The Current State of Electronic Consent Systems in e-Health for Privacy Preservation

  • Lelethu ZazazaEmail author
  • H. S. Venter
  • George Sibiya
Conference paper
Part of the Communications in Computer and Information Science book series (CCIS, volume 973)


Consent management is a significant function in electronic health information systems as it allows patients to manage the privacy preferences regarding their health information. Placing patients in control of the privacy of their health information ensures that the risks for reputational and personal harm are reduced. Several approaches towards patient consent management solutions, ranging from software prototypes to conceptual models, have been adopted in response to the need for privacy preservation. The purpose of this paper is to review these approaches and to identify areas that still need to be addressed – particularly in terms of the automated enforcement of consent directives, interoperability, as well as standardised healthcare data exchange.


E-consent Privacy by design Information security 


  1. 1.
    Coiera, E., Clarke, R.: e-Consent: the design and implementation of consumer consent mechanisms in an electronic environment. J. Am. Med. Inform. Assoc. 11(2), 129–140 (2004)CrossRefGoogle Scholar
  2. 2.
    Can, O.: A semantic model for personal consent management. In: Garoufallou, E., Greenberg, J. (eds.) MTSR 2013. CCIS, vol. 390, pp. 146–151. Springer, Cham (2013). Scholar
  3. 3.
    Bursa, O., Sezer, E., Can, O., Unalir, M.O.: Using FOAF for interoperable and privacy protected healthcare information systems. In: Closs, S., Studer, R., Garoufallou, E., Sicilia, M.-A. (eds.) MTSR 2014. CCIS, vol. 478, pp. 154–161. Springer, Cham (2014). Scholar
  4. 4.
    Heinze, O., Birkle, M., Köster, L., Bergh, B.: Architecture of a consent management suite and integration into IHE-based regional health information networks. BMC Med. Inform. Decis. Making 11(1), 58 (2011)CrossRefGoogle Scholar
  5. 5.
    Gaba, A., Havinga, Y., Meijer, H.J., Jan, E.: Privacy and security for analytics on healthcare data (2014)Google Scholar
  6. 6.
    Rindfleisch, T.C.: Privacy, information technology, and health care. Commun. ACM 40(8), 92–100 (1997)CrossRefGoogle Scholar
  7. 7.
    Eskeland, S., Oleshchuk, V.A.: EPR access authorization of medical teams based on patient consent. In: ECEH, pp. 11–22 (2007)Google Scholar
  8. 8.
    Russello, G., Dong, C., Dulay, N.: Consent-based workflows for healthcare management. In: IEEE Workshop on Policies for Distributed Systems and Networks, POLICY 2008, pp. 153–161. IEEE (2008)Google Scholar
  9. 9.
    Hu, L.L., Sparenborg, S., Tai, B.: Privacy protection for patients with substance use problems. Subst. Abuse Rehabil. 2, 227 (2011)Google Scholar
  10. 10.
    Yu, B., Wijesekera, D., Costa, P.C.G.: Informed consent in electronic medical record systems. In: Healthcare Ethics and Training: Concepts, Methodologies, Tools, and Applications, pp. 1029–1049. IGI Global (2017)Google Scholar
  11. 11.
    Mense, E., Blobel, B., et al.: Hl7 standards and components to support implementation of the European General Data Protection Regulation (GDPR). Eur. J. Biomed. Inform. 13(1), 27–33 (2017)Google Scholar
  12. 12.
    Abbas, R.M., Carroll, N., Richardson, I., Beecham, S.: The need for trustworthiness models in healthcare software solutions. In: HEALTHINF, pp. 451–456 (2017)Google Scholar
  13. 13.
    Moss, L., Shaw, M., Piper, I., Hawthorne, C., Kinsella, J.: Sharing of big data in healthcare: public opinion, trust, and privacy considerations for health informatics researchers. In: HEALTHINF, pp. 463–468 (2017)Google Scholar
