Overview · Consent System

Empowering Data Privacy: Safeguarding Personal Information with the Consent System in SafeCDx

Personal information, including personal health information, holds significant value. Especially to (cyber)criminals who seek to exploit it. Unintentional access to personal data is the catalyst for identity theft, which can have highly undesired consequences.

The keyword here is “unintentional”. It is not that people don’t want to share personal information. Sharing personal health information with your physician can be very beneficial, for example. What people truly need is the ability to control who has access to which personal information. The Consent system provides that control.

Given that protecting personal information is crucial not only to individuals but to the society as a whole, numerous rules and regulations have been implemented to enforce it. You might be familiar with HIPAA, HITRUST, and GDPR, just to name a few. Because we feel responsible to protect personal data and to comply with these regulations we decided to build SafeCDx utilizing the Zero Trust Architecture and to take it one step further by integrating Authorization and Consent into the very core of the SafeCDx platform. To illustrate, when a request is made to access personal data, the platform verifies at the lowest level whether there is a current Consent record where the owner of the data explicitly authorizes the individual requesting the data to access it. If no such record exists, the request will not even reach the system capable of fulfilling it.

The Consent system encompasses everything necessary for managing consent records. It can record simple checkbox-approvals, such as agreeing to terms of use, while also possessing full cryptographic capabilities to record consents requiring electronic signatures and non-repudiation. Naturally, Consent allows for revocation, which will take immediate effect throughout the platform. Additionally it provides insightful views, such as identifying active, expired, or revoked consents, as well as those requiring renewal (because the terms have been updated for example). Consent seamlessly integrates with the Audit system to create an audit trail of grants and revocations.

In conclusion, the Consent system empowers individuals with the ability to control access to their personal information. Its integration at the core of the SafeCDx platform ensures that only authorized parties can access this data. This enhances data security and mitigates unintentional access, reduces the risk of identity theft, and safeguards personal (health) information.