HIE-CM — the consent manager
The heart of ABDM: no record moves without a time-bound, purpose-specific consent artefact. How the HIP → HIU flow actually works, and why consent is architecture here rather than a checkbox.
In one line
The Health Information Exchange & Consent Manager (HIE-CM) is the part of ABDM that makes the whole thing defensible: no health record moves between organisations without a consent artefact the patient granted, scoped to a purpose, and bounded in time.
The idea worth grasping first
Most health networks treat consent as a form — something collected once, filed, and thereafter assumed. ABDM treats it as a runtime object. The consent artefact isn't a record that permission was given; it is the thing the data flow technically depends on. No artefact, no data. Not "against policy" — impossible.
That inversion is the single most important idea in Indian digital health, and it's why ABDM is architecturally interesting rather than just administratively large.
The cast
- HIP — Health Information Provider. Holds records. A hospital, lab, clinic.
- HIU — Health Information User. Wants records. Another hospital, an insurer, a PHR app.
- HIE-CM — the Consent Manager. Sits between them. Notably, it routes consent; it does not store your records. This is the federated part: there is no central vault of India's health data to breach.
- The patient, holding their ABHA, who decides.
What "scoped" actually means
A granted consent is not a blanket yes. The artefact pins down:
- Purpose — care, claim, research. Not "whatever you like later".
- Date range of the records — the 2019 admission, not a lifetime.
- Data types — prescriptions but not the psychiatric notes, if that's the choice.
- An expiry — the permission dies on a date, without anyone having to remember to revoke it.
- Revocability — the patient can withdraw it, and the flow stops.
Compare that with the ordinary consent form, which is effectively "yes, forever, to everything, for any reason, and good luck taking it back."
Why this matters beyond India
This is the part international observers tend to miss. India didn't retrofit consent onto an existing exchange — it made consent the exchange's control plane from the start, at population scale. Whether that promise fully survives contact with implementation reality is a fair question. But the design intent is genuinely ahead of most national systems, and it aligns with the DPDP Act rather than fighting it.
Building against it
You do not integrate straight into production. You implement the HIP and/or HIU side against the ABDM Sandbox, speaking FHIR R4 with NRCeS profiles over the consent flow, and certify at the M2 (linking records) and M3 (full exchange) milestones. The Sandbox exists precisely so that you get the consent state machine wrong somewhere that isn't real people's records.