Models of Explicit Consent

It may be an sign of the advancement of years, but I have discovered an increasing interest in the way we interact with computers and systems which is starting to outweigh the interest in the way those computers and systems work. Maybe this was how my Grandmother felt about her VCR?

Consent models (so similar to VCR’s in so many ways) are of a particular interest, especially given my work in healthcare.

An idea I have been playing around with is explicit consent (the ability for an end user, a patient, to direct how their information may be collected and used in an electronic health solution). It started, like many of these ideas, with a fairly simple premise, the patient should have absolute control over their data. Which is possibly unfair in that patients don’t have absolute control over their data in a non-electronic environment (you know, paper – that stuff we’ve used for hundreds of years?).

That’s actually quite hard, especially if the patient isn’t there all the time. We could, for example, develop a system where patients have some form of physical key which is required to be physically present to "unlock" their records, but they would have to be there. What about a form of DRM? That’s been obviously so successful for the music corporations. Nobody has every been able to access music without permission once that was implemented.

While I was pondering all this, I popped online to my bank to make sure I had enough money in my account to buy some clothes. While there, I paid some bills, checked out a couple of security warnings and decided that unless I stopped buying gear for my camera a holiday in Hawaii was never going to happen.

Wait a moment – actually the online banking model is pretty good. Obviously the banks are able to deal with a large number of users in a secure manner. It was my choice to use the service, I was responsible for signing up, and managing my security. I can choose which accounts can be managed online, and I can cancel the service any time I choose.

So how about a model for consent management in electronic health where;

  1. Every patient has to explicitly opt in by signing up for the system
  2. If a patient has not opted into the system, no data is uploaded to it
  3. A patient can opt out, and in doing so, all requests for information are subsequently denied by the solution

Initially it would appear that such a model is difficult to implement and control, and certainly implicit consent is easier. However much could be learnt/reproduced from online banking in this case.



0 Responses to “Models of Explicit Consent”

  1. Leave a Comment

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: