Medical Data Privacy Handbook

pp 361-387

Automating Consent Management Lifecycle for Electronic Healthcare Systems

  • Muhammad Rizwan AsgharAffiliated withDepartment of Computer Science, The University of Auckland Email author 
  • , Giovanni RusselloAffiliated withDepartment of Computer Science, The University of Auckland

* Final gross prices may vary according to local VAT.

Get Access


The notion of patient’s consent plays a major role in granting access to medical data. In typical healthcare systems, consent is captured by a form that the patient has to fill-in and sign. In e-Health systems, the paper-form consent is being replaced by access control mechanisms that regulate access to medical data, while taking into account electronic content. This helps in empowering the patient with the capability of granting and revoking consent in a more effective manner. However, the process of granting and revoking consent greatly varies according to the situation in which the patient is. Our main argument is that such a level of detail is very difficult and error-prone to capture as a set of authorisation policies. In this chapter, we present ACTORS (Automatic Creation and lifecycle managemenT Of authoRisation policieS), a goal-driven approach to manage consent. The main idea behind ACTORS is to leverage the goal-driven approach of Teleo-Reactive (TR) programming for managing consent that takes into account changes regarding the domains and contexts in which the patient is providing her consent.