One of the biggest issues in the domain of standardized, regional, crossinstitutional, personal, electronic health records is the privilege management. While many health information exchange projects use IHE-based architectures there are still unsolved questions regarding the restricting parameters a patient can use in the electronic consent configuring access control. This work determines these parameters, derives an information model of privilege management, introduces a set representation of the model and shows how to apply them to EHR architectures. The introduced model can serve as framework for health information exchanges using a consent-based privilege management. The set representation can help to understand the complexity of consent representations.