Governance in patient-centric healthcare

Abstract

Many e-Health applications aim to put patients in charge of their information. However, health processes are complex. Patients will have general preferences and concerns, but are unlikely to understand the complexities of the information flows relevant to their care. This paper argues that such applications should consider and leverage the organisational aspects of care. Care providers must act in the patient's interest, and thus are responsible for protecting personal information. Rather than burden each application (and user) with the daunting task of enumerating and enforcing policies to govern all possible uses of information, we suggest that applications should focus on specific confidentiality concerns — effecting information disclosure preferences with respect to the existing sharing protocols of care providers. We present a context-aware, policy-based middleware as an example illustrating how patient preferences can qualify existing control policy.