Please note: This PhD defence will be given online.
Hassan
Mousaid, PhD
candidate
David
R.
Cheriton
School
of
Computer
Science
Although patients have the legal right in Canada and many other countries to specify how, when and by whom their medical records can be accessed, the harsh reality is that in almost all cases using existing systems and solutions, patients are unable to ensure that their expressed consent directives are respected. Almost all health information systems deployed today lack the most basic ability to express and enforce consent at a data field level, and all are stretched when consent management must span disparate systems. Even the simplest of consent directives (e.g. “Only Dr. Bob is allowed to read records related to my mental health history status entered in 2017 at the Waterloo General Hospital”) is impossible to implement or enforce in an automated fashion.
This is not an unrecognized problem in the consent management domain. Numerous consent model types have been proposed, along with a multitude of access control mechanisms. Unfortunately, most contemporary consent models used today are either paper based, an online consent directive with a digital signature, a simple checkbox to either opt in or opt out or employ simple browser cookies. The result is that most consent models can capture only the most basic of consent expressions. Despite there being many different approaches for expressing and managing consent, few models actually enable patients to express discrete consent directives at the resource or at the data attribute level. As a result, contemporary consent models are mainly used to meet the compliance obligations of healthcare organizations as opposed to empowering patients to manage their privacy and control access to their medical records. No architecture or system that we are aware of can adjudicate field-level consent directives in the multi-system, multi-jurisdiction, multi-provider, multi-patient environments that exist in healthcare today. The inability to effectively and efficiently capture and enforce patient consent directives leaves many data custodians vulnerable to inadvertent data release — mitigated only by the fact that many providers attempt to secure a carte-blanche consent directive from all patients to relieve themselves of the problem of needing to respect more restrictive consent directives.
Advances in healthcare IT systems are adding to, rather than reducing, the complexity of protecting patient privacy, causing privacy advocates to ask, “How can we empower patients to have control over their health records and be able to dictate who has access to their records, where and when?". This thesis addresses this question by proposing a consent-centric architecture called consent-centric attribute-based access control (C-ABAC). C-ABAC offers a new standard for authorization. It allows expression of consent at any abstraction level — from the record to the data field level — and also guarantees that patient consent directives can be enforced at the system level, ensuring that patient data is made available only to parties entitled to access it.
C-ABAC is patient-centric, fine grained, healthcare-centric, and based on an existing healthcare data standard: Fast Healthcare Interoperability Resources (FHIR). The model offers (1) a new standard for “authorization,” (2) a new profile and application of attribute-based access control, (3) support for fine-grained access control, (4) seamless interoperability, (5) automation of a complex process and (6) dynamic flexibility allowing for both rich consent expression and complex consent enforcement.