Skip to main content
INTEROPERABILITY
PRANA · 2026
CONSENT

Consent-driven data governance

Every health data exchange in ABDM begins with a consent request. The patient decides. They can approve access for a defined period, restrict it to specific record types, and revoke it at any time. The system records every state transition, creating a complete, auditable trail.

Prana Research|May 2026|4 min read
Consent-driven data governance
Consent lifecycle state transitions: Requested to Granted or Denied, Granted to Expired or RevokedCONSENT LIFECYCLEREQUESTEDapprovesdeniesGRANTEDDENIEDtime limitrevokesEXPIREDREVOKEDPATIENT CONTROLS ALL STATE TRANSITIONS

Five consent states

Every consent request in the ABDM ecosystem progresses through one of five lifecycle states:

  • REQUESTED - A requesting entity has raised a consent request. Awaiting patient decision.
  • GRANTED - Patient approved. Records are available for fetch. Consent artefacts generated per provider.
  • DENIED - Patient rejected the request. No data exchange occurs.
  • REVOKED - Patient revoked a previously granted consent. Access terminated.
  • EXPIRED - Consent validity period has elapsed. Access automatically terminated.

Consent for ongoing care

ABDM consent is not an obstacle to clinical workflow. For ongoing care relationships, patients can establish standing permissions, maintaining control without creating friction at every visit.

ABDM consenthealth data consentpatient consentdata governance
Share