CPIQ - A Privacy Impact Quantification for Digital Medical Consent

Increasing digitization in healthcare promises easier exchange and more efficient use of medical information for patients, institutions and research. The number of sharing options for medical data increases, e.g., through personal health records, as well as the volume of data. To use this data in medical research patients' consent is important. As more and more data access is regulated by consent forms and their complexity also increases. For the patient, it becomes less comprehensible which information could be gained from his or her disclosed data. This becomes more important when pressumably anonymized data has the risk of potential re-identification of an individual. In this paper we introduce a consent-privacy-impact-quantification (CPIQ) as a risk model of consent forms for the release of personal medical data for use within research projects. CPIQ evaluates how reasonable a consent decision is for the patient. It takes relevant factors such as the patient's preferences into account, the circumstances and benefits of the research project, and the potential risk to the patient. The model can be parameterized so that different aspects such as the benefit of the research project, the risk of a data leak or the risk of a patient's confidential data becoming known can be represented. We present the feasibility of this model by including it in an existing consent management system.