Consent Audit Results



Healthix strives to provide data sharing services that improve the quality and efficiency of health care while maintaining the highest privacy and security standards. As part of this effort, Healthix annually audits every participating organization that collects consent from patients who want to participate in Healthix. The annual Healthix Consent Audit ensures all stakeholders – providers, patients and the community, that Healthix Privacy and Security Policy is adhered to. Most importantly, the annual Healthix Consent Audit validates that the Healthix consent form accurately reflects each patient’s consent decision, and respects the patient’s right to give or deny consent to enable their providers access to health information that is available through Healthix. To review a list of Healthix Participant Organizations, Click Here>


Healthix requires that all participating organizations undergo consent policy training. In compliance with Healthix Consent Policy they are also required to retain copies of every consent form a patient completes at their site. On an annual basis, Healthix selects a statistically significant sample size of randomly selected patients who have completed a Healthix consent form. Each participating organization must submit the patients’ consent forms to Healthix for review. The Healthix compliance team reviews each consent form for accuracy and completeness and compares it to the consent value recorded in the participating organization’s registration system. Consent decisions logged into the participant organization’s registration system are electronically sent to Healthix, allowing authorized users from that organization to see all available information in Healthix. Authorized users are providers – doctors, nurses, care managers, therapists, who use the information to treat patients and coordinate their care. If the paper consent forms match the electronic consent decisions, then the participating organizations pass the audit. If they don’t pass the audit, Healthix takes steps to remediate, retrain, and in exceptional cases, enforces other sanctions until the consent process and workflows comply with Healthix Privacy and Security Policy. To review Healthix Privacy and Security Policy, Click Here >


For the period between 2013-2014, Healthix audited 67 participant organizations. Scores were calculated based on the percentage of confirmed valid consents with respect to the total number of consents sampled. The median score for the 67 participant organizations was 90% which, in common terms is the measurement of scores, in order from the smallest to the largest, and then selecting the middle score; the median is simply the middle number. The diagram illustrates, in the aggregate, the results of the current Healthix Consent Audit.


Every participant that did not get a perfect score is required to undergo remediation. That process is undertaken by the Healthix compliance team. There are 3 parts to remediation:
1- withdrawing all invalid consents from the system, thereby removing the previously recorded consent decision;
2- re-training all staff that collect consent at the participant organizations’ sites and
3- Healthix re-audits and monitors consent activity from those organizations that are at risk.