RAND Corporation, HRSA HIV/AIDS Bureau (HAB) SPNS Housing Data Integration

Goals for This Chapter

This chapter is designed to help you:

  • Understand the current client consent process for sharing data across providers.
  • Determine what data that clients at participating organizations have already consented to share.
  • Decide what changes to client consent need to be implemented for optimal data integration.
  • Learn about who in the organizations should prepare a data-sharing agreement, what needs to be included in the agreement, who should sign the agreement, and how the agreement should change over time.
  • Determine which organizations and individuals are key stakeholders for data integration and how to engage them in the planning and implementation process.

Client Consent for Data-Sharing

Clients who have data maintained by an RWHAP provider in a database (e.g., CAREWare, electronic medical records) should have been asked by the RWHAP provider organization for written consent to share their data—including medical data—with other providers. Similarly, HOPWA and many other programs require written client permission to share information with other entities. The Health Insurance Portability and Accountability Act (HIPAA) governs the exchange of certain types of personal information, including medical data. HIPAA legislation requires that specific data privacy and security provisions be followed in the exchange of individuals’ medical information, including consent to share information. If you integrate your data system with another provider organization to share client data, your organization will need to collect written consent from clients to share their data with those additional providers.

Questions to Ask Yourself

  • What exactly does it say in our client consent form now?
  • What model of client consent do we have? Is it a blanket consent in which clients agree to having their data shared with providers from relevant organizations so long as data-sharing agreements are in place? Or is it a point-to-point consent model in which clients need to be reconsented each time a new provider organization signs a data-sharing agreement?
  • Should we change the client consent model we currently have to facilitate better data- sharing? What would that entail?

Lessons Learned

The following are some critical lessons learned by those at the performance sites on client consent.

  • An approach that uses blanket (rather than point-to-point) consent is easier to manage in the context of data-sharing with multiple organizations.
  • It can take a great deal of time to reconsent all clients when new data-sharing agreements are enacted. Clients often have to wait until they next see their providers in person to do this task.
  • Clients are important stakeholders in the process of data integration and should be consulted in the process of developing consent forms. Some clients may not feel comfortable sharing their data with other provider organizations because of previous poor experiences that cause a lack of trust.
  • To engage clients and garner buy-in, explain to clients the potential benefits of data integration, which include less paperwork, more provider time spent delivering services to the client, and more timely follow-up from providers, among others.
  • Consent documents should be revisited regularly with clients so they fully understand with whom their data are being shared, what types of data are shared, and for what purpose.

Data-Sharing Agreements

Each provider organization that wishes to contribute data to the integrated data system will need to have a signed data-sharing agreement in place with other data-sharing organizations. The agreement will specify important aspects of the data-sharing between two (or more) providers, including what client data elements will be shared, data-sharing frequency, and the data security measures and responsibilities of each organization. To enact the stipulations of the data-sharing agreements, it is crucial that data system vendors participate in this process and understand what technical changes will need to be made to meet the agreed-upon stipulations.

Questions to Ask Yourself

  • Have we ever shared data with another organization before? If yes, how did we do it? Do we have a template from that effort we could adapt?
  • Who at our organization should lead the writing of a data-sharing agreement? Who needs to review the language to ensure it meets legal requirements?
  • Who at each participating organization needs to sign (authorize) the data-sharing agreement?
  • What role should our data system vendor play in the data-sharing agreement? What changes will need to be made to the data system to implement the data-sharing agreement?

Lessons Learned

The following are some critical lessons learned by those at the performance sites on data- sharing agreements:

  • Even if not all funds are in place to complete the data integration, it is wise to begin working on the data-sharing agreement as early as possible. The agreement, and all the authorizing signatures, will take a long time to put in place.
  • Involve lawyers and contract administrators early in the process of creating data- sharing agreements; they are the people who typically address such issues as data- sharing and can provide early feedback on language to save time later in the process. Lawyers can also help understand/navigate any state and local laws around data-sharing outside of HIPAA, RWHAP, and HOPWA confidentiality requirements.

Securing Stakeholder Buy-In and Engagement

It is crucial to engage various stakeholders early in the process to build and maintain support for your data integration efforts. Consulting with organizational leadership, front-line staff who will use the newly integrated system, and clients can help you understand pain points in your current service coordination processes and make important design decisions to resolve these challenges. Engaging stakeholders also gives you a chance to demonstrate early on why this project will be useful and develop champions who can help you maintain buy-in throughout your data integration process.

Questions to Ask Yourself

  • How can we tell the story of data integration in a way that resonates with our stakeholders and creates buy-in?
  • From which organizational leaders do we need support to ensure success? Who can make the relevant decisions about financing, data-sharing, etc.?
  • Who might serve as a champion for the process and help us generate buy-in among providers who will ultimately use the integrated system?
  • How can we reach stakeholder organizations with messages about our data integration efforts?
  • What are the competing priorities among our stakeholder groups and how can we address those?

Lessons Learned

The following are some critical lessons learned by those at the performance sites on creating stakeholder engagement.

  • When trying to generate stakeholder buy-in, tell a story or provide case examples that emphasize the practical outcomes (fewer papers to bring back and forth to appointments, better communication among providers, better outcomes for clients) rather than the technical specifications of data integration and outcomes that may not resonate as well with your audience.
  • Use a variety of mechanisms to inform stakeholders of plans for integration (e.g., existing councils and community meetings and integration-specific convenings). Use these same venues to allow stakeholders to provide input into the process early on—both on desired system functionality and on processes for servicecoordination.
  • Create feedback loops and frequently keep stakeholders up to date on project activities and progress.
  • Allow users from all integrating organizations to test the system multiple times and give feedback before launching.