The Sequoia Project Releases New Guidance To Advance Automated Consent for Health Information Exchange

Press Releases
|
June 30, 2026

Resource Supports Providers, Payers, and Technology Developers To Operationalize Computable Consent

(Vienna, VA June 30, 2026) — The Sequoia Project, a leading nonprofit and trusted advocate for nationwide health information exchange, today announced the release of Operationalizing Automated Consent: Actionable Guidance for Health Care Providers, Payers, and Technology Vendors.” Developed by its Interoperability Matters Privacy & Consent Workgroup (PCWG), the resource provides practical guidance and example tools to help organizations evaluate and implement automated, computable consent processes for sharing health information.

“Enabling appropriate access to health information while maintaining patient trust remains a shared priority in healthcare,” said Mariann Yeager, chief executive officer at The Sequoia Project. “This work is the result of extensive collaboration across stakeholders to translate complex policy requirements into actionable approaches.”

As health data exchange continues to expand, organizations face increasing complexity in managing patient privacy, particularly when navigating overlapping state and federal requirements, including 42 C.F.R. Part 2 and HIPAA. Manual consent processes and inconsistent methods for capturing patient preferences often create operational challenges that can delay or impede access to appropriate information.

This guidance aims to help solve those challenges by offering a structured starting point for organizations exploring scalable, technology-enabled approaches to consent management.

“Operationalizing consent in a scalable and consistent way requires translating policy into practice,” said Kevin Day, Cotiviti principal business advisor and PCWG co-chair. “This resource offers tools and approaches that organizations can adapt to their own environments while continuing to build trust and enable appropriate information sharing.”

The ’How To’ of Computable Consent

The guidance outlines three foundational areas organizations typically need to evaluate when planning for automated or computable consent:

  • Technical Standardization – Approaches for representing consent directives using standardized methods such as HL7® FHIR® and data segmentation techniques to support authorized exchange.
  • Workflow Integration – Methods for translating legal and policy requirements into operational workflows and system logic, including potential automation within electronic health records (EHRs) and health information networks.
  • Consumer Empowerment, Understanding, and Trust – Strategies to present consent choices clearly and support patient understanding while ensuring sensitive information is appropriately protected.

In addition, the guidance includes five detailed appendices to support implementation. They address legal elements of consent, a sample consent form, workflow considerations, and a sample governance framework.

The resource is intended as informational guidance only and does not constitute legal advice or guarantee compliance or interoperability outcomes. Organizations are encouraged to consult their internal legal, compliance, privacy, and technical teams when considering implementation.

Upcoming Webinar

The Sequoia Project is hosting a webinar to provide a detailed overview of the resource on Tuesday, July 28, from noon to 1p.m. Eastern. Registration is free and open to the public. The webinar will include a live Q&A session.

The full resource, “Operationalizing Automated Consent: Actionable Guidance for Health Care Providers, Payers, and Technology Vendors,” is available for download at: https://sequoiaproject.org/interoperability-matters/privacy-and-consent-workgroup/operationalizing-automated-consent/

Learn more about The Sequoia Project and its initiatives at: https://sequoiaproject.org

About The Sequoia Project

Contact Us:

Share Article

Facebook
Twitter
LinkedIn
Email

Privacy Preference Center

Necessary

et-pb-recent-items-font_family, visitor_id, gdpr,

Advertising

ANID, APISID, CONSENT, HSID, OGP, OGPC, SAPISID, SEARCH_SAMESITE, SID, SIDCC,SSID,__Secure-3PAPISID, __Secure-3PSID, __Secure-3PSIDCC, __Secure-APISID, __Secure-HSID, __Secure-SSID, 1P_JAR, _ga

Analytics

pardot,

Other