At a meeting of the Consent Repository Feasibility Study work group, Mission Analytics presented scenarios to test how a centralized consent repository could work for emergency responders dealing with a Spanish‑speaking person in mental‑health crisis.

The consultants said the repository must give crisis responders real‑time consent status in the field, support multilingual consent workflows and provide auditable emergency access when a patient cannot meaningfully engage. “So for this 1, we're gonna think about a Spanish speaking individual who is having a mental health crisis,” Rick Frey, project manager for Mission Analytics, said when introducing the scenario.

Why it matters: mobile crisis teams often arrive without prior access to a person's records or consents, increasing risk and delaying care. Mission Analytics and legal consultant Matthew Moore framed the technical proposals against federal and state privacy rules: HIPAA sets a baseline for permitted disclosures for treatment, payment or health care operations; 42 CFR Part 2 adds heightened protections for substance‑use disorder records; and the Colorado Mental Health Practice Act imposes additional restrictions on behavioral‑health information. Moore also flagged Title VI obligations requiring linguistically appropriate services for people with limited English proficiency.

Key facts and proposals discussed
- Mobile, in‑field access: presenters said the repository should allow mobile crisis teams to “log in and get that access” in real time so responders can verify existing consents or capture consent on the spot when the person is capable. The group discussed both apps and mobile‑friendly web portals as operational options.
- Language and translation: the team emphasized translated consent forms and plain‑language educational materials, and Moore noted that Title VI and state law require linguistically appropriate services for people with limited English proficiency.
- Emergency override and auditing: presenters and participants stressed the need for an auditable “break the glass” or emergency override with logs capturing who accessed records, why, and when, plus post‑event notification to the patient when feasible. Breck Frey (Mission Analytics) said such events should be logged so “we know who is accessing the data, why they're accessing it.”
- Local examples and limits: Ed Keiko, Mission Analytics project director, described a Denver program called STAR (Support Team Assisted Response) that uses laptops or provider portals to pull patient information when responders know the health system; he also said provider portals like EpicareLink exclude 42 CFR Part 2 data and require separate requests through health information management to obtain substance‑use records.

Unresolved operational issues
- Whether to provide a dedicated app, integrate with existing emergency‑responder platforms, or offer both was left open; presenters said they were “exploring the needs” of different stakeholder groups.
- Interoperability gaps: the group noted that many community mental‑health providers outside integrated health systems lack interoperable EHRs, a barrier to real‑time access across systems.

The discussion closed with the consultants asking the group to weigh technical options (app vs. portal), and to consider translation, offline or low‑bandwidth access and the audit requirements necessary to meet HIPAA, 42 CFR Part 2 and Colorado law.