Below are a few examples of patient consent scenarios and how data flows in line with the patient’s consent preference. This is not a comprehensive list of scenarios.
Patient is Not Asked for a Consent Decision - HIPAA background rules apply
When patient consent is not required and HIPAA background rules apply, PHI can flow as shown in the graphic below.
Flow of PHI When Patient is Not Asked for a Consent Decision
Patient Declines Digital Sharing
If patient consent is required by state law (called “opt in / opt out” laws [PDF - 429 KB]) to share information electronically and a patient makes a consent decision that does not allow her health information to be shared digitally, entities can still exchange the patient’s information. However, in line with HIPAA, the entities must use phone, fax, or mail. These methods can be much slower and costlier than digital sharing. This type of scenario is shown in the graphic below.
Flow of PHI when Patient Declines Digital Sharing
Patient Allows Partial Sharing
Sensitive health information, which includes mental health records, adds another layer of complexity to the Computable Privacy environment. The graphic below shows what happens when there are specialized rules for specific clinical categories, such as mental health. In this scenario, a patient chooses to stop her health care entities from sharing her mental health records, but she allows them to share her physical health records.
Flow of PHI when Patient Does Not Consent to Mental Health Record Sharing