Glossary of Consent Terms
General Terms
Consent Directive
An instruction regarding consent to collect, use, and/or disclose Personal Health Information. - Adapted from British Columbia, E-Health (Personal Health Information Access and Protection of Privacy) Act, S.B.C. 2008, c. 38, s. 1.
Consumer Consents, Dissents, and Directives (eConsent)
Currently we describe the consumer consents, dissents, and directives regarding their personal health records as "Data Consent" or "Composite Privacy Consent Directive". We propose that in the future we refer to eConsent as the consumer-based set of options regarding the consumer's preferences in regards to the control (access, use, disclosure, and update) of personal health records.
- Consents are permissions that are more likely apply to recipients of personal health records. “I consent that providers may access and use my records for treatment.”
- Dissents are restriction applied to PHR that apply to recipients of personal health records. "I do not allow administrators and payers to access mt restricted information (e.g. substance abuse, mental health) for payment purposes".
- Directives are commands that more likely apply to sources of information and providers: “A specific provider may not create an official record for me” “Any provider shall add new information to my PHR once the episode of care is completed”.
Custodian
An individual or organization that collects, uses, or discloses PHI for the purposes of care and treatment, planning and management of the health system or health research.
Jurisdictional legislation typically includes the following entities:
- Health service providers, i.e., persons who are licensed or registered to provide health services.
- Federal/Provincial/Territorial Minister and Department of Health
- Regional Health Authorities (where they exist)
- Hospitals and nursing homes and other identified healthcare facilities
- Pharmacists and pharmacies
- Boards, agencies, committees and other organizations identified in regulations
- Affiliates/agents e.g. employees, volunteers
- Cancer Board
- Mental Health Board
- Ambulance Operators
- Persons who maintain and administer an EHR system
Also known as Trustee
Source: ACIET Glossary - [1]
Electronic Health Record (EHR)
The Electronic Health Record (EHR) is a longitudinal electronic record of patient health information generated by one or more encounters in any care delivery setting. Included in this information are patient demographics, progress notes, problems, medications, vital signs, past medical history, immunizations, laboratory data and radiology reports.
Source: HIMSS Web Site [2]
Individually Identifiable Health Information (IIHI)
See Standards for Privacy of Individually Identifiable Health Information - 45 CFR Parts 160 and 164
Masking
Description of the process of restricting an access to or transfer of PHI. NOTE: Typically, masking is applied at the data source and may be overridden, as permitted by law, by the accessing custodian (e.g. in emergency health situations).
Personal Health Record
An electronic record (not a computer system) of health-related information on an individual that conforms to nationally recognized interoperability standards and that can be drawn from multiple sources while being managed, shared, and controlled by the individual.
Protected Health Information (PHI)
HIPAA definition: PHI is individually identifiable health information that is transmitted by, or maintained in, electronic media or any other form or medium. This information must relate to
- the past, present, or future physical or mental health, or condition of an individual;
- provision of health care to an individual; or
- payment for the provision of health care to an individual.
If the information identifies or provides a reasonable basis to believe it can be used to identify an individual, it is considered individually identifiable health information.
Definitions from ISO/IEC WD 29101.2
Deemed consent
In the context of a statutory requirement, means that it does not matter whether the patient/person has actually consented; the law permits organizations to act as if the patient/person has consented; there is no right to withdraw or withhold consent.
Express consent
A voluntary agreement with what is being done or proposed that is unequivocal and does not require any inference on the part of the organization seeking consent.
Implied consent
A voluntary agreement with what is being done or proposed that can be reasonably determined through the actions or inactions of the patient/person.
No consent
In the context of a statutory requirement, means that consent is not required for a particular purpose.
Substitute Decision Maker (SDM)
In relation to a patient/person, means, unless the context requires otherwise, a person who is authorized under legislation to consent on behalf of the patient/person to the collection, use or disclosure of personally identifiable information about the patient/person.
- Definition from Canadian Psychiatric Patient Advocate Office