Towards a comprehensive and interoperable representation of consent-based data usage permissions in the German medical informatics initiative

The German Medical Informatics Initiative (MII) is a large-scale, long-term strategic funding program by the German Federal Ministry of Education and Research to establish a nationwide infrastructure for the re-use and sharing of health data to improve health care and research [1, 2]. For this purpose, Data Integration Centers (DICs) are being set up at academic medical centers, which harmonize and integrate data on the local level and support processes for inter-institutional data sharing. The required organizational and technical concepts and solutions are developed jointly by four consortia, called DIFUTURE [3], HiGHmed [4], MIRACUM [5] and SMITH [6] in common Working Groups (WGs) [7] led by a National Steering Committee (NSC) consisting of representatives from all consortia.

The WG Interoperability aims to specify technical aspects of structures, processes and interfaces required to facilitate data sharing. In this context, the adoption of international standards and the involvement of corresponding expert groups are of particular importance. One import result of the group is the specification of a common National Core Dataset (NCD) [8], which defines the data structures and semantic encodings that form the technical basis of data sharing and cross-site analyses. Information security, data protection and strict adherence to patient consent with regards to the use of personal data and biosamples are further high priority topics. In this context, the WG Consent is developing a nationally harmonized template for patient information for a modular broad consent and an associated consent template (MII Informed Consent Template) [9]. This work is carried out in close cooperation with both the WG biobanking of the permanent Working Party of the German Medical Ethics Committees [10] and the WG Science of the federal data protection representatives.

On the technical level, an interoperable digital representation of information encoded in signed consent forms is needed to facilitate common data use and sharing. To develop a solution, the WGs Interoperability and Consent have formed a joint Taskforce (TF). One of the central challenges addressed by the TF was the fact that the sites participating in the MII are free to adopt different solutions for managing consent information (e.g. Integrating the Healthcare Enterprise (IHE) Basic Patient Privacy Consents (BPPC) or Health Level 7 (HL7) Fast Healthcare Interoperability Resources (FHIR) Consent Resources). Although these technologies are powerful and can represent a variety of relevant information, we found that in their entirety, they are not directly interoperable. For example, the extent to which the explicit representation of the status of a patient’s consent is covered varies. Consequently, we had to develop a harmonized common representation. An additional requirement was that the solution should not only enable the representation of status information from signed MII Informed Consent Templates but also for further consent forms and other data use policies (e.g. derogations relating to processing for scientific purposes). The TF leveraged synergies with other activities within the MII, such as the development of the NCD [8] and metadata descriptions for data sharing [11]. The developed digital representation of consent information and data use permissions is described in this article.

As a first step, we compiled an overview of data items required to reflect the information from consent templates comprising several modules as well as patient preferences and derived permissions with respect to each module. Next, we created entity-relationship diagrams in order to formally describe the conceptual data model which relates these data items to each other. We then compared this data model to conceptual data models describing representations of consent information using relevant standards to analyze similarities and differences between different implementations. Based on the results of this comparison, we developed a digital representation of consent information which is interoperable with all standards used within the consortia. In this process, the TF cooperated closely with Standards Developing Organizations (SDOs), e.g. within the framework of the German Interoperability Forum [17].

The primary aim of the digital representation described in this article is to provide a cross-site interoperability layer for representing the validity of data use policies derived from signed informed consent templates and regulatory frameworks. The technical implementations described can be mapped to each other without loss of information, since we created code systems to achieve semantic interoperability. In addition, compatibility is provided with more complex implementations utilized by the MII partner sites. If, for example, HL7 FHIR is used to support the process of consent management, all status codes provided in Release 3 (v3.0.1) and Release 4 (v4.0.0) can be mapped to the status codes mentioned in Section 3.2. Table 4 shows such a mapping.

The same applies to the status codes used by the open source software gICS [27, 28], which was developed by the University Medicine Greifswald, Germany and is part of the technical tools used by the MIRACUM consortium to manage informed consents and/or withdrawals. gICS supports the documentation of the required data items and allows to define the necessary validity period of consents. All four consortia plan to use gICS to manage the respective consent templates and to map OIDs to the original textual representation. Moreover, gICS facilitates the capability to execute OID-specific queries for consent states of MII-patients (e.g. OID-specific queries relating to a specific question or answer for all respective consents or patients who consented). Table 5 shows a mapping of the status labels used by gICS (Version 2.8.6) to the labels used by the interoperable representation developed.

The use of MII consent status codes (valid, not valid, unknown) enables the establishment of an interoperability layer across all consortia. However, due to the minimalistic approach of the common representation, the mapping of data from more complex implementations (e.g. withdrawn, invalidated, pending, etc.) into the interoperability layer is associated with loss of information. Our representation preserves all data that is needed to decide upon common data use, but it cannot serve as a basis for implementing management processes.

In the National Core Dataset defined by the MII, individual data elements are also grouped into so-called modules (not to be confused with the modules of a consent template). Future developments of the dataset include the “consent” module, which is to include information on patient informed consent [8]. The digital representation described in this article lays important groundwork for the development of this module. Further synergies within the MII exist with the development of common metadata descriptions on data availability and use [9], which are developed in addition to the National Core Dataset.

In future work, we plan to extend the digital representation in such a way that also rules for automated access control can be included. For example, the HL7 FHIR Consent resource supports the representation of „policyRules “and IHE APPC documents representing such rules can be derived from BPPC [29]. These extensions be based on additional standards, such as XACML [30] or ADA-M [31], and they will make use of additional information captured by our solution, e.g. on consent validity periods (see Section 3.2). Moreover, we plan to support additional status codes to further facilitate harmonization of consent management processes, e.g. by explicitly representing states such as “withdrawn“ or “decision pending“ instead of summarizing them under a common state “not valid“. This will take more time, however, as it will also require changes to the standards and tools currently used by the MII sites. Finally, the withdrawal of consent “shall be as easy [...] as to give consent” (EU GDPR [32], ch. 2, art. 7, lit. 4). This suggests that a common MII template for withdrawals needs to be implemented as well and integrated into the technical framework presented in this article.

We have presented a digital representation of information from signed consent templates developed in the German MII. Our solution is generic, as it supports representing information from signed instances of the MII Informed Consent Template as well as other consent templates and policies from data use regulations. It is compatible with the technical standards used at the participating sites, in particular to HL7 FHIR in versions 3 and 4 as well as IHE BPPC, and hence forms a cross-site interoperability layer for data use policies. Our results also provide an important basis for further developments within the MII, including extensions of the National Core Dataset and the development of automated access control processes.

The proposed solution for an interoperable representation of the information on the consent status is based on individual codes per distinct combination of a specified policy and its validity. If the wording of text passages is changed for legal or ethical reasons or new modules are added, a modification or extension of the respective ART-DECOR OIDs will be required. The coordination of such modifications will require additional organizational efforts, which will be implemented by utilizing the governance framework already set up within the MII.