Consent Audit Results

Background:

Healthix strives to provide data sharing services that improve the quality and efficiency of health care while maintaining the highest privacy and security standards. As part of this effort, Healthix annually audits Participants that collect consent from patients who want their providers to share their information in Healthix. The Healthix Consent Audit ensures that Healthix Privacy and Security Policy is adhered to. Most importantly, the Healthix Consent Audit validates that the Healthix consent form accurately reflects each patient’s consent decision and respects the patient’s right to give or deny consent to enable their providers access to health information that is available through Healthix. To review a list of Healthix Participant Organizations, Click Here>

Process:

Healthix requires that all Participant organizations undergo consent policy training. In compliance with Healthix Consent Policy they are also required to retain copies of every consent form a patient completes at their site. Healthix selects a statistically significant sample of patient consents for each Participant organization and generates a specific audit sample representing randomly selected patients who have completed a Healthix consent form for that Participant. Each organization must submit copies of the patients’ consent form to Healthix for review. The Healthix compliance team reviews each consent form for accuracy and completeness and compares it to the consent value submitted by the participating organization’s to Healthix. Consent decisions logged into the organization’s registration system are electronically sent to Healthix, allowing authorized users from that organization to see all information available in Healthix. Authorized users are providers – doctors, nurses, care managers, therapists – who use the information to treat patients and coordinate their care. If the paper consent forms match the electronic consent decisions, and the form is fully completed, then the Participant passes the audit. If, however, the form is not submitted, the form is incomplete, and/or the consent decisions don’t match, then the Participant does not pass the audit. In those cases, Healthix takes steps to remediate, retrain, and in exceptional cases, enforce other sanctions until the consent process and workflows comply with Healthix Privacy and Security Policy. To review Healthix Privacy and Security Policy, Click Here >

Outcome:

For calendar year 2018, Healthix will audit 180 Participant organizations. Scores will be calculated based on the percentage of confirmed valid consents with respect to the total number of consents sampled. Healthix posts audit results with quarterly updates. The next audit cycle is expected to commence by 12/31/2018. The diagram illustrates, in the aggregate, the results of the current Healthix Consent Audit year to date as of second quarter of 2018.

Remediation:

Every participant that did not pass the Healthix Consent Audit is required to undergo remediation and re-education process which is undertaken by the Healthix compliance team. There are 3 parts to remediation:
1. Withdrawing all invalid consents from the system, thereby removing the previously recorded consent decision;
2. Re-training all staff that collect consent at the participant organizations’ sites and
3. Healthix may re-audit the provider with high audit error rate within 90 days.