In 2008, I wrote about representing privacy preferences in an XML form that I called the Consent Assertion Markup language (CAML).
At the November HIT Standards Committee we discussed the draft Meaningful Use Stage 3 Request for Comment (RFC), which includes a measure relating to query for a patient's record. The RFC suggests an exchange of authorization language to be signed by the patient in order to allow retrieval of the requested information. Discussion elicited the suggestion that perhaps patient consent preferences might be included as metadata with the data exchanged so that the patient approved uses of the data - treatment/payment/operations, clinical trials, transmission to a third party - could be respected.
After the meeting, Dixie Baker proposed a simple, scalable and powerful approach to avoiding the necessity of either exchanging authorization language for signature, and the complexities involved in exchanging patient preferences as metadata. Her suggested approach draws from both the CAML idea with the metadata idea, but simplifies privacy-management for both consumers and providers, while offering the kind of scalability needed for the dynamic, collaborative healthcare environment we envision.