Advanced Patient Privacy Consents
Advanced Patient Privacy Consents (APPC) is a content profile that describes the semantics necessary to enable patient consent(s) to be captured, managed, and communicated between systems and organizations. This profile enables the capturing of consent(s) that cannot be adequately expressed using the Basic Patient Privacy Consents (BPPC) Profile.
Summary
The Advanced Patient Privacy Consents (APPC) Profile defines a structural representation of a privacy consent policy. The definition allows for privacy consent policies that can include individualized parts, based on the patient’s choices or other circumstances. This profile is intended to allow an unspecified enforcement mechanism, potentially within an existing access control system, to use the structured policy representation to automatically determine and enforce those policies.
Note that this profile does not define an enforcement mechanism for policies, it only defines the structure of the patient-specific policies.
Benefits
The APPC profile allows for the transport of a structured policy representation using a consent document. This can be used by an unspecified enforcement mechanism (e.g. within an existing access control system) to perform automated access checks.
APPC provides a common format, vocabulary (as far as possible) and transport mechanism for an advanced consent to significantly reduce security-related interoperability costs. Consent recording systems and enforcement systems that adhere to this profile only need to pre-arrange a limited set of foundational policies (e.g. a handful of different access patterns).
Details
The Advanced Patient Privacy Consents (APPC) Profile defines a structural representation of a patient-specific Privacy Policy. The Privacy Policy is considered patient-specific because it includes individualized parts, based on the patient’s choices or other circumstances. The content of a Privacy Consent Document is designed to allow an unspecified enforcement mechanism, potentially within an existing access control system, to use the structured policy representation contained within the consent document to automatically determine and enforce those policies. Such an enforcement mechanism could collect and organize the structured policies to allow for efficient access decisions and enforcement.
This profile allows Patient Privacy Policy Domains to give patients choices that are more granular by creating access rules that add constraints on top of the rules defined in an underlying Patient Privacy Policy. A patient may not want to give all physicians access to her clinical documents and may therefore limit the Patient Privacy Policies to only apply to a specific healthcare provider organization or to a specific episode of care. The patient-specific access rules are transmitted in a structured policy as a part of the consent document.
The Patient Privacy Policy Domain determines the available policy customizations. For example, one particular domain may only support blocking of (otherwise permitted) document access to specific care providers, while another domain may allow specific care providers access to certain (otherwise blocked) documents from a specific date range.
Neither staff members that digitize paper consent forms, nor patients using a portal to fill out a digital consent form, can be expected to have the knowledge or training to write a consent document with a structured policy from scratch. Therefore, the Patient Privacy Policy Domain must determine a set of foundational, re-usable Patient Privacy Policies defining access patterns (e.g., “full access”, “summaries only”), and clearly define the ways the patient (or other participants) can further make them specific to the patient’s circumstances (e.g., by adding which healthcare provider organization it applies to, by limiting it to documents related to a particular episode of care).
Systems Affected
- Patient Management Systems may query, retrieve, or create Privacy Consent Documents
- Consent Management Systems may query, retrieve, or create Privacy Consent Documents
- HIE Security Systems may query, retrieve, or process Privacy Consent Documents
Actors & Transactions:
Specification
Profile Status: Trial Implementation
Documents:
IHE IT Infrastructure Technical Framework:
Underlying Standards:
See Also
Related Profiles
The APPC Profile and the BPPC Profile can both be used to support digital consent documents. Generally, any consent document that can be expressed via BPPC can also be expressed via APPC. Whether APPC is the best approach for a particular Patient Privacy Policy Domain depends on the complexity of the Patient Privacy Policies and the capabilities of the systems involved in the exchange. Whereas APPC allows for individualized consents that further constrain generally applicable policies, BPPC only allows a choice from a set of predefined Patient Privacy Policies.
The IHE BPPC profile does not include a structured representation of the privacy consent policy. This requires consent recording systems (e.g. an EMR) and enforcement systems (e.g. the HIE’s security system) to agree on a predefined set of policies that a patient can agree to (e.g. complete opt-out, emergency access only, complete opt-in). These policies must be negotiated before any data exchange occurs and must be implemented by the enforcing systems. Privacy-sensitive patients, organizational policies and legal regulations often demand that patients are given considerable flexibility as to what data is accessible to which participants. When the patient has more choices (e.g. the choice of selecting one or more healthcare provider organizations that are granted access), the number of privacy consent policies quickly becomes very hard to manage and implement. If the patient can select e.g. from 100 organizations, with each organization potentially having one of three different access patterns, then there are already 300 potential privacy consent policies that must be predefined.
This page is based on the Profile Overview Template