Jericho Systems - Consentral

Your Data. Your Choice.

Consentral is the patient consent management solution that puts control of sensitive healthcare information back into the hands of the consumer for increased trust and confidence in healthcare organizations and Health Information Exchanges.

Using Consentral, consumers can create accounts and manage their own electronic Patient Consent Directives (PCDs) from the comfort of home or from their cell device on the go. Consentral is a web-based application that allows consumers to submit and digitally sign authorizations surrounding the control and distribution of their personal health information.

The electronic substitute for "in office", paper based processes, Consentral invites the consumer to participate in the care continuum by selecting beyond simple opt-in and opt-out; Consentral invites consumers to select options and exceptions based on individual preferences and private, protected health information (PHI).


Jericho Systems' Consentral works as an "add on" solution in conjunction with the EnterSpace Exchange Privacy Service. Consentral supports a variety of industry standards to support your HIE. Out of the box, Consentral collects a patient's preferences based upon an HL7 standard document. The enforcement of these directives works seamlessly alongside the Exchange Privacy Service to ensure and enforce compliance with the consent.

For a public or private HIE, the Exchange portfolio currently promotes the use of interoperable industry standards as part of the Learning Health Systems for obtaining and transmitting patient consent and authorization to include:

HIPAA and Consentral

Patient Consent Directives introduced into the larger workflow of clinical information sharing must be documented and enforced. Protection of patient health information is governed by a large, complex, and continuously changing body of laws and regulations emanating from Federal, State, and local jurisdictions. In addition to these legally mandated protections, healthcare providers and organizations, and Health Information Organizations (HIOs), often define policies and practices that they are required to enforce. Determining what patient data can be disclosed is complex and difficult in a manual process. Automated mechanisms for supporting these determinations through Consentral is a more efficient and consistent application of policies and Patient Consent Directives.

HIPAA requires an organization receive patient consent when sharing their medical data under certain conditions. For example, a consent directive that allows access to psychotherapy notes to only the patients' primary care physician should not be released or made available to a dermatologist or other medical specialist.

Federal legal requirements are broadly applicable and require that providers withhold certain information when they disclose data with other providers. For example, a solution for 42 CFR Part 2 may protect data based on its provenance – namely that it comes from a covered substance abuse treatment program. Implementation guidance for this scenario could be applied to other scenarios that involve protecting data based on where the patient receives care.

Similarly, implementation of Section 7332 of Title 38 may require protection of data based on the condition the data relates to, such as HIV. This implementation could then be extended in the future to other conditions that laws or organizational policies protect.

In another example, the patient could elect to suppress sharing of information about his/her participation in a substance abuse treatment program using Consentral. The Patient enters into an inpatient Alcohol and Drug Abuse Treatment Program (ADATP). The Patient is notified by the ADATP that the ADATP is under legal obligation not to disclose additionally protected data without the Patient's consent. The Patient indicates that he or she would like to disclose all treatment data with his or her PCP. The Patient completes a 42 CFR Part 2-compliant consent form authorizing the ADATP to disclose the protected data with the PCP. The ADATP staff electronically captures the patient's additionally protected data and Consent Directive. The ADATP electronic system appropriately annotates the Patient's data.

Upon discharge, the ADATP electronically sends (pushes) data, e.g., a CDA summary of care, which the Patient has authorized to be disclosed to the PCP, with an accompanying 42 CFR Part 2 compliant prohibition on re-disclosure notification. The PCP's electronic system receives and incorporates the Patient's annotated additionally protected data and prohibition on re-disclosure notification.

Consentral may be deployed to control data flow at Health Information Exchanges, the Nationwide Health Information Network/e-Health Exchange, or private healthcare providers. Based upon organizational, jurisdictional and consent requirements, Exchange Privacy Services and Consentral can provide the patient varying degrees of policy control and patients can make changes to their consent directives at any time.

Jericho's Consentral was selected "Best Privacy Technology" in 2012. Additionally, Consentral out-scored other vendors in a 2014 government-funded comparison of commercial off-the-shelf (COTS) products for patient privacy and consent. For example, "Subject W" could elect to allow sharing of information about his participation in a substance abuse treatment program, but only to his primary care physician.

Consentral can be deployed to control data flow at Health Information Exchanges, the Nationwide Health Information Network, and healthcare providers. Based upon organizational and jurisdictional requirements, Consentral can provide the patient varying degrees of policy control. Patients can make changes to their consent directives at any time. An example is shown below.

Additionally, patients can see a history of who viewed their electronic health records, when, and the purpose of use. This history provides the added benefit of allowing patients to monitor for inappropriate activity of their records.

Consentral's easy to use features include:

  • Choose to participate in your local Health Information Exchange (opt-in or opt-out)
  • Create consent directives that decide who can see your health information (control information with exceptions)
  • Select which sensitive information you do not want to share (control information with restrictions)

Privacy Laws - Supported for clinical tagging and data segmentation:

  • 42 CFR Part 2
  • HIPAA Privacy Rule (Also known as 45 CFR Part 164.5xx. Includes HIPAA Psychotherapy Notes and HIPAA self-pay)
  • Common rule
  • Title 38 section 7332. Protects data based on the condition that is related to the data, for example, HIV

eHealth Exchanges - Supported implementations of industry standard connectivity solutions:

  • CONNECT 3.3 or later
  • Aurion 4.1
  • XDS.b

Contact us now or call 972.231.2000 to discuss how Consentral supports legal compliance for Patient Consent Directives.