Remote Patient Authorization and Submission of EHR Data for Research

Printer Friendly, PDF & Email


IHE Basic Patient Privacy Consent

The IHE Basic Patient Privacy Consent (BPPC) provides a means for recording the ceremony of patient consenting to a policy. The BPPC profile is normative and widely used to record consent in cross-enterprise settings, such as HIE or research. The BPPC profile includes support for gross coded consent, enabling basic consents to be supported. The IHE normative specification -- 19 Basic Patient Privacy Consents (BPPC) The document sharing infrastructure provided by XD* allow for the publication and use of clinical documents associated with a patient. This profile allows for a Patient Privacy Policy Domain (e.g., an XDS Affinity Domain to have a number of Patient Privacy Policies that can be acknowledged (aka consent). This allows for more flexibility to support some patient concerns, while providing an important and useful dataset to the healthcare provider. Without BPPC, the XDS Profile requires that the administrators of an XDS Affinity Domain creates and agrees to a single document publication and use policy (see ITI TF-1: Appendix L ). Such a single XDS Affinity Domain Policy is enforced in a distributed way through the inherent access controls of the systems involved in the XDS Affinity Domain. This profile will use terms consistent with ISO 22600 - Privilege Management and Access Control (PMAC), but is not restricted to systems that implement PMAC. This profile uses the term “Patient” to refer to the human-subject of health-related data. In this context “Patient” is not to imply only those subjects under current treatment, this is sometimes referred to as “consumer”. This profile uses the term “Consent” to mean acknowledgement of a privacy policy, also known as an information access policy. In this context the privacy policy may include constraints and obligations. The systems involved in XDS are expected to support sufficient Access Controls to carry out the Policy of the XDS Affinity Domain. See the IHE white paper Enabling Document Sharing Health Information Exchange Using IHE Profiles published on the IHE web site. ...

IHE Advanced Patient Privacy Consent

The IHE Advanced Patient Privacy Consent (APPC) is a Trial-Implementation companion to the normative BPPC profile. The APPC profile is used when additions or deviations from a "Basic" consent policy are needed. The APPC mechanism provides for deeper coded consents beyond what BPPC supports. BPPC continues to be used to capture the ceremony and overall policy, where APPC provides the specific additions or deviations. see the IHE publication