Validated Healthcare Directory
0.2.0 - CI Build United States of America flag

Validated Healthcare Directory, published by HL7 International - Patient Administration Work Group. This guide is not an authorized publication; it is the continuous build for version 0.2.0 built by the FHIR (HL7® FHIR® Standard) CI Build. This version is based on the current content of https://github.com/HL7/VhDir/ and changes regularly. See the Directory of published versions

Resource Profile: VhDir Restriction

Official URL: http://hl7.org/fhir/uv/vhdir/StructureDefinition/vhdir-restriction Version: 0.2.0
Active as of 2017-12-15 Computable Name: VhdirRestriction

Copyright/Legal: Used by permission of HL7 International all rights reserved Creative Commons License

Restriction on use/release of exchanged information

This profile sets minimum expectations for searching for and fetching information associated with a restriction. It identifies which core elements, extensions, vocabularies and value sets SHALL be present in the Consent resource when using this profile.

Background and Context

The FHIR specification contains a security meta tag which can be used to inform systems of the sensitivity of resources. The tag can be used by access control mechanisms to ensure content isn’t exposed inappropriately. However, the security meta tag can only indicate sensitivity at the resource level, and provides relatively little context about the restriction.

This implementation guide profiles the Consent resource to provide additional details about the nature of restrictions on content passed from the validated healthcare directory to downstream workflow environments.

The restriction profile consists of the following elements:

  • consent.status indicates whether the restriction is active
  • consent.category describes the type of restriction (e.g. the data may be further disclosed by the downstream workflow environment per the terms of a Data Use Agreement)
  • consent.dateTime indicates when the restriction was last updated
  • consent.policy references a policy or policies defining the restriction
  • consent.provision defines access rights for restricted content

Examples:

The following are example uses for the vhdir-restriction profile:

Mandatory Data Elements

The following data-elements are mandatory (i.e data MUST be present). These are presented below in a simple human-readable explanation. The Formal Profile Definition below provides the formal summary, definitions, and terminology requirements.

Each Consent resource must have:

  1. A coded value representing the status of the restriction in consent.status
  2. At least one coded and/or text value describing the type of restriction in consent.category
  3. At least one actor when describing access rights via consent.provision. Each actor must include a reference to a practitioner, organization, care team, or group. The role of each actor is fixed to code “IRCP” (information recipient) from the code system defined at http://hl7.org/fhir/v3/ParticipationType

Profile specific implementation guidance:

This resource is expected to be a contained resource in the resources whose content is restricted by it. Therefore, there are no restful interactions defined for this resource type.

Terminology

TBD

Usage:

Formal Views of Profile Content

Description of Profiles, Differentials, Snapshots and how the different presentations work.

This structure is derived from Consent

NameFlagsCard.TypeDescription & Constraintsdoco
.. Consent 0..* Consent A policy may permit or deny recipients or roles to perform actions for specific purposes and periods of time
... identifier S 0..0
... status S 1..1 code Indicates the current state of this restriction
... scope S 1..1 CodeableConcept Which of the four areas this resource covers (extensible)
Binding: VhDir Consent Value Set (extensible)
... category S 1..* CodeableConcept Type of restriction
... patient S 0..0
... dateTime S 0..1 dateTime date/time of last update for this restriction
... performer S 0..0
... organization S 0..0
... source[x] S 0..0
... policy S 0..* BackboneElement Policies covered by this consent
.... authority S 0..0
.... uri S 0..1 uri Specific policy covered by this restriction
... policyRule S 0..0
... verification S 0..0
... provision S 0..1 BackboneElement Access rights
.... type S 0..1 code deny | permit
Fixed Value: permit
.... period S 0..0
.... actor S 1..* BackboneElement Who|what controlled by this rule (or group, by role)
..... role S 1..1 CodeableConcept How the actor is involved
..... reference S 1..1 Reference(VhDir Organization | VhDir Care Team | VhDir Practitioner) definedUserOrGroup
.... action S 0..1 CodeableConcept reasonType
.... securityLabel S 0..* Coding userType
.... purpose S 0..* Coding reasonName
.... class S 0..0
.... code S 0..0
.... dataPeriod S 0..0
.... data S 0..0
.... provision S 0..0

doco Documentation for this format

Terminology Bindings (Differential)

PathConformanceValueSetURI
Consent.scopeextensibleVhDirConsent
http://hl7.org/fhir/uv/vhdir/ValueSet/consent
from this IG
NameFlagsCard.TypeDescription & Constraintsdoco
.. Consent C 0..* Consent A policy may permit or deny recipients or roles to perform actions for specific purposes and periods of time
ppc-1: Either a Policy or PolicyRule
ppc-2: IF Scope=privacy, there must be a patient
ppc-3: IF Scope=research, there must be a patient
ppc-4: IF Scope=adr, there must be a patient
ppc-5: IF Scope=treatment, there must be a patient
... implicitRules ?!Σ 0..1 uri A set of rules under which this content was created
... modifierExtension ?! 0..* Extension Extensions that cannot be ignored
... status ?!SΣ 1..1 code Indicates the current state of this restriction
Binding: ConsentState (required): Indicates the state of the consent.

