Kairon Consents

August 2013
Kairon is a system concept, a prototype, and a vision for how the management and enforcement of consent rule sets can be accomplished. It offers the promise of greater flexibility and reduced effort for both patients and data custodians.
Business men and women discussing documentation.

Imagine that a patient with mental health issues visits a chiropractor to have her look at his back. He would like to share the fact that he has taken Vicodin for pain, but not the fact that he has in the past, been treated at General Mental Health Center for PTSD or that he had gonorrhea. Today how is this done? And how can we enable a patient perspective for consents?

Before disclosing information, a custodian of this patient must check patient consents as well as organizational and government policies. This largely manual process is a major bottleneck to today's data sharing and incompatible with large scale automation. Current practice requires that the patient be present to sign a physical form for each exchange that is managed at each record holder, where minimal enforcement is done beyond determining whether a standard consent is on file.

The current approach is also provider-centric, not patient-centric. Patients have very limited control over what can be done with their information, and consent is usually specific to a procedure or incident. When a patient wants to change their policy, they must identify and notify any relevant consent holders. Kairon is a system concept, a prototype, and a vision for how the management and enforcement of consent rule sets can be accomplished and offers the promise of greater flexibility and reduced effort for both patients and data custodians.

What it does

Kairon creates an information release process framework with internet-based rule-set management and risk thresholds, that mixes policies (i.e., prioritized release rules) from federal, state, and organizational entities with those of the patient. Additionally, it combines this information with request attributes (e.g., the requestor's name, description of the requested data, and purpose of use), evidence about treatment relationships and affiliations, and granular medical data to enable a release decision (see Figure 1).

Figure 1

Kairon makes each patient's latest consent preferences available to patients for online management, and (subject to the consents themselves) to providers for enforcement and discussion with patients. Patients access, add, or modify their consent preferences via a web interface. Rules can be generalized or specific. For example, "release all to my primary care provider" or "release all medications and allergies to Dr. Smith". Future user interfaces (UIs) may embody expert-written rulesets, which are then customized by having the patient describe their sensitivity on various topics, as well as their desire to share. In the example below (Figure 2), the patient merely fills in information on their treatment relationships, and assigns a sensitivity level to each category; a wizard tool generates the rules.

Figure 2

In addition to the patient directed consents, we have designed the ability to mix and prioritize mandates and defaults from federal, state, and organizational stakeholders. This new rules based system will integrate myriad access controls including mandated releases, emergency releases (with patient-specified exclusion of recipients), specially protected categories that require explicit patient consent (e.g., HIV), and government defaults (e.g., opt in). To insulate patients from complexity, we are designing rule-creation wizards.

The figure below (Figure 3) shows the release process. When patient information is requested, Kairon identifies relevant rules from all relevant stakeholders, mixing them together into a prioritized ruleset. Information needed to evaluate these rules, is identified, such as purpose and recipient, credentials, affiliations, and treatment relationships, and metadata from each health record item (e.g., medication entry, treatment note) proposed for disclosure. The information will be gathered from the request message and ancillary sources, together with an estimate of trustworthiness (based on delegated trust plus the asserter's certainty). As soon as an information assertion is acquired, it is substituted into the rules and logical simplifications are performed, making some rules irrelevant and sometimes permitting an early decision. The same ruleset simplification capability is being utilized to answer questions like "Under what conditions can my reproductive health data be released to clinicians at Kaiser?" Based on the outcome of the rules execution, the item is either shared or withheld. In the future, similar rulesets (without further patient management) will determine requirements for protection, audit, and notification.

Figure 3

Kairon is currently designing an Evidence Framework that would supply data with trustworthiness estimates, for use in evaluating policies, as seen in Figure 3. On the user side, constructs are being developed to enable rule-writers to express how to cope with less-than-perfect information. The treatment of uncertainty applies to claimed purpose (Is it really an emergency?), credentials and treatment relationships (Who says, and who vouched for them? How current?), and also custodian uncertainty about data contents (Medium sure there is no mental health data in this item).

Finally, we are looking at ways to promote an industry ecosystem of modular enforcers, evidence sources, and UIs to enable building and interoperation of consent systems.

Discussions are underway to pilot Kairon capabilities with the Substance Abuse and Mental Health Services Administration and the Veterans Administration. We are also using lessons learned from Kairon research to participate in standards activities, including the S&I Framework Data Segmentation for Privacy Initiative and the HL7 Security Working Group.


The Kairon approach benefits both patients and requestors of patient health information while imposing minimal burden on the custodians of that information.

Benefits for Patients

  • Better care, as more information is shared
  • Ability to set more appropriate privacy preferences
  • Ability to understand what information would flow to whom in a given situation, as a result of the rules, set by the patient, the government and custodian.
  • Reduction in paperwork, and elimination of visits just to file new forms.

Benefits for Requestors (including Secondary Use)

  • Ability to give better care, because less data is missing
  • Reduction in paperwork and in delay of receiving requested information
  • Lower barriers to locating and acquiring relevant patient data for research purposes

Benefits for Custodians

  • Greater ability to automate enforcement
  • Offloading much counseling about consent, onto improved UIs
  • Remote access to latest patient preferences, and reduction in paperwork

Further information on the Kairon effort, lists of major Kairon tenets, several technical papers and software descriptions are available for download at http://kaironconsents.sourceforge.net/.


Interested in MITRE's Work?

MITRE provides affordable, effective solutions that help the government meet its most complex challenges.
Explore Job Openings

Publication Search