Towards a model for risk and consent management of personal health information

Abstract

Abstract —Health information custodians and networkproviders within the circle of care for a patient must meetcertain legal obligations regarding the collection, access anddisclosure of personal health information. We present aframework for consent and risk management that can be usedto help manage a patient’s consent for releasing personal healthinformation, and analyze the risk involved in handling this typeof data. A patient’s preferences for specific privacy policies(expressed in P3P) are elicited through querying, and extrainformation is inferred using a Bayesian network. A risk analysisis performed to help a custodian to make informed decisionswhen handling personal health information. Thus the custodianand provider can help each other meet their respective legalobligations, and patients are more easily able to exercise theirprivacy rights. I. I NTRODUCTION One of the major technical challenges faced by Ontarianhealth care providers under the Personal Health InformationProtection of Privacy Act, 2004 (PHIPA) is ensuring the pri-vacy and security of personal information collected from theirpatients. PHIPA governs practices to protect personal healthinformation (PHI), including consent, collection, use, disclo-sure and handling requests for access/correction to records byindividuals.Most patients deal with multiple health care workers, desig-nated as health information custodians (HICs) under PHIPA.Each HIC may need different levels of access and use to apatient’s health record in the course of providing care, all ofwhich are associated with new legal obligations under PHIPA.As a result, there are several concerns:1) How does a HIC meet their legal obligations surroundingindirect collection of PHI?2) How does a patient retain control over access to theirPHI? How does the primary care physician (PCP) ensurethat appropriate personnel have access to the informationwhen they need it, e.g. in an emergency situation?3) How does a HIC ensure that patient preferences sur-rounding disclosure are being acted on?Fulfillment of these legal obligations necessitates extractingspecific preferences from the patient. Determining qualitativeattitudes toward the handling of data, such as “I care mostabout my information being shared with third parties”, isnontrivial enough. However, determining a given patient’squantitative valuations of actions on their PHI, which isnecessary for a full risk analysis, can be a very difficult task.A HIC grappling with the risks of non-compliance canuse the services of a health information network provider(HINP) to enable electronic means to manage patient PHI.