Electronic health records, as well as electronic personal health records, have been increasingly used to replace paper records in professional healthcare and home healthcare.
Informed consent is a very important process in professional healthcare, in which the patient makes some choices with respect to, inter alia, the use of his health data by healthcare providers. In many countries the patient has legal rights to hide or limit access to certain parts of his electronic healthcare records. For example, a patient may restrict access to documents relating to mental health or drug abuse, such that only the patient's psychiatrist has access to these documents. In another example, such restricted access prevents others from having access to a patient's records related to AIDS. Different security mechanisms have been developed to technologically facilitate this right, such as the use of sealed envelopes in the Spine system of NHS in the UK or a similar mechanism in the NICTIZ system in The Netherlands.
In the domain of personal health records, the patient is solely responsible for defining who has access to his records. Very often the patient has a desire to realize a very complex policy, especially in the case that the patient wants to give access to certain healthcare providers, family or friends. In some cases, the patient might want to block them from being able to access certain parts of his/her records.
HL-7, IHE and HITSP standardize interactions related to patient consent as well as formats in which consent can be specified. HL-7 specifies CDA R2 consent directive, while IHE developed Basic Privacy Patient consent profile. The privacy preference working group of HITSP collected requirements related to the patient privacy preferences in respect of health records. HL-7 also standardized vocabularies used for access control, such as an object vocabulary that describes different data types of electronic health records. These data types are used by the access control system, which assigns permissions/restrictions to different users with respect to these data types.
“Patient-centric authorization framework for sharing electronic health records”, Jing Jin et al., SACMAT'09, Jun. 3-5, 2009, Stresa, Italy, discloses a need for a secure, usable, and straightforward mechanism that allows users to quickly and easily authorize a variety of medical affiliates to access their sensitive records or a subset of the data within them. The paper discloses a model in which the semantics and structural composition of EHR documents is formulated in a hierarchical structure, where internal sub-objects are distinguished and associated with properties to address important criteria for medical data sharing such as data types, intended purposes and information sensitivities. Both the EHR instances and the aggregated virtual composite EHR are uniformly modelled as a labelled hierarchical structure. Relevant properties are categorized into three dimensions: origin, sensitivity, and object type.