Informed consents, either for treatment or sensitive information use/disclosure, that protect the privacy of patient/participant information subject to law that in certain circumstances may override patient wishes, are mandatory practice in healthcare. Similarly, for protecting and respecting research participants, informed consents are also prerequisite for human subjects research. Although the healthcare industry has widely adopted Electronic Medical Record (EMR) systems, consents are still obtained and stored primarily on paper or scanned electronic documents. Integrating a consent management system for different purposes into an EMR system involves various implementation challenges. A case study, informed consent for genetic services, is used to show how genetic informed consents placed new challenges on the traditional ethical standards of informed consent, and how appropriate consents can be electronically obtained and automatically enforced using a system that combines medical workflows and hierarchically, ontologically motivated rule enforcement. Finally, this chapter describes an implementation that uses the open-source software-based addition of these components to an open-source EMR system, so that existing systems do not need to be scrapped or otherwise rendered obsolete.
TopIntroduction
The healthcare industry seeks quality improvement strategies to provide standardized, safer and more efficient patient services as well as medical research, focusing on patient safety, quality of care, risk management, data security and privacy preservation. The term “informed consent”, first used by a California appeals court in 1957 (Cal. App. Ct. 1957), has become a vital ethical doctrine in medical practice. The American Medical Association states that “obtaining informed consent is an ethical obligation of the practice of medicine and a legal requirement per statute and case law in all 50 States” (O’Leary, 2010). In healthcare domain, informed consent has been considered one of the effective strategies to achieve the above goals. Herein the authors focus on three different categories: consent for medical treatment; consent for sensitive medical information use and disclosure; and consent for human subjects research.
In the last several decades, evolving computer-based Information Technology (IT) in healthcare has changed how computing systems support healthcare service delivery, with examples including Electronic Medical Record (EMR) systems and Personal Health Record (PHR) systems. The U.S government plays a major role in promoting healthcare IT, including EMR systems. The healthcare industry has adopted EMR systems widely. Nonetheless, nearly all EMR systems do not have an integrated electronic informed consent management system to support obtaining and automatically enforcing, patients’ or participants’ informed consents during treatment or medical research. In current practice, nearly all medical or research facilities use paper-based informed consent forms. The common approach used for managing informed consent forms in EMR systems is to scan paper consent forms and store them in electronic media, thereby restricting it to basic record keeping. Scanned consents are difficult to use by electronic information systems during medical processes, which makes caregivers responsible for enforcing the consents the same way it was done before introducing the EMR systems. Advanced automated features such as consistent enforcement of informed consent pursuant to statutes, regulations and guidelines are missing. In addition, hospitals spend on average $80,000 per year (Anonymous, 2007) scanning consent forms to perpetuate an inefficient, less than perfect consent system that results in subpar enforcement in the form of wrong or inapplicable consents. Failure to obtain informed consent is a top-ten reason for generating medical malpractice claims; “a properly completed consent form would have prevented 45% of errors on surgery wrong sites” (Compbell, 2004). Furthermore, studies concerning enforcement of medical informed consent in existing EMR systems reveal that no EMR systems support dynamically obtaining, and automatically enforcing, patients’ informed consents when implementing medical processes. Consequently, a mechanism to implement and enforce e-consent is needed.
Informed consents in healthcare are governed by statutes and regulations that change over time. For example, a medical lawsuit that establishes precedent may trigger a new or amended statute or regulation or alter how a law is interpreted. Nevertheless, studies on consent laws are scarce, perhaps because ever changing laws would cause such studies to have a short shelf life. Issuing proper medical consent demands to evaluate all consent rules and to determine the type of consent to be obtained from the appropriate consent provider. Yet, no implementation method or modeling changes to consent laws are available that govern specific institutional practices (Beauchamp, & Childress, 1989). Consent is rendered unreliable without adhering to corresponding changes in laws. Moreover, consent statutes and regulations are complex. At times, ambiguous and complex laws (e.g., precedent changing interpretations of the law that, due to ambiguity, is subject to multiple interpretations) result in having gaps between user’s understanding and the mechanized enforcements. Thus, a methodology for acquiring proper consent based on evolving law must be able to accommodate the dynamism inherent in changing regulations.