Skip to main content
Key Specialties
Cardiology Diabetology Endocrinology Gastroenterology Geriatrics and Gerontology Gynecology and Obstetrics Hematology Infectious Disease Internal Medicine Nephrology Neurology Oncology Pediatrics Respiratory Medicine Rheumatology Surgery
Congress Coverage
2024 ACC Congress 2023 ESMO Congress 2023 EASD Congress 2023 ERS Congress 2023 ESC Congress 2023 EHA Congress 2023 ASCO Annual Meeting
Clinical Collections
Advances in Alzheimer’s

At a glance: The ONWARDS insulin icodec trials

A round-up of the ONWARDS phase 3 clinical trials evaluating the novel weekly insulin icodec in people with diabetes.
ADVANCED SEARCH
Log in
Top
BMC Medical Informatics and Decision Making
Published in: BMC Medical Informatics and Decision Making 1/2011

Open Access 01-12-2011 | Technical advance

Architecture of a consent management suite and integration into IHE-based regional health information networks

Authors: Oliver Heinze, Markus Birkle, Lennart Köster, Björn Bergh

Published in: BMC Medical Informatics and Decision Making | Issue 1/2011

Login to get access

Abstract

Background

The University Hospital Heidelberg is implementing a Regional Health Information Network (RHIN) in the Rhine-Neckar-Region in order to establish a shared-care environment, which is based on established Health IT standards and in particular Integrating the Healthcare Enterprise (IHE). Similar to all other Electronic Health Record (EHR) and Personal Health Record (PHR) approaches the chosen Personal Electronic Health Record (PEHR) architecture relies on the patient's consent in order to share documents and medical data with other care delivery organizations, with the additional requirement that the German legislation explicitly demands a patients' opt-in and does not allow opt-out solutions. This creates two issues: firstly the current IHE consent profile does not address this approach properly and secondly none of the employed intra- and inter-institutional information systems, like almost all systems on the market, offers consent management solutions at all. Hence, the objective of our work is to develop and introduce an extensible architecture for creating, managing and querying patient consents in an IHE-based environment.

Methods

Based on the features offered by the IHE profile Basic Patient Privacy Consent (BPPC) and literature, the functionalities and components to meet the requirements of a centralized opt-in consent management solution compliant with German legislation have been analyzed. Two services have been developed and integrated into the Heidelberg PEHR.

Results

The standard-based Consent Management Suite consists of two services. The Consent Management Service is able to receive and store consent documents. It can receive queries concerning a dedicated patient consent, process it and return an answer. It represents a centralized policy enforcement point. The Consent Creator Service allows patients to create their consents electronically. Interfaces to a Master Patient Index (MPI) and a provider index allow to dynamically generate XACML-based policies which are stored in a CDA document to be transferred to the first service. Three workflows have to be considered to integrate the suite into the PEHR: recording the consent, publishing documents and viewing documents.

