Determining the consent management process for patients

  • Release version: Yokohama
  • Updated January 30, 2025
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Determining the consent management process for patients

    ServiceNow enables healthcare organizations to configure and manage patient consent processes to comply with privacy policies. Users with thesnhcls.adminrole can set up privacy policies that determine whether patient consent requires review and signature, streamlining consent management within healthcare workflows.

    Show full answer Show less

    Consent Management Types

    • Standard Policy: Does not require patients to review or sign consent forms. Patients must re-consent each time they request a service.
    • Document Policy: Requires patients to review and/or sign a consent form. This generates a to-do item for the patient to complete. Document templates must be created and linked to policies, along with decision rules to control when consent is required.

    Key Configuration Details

    • Only one active policy can be associated with a single document template.
    • Policies include a configurable validity duration (in days), during which the patient’s consent remains valid for multiple healthcare requests.
    • The system automatically inactivates consents after the validity period via a scheduled job.
    • Consent documents are attached to the patient’s policy consent record, which is linked to the initial healthcare request case.
    • Subsequent healthcare cases for the same patient will reuse the existing consent if it remains valid and meets document decision rules; otherwise, a new consent request is generated.

    Practical Outcomes for Healthcare Agents and Organizations

    • Healthcare agents can review and verify patient consents directly within healthcare cases.
    • Agents must wait for patient consent before proceeding if no valid consent exists.
    • This process ensures compliance with privacy policies while minimizing repeated consent requests during the consent validity period.

    You can determine whether the privacy policy for patient consent needs to be routed for review and signature to the patient.

    As a user with the sn_hcls.admin role, you can configure a privacy policy for obtaining consent from patients in a healthcare organization. For more information, see Configure a privacy policy for managing patient consent.

    You can determine the consent management process as one of the following types:

    Configuring standard policy types

    A standard policy doesn't require a consent form to be reviewed or signed by a patient.

    With the Standard policy type, a patient is required to sign the same consent again and again each time a service is requested.

    Configuring document policy types

    A document policy requires a consent form to be reviewed, signed, or both by a patient.

    With the Document template policy type, a to-do item is created for the patient to sign the consent form.

    You must configure the document that needs to be signed by a patient, create decision rules for it, and reference the document in the policy. For more information, see Configuring document templates for Healthcare and Life Sciences Service Management Core.
    Note:
    You can associate only one active policy with a document template.

    When setting up the privacy policy, you can also specify the validity duration in days for the consent after a patient signs the consent form. An accepted consent for an active policy is valid for multiple healthcare requests until the validity duration specified in the policy starting from date when the consent was given. Therefore, a patient needs to give consent only once for all healthcare requests submitted during the validity duration of an active consent policy. By default, the Set inactive status for expired policy consents scheduled job is configured to set any policy consent as inactive when the policy validity duration has expired.

    After a patient gives the consent, the consent document is added as an attachment to the policy consent. The case associated with the initial healthcare request for which the consent was given is associated with the policy consent record.

    The existing policy consent is associated with a new case to address another request from the same patient when all of the following conditions are true:
    • The consent privacy policy is still active.
    • The case was created within the validity duration of the accepted consent.
    • The document decision rule of the document template associated with the new case is met.
    Else, another to-do item is created for the patient to provide the consent.

    When working on a healthcare case, a healthcare agent can then review and verify the accepted consent. If no consent was accepted, the healthcare agent has to wait until the patient gives the consent.