Discussions of Interoperability Exchange, Privacy, and Security in Healthcare by John Moehrke - CyberPrivacy. Topics: Health Information Exchange, Document Exchange XDS/XCA/MHD, mHealth, Meaningful Use, Direct, Patient Identity, Provider Directories, FHIR, Consent, Access Control, Audit Control, Accounting of Disclosures, Identity, Authorization, Authentication, Encryption, Digital Signatures, Transport/Media Security, De-Identification, Pseudonymization, and Anonymization.
Too often Consent is seen as a one-time thing. It is far more than this. Here is an infographic.
My point with this is that there many big steps:
Act of Consent from the Patient
Notification of Use
This graphic tends to imply these are four clean steps that are done in sequence. When actually they might happen in various sequences.
For example: Imagine a Research project that wants to use specific kinds of data. They do need to have their policies defined. They might have scouting authorization to find potential cohort participants. This scouting, only returns potential pseudonymous identifiers, no data. This access to find the potential cohort results in a notification to the patient that a specific Research project is interested. This notification encourages the patient to review the terms of the Research project and agree to participate. Thus now the Research project can access the data.