The HITE-CT Board met last night and approved the insufficient opt-out privacy model for CT’s health information exchange that defaults people into the system unless they figure out how to get out. Board membership is dominated by bureaucrats, large health care institutions and attorneys who represent them.Consumer advocates raised many objections, did significant research on other states but were ignored. For example, in our three surrounding states which all have opt-in policies that require consent before personal health information is released between 86 and almost 100% of patients sign the consent form. UT, CO and VT have recently switched from opt-out to opt-in policies. Under HITE-CT’s proposed opt-out policy, CT providers will have to identify and segregate every indication of legally protected “sensitive” information in every medical record such as HIV, mental health, or substance abuse treatment – and accept the liability for ensuring no mistakes. None of these or a dozen other concerns raised by advocates were addressed. In fact, this advocate had difficulty being allowed to speak at meetings, despite being an appointed member of the Board.
Their current plan is that a sentence would be added to the HIPAA form patients already sign to acknowledge that the patient received an accompanying “Bill of Rights” about the HIE. The Bill of Rights (still not developed or even described) would include a phone number and website where patients could go to opt-out. This would require that, even if the patient ever actually sees the Bill of Rights, they would have to copy down the phone number or website, go through their doctor visit, go home, and call or go online to opt-out.
They also plan to have a general public education program, to notify people about their rights, but no budget or specifics are designated for it. Their poor record of engaging the public in the policymaking process does not inspire confidence.
This process makes it even more clear why we need legislation to protect our rights.