... scope ?!SΣ 1..1 CodeableConcept Which of the four areas this resource covers (extensible)
Binding: VhDir Consent Value Set (extensible)
... category SΣ 1..* CodeableConcept Type of restriction
Binding: ConsentCategoryCodes (extensible): A classification of the type of consents found in a consent statement.


... dateTime SΣ 0..1 dateTime date/time of last update for this restriction
... policy S 0..* BackboneElement Policies covered by this consent
.... modifierExtension ?!Σ 0..* Extension Extensions that cannot be ignored even if unrecognized
.... uri SC 0..1 uri Specific policy covered by this restriction
... provision SΣ 0..1 BackboneElement Access rights
.... modifierExtension ?!Σ 0..* Extension Extensions that cannot be ignored even if unrecognized
.... type SΣ 0..1 code deny | permit
Binding: ConsentProvisionType (required): How a rule statement is applied, such as adding additional consent or removing consent.


Fixed Value: permit
.... actor S 1..* BackboneElement Who|what controlled by this rule (or group, by role)
..... modifierExtension ?!Σ 0..* Extension Extensions that cannot be ignored even if unrecognized
..... role S 1..1 CodeableConcept How the actor is involved
Binding: SecurityRoleType (extensible): How an actor is involved in the consent considerations.

..... reference S 1..1 Reference(VhDir Organization | VhDir Care Team | VhDir Practitioner) definedUserOrGroup
.... action SΣ 0..1 CodeableConcept reasonType
Binding: ConsentActionCodes (example): Detailed codes for the consent action.


.... securityLabel SΣ 0..* Coding userType
Binding: All Security Labels (extensible): Security Labels from the Healthcare Privacy and Security Classification System.


.... purpose SΣ 0..* Coding reasonName
Binding: PurposeOfUse (extensible): What purposes of use are controlled by this exception. If more than one label is specified, operations must have all the specified labels.



doco Documentation for this format

Terminology Bindings

PathConformanceValueSet / CodeURI
Consent.statusrequiredConsentState
http://hl7.org/fhir/ValueSet/consent-state-codes|4.0.1
from the FHIR Standard
Consent.scopeextensibleVhDirConsent
http://hl7.org/fhir/uv/vhdir/ValueSet/consent
from this IG
Consent.categoryextensibleConsentCategoryCodes
http://hl7.org/fhir/ValueSet/consent-category
from the FHIR Standard
Consent.provision.typerequiredFixed Value: permit
http://hl7.org/fhir/ValueSet/consent-provision-type|4.0.1
from the FHIR Standard
Consent.provision.actor.roleextensibleSecurityRoleType
http://hl7.org/fhir/ValueSet/security-role-type
from the FHIR Standard
Consent.provision.actionexampleConsentActionCodes
http://hl7.org/fhir/ValueSet/consent-action
from the FHIR Standard
Consent.provision.securityLabelextensibleAll Security Labels
http://hl7.org/fhir/ValueSet/security-labels
from the FHIR Standard
Consent.provision.purposeextensiblePurposeOfUse
http://terminology.hl7.org/ValueSet/v3-PurposeOfUse
Consent.provision.data.meaningrequiredConsentDataMeaning
http://hl7.org/fhir/ValueSet/consent-data-meaning|4.0.1
from the FHIR Standard
NameFlagsCard.TypeDescription & Constraintsdoco
.. Consent C 0..* Consent A policy may permit or deny recipients or roles to perform actions for specific purposes and periods of time
ppc-1: Either a Policy or PolicyRule
ppc-2: IF Scope=privacy, there must be a patient
ppc-3: IF Scope=research, there must be a patient
ppc-4: IF Scope=adr, there must be a patient
ppc-5: IF Scope=treatment, there must be a patient
... id Σ 0..1 id Logical id of this artifact
... meta Σ 0..1 Meta Metadata about the resource
... implicitRules ?!Σ 0..1 uri A set of rules under which this content was created
... language 0..1 code Language of the resource content
Binding: CommonLanguages (preferred): A human language.

