The following is a blog from Civitas Networks for Health® and the Shift Collaborative, previewing the Consent Management Workshop at the 2025 Civitas Annual Conference. Thank you to Shift Collaborative for your support in bringing the consent management workshop and this blog to life.
As health care systems strive to become more interconnected, the need to share health data has never been greater or more complex. Today’s challenge is not just the ability to exchange information but to do so in a way that respects patient preferences, complies with evolving laws, and preserves the trust that makes health data sharing possible in the first place.
Civitas members are on the front lines of implementing systems that not only exchange data but also maintain trust.
As federal and state rules evolve, Civitas members face growing complexity in how sensitive health data is shared, protected, and governed. Consent management is more than just a compliance issue – it’s about patient dignity, operational feasibility, and community accountability.
This is why Civitas sees consent management and maintaining patient confidentiality as a defining challenge for the next generation of health data exchange. From behavioral health and reproductive care to social services and cross-border telehealth, consent management is the thread that connects privacy to interoperability and policy in practice.
But today’s fragmented legal and technical environment begs the following questions:
- How do we secure patient consent at the granular level?
- How can patients revoke consent in real time, particularly as we work on making national interoperability a reality?
- What tools, standards, and partnerships will make this possible at scale?
As national interoperability advances, consent remains a patchwork of state-by-state requirements, adding complexity to how we manage it legally, technically, and operationally. States are taking different approaches based on their laws, priorities, and populations, but all share a common need for consent tools that are practical, ubiquitous , and rooted in preserving patient trust.
To elevate this conversation at the Civitas 2025 Annual Conference, taking place September 28-30 in Anaheim, California, Civitas and platinum sponsor InterSystems are hosting a Consent Management Workshop to put a spotlight on real-world stories, implementation lessons, and emerging solutions from states and jurisdictions that are leading the way. While this is not the first Consent Workshop hosted at the Civitas Annual Conference, it serves as a renewed commitment to bringing collaborators together so we can continue to uncover solutions and talk through persistent challenges.
Moderated by InterSystems, this interactive session – Making Consent Work: State Strategies for Sensitive Data Sharing – will feature:
1) A technical deep dive from Mohammad Jafari on emerging FHIR Consent and Permission standards.
2) Real-world implementers from New Jersey and Washington, DC sharing policy updates, technical approaches, and lessons learned from building and deploying consent solutions.
New Jersey (NJII/NJHIN)
Driver: Aligning with updated 42 CFR Part 2 for substance use disorder data.
Approach: NJII developed a statewide electronic Consent Management System (eCMS) integrated with NJHIN, enabling patients to create, edit, review, and revoke consent. The state also embedded technical mechanisms to honor consent across care rosters, flag specially protected information, and support compliance monitoring.
Takeaway: NJ shows how policy, technology, and provider incentives can align to operationalize consent.
Washington DC (CRISP DC / DC Medicaid)
Driver: Support behavioral health data sharing under 42 CFR Part 2.
Approach: DC Medicaid launched an incentive program for behavioral health providers to adopt certified EHRs and connect to CRISP DC, its designated HIE. An eConsent tool was developed within the HIE platform to capture patient permission in line with updated Part 2 rules.
Takeaway: DC’s model illustrates how strategic funding, technical assistance, and collaborative infrastructure can bring privacy-preserving interoperability to life for sensitive behavioral health data
3) Breakout discussions exploring what your organization needs to implement scalable, computable consent. These sessions will offer more dedicated, one-on-one time with presenters.
California (DHCS / ASCMI / AB352)
Driver: Comply with state laws like AB 352 to protect reproductive and gender-affirming care.
Approach: California’s Department of Health Care Services is implementing the ASCMI (Authorization to Share Confidential Member Information) initiative, a statewide effort to standardize how consent is captured and honored for sensitive health and social services data. The ASCMI Form 2.0 is set to launch in 2025, with expanded capabilities and implementation guidance to follow.
Takeaway: California is building the policy foundation for consent at scale, with the goal of supporting real-time, jurisdiction-aware sharing across health, behavioral, and social care systems.
Whether you’re working at the policy level or building infrastructure to support real-time consent management, this workshop will give you a grounded, actionable perspective on what’s possible and what’s next. Join us on Sunday, September 28, 2025, 1:00 PM – 2:30 PM in Platinum Breakout 4!
Register for the Civitas 2025 Annual Conference today!
