Over the past decade, through both deliberate policy and programmatic action, the nation has made significant progress in the adoption and use of health information technology (IT). The pace of this progress accelerated dramatically beginning in 2009 with the passage and implementation of the Health Information Technology for Economic and Clinical Health (HITECH) Act. Prior to that time, though there were certainly aspirational programs and communities, the adoption and use of health IT sharing among and between key stakeholders, including clinicians, hospitals, consumers, and others, was only just beginning and was moving slowly. Since then, we have seen significant increases in the adoption and use of certified technology among eligible professionals and hospitals. Three-quarters of eligible professionals and nine in ten eligible hospitals have received incentive payments from the Medicare and Medicaid EHR incentive programs. This progress is the result of public-private partnerships supported through a set of grant programs such as the Regional Extension Centers and the Electronic Health Care Record Incentive Programs.

HITECH has also supported advancement in the exchange of health information. More than six in ten hospitals have exchanged patient health information electronically with providers outside their organization, a 51 % increase since 2008. Seven in ten health care providers use an EHR to e-prescribe on the Surescripts network, and more than half of new and renewed prescriptions are sent electronically.1

The progress to date has laid a strong foundation, but there is much work that remains in order to achieve our shared vision of a world where patients and their care providers can access appropriate health information in an electronic format, when and how they need it, to save lives, make care convenient and well-coordinated, and allow for improvements in overall health.

To build on this strong foundation, we are working with all stakeholders to develop a shared Interoperability Roadmap that charts a path to achieve progress in three, six, and ten years. We have structured our work along five critical building blocks for a nationwide interoperable health IT infrastructure:

  1. 1.

    Core technical standards and functions

  2. 2.

    Certification to support adoption and optimization of health IT products and services

  3. 3.

    Privacy and security protections for health information

  4. 4.

    Supportive business, clinical, and regulatory environments

  5. 5.

    Rules of engagement and governance

Individuals and their caregivers will have a vital role to play and interest in advancing interoperability. The amount of information available to consumers today is increasing, due in part to the meaningful use program and the Blue Button Initiative. As more health and health care information is converted to electronic formats and is available for exchange among providers and patients, it will be important to develop a method for consistently representing, managing, and communicating privacy preferences and consent across the ecosystem.

The thoughtful work outlined in this JGIM supplemental is an example of one piloted approach for representing, managing, and communicating privacy preferences and consent. This work was funded through a cooperative agreement made possible by HITECH and was issued by the Office of the National Coordinator for Health Information Technology (ONC) to Indiana Health Information Technology, Inc., the Indiana University School of Medicine, and Regenstrief Institute, Inc. Caine et al. report on 30 patients with data stored in an EHR who were interviewed in order to gauge their current understanding of what is in their medical record, what methods they have to control access to their health information, privacy concerns around data sharing, and their desire for future data-sharing capabilities. Caine et al. used the findings from the patient interviews to develop six design principles suggested for use in creating patient-centered tools to enable patients to control access to their EHR data: 1) easy patient access to their EHR data, 2) reports of what is currently shared with whom, 3) granular, hierarchical control, 4) time-based controls, 5) contextual privacy controls, and 6) access notification. In Meslin et al., bioethical points to consider in constructing a patient-controlled EHR are analyzed. Leventhal et al. outline the outcomes of a pilot in a primary care clinic wherein patients were able to record their preferences and designate which of the health care providers in the clinic would be able view their electronic health records, and what data, if any, they wished to redact. Tierney et al. analyze the responses of providers participating in the primary care clinic pilot in which patients were given granular control over their EHR data. Schwartz et al. provide an analysis of the responses of patients participating in the primary care clinic pilot. In Caine and Tierney, opposing views are debated regarding the value and utility of increased patient control over their health information.

The manuscripts in this supplement offer many useful insights into patients’ desire for control over how their health information is accessed and shared. These insights should be considered by policymakers, providers, and health IT system developers in the design and implementation of future policies and systems – particularly as we move to a world in which the person is at the center of their health care, their health outcomes, and their electronic health information. Patients are already managing many aspects of their lives digitally in other domains, and are increasingly expecting the same capability for their health information. Nearly seven in ten individuals believe online access to their health information is very or somewhat important.2 Moving forward, it is vital that we respond to this demand and include individuals as active participants in the health IT ecosystem. More work is necessary on the policy and standards front to further advance this effort and to ensure that people have the ability to appropriately express their consent preferences, and that providers and vendors implement these preferences in a clear and consistent manner. We look forward to working with our partners at the federal level, in the private sector, with the academic community, and with consumers in achieving these goals.