1. Kairon: Granular Patient
Consent Management
The MITRE Corporation
Peter Mork, PhD
1
Approved for Public Release 11-0953. Distribution Unlimited. © 2011 The MITRE Corporation. All rights Reserved.

2. About MITRE Research
■ MITRE:
– Private, independent non-profit organization
– Chartered to work solely in the public interest
– Provide support to governmental sponsors
– Four Federally Funded Research and Development Centers
■ MITRE Research:
– Internal competition
– Approximately 6% of revenue (provided by FAR)
– Targeted to specific focus areas, including health care
– Advances technologies for transition to public and private sectors
2
Approved for Public Release 11-0953. Distribution Unlimited. © 2011 The MITRE Corporation. All rights Reserved.

3. Consent Research
Browser Request Server
Record Holder
Consent Server
Server
Policy Policy
Enforcer Consent Reasoner
EHR
DB
3
Approved for Public Release 11-0953. Distribution Unlimited. © 2011 The MITRE Corporation. All rights Reserved.

4. Objective: Efficient Consent Management
■ Globally Accessible by:
– Patients and
– Record Holders
■ Intuitive User Interface
■ Platform Adaptable
■ Modular Design adapts to:
– Technology or
– Legal Changes
4
Approved for Public Release 11-0953. Distribution Unlimited. © 2011 The MITRE Corporation. All rights Reserved.

5. Consent Directive Analysis Model
Consent specifications
- allow/disallow action
-purpose of consent Medical Record Reference
Privacy Policy
-effective period -Patient Identification
Reference
-additional conditions -Medical Record Identification
Action Specification
- hierarchy of operations applied to information
Information Sender
Health Information Affected -Organization
-Related to a diagnosis Information Receiver
-Data Sensitivity -Role
-Coverage Type -Identity
-Type of information (e.g., lab, rx)

6. Consent Directive Form

7. Mobile App Interface
7
Approved for Public Release 11-0953. Distribution Unlimited. © 2011 The MITRE Corporation. All rights Reserved.

8. John Smith’s Privacy Preferences
Recipient Purpose Allowed Disallowed
Types Topics
Primary Care Treatment Any None
Provider = Dr. Blass
Drs. referred by Treatment Allergies, Mental Health
Dr. Blass Medications
Any Research Not Imagery PII, Mental
Health
8
Approved for Public Release 11-0953. Distribution Unlimited. © 2011 The MITRE Corporation. All rights Reserved.

9. Preference Simplification
(through Rule Minimization) X = Primary
Care Provider
Direct Care
Providers
Referral from
Dr. Walsh: Purpose =
X to Recipient
Treatment
Purpose = Medications
Treatment Allowed
Categories
Allergies
¬ Mental
Health
Purpose =
Allow Treatment
Dr. Blass
Purpose =
(Medications or Allergies) and not Mental Health Research
Anonymized
Research
¬ Imagery
¬ Mental
Health
9
Approved for Public Release 11-0953. Distribution Unlimited. © 2011 The MITRE Corporation. All rights Reserved.

10. Rewritten Preferences
Blass Walsh Nelson
Treatment Any (Allergies or None
Medications) and
NOT Mental Health
Research NOT Imagery, NOT PII and NOT Mental Health
<AND>
<OR>
<String-is-in(‘medication’, Select(datatype))/>
<String-is-in(‘allergy’, Select(datatype))/>
</OR>
<String-is-in(‘NOT-mental-health’, Select(topic)))/>
</AND>
10
Approved for Public Release 11-0953. Distribution Unlimited. © 2011 The MITRE Corporation. All rights Reserved.

11. Consent Form  CDA Document
• Produced by the
form
• Conforms to the
Implementation Guide
Approved for Public Release 11-0953. Distribution Unlimited. © 2011 The MITRE Corporation. All rights Reserved.

12. Electronic Consent Directive:
CDA Document (rendered as HTML)
Approved for Public Release 11-0953. Distribution Unlimited. © 2011 The MITRE Corporation. All rights Reserved.

13. Sample Response
13
Approved for Public Release 11-0953. Distribution Unlimited. © 2011 The MITRE Corporation. All rights Reserved.

14. Contacts
■ Peter Mork, PhD
– pmork@mitre.org
– 703-983-1465
■ Jean Stanford
– jstanford@mitre.org
– 301-814-4934
■ Source Forge Site:
– http://kaironconsents.sourceforge.net/
14
Approved for Public Release 11-0953. Distribution Unlimited. © 2011 The MITRE Corporation. All rights Reserved.

15. Backup Slides
15
Approved for Public Release 11-0953. Distribution Unlimited. © 2011 The MITRE Corporation. All rights Reserved.

16. Sample Consent Form
16
Approved for Public Release 11-0953. Distribution Unlimited. © 2011 The MITRE Corporation. All rights Reserved.

17. Constraints on Consent
Legal Trust
• HIPAA / Privacy Act • Relationships
• State Laws • Delegation
Compliance Authentication
• Auditing • Credentials
• Enforcement • Identity Management
17
Approved for Public Release 11-0953. Distribution Unlimited. © 2011 The MITRE Corporation. All rights Reserved.

18. Implementation Landscape
High
Automated Integrate with Intelligent
Enforcement State Mandates Redaction
Technical Complexity
Eliciting Patient Integrate Care
Preferences Relationships Implemented
Under
Development
Patient Review
Grand
& Approve Challenges
Preemptory Credential
Audit Matching
Access
Low
Accepted Practices Policy Maturity Inchoate
18
Approved for Public Release 11-0953. Distribution Unlimited. © 2011 The MITRE Corporation. All rights Reserved.