Since HIPAA laws have permitted broad discretion to Health Information Exchange (HIE) providers, HIEs have configured the patient healthcare consent process to privilege all providers who sign up with the Health Information Exchange with patient health information (PHI) on all consenting patients. This in a sense violates the security principle of “least privilege”. The onus of denying broad based general access for a consenting patient, now resides with the patient. The notion of making the information available to all physicians at all times because they are part of an exchange is not the best practice. Patients empowered with the right information may choose to deny access to their medical records while seeking a second opinion. This research investigates the following questions: How does a more holistic education as opposed to a one-sided message impact patient consent behavior? How does the messaging framework impact the intention to consent under different sharing settings? Utilizing an experimental survey, our results show that the binary setting (share all PHI with all providers) was the least favorable among all participants, while the customized setting was the most favorable.
Abdelhamid, Mohamed; Sharman, Raj; and Bezawada, Ram, "Better Patient Privacy Protection with Better Patient Empowerment about Consent in Health Information Exchanges" (2015). WISP 2015 Proceedings. 14.