Additional BindingsPurpose
AllLanguages Max Binding
... text 0..1 Narrative Text summary of the resource, for human interpretation
... contained 0..* Resource Contained, inline Resources
... extension 0..* Extension Additional content defined by implementations
... modifierExtension ?! 0..* Extension Extensions that cannot be ignored
... status ?!SΣ 1..1 code Indicates the current state of this restriction
Binding: ConsentState (required): Indicates the state of the consent.

... scope ?!SΣ 1..1 CodeableConcept Which of the four areas this resource covers (extensible)
Binding: VhDir Consent Value Set (extensible)
... category SΣ 1..* CodeableConcept Type of restriction
Binding: ConsentCategoryCodes (extensible): A classification of the type of consents found in a consent statement.


... dateTime SΣ 0..1 dateTime date/time of last update for this restriction
... policy S 0..* BackboneElement Policies covered by this consent
.... id 0..1 string Unique id for inter-element referencing
.... extension 0..* Extension Additional content defined by implementations
.... modifierExtension ?!Σ 0..* Extension Extensions that cannot be ignored even if unrecognized
.... uri SC 0..1 uri Specific policy covered by this restriction
... provision SΣ 0..1 BackboneElement Access rights
.... id 0..1 string Unique id for inter-element referencing
.... extension 0..* Extension Additional content defined by implementations
.... modifierExtension ?!Σ 0..* Extension Extensions that cannot be ignored even if unrecognized
.... type SΣ 0..1 code deny | permit
Binding: ConsentProvisionType (required): How a rule statement is applied, such as adding additional consent or removing consent.


Fixed Value: permit
.... actor S 1..* BackboneElement Who|what controlled by this rule (or group, by role)
..... id 0..1 string Unique id for inter-element referencing
..... extension 0..* Extension Additional content defined by implementations
..... modifierExtension ?!Σ 0..* Extension Extensions that cannot be ignored even if unrecognized
..... role S 1..1 CodeableConcept How the actor is involved
Binding: SecurityRoleType (extensible): How an actor is involved in the consent considerations.

..... reference S 1..1 Reference(VhDir Organization | VhDir Care Team | VhDir Practitioner) definedUserOrGroup
.... action SΣ 0..1 CodeableConcept reasonType
Binding: ConsentActionCodes (example): Detailed codes for the consent action.


.... securityLabel SΣ 0..* Coding userType
Binding: All Security Labels (extensible): Security Labels from the Healthcare Privacy and Security Classification System.


.... purpose SΣ 0..* Coding reasonName
Binding: PurposeOfUse (extensible): What purposes of use are controlled by this exception. If more than one label is specified, operations must have all the specified labels.



doco Documentation for this format

Terminology Bindings

PathConformanceValueSet / CodeURI
Consent.languagepreferredCommonLanguages
Additional Bindings Purpose
AllLanguages Max Binding
http://hl7.org/fhir/ValueSet/languages
from the FHIR Standard
Consent.statusrequiredConsentState
http://hl7.org/fhir/ValueSet/consent-state-codes|4.0.1
from the FHIR Standard
Consent.scopeextensibleVhDirConsent
http://hl7.org/fhir/uv/vhdir/ValueSet/consent
from this IG
Consent.categoryextensibleConsentCategoryCodes
http://hl7.org/fhir/ValueSet/consent-category
from the FHIR Standard
Consent.provision.typerequiredFixed Value: permit
http://hl7.org/fhir/ValueSet/consent-provision-type|4.0.1
from the FHIR Standard
Consent.provision.actor.roleextensibleSecurityRoleType
http://hl7.org/fhir/ValueSet/security-role-type
from the FHIR Standard
Consent.provision.actionexampleConsentActionCodes
http://hl7.org/fhir/ValueSet/consent-action
from the FHIR Standard
Consent.provision.securityLabelextensibleAll Security Labels
http://hl7.org/fhir/ValueSet/security-labels
from the FHIR Standard
Consent.provision.purposeextensiblePurposeOfUse
http://terminology.hl7.org/ValueSet/v3-PurposeOfUse
Consent.provision.data.meaningrequiredConsentDataMeaning
http://hl7.org/fhir/ValueSet/consent-data-meaning|4.0.1
from the FHIR Standard

This structure is derived from Consent

Summary

Mandatory: 0 element(1 nested mandatory element)
Must-Support: 33 elements
Fixed: 1 element
Prohibited: 14 elements

Structures

This structure refers to these other structures:

