Stream: Security and Privacy
Topic: Capturing informal/non-actionable consent information
Morten Ernebjerg (Mar 03 2022 at 09:09):
I'm looking at a use case in which patients are asked in a questionnaire whether they previously gave a particular consent. That is, the patient is not giving (or denying) consent to anything but merely giving information about such a consent being given (or not) in some other context. This information, in itself, does not affect what can or can not be done - the actual consent information (with actual consequences) is, presumably, stored somewhere else.
As long as it is just a "raw" questionnaire answer, that's all no problem. But now I want to map this to an individual FHIR resource and am asking myself which one it should be. One the one hand, this is information about consents to Consent seems the obvious choice. On the other hand, this information is "one step removed" and does not constitute a legal/procedural/etc. consent, something that must be clearly communicated so people do not act on it as if it were an actual consent. Which might argue for using another resource, say, Observation.
Has anyone encountered smt. ike this or have good arguments for one option vs. the other?
David Pyke (Mar 03 2022 at 13:49):
Storing it in a Consent makes sense, but you'll need to demarkate it as not a consent for action. You could mark it inactive/draft, perhaps?
John Moehrke (Mar 03 2022 at 14:05):
Yes the Consent resource can be used simply to hold the state of: has the patient been presented with the privacy policy.
Morten Ernebjerg (Mar 04 2022 at 06:59):
That makes sense, but the problem is that in my case, I'm not capturing a stage in the lifecycle of a "real" (actionable) consent - only the statement that there was such a process (with a certain outcome) elsewhere. Yet the allowed R4 Consent.status codes all seem to refer to this lifecycle, e.g. "inactive" is "The consent is terminated or replaced" and "draft" is "The consent is in development or awaiting use but is not yet intended to be acted upon". Neither of those seem to apply to my case . My worry is that using them could leave the false impression that e.g. this is a "real" consent that might soon be activated. (R5 is not an option for me but the situation there seems similar.) Or are the status code description overly narrow?
To use a FHIR comparison: For medication, there is the workflow sequence MedicationRequest -> MedicationDispense -> MedicationAdministration, but I need smt. more like MedicationStatement (aka MedicationUsage) that is explicitly outside the sequence.
John Moehrke (Mar 04 2022 at 13:21):
The meaning of the consent is up to the meaning of the policy the consent points at. If that thing it points at says; "Privacy Policy was given to patient." then that is all that that instance of Consent resource means. Much like a MedicationStatement for a placebo.
John Moehrke (Mar 04 2022 at 13:26):
@David Pyke is there a CR on Consent to add a use-case / example for this kind of Consent? I would be happy to write it up. ( I notice the current build has eliminated the sections on use-cases)
David Pyke (Mar 04 2022 at 13:36):
Not yet! Go for it
John Moehrke (Mar 04 2022 at 14:05):
given how the other use-cases have been removed from the Consent page, i am not sure how to suggest this use-case be discussed. What was the rational for removing the other use-cases?
David Pyke (Mar 04 2022 at 14:11):
Some were moved to the P&S page or were felt not to be part of the core need. Examples can hold use cases.
David Pyke (Mar 04 2022 at 14:11):
Opening a ticket can start a conversation
John Moehrke (Mar 04 2022 at 14:19):
ah, the P&S page might be a more informal place. Might even justify specifically a privacy.html page that could discuss all the privacy principles, not just consent.
David Pyke (Mar 04 2022 at 14:19):
Sounds like a good idea
John Moehrke (Mar 04 2022 at 14:20):
the old text on the consent page was mostly intended to make the examples more visible. Alternative would be to give the examples more descriptive names, and have notes on the Consent page pointing to 'various examples'..
David Pyke (Mar 04 2022 at 14:21):
It would be better if each of the examples explained their use case and how that example illustrates it
John Moehrke (Mar 04 2022 at 14:21):
yes
David Pyke (Mar 04 2022 at 14:22):
All the examples need to be tossed and remade but that's never been high enough on anyone's priorities
John Moehrke (Mar 04 2022 at 14:23):
Well, yes the examples should be useful and accurate. they once were.
David Pyke (Mar 04 2022 at 14:29):
Yep, the whole set needs to be redone. I have done edits to them periodically but never had the time to redo them from scratch
David Pyke (Mar 04 2022 at 14:30):
Requests for others to do one or two have not been fruitful
Morten Ernebjerg (Mar 04 2022 at 15:34):
@John Moehrke Ah right, good point about the policy, that should probably work.
BTW explained Consent example for different use cases would be worth their virtual weight in gold (many details = many potential devils) - the generations to come will thank you :smiley:
David Pyke (Mar 04 2022 at 16:02):
Submissions of use cases with accompanying examples are gleefully accepted
Morten Ernebjerg (Mar 07 2022 at 07:57):
Touché :smile:
Last updated: Apr 12 2022 at 19:14 UTC
