Why Consent Matters

The mandate to collect consent in healthcare is designed to protect patient privacy and is required across many countries through regulations such as HIPAA in the US, PIPEDA in Canada and GDPR in the European Union. Collecting and managing consent across different points of care can be a complex process and be a challenge to collect electronically, share across all points of care and monitor when consent needs to be recollected from a patient.

Healthcare delivery networks can benefit from the centralized storage and usage of patient consent in their master data management systems, providing a clear indication of that patient’s consent collection history and identify when it’s time to recollect that information. 

IBM InfoSphere MDM and Consent Management

IBM InfoSphere MDM includes a Consent Management module that allows you to capture and manage consent as required by GDPR, HIPAA, PIPEDA, CCPA, or any other data privacy and protection regulations. You can manage the consent of each person with an active or inactive record that is stored in or outside InfoSphere MDM. You can watch a brief video that explains how it works here. 

Consent is strictly related to a processing purpose, which is the purpose that the personal data of an individual is processed for, such as marketing, analysis, or health. Each processing purpose is associated with one or more processing activities, which define how personal data is processed, such as storing, recording, or disseminating data. 

With Consent Management, you can handle all the different consent requirements. You can consolidate an individual’s requirements regarding one processing purpose in one consent item and specify which consent regulations apply.

In a consent item, you can indicate whether and when consent was given or refused, whose data is to be processed, and who gave, refused, or withdrew consent. You can also specify whether full, that is, unrestricted consent was given or only partial consent. Partial consent comes with restrictions regarding the personal data, the processing purpose, or both. In the case of partial consent, you have the following possibilities: 

• You can list the personal data that is included in, or excluded from consent. For example, for customer A, you would specify that the private email address is included in the consent. For customer B, you would specify that the business phone number is excluded from consent. 

• You can add provisions, which detail the items that are covered by a processing purpose. For example, for customer B, you would add a provision for Lenovo IdeaPads and Apple iPads. For customers E, you would add a provision that lists the car dealers that are allowed to receive the address. 

Advanced Tools and Industry Support

The underlying processes that govern consent in MDM are elevated in CloudPak for Data / watsonx.data intelligence with advanced tools for policy management and enforcement. Those processes can be exported into IBM Match 360, and managed through a Knowledge Catalog policy or enforced through a data protection rule.

IBM Knowledge Accelerator for Healthcare includes a comprehensive vocabulary of business terms that are specifically focused on the Healthcare industry. These are organized into a set of business subcategories to enable users to quickly identify the terms relevant to their area of interest, including patient consent. There are also Regulatory Reporting capabilities such as Data Subject Consent Analysis – An analysis of the status of consents and other agreements regarding use of data and associated restrictions for personal data that is controlled by the organization. 

Get in Touch

If you’d like to learn more how IMT can help you strengthen your organization’s consent management capabilities, please contact sales@imt.ca or fill out our Connect Form.