WPAC The Role of the Patient

From IHE Wiki
Revision as of 07:32, 20 January 2009 by Olaf.rode (talk | contribs)
Jump to navigation Jump to search

Patient Privacy Policies

In order to lawfully collect, store, process, and communicate medical information about a patient, a concrete and prior authorisation for those operations is required. This authorisation is also referred to as the patient consent. This consent is the result of a patient's independent and informed decision and is specifically defining:

  • What of his medical data may be shared
  • to what extent (partly, context-dependent, all)
  • with whom (identities or organisations)
  • for how long?

Finding a suitable technical representation of the patient's consent is considered to be quite challenging due to the potentially high complexity of an adequate reflection of the concrete patient's wishes. Furthermore, it must be adequately addressed, that the patient holds the right to withdraw his consent at any time, even during the treatment. One very potential solution to express the patient's consent - while fully respecting the variables such as immediate withdrawal, particular concerns, and automatic checks whether the consent is currently valid - may be policies. Policies in that matter are a structured collection of rules and regulations, which governs accesses to the patient's medical data and the related/dependent objects (applications, systems). Policies also facilitate certain clinical requirements, such as the application of one or more policies to one resource (policy stacks), the possibility of a conditional emergency override, and a situation-dependent choice of the concrete position of the policy enforcement point (as required in a federated health-care environment and for pre-fetching of medical data-sets). The specific rules and regulations, which are encoded in the policy, directly reflect all explicit and implicit authorisations that may result from the patient's decisions:

Example: "All internists of the department 123c of the hospital XY may access all relevant parts of my electronic case record xyz for either, the duration of the treatment or two years."

The policy traditionally originates in the patient domain, since a valid and active patient's consent is generally required in order to initiate the collection of his medical data.

DAC-style vs. RBAC-style PPPs

client-side vs. resource-side enforcement

Prefetching of patient data

Patient-bound Tokens (e. g. EHCs) as Access Control Measures

  • Patient bound token are used to fulfill multiple tasks:
    • they provide information about the patient that can be used as patient attributes when defining policies or rendering policies into policy decisions, e.g. demographic data, participation in DMPs, ...
    • they are a common mean to complement traditional access control measures to empower the patient in a way that he has the final decision who is allowed to access his data, e.g. by containing consent information, representing a consent or by containing cryptographic keys that are used to protect medical data
  • Example:
    • Electronic health cards (EHC), e.g. in Germany, containing the patients demographic data, consent information and cryptographic keys
    • Electronic cards, proving the participation in a certain DMP
    • ...
  • Problem: As those token are patient bound they can not be accessed when the patient is absent. Access to applications or resources that depend on data that is only stored on these token is therefore not possible.
Retrieved from "http://wiki.ihe.net/index.php?title=WPAC_The_Role_of_the_Patient&oldid=28915"