Architecture of a consent management suite and integration into IHE-based regional health information networks
Open Access
- 4 October 2011
- journal article
- Published by Springer Science and Business Media LLC in BMC Medical Informatics and Decision Making
- Vol. 11 (1), 58
- https://doi.org/10.1186/1472-6947-11-58
Abstract
The University Hospital Heidelberg is implementing a Regional Health Information Network (RHIN) in the Rhine-Neckar-Region in order to establish a shared-care environment, which is based on established Health IT standards and in particular Integrating the Healthcare Enterprise (IHE). Similar to all other Electronic Health Record (EHR) and Personal Health Record (PHR) approaches the chosen Personal Electronic Health Record (PEHR) architecture relies on the patient's consent in order to share documents and medical data with other care delivery organizations, with the additional requirement that the German legislation explicitly demands a patients' opt-in and does not allow opt-out solutions. This creates two issues: firstly the current IHE consent profile does not address this approach properly and secondly none of the employed intra- and inter-institutional information systems, like almost all systems on the market, offers consent management solutions at all. Hence, the objective of our work is to develop and introduce an extensible architecture for creating, managing and querying patient consents in an IHE-based environment. Based on the features offered by the IHE profile Basic Patient Privacy Consent (BPPC) and literature, the functionalities and components to meet the requirements of a centralized opt-in consent management solution compliant with German legislation have been analyzed. Two services have been developed and integrated into the Heidelberg PEHR. The standard-based Consent Management Suite consists of two services. The Consent Management Service is able to receive and store consent documents. It can receive queries concerning a dedicated patient consent, process it and return an answer. It represents a centralized policy enforcement point. The Consent Creator Service allows patients to create their consents electronically. Interfaces to a Master Patient Index (MPI) and a provider index allow to dynamically generate XACML-based policies which are stored in a CDA document to be transferred to the first service. Three workflows have to be considered to integrate the suite into the PEHR: recording the consent, publishing documents and viewing documents. Our approach solves the consent issue when using IHE profiles for regional health information networks. It is highly interoperable due to the use of international standards and can hence be used in any other region to leverage consent issues and substantially promote the use of IHE for regional health information networks in general.Keywords
This publication has 12 references indexed in Scilit:
- Reassortant H9N2 Influenza Viruses Containing H5N1-Like PB1 Genes Isolated from Black-Billed Magpies in Southern ChinaPLOS ONE, 2011
- A method to implement fine-grained access control for personal health records through standard relational database queriesJournal of Biomedical Informatics, 2010
- Establishing a personal electronic health record in the Rhine-Neckar region.2009
- EHR access rights and the role of the patientIFMBE Proceedings (IFMBE), 2009
- Consent-based Access to Core EHR InformationMethods of Information in Medicine, 2009
- Implementing security in a distributed web-based EHCRInternational Journal of Medical Informatics, 2007
- An e-consent-based shared EHR system architecture for integrated healthcare networksInternational Journal of Medical Informatics, 2007
- Security issues arising in establishing a regional health information infrastructureInternational Journal of Medical Informatics, 2004
- Authorisation and access control for electronic health record systemsInternational Journal of Medical Informatics, 2004
- Informed consent and the security of the electronic health record (EHR): some policy considerationsInternational Journal of Medical Informatics, 2004