Hennepin Health is an accountable care organization serving adult Medicaid expansion enrollees with complex needs in Minneapolis, Minnesota.  A central premise of Hennepin Health — a partnership including Hennepin County’s health system and hospital; outpatient clinics; human services and public health department; and managed care organization — is to address social determinants to improve health outcomes and lower costs.

Making good on this commitment involves not only sharing traditionally defined health care data across settings, but broadening data sharing to include demographic and social service data that are clearly related to health, but are gathered outside of health care settings (e.g., housing, case management, corrections, and food and cash assistance). This more comprehensive look at a person’s needs and services can help patient care teams better serve individuals and better manage the health of populations.

For Hennepin Health, this data sharing has taken two main forms:

• Common use of a single electronic health record (EHR) system across provider, health plan, and social services partners; and
• An integrated data warehouse for back-end analysis and reporting, which brings together health plan claims and enrollment data, EHR encounters, and social service utilization data.

Legal Issues and Patient Consent

Hennepin’s experience has shown that legal questions and barriers often stand in the way of making data available even when parties agree on program goals and are linked by a business associate agreement and risk-bearing contract.

Our review of existing processes and procedures indicates that Hennepin Health members are asked to give consent to share their data in three separate parts of the system: (1) when applying for Medicaid benefits; (2) when presenting for medical care; and (3) when receiving social services. Yet, in spite of all of the fine print already put in front of members, we are still unable to broadly share crucial “welfare” data (social service information not legally defined as health information) with health care providers without putting yet another consent form in place. This disconnect has real consequences for the care patients receive and Hennepin Health’s ability to integrate services. For example, unless county social workers obtain separate consent in advance, they cannot share crucial information about client history and services, and shelter workers cannot share the whereabouts of members with clinic-based care coordination teams.

The complexity is compounded since the data elements to be integrated are covered by different bodies of law at multiple levels of jurisdiction (see illustration). Combine the legal uncertainty with a well-intentioned culture focused on protecting patients and mitigating risk, and ambitious efforts to integrate data find themselves swimming against a current of “no.”

Solutions and Lessons

1. Patient consent wins: Despite the many legal questions regarding the integration of health care and social services data, directly obtaining written consent from a patient to share data often allows programs to bypass these complexities.
2. Consent should be obtained as far upstream as possible: The best approaches to obtaining consent explain and permit the appropriate sharing of health care and welfare data at the broadest and most universal entry point into the system (such as upon program application or enrollment). This reduces duplication and avoids the challenges associated with locating and obtaining consent one patient at a time to share data (a particular challenge for the often transient and socially disconnected population served by Hennepin Health). It also allows the prospective use of data across populations to assess risk and manage health.
3. Cultivate relationships with trusted counsel: As with most legal issues, there is room for interpretation in the realm of data sharing. Programs working on data integration need legal counsel that is focused on weighing multiple options through the lens of risk assessment and mitigation, as opposed to the clear “Yes or No” defensive paradigm often perpetuated by the formal role of Privacy Officers.
4. Patients expect coordination: In spite of relevant cultural and political concerns about data privacy, our experience talking with Hennepin Health members suggests that they for the most part want the various parts of the system to share information to make their patient experience more convenient and effective.

Health reform at the national and state levels is increasingly promoting the integration of care across fragmented services and expanding the notion of accountability for organizations and communities. Nowhere is this truer than for the most complex and highest-cost Medicaid enrollees. Similarly expansive leadership and reform is necessary in the areas of data privacy and consent to create a future in which individual rights and privacy are protected and dramatic improvement through integration is possible.