A model for consent-based privilege management in personal electronic health records.

One of the biggest issues in the domain of standardized, regional, crossinstitutional, personal, electronic health records is the privilege management. While many health information exchange projects use IHE-based architectures there are still unsolved questions regarding the restricting parameters a patient can use in the electronic consent configuring access control. This work determines these parameters, derives an information model of privilege management, introduces a set representation of the model and shows how to apply them to EHR architectures. The introduced model can serve as framework for health information exchanges using a consent-based privilege management. The set representation can help to understand the complexity of consent representations.