Digital Policies for Patient Consents: The Thorny (and General) Technical Challenges
To protect patient privacy, release of patient records must be in accordance with patient
consents to share clinical data, either explicitly or from a government default. Explicit consents
allow a patient to customize the balance between confidentiality versus sharing. However, the
system of request-specific paper consent forms already acts as sand in the gears of data exchange
[GSK], and will become far more bothersome as data sharing becomes nationwide, and progress
on electronic health records gradually automates data extraction and transmission.
Our project is architecting and prototyping key elements of a system to elicit and manage
consents. All of a patient's consent rules are to be managed in one place, editable over the web,
and accessible by authorized record holders; the user interface will help the patient manage their
consent rules. Then when an information request is received, it will put the appropriate set of rules
on the record holder's screen, in human-readable and automation-friendly forms.
