The reason is that these terms can mean very different things based on what the person listening is thinking. They can mean a consent ‘model’ or they can mean a consent ‘state’ or they can mean an 'action' by the patient. Especially confusing because there is a possibility for all thee to be the same and not the same.
State Model --
At the most gross level of Privacy Consent we recognize that there is a 'state' where data is shared, for legitimate medical treatment purposes, with trusted partners, who are authorized by their licensing and role. And another state where data is NOT shared, except for legitimate and authorized medical emergency...
- OPT-IN state – Permitted to sharing the patient's data for Treatment purpose
- OPT-OUT state – Denied to share the patient's data for Treatment purpose
- opt-in environment, the patient is automatically put into opt-in state.
- opt-in environment, the patient is automatically put into Permit state.
I propose we use:
- Permit – a ‘state’ data is shared
- Deny - a ‘state’ of NOT sharing
- Implied-Consent – A ‘model’ where without a consent the patient data sharing is Permitted.
- Start in Permit state
- Explicit-Consent – A ‘model’ where without a consent the patient data sharing is Denied
- Start in Deny state
Explicit-Consent is also common with sensitive topics, that are considered more sensitive than normal health topics. Likely due to stigma. These topics are often held to an Explicit Consent model, even where normal health topics follow Implied Consent.
Also some regions, or even organisations simply choose to use an Explicit-Consent model for various reasons. Explicit-Consent can be seen as more Privacy Principled, but can also impede progress that might be 'implied'
I propose a set of terms, while not defining terms for the 'actions'. This because the actions are what tends to be very realm specific. Some environments allow a verbal consent, others allow a web-form checkbox, others require digital signatures, others have very specific language, others have special technology, others allow for delegation and assignee, etc. So the actions, or 'state transitions' are much harder to agree upon.
Updated: 4/6/2017 to include recommended "Event" description and diagram