Big Data Feeding FrenzyThis is what most people think of when they hear about healthcare data in the context of "Big Data". This diagram shows a very minimal "Privacy Consent". One that only controls if the Patients data is available or NOT.
Too often this is refereed to as OPT-IN, or OPT-OUT. This is a mischaracterization, but it is one that must be addressed. This kind of configuration does happen. I am not saying it doesn't happen. Just that it shouldn't be confused with OPT-IN, or OPT-OUT.
I know that I will not succeed in defining OPT-IN or OPT-OUT. They have too much momentum behind poor definitions. I did try to add clarity in the FHIR Consent "General Model" section.
Consent Controlled Feeding
Documented Privacy Consent Act Controls the Feeding
- Who - The patient
- What - The data - specific resources are listed, empty list means all data covered by the consent.
- Where - The domain and authority - what is the location boundary and authority boundary of this consent
- When - The issued or captured
- When - The timeframe for which the Consent applies
- How - The actions covered. (such as purposes of use that are covered)
- Whom - The recipient are grantees by the consent.