Exchanging health information requires individuals to grant permission for their records to move from one provider to another. The process of and requirements for obtaining individual consent for sharing information places more or less control of information use and disclosure in the individual’s hands, and can vary by types of information, duration of consent, and other variables. Differences in federal and state consent laws are often challenging for states, Health Information Organizations and providers to reconcile, creating one of the major obstacles to smooth and regular electronic health information exchange (HIE).

As states and state designated entities begin collecting and exchanging electronic health information across state lines, they need to develop consent policies that comply with federal polices and align across state laws to ensure the adequate protection of health information while ensuring the information is available to providers to utilize in delivering care.

Through a review of existing literature and a series of nine case studies of health information organizations and associations currently involved in HIE, this technical report can serve as a collection of best practices. The case studies in this report identify various consent options utilized by organizations with existing HIE.

Additionally, the authors created a Consents Toolkit, which is intended to support the development and implementation of consent processes consistent with the most stringent requirements of Federal and state law, from identification and assessment of applicable laws through their reconciliation into policy requirement, to a decision‐making process for identifying the consent policy which applies to a specific type of disclosure.