Conclusions

Our approach solves the consent issue when using IHE profiles for regional health information networks. It is highly interoperable due to the use of international standards and can hence be used in any other region to leverage consent issues and substantially promote the use of IHE for regional health information networks in general.
Appendix
Available only for authorised users
Literature
1.
ISO: ISO/TR 20514 Health informatics - Electronic health record - Definition, scope and context. ISO/TR 20514:2005(E). 2005, ISO ed. Geneva Switzerland: ISO copyright office
2.
Blobel B: Authorisation and access control for electronic health record systems. Int J Med Inform. 2004, 73: 251-257. 10.1016/j.ijmedinf.2003.11.018.CrossRefPubMed
3.
Namli T, Dogac A: Implementation Experiences on IHE XUA and BPPC. Technical Report Middle East Technical University Ankara. 2006
4.
Win KT, Fulcher JA: Consent mechanisms for electronic health record systems: a simple yet unresolved issue. J Med Syst. 2007, 31: 91-96. 10.1007/s10916-006-9030-3.CrossRefPubMed
5.
Heimly V, Berntsen KE: Consent-based access to core EHR information. Collaborative approaches in Norway. Methods Inf Med. 2009, 48: 144-148.PubMed
6.
Bergmann J, Bott OJ, Pretschner DP, Haux R: An e-consent-based shared EHR system architecture for integrated healthcare networks. Int J Med Inform. 2007, 76: 130-136. 10.1016/j.ijmedinf.2006.07.013.CrossRefPubMed
7.
Kluge EH: Informed consent and the security of the electronic health record (EHR): some policy considerations. Int J Med Inform. 2004, 73: 229-234. 10.1016/j.ijmedinf.2003.11.005.CrossRefPubMed
8.
Neame R, Olson MJ: Security issues arising in establishing a regional health information infrastructure. Int J Med Inform. 2004, 73: 285-290. 10.1016/j.ijmedinf.2003.11.010.CrossRefPubMed
9.
Heinze O, Bergh B: Establishing a Personal Electronic Health Record in the Rhein-Neckar Region. Informatica Medica Slovenica. 2009, 14: 3-9.
10.
Heinze O, Brandner A, Bergh B: Establishing a personal electronic health record in the Rhine-Neckar region. Stud Health Technol Inform. 2009, 150: 119-PubMed
11.
Bergh B, Bach N, Brandner A, Heinze O: EHR access rights and the role of the patient. IFMBE Proceedings World Congress on Medical Physics and Biomedical Engineering, September 7-12; Munich, Germany. Edited by: Dössel O, Schlegel WC. 2009, 316-319.CrossRef
12.
Meier A: Der rechtliche Schutz patientenbezogener Gesundheitsdaten. Münsterraner Reihe 84. 2003, Karlsruhe: Verlag Versicherungswirtschaft
13.
Birkle M, Heinze O, Bergh B: Entwurf eines elektronischen Einwilligungsmanagements für ein intersektorales Informationssystem. eHealth 2010: Health Informatics meets eHealth. Edited by: Schreier G, Hayn D, Ammenwerth E. 2010, Vienna: Österreichische Computer Gesellschaft, OCG Books 264:
14.
IHE: IHE IT Infrastructure (ITI) Technical Framework Volume 1 Integration Profiles Revision 7. Basic Patient Privacy Consents Integration Profile. 2010
15.
16.
IHE: IHE IT Infrastructure (ITI) Technical Framework Volume 1 Integration Profiles Revision 7. Cross-Enterprise Document Sharing (XDSb). 2010
17.
IHE: IHE IT Infrastructure (ITI) Technical Framework Volume 2b Integration Profiles Revision 7. Basic Patient Privacy Enforcement Option. 2010
18.
HL7: HL7 Version 2.6. 9 Medical Records/Information Management (Document Management). 2007
19.
HL7: HL7 Version 2.5.1. Chapter 5 Query. 2007
20.
HL7: HL7 Clinical Documentation Architecture Release 2. 2005
21.
OASIS: Extensible Access Control Markup Language. 2005
22.
Sujansky WV, Faus SA, Stone E, Brennan PF: A Method to Implement Fine-Grained Access Control for Personal Health Records Through Standard Relational Database Queries. J Biomed Inform. 2010, 43: 46-50. 10.1016/j.jbi.2010.08.001.CrossRef
23.
Sucurovic S: Implementing security in a distributed web-based EHCR. Int J Med Inform. 2007, 76: 491-496. 10.1016/j.ijmedinf.2006.09.017.CrossRefPubMed
24.
Sucurovic S, Milutinovic V: The need for the use of XACML access control policy in a distributed EHR and some performance considerations. Stud Health Technol Inform. 2008, 137: 346-352.PubMed
25.
26.
27.
Heinze O, Ihls A, Bergh B: Development of an Open Soruce Provider and Organization Registry Service for Regional Health Networks. Third International Conference on Health Informatics (HealthInf 2010). 2010, Valencia, Spain, 535-537.
Metadata
Title
Architecture of a consent management suite and integration into IHE-based regional health information networks
Authors
Oliver Heinze
Markus Birkle
Lennart Köster
Björn Bergh
Publication date
01-12-2011
Publisher
BioMed Central
Published in
BMC Medical Informatics and Decision Making / Issue 1/2011
Electronic ISSN: 1472-6947
DOI
https://doi.org/10.1186/1472-6947-11-58

Other articles of this Issue 1/2011

BMC Medical Informatics and Decision Making 1/2011 Go to the issue

Research article

The impact of tailored diabetes registry report cards on measures of disease control: a nested randomized trial

Research article

Impact of computerized physician order entry (CPOE) system on the outcome of critically ill adult patients: a before-after study

Research article

HIS-based Kaplan-Meier plots - a single source approach for documenting and reusing routine survival information

Study protocol

Developing and user-testing Decision boxes to facilitate shared decision making in primary care - a study protocol

Research article

Prediction models for short children born small for gestational age (SGA) covering the total growth phase. Analyses based on data from KIGS (Pfizer International Growth Database)

Research article

Comparison of clinical knowledge management capabilities of commercially-available and leading internally-developed electronic health records