Rethinking the Role of Consent in Protecting Health Information Privacy

This paper advocates for a new generation of privacy protections that allow personal health information to flow among health care entities for treatment, payment, and certain core administrative tasks without first requiring patient consent, as long as there is a comprehensive framework of rules that governs access to and disclosure of health data. Patient consent is one important element of this framework, but relying on consent would do little to protect privacy. This paper also suggests how a framework of protections can provide patients with more meaningful opportunities to make informed choices about sharing their personal health information online.