Key considerations for paperless consent in healthcare

Gaining valid, meaningful consent in healthcare is a challenging but critical task. Clear consent is critical in healthcare in part because the outcome of healthcare actions can have life or death implications. The ability for patients to control their own data and care, armed with sound information, is paramount.

The extremely sensitive nature of the data has the potential to harm data subjects if misused.

Healthcare is one of the most privacy-regulated industries around the world, with many countries, states, and provinces layering complex and sometimes conflicting requirements related to consent content, timing, and other restrictions. This intense regulatory and enforcement landscape translates to organizational risk, so getting consent right becomes even more important.

This legal landscape complexity also contributes to the challenging nature of managing healthcare-related consents. Given that patients and family members are often in a position to have to make healthcare decisions during a crisis, or when their decision-making abilities are compromised due to a medical condition, consent becomes even more complicated. Freely-given, affirmative, and informed consent can be fraught with difficulties, including; being below the age of consent, impacted by dementia (or other factors that impact decision-making), or temporarily unable to make decisions for themselves.

Jump to:

• The evolution of paperless consent
• Usability
• Identity verification
• Record keeping and other requirements
• Outlier cases

The evolution of paperless consent

Paperless consent, otherwise known as eConsent, in the healthcare space has both solved some of these difficulties and created its own road bumps around which companies must navigate. Fortunately, there are some key paperless consent considerations that any healthcare organization can leverage to get the most benefit of eConsent while avoiding the pitfalls. A few of these are:

• Usability
• Identity verification
• Record keeping and other requirements
• Outlier cases

Usability

One of the benefits of eConsent in healthcare is its convenience and flexibility. A healthcare organization can present any number of consents through a variety of channels (such as text messages and web forms) and devices (such as in-office tablets, mobile phones, and laptops). The right mix (at the right time) of channels and devices can help increase data subject understanding, reduce burden on staff and the data subject, and save time for everyone. However, technology can also get in the way of usability.

For example, if consenters are not tech savvy, do not have access to a personal mobile device or laptop, or have eyesight issues and find smaller text hard to see, some technological mechanisms for obtaining consent may interfere with a smooth consent process.

Considering the usability of each type of eConsent mechanism – such as text size, user interface, device accessibility and portability – specific to each persona of data subject that must provide consent, will help make sure that paperless consent assists and does not interfere with a smooth, easy consent process.

It may not be possible to establish a single usable consent mechanism for all audiences and all needed consents. If this is the case, a healthcare organization will need to set up a Plan B for each consent – or even a Plan C and Plan D.

Identity verification

While identity verification is a common concern across industries, it holds particular significance in healthcare. Transitioning to a paperless consent process may eliminate in-person verification, making it essential to implement alternative methods for confirming the identity of the individual providing consent.

The U.S. Department of Health and Human Services (HHS) emphasizes this need, stating:

“If any or all of the consent process takes place remotely and is not personally witnessed by… personnel, the electronic system must include a method to ensure that the person electronically signing the informed consent is the subject…”

Acceptable methods may include:

• Verification of government-issued ID or other official documents
• Use of personal security questions
• Biometric authentication
• Visual confirmation techniques

Identity verification requirements can vary by jurisdiction and healthcare setting. Regardless, ensuring that the individual giving consent is properly identified (and, where applicable, authorized to act on behalf of another) is a critical component of any digital consent framework.

Record keeping and other requirements

Healthcare regulations frequently contain data retention, record keeping, data sharing, security, and other requirements that impact paperless consent implementation. While storing paper copies of consents in a locked file cabinet with restricted access and periodic paper shredding efforts is a fairly straightforward enterprise, moving to a paperless consent model can both introduce complexity and effectively employ technology in managing that complexity.

For example, eConsents may pass through multiple systems, each with backup databases and their own access rules. A healthcare organization implementing paperless consents will need to carefully document the entire data flow, and for each transmission, passthrough system, backup database, and long or short-term storage location, consider how to impose access controls, automatic data deletion schedules, and security measures.

At the same time, though technology can make it easy for a company to “forget” about a backup system or reporting tool with access to consent data and so put the company at compliance risk, technology can also automate and enforce the right, carefully defined rules.

Outlier Cases

The one commonality across all healthcare activities is the fact that exceptions, edge cases, and outlier events happen – often. This is the case in consent processes as well. A consenter needs a service that requires consent but cannot see the accompanying notice.

An underage patient’s guardian does not speak the languages in which the company provides the consent and notice, and can only provide unusual documentation of guardianship rights from a different country. A technology-driven set of consent experiences must have the ability to accommodate non-standard paths – and potentially many of them.

Often this means inserting a human being into non-standard situations, armed with alternate solutions. With this in mind, a healthcare organization moving to a paperless consent process will want to define as many possible outlier cases as possible and consider one or more alternatives to accommodate them – either through alternative technology solutions, human intervention, or both.

Summary

Paperless, or eConsent, in healthcare can enhance compliance, reduce time to services, reduce costs, and improve patient experience. At the same time, there are some key considerations that a healthcare organization will want to keep in mind to avoid some common obstacles to seeing these benefits, including developing paperless consent process in a user-centric way, thinking through how to accommodate user identity verification where needed, carefully analyzing each step in the data flow for access/retention.