Digital Policies for Patient Consents: The Thorny (and General) Technical Challenges

To protect patient privacy, release of patient records must be in accordance with patient consents to share clinical data, either explicitly or from a government default. Explicit consents allow a patient to customize the balance between confidentiality versus sharing. However, the system of request-specific paper consent forms already acts as sand in the gears of data exchange [GSK], and will become far more bothersome as data sharing becomes nationwide, and progress on electronic health records gradually automates data extraction and transmission. Our project is architecting and prototyping key elements of a system to elicit and manage consents. All of a patient's consent rules are to be managed in one place, editable over the web, and accessible by authorized record holders; the user interface will help the patient manage their consent rules. Then when an information request is received, it will put the appropriate set of rules on the record holder's screen, in human-readable and automation-friendly forms.