data is already available to the government through other means, it is the doctors that can't use these 'other means', especially during urgent times. So, although I sympathize with this concern and do have this concern myself; I don't think that it is a high priority concern.  I would like to see strong policies that explain that medical data in a health information exchange (HIE) can only be used for treatment or explicitly approved uses. All the 'legal' exceptions should be kept out of an HIE, there are plenty of ways that these legal exceptions can be executed without using the HIE.
  2. Hackers will eventually will gain access to the data. I have no doubt that hackers will eventually gain access. I don't say this because I want it to happen, or because I know of problems; but rather acknowledgment of history. This acknowledgment is similar to the fact that risks are never eliminated. We know that all kinds of risks, no matter how small, happen. As many safety features as we put into a car, crashes still happen and occupants still get killed. We do what ever we can to lower these risk, but they don't go away.
That said, we need to recognize that Opt-Out means different things to different people or organizations, and for good reason. The biggest reason for a difference is related to a complete medical history. Many people want to Opt-Out in their younger years when they are healthy and when they are worried about personal-relationships and employment. When they are young and healthy they truly do NOT want the data to be gathered together, because they are worried about (1) and (2); yet perceive no benefit to the data being gathered together.

The problem is that as they grow old they start to realize that they don't have perfect health anymore. It is when health starts to fail, when little things start to happen, that a complete medical history is important to the best care. If Opt-Out really means don't gather my data together, then Opt-In late in life provides no benefit to the patient as there is no medical history. 

Thus many health care providing organizations see Opt-Out not as a valve on the input, but a valve on the output. Meaning that as patient data is created it is gathered, yet if the patient has used Opt-Out then the data is not allowed to be used. Thus when the patient gets old and decides to Opt-In their complete medical history is available instantly.

Note that BOTH models can be supported by Consent standards. 
See also: Consent standards are not just for consent, Consumer Preferences and the ConsumerRHIO: 100,000 Give Consent.

Another model is one where the Consent is not just In or Out; but where some information is gathered but not other data. The standards can certainly support a patient authorizing 'medical summary only'. This model provides the most useful medical data in Current: Allergies, Problems, and Medications. But it does not provide a medical history. This data is most useful to treatment, and is least useful to (1) and (2). It is not clear to me if this is the NHS model, but the article does seem to imply that only a medical summary is being pushed into the NHS. See:Opt-In, Opt-Out.... Don't publish THAT!,