Decision support for patient consent management

Abstract

Patients are given more and more control on the access to their medical information. In many situations, the regulation rules require the acquisition of patients' consent before one can access the patients' medical information. However, in practice, patients oftentimes have difficulties determining whether they should permit a certain access request. In this article, we propose a quantitative approach to assist patients in consent management of their medical information. Our system evaluates access requests based on three factors (importance, sensitivity, normalcy) and makes personalized suggestion to patients. Our design is capable to handle requests in different categories. In situations where patients expect their data to be accessible to the requesters, our solution will make the consent management task effortless for patients. In less critical usage scenarios, our solution will recommend an informed decision by comparing risks and benefits associated with data access. Furthermore, our solution intends to enable patients to review past access activities periodically and can automatically detect potential over-accessing activities from various parties. We have implemented a prototype of our solution and performed simulations on real-world medical history records. We hope our work lays some technical ground for policy makers to derive best practices for health care organizations and enable enforcements of compliance laws such as HIPAA. © 2011 IEEE.