Consent management

Consent management is a system, process or set of policies for allowing consumers to determine information they are willing to permit their various providers to access. Originally it was related to health care so it was enabling patients and consumers to affirm their participation in e-health initiatives and to establish consent directives to determine who will have access to their protected health information (PHI), for what purpose and under what circumstances. After GDPR was established in Europe, consent management become more wide area and started to include managing of private information and their access by any provider (like online advertisers). Consent management supports the dynamic creation, management and enforcement of consumer, organizational and jurisdictional privacy policies.

Industry References
The need to accommodate and automate consumer privacy preferences in health information exchange is recognized by the healthcare industry through various standards activities and consent discussions:


 * American Medical Informatics Association (AMIA), e-Consent: * The Design and Implementation of Consumer Consent Mechanisms in an Electronic Environment by Enrico Coiera, MBBS, PhD and Roger Clarke, MComm, PhD
 * Canada Health Infoway, iEHR Tech II Project, Standards Collaborative Partnership
 * Health Information Security and Privacy Collaboration (HISPC)
 * Health Information Technology Standards Panel (HITSP), “TP 30 - HITSP Manage Consent Directives Transaction Package.”
 * Health Level 7, “Community-based Collaborative Care Project.”
 * Integrating the Healthcare Enterprise (IHE), “Basic Patient Privacy Consents (BPPC).”
 * Integrating the Healthcare Enterprise (IHE), “Advanced Patient Privacy Consents (APPC).”
 * Organization for the Advancement of Structured Information Standards (OASIS), “Cross-Enterprise Security and Privacy Authorization (XSPA) Profile of XACML v2.0 for Healthcare Version 1.0.”
 * IAB Europe: List of Consent Management Provider, “”