Privacy eSuite

Privacy policy management and access control

HIPAAT’s ‘consent engine’ and central repository of privacy policies/consent directives

Comprises two SOA-based Web services:


Consent Management Service that enables patient/consumer, organizational and jurisdictional privacy policies to be created, administered and converted into access rules


Consent Validation Service that automatically adjudicates requests to access personal health information (PHI) against privacy policies

May be accessed and maintained via Web services interface or Web browser (portal)

Functions equally well in care delivery organizations and HIEs and across jurisdictions

Provides a history of all consumer policies created through myConsentMinder

Supports the HITSP OASIS XACML standard for PHI access control