Healthcare IT Interoperability, EHR interoperability, Hospital Interoperability

Privacy & Security News

Should a Health Information Exchange Be Opt-In or Opt-Out?

Opt-in and opt-out policies both have pros and cons that providers must understand to determine which is ultimately better for their health information exchange.

- A vital part of boosting health data interoperability, health information exchange (HIE) has become a significant part of the health IT conversation.


As patient care – and federal incentive programs – continue to demand care coordination through the seamless transfer of health information, HIEs have become a huge benefit to the industry.

As the need for health IT interoperability and data privacy and security have collided, however, IT experts have faced a challenge in determining if an HIE should have an opt-in or opt-out patient data policy.

In opt-in policies, an HIE has no data in it until patients give specific permission to contribute their data. In opt-out HIEs, patient data is automatically added to the repository and patients must explicitly request their data not be stored in it for the data to be removed.

Both models have their positives and negatives, and as more healthcare organizations begin to participate in health information exchanges, it is important that they understand the following pros and cons of the different policies.

This conundrum is coming to life in Vermont, as different health data experts butt heads about whether the state’s HIE, the Vermont Information Technology Leaders’ VITL Access, should be opt-in or opt-out, the VT Digger reports.

Below, discusses the positives and negatives of opt-in and opt-out HIEs with regard to this latest Vermont case.

Opt-in policies protect health data security

When it comes to health data, security is always of the utmost concern. As healthcare data breaches continue to plague the industry, patients, providers, and information managers alike are all concerned with keeping information safe.

Such is the case with the American Civil Liberties Union of Vermont, who say that an opt-in policy would give patients the right to protect their data from any security flaws in the HIE system.

“We worry about the way the VITL system works even when someone does give consent because there’s no PIN number or code that’s needed to access someone’s records,” ACLU’s Allen Gilbert told the VT Digger.

“With VITL you have neither a card, nor a PIN number,” he said. “A staff member of a hospital or a doctor’s office is sitting in front of a terminal that allows access to anybody’s accounts. They just press a button that says they are authorized to access a record.”

In essence, opt-in advocates argue that the policy allows patients the right to decide which storage formats are and are not secure enough for their health data.

Opt-out policies reduce administrative burden

For opt-out advocates, however, their favored policy is all about doing what makes sense for the majority. In Vermont, for example, about 96 percent of patients elect to store their data in VITL’s repository.

Because opt-in policies require every patient who wants their data warehoused in the HIE to provide permission to do so, this may result in a considerable amount of administrative burden.

Opt-in policies ensure patient education

Members from the ACLU of Vermont also say that requiring patients to provide consent for their data’s storage in VITL Access helps promote patient education. When the patient has to sign consent, they are more likely learn about the benefits of sharing their health data, and the potential security risks involved.

“There is a greater likelihood of informed consent when people have to make a decision to ‘opt in,’ and the ‘opt out’ starts with a default that the person is in, and it requires no fault to have the person essentially enrolled in the system,” Gilbert said.

This boils down to making care seamless and immediate

Other HIEs have demonstrated the benefits of making patient data available to providers.

HealthlinkNY, which recently added a new patient consent form to its HIE, has changed the way emergency providers access patient data.

“Unless you specifically deny consent, emergency physicians and other clinicians are allowed to access your records in a case where you are non-responsive and unable to give consent,” explained Christina Galanis, president and CEO of HealthlinkNY, in a public statement. “Wouldn’t you want the person who treats you to have all the information he or she could possibly have?”

Galanis says this has helped boost patient satisfaction with their healthcare.

“We’ve constructed a remarkable network to deliver vital information to providers with just a click, but its effectiveness depends on a single piece of paper—a signed consent form from the patient,” the CEO said.

“That gives patients total control over who sees their medical records. When patients say ‘Yes,’ the information trigger is turned on, and patients get better and timelier care because their authorized clinicians have a much clearer picture of the patient’s history.”

Dig Deeper:


Sign up for our free newsletter:

Get the latest IT Interop news delivered to your inbox FREE

Our privacy policy

no, thanks