  14. 14.
    Elkhodr, M., Shahrestani, S., Cheung, H.: Preserving the privacy of patient records in health monitoring systems. In: Theory and Practice of Cryptography Solutions for Secure Information Systems, pp. 499–529. IGI Global (2013)Google Scholar
  15. 15.
    Madathil, K.C., et al.: An investigation of the efficacy of electronic consenting interfaces of research permissions management system in a hospital setting. Int. J. Med. Inform. 82(9), 854–863 (2013)CrossRefGoogle Scholar
  16. 16.
    ACT Health: Informed consent. Accessed 22 Mar 2018
  17. 17.
    O’Connor, Y., Rowan, W., Lynch, L., Heavin, C.: Privacy by design: Informed consent and internet of things for smart health. Procedia Comput. Sci. 113, 653–658 (2017)CrossRefGoogle Scholar
  18. 18.
    St John, E., Scott, A., Irvine, T., Pakzad, F., Leff, D., Layer, G.: Completion of hand-written surgical consent forms is frequently suboptimal and could be improved by using electronically generated, procedure-specific forms. Surgeon 15(4), 190–195 (2017)CrossRefGoogle Scholar
  19. 19.
    Ghazvini, A., Shukur, Z.: Security challenges and success factors of electronic healthcare system. Procedia Technol. 11, 212–219 (2013)CrossRefGoogle Scholar
  20. 20.
    Fernández-Alemán, J.L., Señor, I.C., Lozoya, P.Á.O., Toval, A.: Security and privacy in electronic health records: a systematic literature review. J. Biomed. Inform. 46(3), 541–562 (2013)CrossRefGoogle Scholar
  21. 21.
    Buys, M.: Protecting personal information: implications of the protection of personal information (PoPI) act for healthcare professionals. SAMJ: South Afr. Med. J. 107(11), 954–956 (2017)CrossRefGoogle Scholar
  22. 22.
    Ramdhin, A.: Protection of personal information bill: what should you be asking? Accessed 01 Mar 2018
  23. 23.
    Gostin, L.O.: National health information privacy: regulations under the Health Insurance portability and accountability act. JAMA 285(23), 3015–3021 (2001)CrossRefGoogle Scholar
  24. 24.
    McGraw, D.: Privacy and health information technology: executive summary. J. Law Med. Ethics 37(2 suppl), 121–149 (2009)CrossRefGoogle Scholar
  25. 25.
    Wang, L.: The privacy rule: HIPAA standards for the privacy of individually identifiable health information. Empl. Benefits J. 27(3), 59–63 (2002)Google Scholar
  26. 26.
    Hodge Jr., J.G., Gostin, L.O., Jacobson, P.D.: Legal issues concerning electronic health information: privacy, quality, and liability. JAMA 282(15), 1466–1471 (1999)CrossRefGoogle Scholar
  27. 27.
    Antal, H., Bunnell, H.T., McCahan, S.M., Pennington, C., Wysocki, T., Blake, K.V.: A cognitive approach for design of a multimedia informed consent video and website in pediatric research. J. Biomed. Inform. 66, 248–258 (2017)CrossRefGoogle Scholar
  28. 28.
    Asghar, M.R., Russello, G.: Actors: a goal-driven approach for capturing and managing consent in e-health systems. In: IEEE International Symposium on Policies for Distributed Systems and Networks (POLICY), pp. 61–69. IEEE (2012)Google Scholar
  29. 29.
    Blake, K., et al.: Use of mobile devices and the internet for multimedia informed consent delivery and data entry in a pediatric asthma trial: Study design and rationale. Contemp. Clin. Trials 42, 105–118 (2015)CrossRefGoogle Scholar
  30. 30.
    Chávez, E., Finnie, G.: Empowering data sources to manage clinical data. In: 2010 IEEE 23rd International Symposium on Computer-Based Medical Systems (CBMS), pp. 203–208. IEEE (2010)Google Scholar
  31. 31.
