Advanced Patient Privacy Consents
Advanced Patient Privacy Consents (APPC) is a content profile that describes the semantics necessary to enable patient consent(s) to be captured, managed, and communicated between systems and organizations. This profile enables the capturing of consent(s) that cannot be adequately expressed using the Basic Patient Privacy Consents (BPPC) Profile.
The Advanced Patient Privacy Consents (APPC) Profile defines a structural representation of a privacy consent policy. The definition allows for privacy consent policies that can include individualized parts, based on the patient’s choices or other circumstances. This profile is intended to allow an unspecified enforcement mechanism, potentially within an existing access control system, to use the structured policy representation to automatically determine and enforce those policies.
Note that this profile does not define an enforcement mechanism for policies, it only defines the structure of the patient-specific policies.
The APPC profile allows for the transport of a structured policy representation using a consent document. This can be used by an unspecified enforcement mechanism (e.g. within an existing access control system) to perform automated access checks.
APPC provides a common format, vocabulary (as far as possible) and transport mechanism for an advanced consent to significantly reduce security-related interoperability costs. Consent recording systems and enforcement systems that adhere to this profile only need to pre-arrange a limited set of foundational policies (e.g. a handful of different access patterns).
- Patient Management Systems may query, retrieve, or create Privacy Consent Documents
- Consent Management Systems may query, retrieve, or create Privacy Consent Documents
- HIE Security Systems may query, retrieve, or process Privacy Consent Documents
Actors & Transactions:
Profile Status: Trial Implementation
The IHE BPPC profile does not include a structured representation of the privacy consent policy. This requires consent recording systems (e.g. an EMR) and enforcement systems (e.g. the HIE’s security system) to agree on a predefined set of policies that a patient can agree to (e.g. complete opt-out, emergency access only, complete opt-in). These policies must be negotiated before any data exchange occurs and must be implemented by the enforcing systems. Privacy-sensitive patients, organizational policies and legal regulations often demand that patients are given considerable flexibility as to what data is accessible to which participants. When the patient has more choices (e.g. the choice of selecting one or more healthcare provider organizations that are granted access), the number of privacy consent policies quickly becomes very hard to manage and implement. If the patient can select e.g. from 100 organizations, with each organization potentially having one of three different access patterns, then there are already 300 potential privacy consent policies that must be predefined.
This page is based on the Profile Overview Template