A Conceptual Model for Consent Management in South African e-Health Systems for Privacy Preservation

  • Lelethu ZazazaEmail author
  • H. S. Venter
  • George Sibiya
Conference paper
Part of the Communications in Computer and Information Science book series (CCIS, volume 1166)


Consent management is a significant function in electronic healthcare. Given the rise of personal data stored on electronic devices, there is a need to ensure that personal data of individuals is protected—in particular, healthcare user information stored on health information systems. In addition to the basic protection of healthcare user information, healthcare users should also be informed how and by whom their personal information may be used. Through the adoption of transparency by the healthcare service provider, healthcare users are placed in a position to control access to their health information and to reduce the risks for reputational and personal harm. This paper presents a conceptual model for consent management in e-healthcare. The application of the model in e-healthcare will ensure that the following four main requirements are satisfied for the healthcare user: informativity, modifiability, controllability and end-to-end security.


e-Consent e-Health Privacy Information security 


  1. 1.
    Statistics South Africa: General household survey. Accessed 21 May 2019
  2. 2.
    Buys, M.: Protecting personal information: implications of the Protection of Personal Information (PoPI) act for healthcare professionals. SAMJ: South Afr. Med. J. 107(11), 954–956 (2017)CrossRefGoogle Scholar
  3. 3.
    Coiera, E., Clarke, R.: e-consent: the design and implementation of consumer consent mechanisms in an electronic environment. J. Am. Med. Inform. Assoc. 11(2), 129–140 (2004)CrossRefGoogle Scholar
  4. 4.
  5. 5.
    Dankar, F.K., Gergely, M., Dankar, S.: Informed consent in biomedical research. Comput. Struct. Biotechnol. J. 17, 463–474 (2019)CrossRefGoogle Scholar
  6. 6.
    Eskeland, S., Oleshchuk, V.A.: EPR access authorization of medical teams based on patient consent. In: ECEH, pp. 11–22 (2007)Google Scholar
  7. 7.
    Fernández-Alemán, J.L., Señor, I.C., Lozoya, P.Á.O., Toval, A.: Security and privacy in electronic health records: a systematic literature review. J. Biomed. Inform. 46(3), 541–562 (2013)CrossRefGoogle Scholar
  8. 8.
    Gaba, A., Havinga, Y., Meijer, H.J., Jan, E.: Privacy and security for analytics on healthcare data (2014)Google Scholar
  9. 9.
    Ghazvini, A., Shukur, Z.: Security challenges and success factors of electronic healthcare system. Procedia Technol. 11, 212–219 (2013)CrossRefGoogle Scholar
  10. 10.
    Hastings, N., Peralta, R., Popoveniuc, S., Regenscheid, A.: Security considerations for remote electronic UOCAVA voting. National Institute of Standards and Technology (NIST), US Department of Commerce, NISTIR 7770 (2011)Google Scholar
  11. 11.
    HL7: FHIR release 3 (STU). Accessed 27 Sept 2018
  12. 12.
    HPCSA: About HPCSA. Accessed 14 Nov 2018
  13. 13.
    Lo, N.W., Wu, C.Y., Chuang, Y.H.: An authentication and authorization mechanism for long-term electronic health records management. Procedia Comput. Sci. 111, 145–153 (2017)CrossRefGoogle Scholar
  14. 14.
    Madathil, K.C., et al.: An investigation of the efficacy of electronic consenting interfaces of research permissions management system in a hospital setting. Int. J. Med. Inform. 82(9), 854–863 (2013)CrossRefGoogle Scholar
  15. 15.
    OECD: OCED privacy guidelines. Accessed 05 June 2019
  16. 16.
  17. 17.
    O’Connor, Y., Rowan, W., Lynch, L., Heavin, C.: Privacy by design: informed consent and Internet of Things for smart health. Procedia Comput. Sci. 113, 653–658 (2017)CrossRefGoogle Scholar
  18. 18.
    Park, E.H., Kim, J., Park, Y.S.: The role of information security learning and individual factors in disclosing patients’ health information. Comput. Secur. 65, 64–76 (2017)CrossRefGoogle Scholar
  19. 19.
    Pfleeger, C.P., Pfleeger, S.L.: Analyzing Computer Security: A Threat/Vulnerability/Countermeasure Approach. Prentice Hall Professional, Upper Saddle River (2012)Google Scholar
  20. 20.
    Rindfleisch, T.C.: Privacy, information technology, and health care. Commun. ACM 40(8), 92–100 (1997)CrossRefGoogle Scholar
  21. 21.
    Rowan, W., O’Connor, Y., Lynch, L., Heavin, C.: Exploring user behaviours when providing electronic consent on health social networks: A ‘just tick agree’ approach. Procedia Comput. Sci. 121, 968–975 (2017)CrossRefGoogle Scholar
  22. 22.
    Russello, G., Dong, C., Dulay, N.: Consent-based workflows for healthcare management. In: IEEE Workshop on Policies for Distributed Systems and Networks 2008, POLICY 2008, pp. 153–161. IEEE (2008)Google Scholar
  23. 23.
    Smith, E., Eloff, J.H.: Security in health-care information systems-current trends. Int. J. Med. Inform. 54(1), 39–54 (1999)CrossRefGoogle Scholar
  24. 24.
    St John, E., Scott, A., Irvine, T., Pakzad, F., Leff, D., Layer, G.: Completion of hand-written surgical consent forms is frequently suboptimal and could be improved by using electronically generated, procedure-specific forms. Surgeon 15(4), 190–195 (2017)CrossRefGoogle Scholar
  25. 25.
    Treadaway, A.: Getting GDPR-ready was painful, but PoPI compliance is yet to follow. Accessed 13 Dec 2018
  26. 26.
    Yu, B., Wijesekera, D., Costa, P.C.G.: Informed consent in electronic medical record systems. In: Healthcare Ethics and Training: Concepts, Methodologies, Tools, and Applications, pp. 1029–1049. IGI Global (2017)Google Scholar
  27. 27.
    Yüksel, B., Küpçü, A., Özkasap, Ö.: Research issues for privacy and security of electronic health services. Future Gener. Comput. Syst. 68, 1–13 (2017)CrossRefGoogle Scholar

Copyright information

© Springer Nature Switzerland AG 2020

Authors and Affiliations

  1. 1.University of PretoriaPretoriaSouth Africa
  2. 2.Council for Scientific and Industrial ResearchPretoriaSouth Africa

Personalised recommendations