Mission Analytics presented scenarios to the Consent Repository Feasibility Study work group about patients who arrive incapacitated or who have legal guardians, and the operational and legal steps a consent repository would need to verify proxy authority and allow time‑sensitive access.

Presenters said HIPAA permits surrogate access when a legal proxy (durable power of attorney or court‑appointed guardian) is documented, but 42 CFR Part 2 and the Colorado Mental Health Practice Act impose stricter limits for substance‑use and behavioral‑health records. “Under 42 CFR Part 2, it does allow disclosures in what it calls bona fide medical emergencies,” Matthew Moore said, but he emphasized stricter documentation and minimum‑necessary limitations for such disclosures.

Key takeaways
- Verifying proxies in real time: presenters and participants described that guardianship or durable power‑of‑attorney paperwork is commonly stored in a patient's medical chart; several participants proposed that a consent repository could include a validated record or a place to store verified guardian/conservator authority to speed verification in emergencies.
- Break‑the‑glass and auditing: the group recommended detailed audit controls for emergency overrides (who accessed records, time, justification) and suggested special notifications to patients or their proxies after emergency access events.
- Delegated access management: Nancy from Patient Centric Solutions urged the repository to support delegated access (trusted caregivers, family members or formal proxies) and to require a validated identity process to register delegates.
- Language access and documentation: legal counsel and presenters noted Title VI obligations apply to all communications, including consent forms and related communications, and stressed plain‑language educational resources.

Operational considerations included tiered access controls so proxies see only the data necessary for the situation, storing guardian documents or links to authoritative registries where possible, and a process for patients to nominate delegates during onboarding. No formal policy decisions were made; the consultants sought feedback on audit fields, verification workflows and how the repository should store proxy authority.