A Decentralised Approach to Electronic Consent and Health Information Access Control

This paper describes an eConsent model and demonstrator used to investigate the implementation of patient consent as a means of controlling access to electronic health information shared between healthcare providers. The model and demonstrator described here are designed to operate in an environment of independent cooperating healthcare facilities, such as medical clinics and hospitals, where each facility is responsible for controlling access to the health information in its keeping, according to the patient’s expressed conditions as recorded and held by the facility. Novel, privacypreserving transfer protocols are used to ensure that access to the health information at the receiving facility continues to be governed by the patient’s consent. The work was well-received at a symposium where a wide range of stakeholders were offered an opportunity to consider the clinical, legal and technical feasibility of the approach represented by the demonstrator. ACM Classifications: H.4 (Information Systems Application); J.3 (Computer Applications: Life and Medical Sciences)