IBM and HIPAAT, a provider of consent management solutions to the healthcare industry, are joining forces to bring health information privacy controls to patients and healthcare providers.

IBM said its collaboration with the Naples, Fla.-based HIPAAT extends patient-driven privacy to EHRs, personal health records (PHRs) and health information exchanges (HIEs). Combined IBM and HIPAAT technologies allow patients to specify who is granted access to their personal health information (PHI), what information can be accessed and when. 

The companies said their commercially available, patient-directed solution is a privacy-based approach to securely controlling PHI access across diverse healthcare applications and settings. 

When installed in HIE environments, Privacy eSuite allows patients and designated providers to create and record privacy directives, according to the companies. The software then evaluates a provider’s authorization to access a patient’s PHI based on such directives. With the combined offerings, a patient can restrict a particular clinician from accessing PHI, even if that clinician – based on medical role – would typically be granted such access. The companies said all access requests are recorded and an audit trail is created. 

The companies said they will enable caregivers to implement and enforce patient consent directives, providing access to PHI and EHR data in emergency-care situations, where appropriate.