Consent and Rights within human healthcare IT solutions for lawful basis processing

This paper argues for ‘consent by design’ and ‘rights by design’ in IT systems through a framework of atomic consents. It highlights the value of improved openness for users and benefits from standardization that come from such an approach. It argues for a new IT design concept focused on the human at the heart of information systems: the creation of a set of ‘atomic consents’ and ‘atomic rights’, the latter derived from General Data Protection Rights, to help architect IT systems that maintain trust and engagement in IT systems that support human health, societal and people data use. Although this paper concentrates on, and refers in part to, a health context, it is believed that all (or much) of the framework can be applied to all realms of IT development and deployment. The application of a set of atomic consents, embedded within an IT system, can facilitate trusted systems such as research environments. By combining these atomic consents with the atomic rights (as per data protection laws), a way of expressing requirements and architecture for, and within, IT systems is simplified and standardised. This should save money, ensure extensibility and allow flexibility and transparency as social practice and legal frameworks evolve. By enabling both a more granular model of consent, and also by defining what parts of an IT system invoke these, IT systems should become more open (to regulation and audit), more flexible and so more trusted.