In the recent past, we have seen the Healthcare industry grow at a drastic rate. Times like these have motivated customers to strive for new solutions that will enable them to avail virtual care, and even nudged healthcare providers to run clinical trials remotely.
Now, in order to facilitate this, healthcare companies will need massive amounts of data. Naturally, we’re seeing an increase in the number of tools created to help healthcare application developers and researchers which enable them to easily manage and secure patient consent for their data that will aid in this medical care and research.
Further, the explosion of rich data generated by health tracking devices has emphasized the importance of patient consent and privacy, as patients and caregivers look to safely incorporate data from more sources into their care plans.
We know that security plays a key role in this data utilization and I have found the Consent Management API to be extremely helpful in enhancing security.
With that in mind, I have penned down a blog that will give you a comprehensive overview of this crucial architectural component that provides scalable and secure management of your user’s consent and ensures data privacy.
So, what does a Consent Management API do? Simply put, a Consent Management API stores the consent information you receive from users, keeps track of what data is permitted for each use case, and helps your application utilize data only as directed by your users.
It is a tool that records user consents, manages actions based on these consents, and maintains associated documentation and records.
It is important to keep in mind that the organization using the Consent Management API is responsible for obtaining and maintaining the required consents necessary to permit the processing of any data through the Consent Management API.
Now that we have that out of the way, let’s jump right into the prerequisites of Consent Management API. Here is a list that should help you
Let’s move forward and take a look at the solution approach for deploying a Consent Management API.
We can now take a look at Consent Management API operations.
Consent Store is used to store metadata of all the configurations and operations that will be performed and used, like mapping between users and their data, policies which will be used to access the data, consent statuses, and signatures throughout the Consent Management process.
Here are the steps to create a consent store in the Cloud Console:
We have created a consent store with the following details –
You can get the list of consent stores with API as shown below
Consent policies are used by the Consent Management API to represent consent granted by an end-user or through an organizational guideline. They are the building blocks of consent resources. Each consent resource can contain up to 10 consent policies.
A consent policy consists of:
The Consent Management API stores sensitive data pertaining to a user’s consent as a ConsentArtifact.
Consent Artifact works as a signature of a patient, that act as “proof” of consent provided by patient or user.
Consent Artifact could be –
– user’s contact information
– signature timestamps
– images of signatures or other documents
We can register consent artifacts as shown in the below example –
A Consent includes an opaque user ID, the consent policies granted by the user, and the status of the consent policies.
It is a record that states who are allowed to access which data, and for which users. We can configure when a consent expires and is no longer valid. Consent can have various states, like ACTIVE or REVOKED.
We can create consent as shown below –
User data mapping stores the meta data between the relationship of user and the actual data for user. We also need to provide the resource attributes, which help us know what kind of data is being mapped. In our example, we have created a resource attribute, data identifiable, and we can select values for this attribute.
We can register user data mapping as shown –
Access determination requests always ignore consents that are expired, revoked, or rejected.
A. Check Data Access
Allows you to request an access determination for a specific data.
For example, you can pass request attribute, in our case, requester identity
== external-researcher along with the data, we want to query for, in return
we’ll know if there is an active consent present to access this data for
given resource attribute.
B. Evaluate User Consents
Allows you to request an access determination for all data elements associated with a user.
For example, you can pass request attribute and resource attribute, in our case, in return we’ll get the list of all data ids that have active consent present for the given combination of resource and request attribute.
C. Query Accessible Data
Allows you to request an access determination for an entire consent store. This method returns all data elements within a consent store that have valid consent. We need to pass cloud storage destination where the list of results is saved. For example, you can pass request attribute and resource attribute, and in return we will get the list of all data ids that have active consent present for the given combination of resource and request attribute.
We will also get the operation Id which is a process of saving the result on the destination.
We can track the status of operation using below API –
Custom Web Application Implementation
On this screen a user with clinical-admin is requesting for patient data with user id 1001.
On this screen a message is displayed as there are no active consents provided by the patient.
On the same screen user can request for consent from the patient to view data.
A request is sent to user for approval of consent to allow access to its data.
Once the consent is approved, this patient data is available for the app to use. The time to go live for this consent is set to two mins which means that the data becomes accessible for the next two mins.
And there you have it! You have successfully implemented Consent Management API for your application. With this, you can ensure enhanced data security and maintain privacy for your patients. Reach out to us at Nitor Infotech to learn more about Consent Management API and read our whitepaper on API developer portal that will facilitate greater flexibility, improved turn-around time, and provide a seamless developer experience.
Subscribe to our fortnightly newsletter!