Empowering patients in heterogeneous medical information systems is technically and contextually challenging. While role-based access control protocols are making significant impact [1,2], this approach does not always support health information exchange (HIE) efficiently and effectively. In this context, Khan and McKillop’s proposal for “a simple information exchange handshake protocol” is commendable.
This paper’s discussion of a patient-centric, consent-based access control protocol provides a timely contribution to a critical concern of HIE. It is a challenge to address when medical records need to be stored under patient control by a trusted institution, organization, or healthcare provider. In this context, the paper is timely and demands further research collaboration.