EHR access rights and the role of the patient

Bergh, Björn; Bach, Norbert; Brandner, Antje; Heinze, Oliver

doi:10.1007/978-3-642-03893-8_90

Cited by 2 publications

(2 citation statements)

References 2 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…On the one hand, EHRs need to ensure the confidentiality of the patients' data and adhere to local privacy laws. In countries with strict privacy laws, patients have to authorize every access to their EHR by any physician [2]. In addition, the security and privacy of the medical data become even more important when the medical data is stored in the cloud [21].…”

Section: Introductionmentioning

confidence: 99%

Requirements for Integrating End-to-End Security into Large-Scale EHR Systems

et al. 2014

View full text Add to dashboard Cite

Section: Introductionmentioning

confidence: 99%

Requirements for Integrating End-to-End Security into Large-Scale EHR Systems

et al. 2014

View full text Add to dashboard Cite

“…The PEHR concept envisions a strong patient involvement to take patients' rights into account giving patients full control of the management of the access rights. The data privacy aspects and the management of access rights in this context have been discussed in depth earlier [ 11 ].…”

Section: Introductionmentioning

confidence: 99%

Architecture of a consent management suite and integration into IHE-based regional health information networks

Heinze

Birkle

Köster

et al. 2011

BMC Med Inform Decis Mak

View full text Add to dashboard Cite

BackgroundThe University Hospital Heidelberg is implementing a Regional Health Information Network (RHIN) in the Rhine-Neckar-Region in order to establish a shared-care environment, which is based on established Health IT standards and in particular Integrating the Healthcare Enterprise (IHE). Similar to all other Electronic Health Record (EHR) and Personal Health Record (PHR) approaches the chosen Personal Electronic Health Record (PEHR) architecture relies on the patient's consent in order to share documents and medical data with other care delivery organizations, with the additional requirement that the German legislation explicitly demands a patients' opt-in and does not allow opt-out solutions. This creates two issues: firstly the current IHE consent profile does not address this approach properly and secondly none of the employed intra- and inter-institutional information systems, like almost all systems on the market, offers consent management solutions at all. Hence, the objective of our work is to develop and introduce an extensible architecture for creating, managing and querying patient consents in an IHE-based environment.MethodsBased on the features offered by the IHE profile Basic Patient Privacy Consent (BPPC) and literature, the functionalities and components to meet the requirements of a centralized opt-in consent management solution compliant with German legislation have been analyzed. Two services have been developed and integrated into the Heidelberg PEHR.ResultsThe standard-based Consent Management Suite consists of two services. The Consent Management Service is able to receive and store consent documents. It can receive queries concerning a dedicated patient consent, process it and return an answer. It represents a centralized policy enforcement point. The Consent Creator Service allows patients to create their consents electronically. Interfaces to a Master Patient Index (MPI) and a provider index allow to dynamically generate XACML-based policies which are stored in a CDA document to be transferred to the first service. Three workflows have to be considered to integrate the suite into the PEHR: recording the consent, publishing documents and viewing documents.ConclusionsOur approach solves the consent issue when using IHE profiles for regional health information networks. It is highly interoperable due to the use of international standards and can hence be used in any other region to leverage consent issues and substantially promote the use of IHE for regional health information networks in general.

show abstract

EHR access rights and the role of the patient

Cited by 2 publications

References 2 publications

Requirements for Integrating End-to-End Security into Large-Scale EHR Systems

Requirements for Integrating End-to-End Security into Large-Scale EHR Systems

Architecture of a consent management suite and integration into IHE-based regional health information networks

Contact Info

Product

Resources

About