    Ge, Y., Ahn, D.K., Unde, B., Gage, H.D., Carr, J.J.: Patient-controlled sharing of medical imaging data across unaffiliated healthcare organizations. J. Am. Med. Inform. Assoc. 20(1), 157–163 (2013)CrossRefGoogle Scholar
  32. 32.
    Bergmann, J., Bott, O.J., Pretschner, D.P., Haux, R.: An e-consent-based shared EHR system architecture for integrated healthcare networks. Int. J. Med. Inform. 76(2), 130–136 (2007)CrossRefGoogle Scholar
  33. 33.
    Khan, A., McKillop, I.: Privacy-centric access control for distributed heterogeneous medical information systems. In: 2013 IEEE International Conference on Healthcare Informatics (ICHI), pp. 297–306. IEEE (2013)Google Scholar
  34. 34.
    Ko, Y.Y., Liou, D.M.: The study of managing the personal consent in the electronic healthcare environment. World Acad. Sci. Eng. Technol. 65, 314 (2010)Google Scholar
  35. 35.
    Kondylakis, H., et al.: IEmS: a collaborative environment for patient empowerment. In: 2012 IEEE 12th International Conference on Bioinformatics and Bioengineering (BIBE), pp. 535–540. IEEE (2012)Google Scholar
  36. 36.
    Kondylakis, H., et al.: Donors support tool: Enabling informed secondary use of patients’ biomaterial and personal data. Int. J. Med. Inform. 97, 282–292 (2017)CrossRefGoogle Scholar
  37. 37.
    Sonne, S.C., et al.: Development and pilot testing of a video-assisted informed consent process. Contemp. Clin. Trials 36(1), 25–31 (2013)CrossRefGoogle Scholar
  38. 38.
    Nwomeh, B.C., Hayes, J., Caniano, D.A., Upperman, J.S., Kelleher, K.J.: A parental educational intervention to facilitate informed consent for emergency operations in children. J. Surg. Res. 152(2), 258–263 (2009)CrossRefGoogle Scholar
  39. 39.
    Li, Y., Xie, M., Bian, J.: USign—a security enhanced electronic consent model. In: 2014 36th Annual International Conference of the IEEE Engineering in Medicine and Biology Society (EMBC), pp. 4487–4490. IEEE (2014)Google Scholar
  40. 40.
    Lentz, J., Kennett, M., Perlmutter, J., Forrest, A.: Paving the way to a more effective informed consent process: recommendations from the clinical trials transformation initiative. Contemp. Clin. Trials 49, 65–69 (2016)CrossRefGoogle Scholar
  41. 41.
    Warriner, A., et al.: A pragmatic randomized trial comparing tablet computer informed consent to traditional paper-based methods for an osteoporosis study. Contemp. Clin. Trials Commun. 3, 32–38 (2016)CrossRefGoogle Scholar
  42. 42.
    Whiddett, R., Hunter, I., Engelbrecht, J., Handy, J.: Patients attitudes towards sharing their health information. Int. J. Med. Inform. 75(7), 530–541 (2006)CrossRefGoogle Scholar
  43. 43.
    Yu, B., Wijesekera, D., Costa, P.C.: An ontology for medical treatment consent. In: STIDS, pp. 72–79 (2014)Google Scholar
  44. 44.
    Pruski, C.: e-CRL: a rule-based language for expressing patient electronic consent. In: Second International Conference on eHealth, Telemedicine, and Social Medicine, 2010, ETELEMED 2010, pp. 141–146. IEEE (2010)Google Scholar
  45. 45.
    Yu, B., Wijesekera, D., Costa, P.: Consent-based workflow control in EMRs. Procedia Technol. 16, 1434–1445 (2014)CrossRefGoogle Scholar
  46. 46.
    Rowan, W., O’Connor, Y., Lynch, L., Heavin, C.: Exploring user behaviours when providing electronic consent on health social networks: a just tick agree approach. Procedia Comput. Sci. 121, 968–975 (2017)CrossRefGoogle Scholar
  47. 47.
    Cavoukian, A.: Privacy by Design. Take the Challenge. Information and Privacy Commissioner of Ontario, Toronto (2009)Google Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  1. 1.University of PretoriaPretoriaSouth Africa
  2. 2.Council for Scientific and Industrial ResearchPretoriaSouth Africa

Personalised recommendations