To main content

Handling Consent to Patient Data Access in a Hospital Setting

Abstract

The right to use patient data in treatment is based on the conditions of a need to know and patient consent. In electronic health records, these two conditions can be applied in various ways. We study the handling of consent in two Norwegian hospitals, with a view to how access control and consent handling can be integrated across electronic systems that process patient data. A workshop was held, where two consent handling scenarios were simulated, one in-hospital, the other external. Activities were identified and tied to roles and to the documents and systems used. Electronic systems were found to support the execution of the scenarios to some extent. The electronic functions used in-hospital were consent storage and logging of access; access control was not sufficient. When sharing information externally, the typical approach is a declaration signed by the patient or a referral; such external information sharing should be supported by specific functionality. A first step towards integrated access control is integrated consent handling.

Category

Academic chapter/article/Conference paper

Client

  • Research Council of Norway (RCN) / 164371

Language

English

Author(s)

  • Gunnar René Øie
  • Herbjørn Andresen
  • Inger Anne Tøndel

Affiliation

  • Norwegian University of Science and Technology
  • SINTEF Digital / Software Engineering, Safety and Security
  • University of Oslo

Year

2007

Publisher

IOS Press

Book

MEDINFO 2007 - Proceedings of the 12th World Congress on Health (Medical) Informatics – Building Sustainable Health Systems

Issue

1

ISBN

9781586037741

Page(s)

242 - 246

View this publication at Cristin