Differential View

This structure is derived from Consent

NameFlagsCard.TypeDescription & Constraintsdoco
.. Consent 0..* Consent A policy may permit or deny recipients or roles to perform actions for specific purposes and periods of time
... identifier S 0..0
... status S 1..1 code Indicates the current state of this restriction
... scope S 1..1 CodeableConcept Which of the four areas this resource covers (extensible)
Binding: VhDir Consent Value Set (extensible)
... category S 1..* CodeableConcept Type of restriction
... patient S 0..0
... dateTime S 0..1 dateTime date/time of last update for this restriction
... performer S 0..0
... organization S 0..0
... source[x] S 0..0
... policy S 0..* BackboneElement Policies covered by this consent
.... authority S 0..0
.... uri S 0..1 uri Specific policy covered by this restriction
... policyRule S 0..0
... verification S 0..0
... provision S 0..1 BackboneElement Access rights
.... type S 0..1 code deny | permit
Fixed Value: permit
.... period S 0..0
.... actor S 1..* BackboneElement Who|what controlled by this rule (or group, by role)
..... role S 1..1 CodeableConcept How the actor is involved
..... reference S 1..1 Reference(VhDir Organization | VhDir Care Team | VhDir Practitioner) definedUserOrGroup
.... action S 0..1 CodeableConcept reasonType
.... securityLabel S 0..* Coding userType
.... purpose S 0..* Coding reasonName
.... class S 0..0
.... code S 0..0
.... dataPeriod S 0..0
.... data S 0..0
.... provision S 0..0

doco Documentation for this format

Terminology Bindings (Differential)

PathConformanceValueSetURI
Consent.scopeextensibleVhDirConsent
http://hl7.org/fhir/uv/vhdir/ValueSet/consent
from this IG

Key Elements View

NameFlagsCard.TypeDescription & Constraintsdoco
.. Consent C 0..* Consent A policy may permit or deny recipients or roles to perform actions for specific purposes and periods of time
ppc-1: Either a Policy or PolicyRule
ppc-2: IF Scope=privacy, there must be a patient
ppc-3: IF Scope=research, there must be a patient
ppc-4: IF Scope=adr, there must be a patient
ppc-5: IF Scope=treatment, there must be a patient
... implicitRules ?!Σ 0..1 uri A set of rules under which this content was created
... modifierExtension ?! 0..* Extension Extensions that cannot be ignored
... status ?!SΣ 1..1 code Indicates the current state of this restriction
Binding: ConsentState (required): Indicates the state of the consent.

... scope ?!SΣ 1..1 CodeableConcept Which of the four areas this resource covers (extensible)
Binding: VhDir Consent Value Set (extensible)
... category SΣ 1..* CodeableConcept Type of restriction
Binding: ConsentCategoryCodes (extensible): A classification of the type of consents found in a consent statement.


... dateTime SΣ 0..1 dateTime date/time of last update for this restriction
... policy S 0..* BackboneElement Policies covered by this consent
.... modifierExtension ?!Σ 0..* Extension Extensions that cannot be ignored even if unrecognized
.... uri SC 0..1 uri Specific policy covered by this restriction
... provision SΣ 0..1 BackboneElement Access rights
.... modifierExtension ?!Σ 0..* Extension Extensions that cannot be ignored even if unrecognized
.... type SΣ 0..1 code deny | permit
Binding: ConsentProvisionType (required): How a rule statement is applied, such as adding additional consent or removing consent.


Fixed Value: permit
.... actor S 1..* BackboneElement Who|what controlled by this rule (or group, by role)
..... modifierExtension ?!Σ 0..* Extension Extensions that cannot be ignored even if unrecognized
..... role S 1..1 CodeableConcept How the actor is involved
Binding: SecurityRoleType (extensible): How an actor is involved in the consent considerations.

..... reference S 1..1 Reference(VhDir Organization | VhDir Care Team | VhDir Practitioner) definedUserOrGroup
.... action SΣ 0..1 CodeableConcept reasonType
Binding: ConsentActionCodes (example): Detailed codes for the consent action.


.... securityLabel SΣ 0..* Coding userType
Binding: All Security Labels (extensible): Security Labels from the Healthcare Privacy and Security Classification System.


.... purpose SΣ 0..* Coding reasonName
Binding: PurposeOfUse (extensible): What purposes of use are controlled by this exception. If more than one label is specified, operations must have all the specified labels.



doco Documentation for this format

Terminology Bindings

PathConformanceValueSet / CodeURI
Consent.statusrequiredConsentState
http://hl7.org/fhir/ValueSet/consent-state-codes|4.0.1
from the FHIR Standard
Consent.scopeextensibleVhDirConsent
http://hl7.org/fhir/uv/vhdir/ValueSet/consent
from this IG
Consent.categoryextensibleConsentCategoryCodes
http://hl7.org/fhir/ValueSet/consent-category
from the FHIR Standard
Consent.provision.typerequiredFixed Value: permit
http://hl7.org/fhir/ValueSet/consent-provision-type|4.0.1
from the FHIR Standard
Consent.provision.actor.roleextensibleSecurityRoleType
http://hl7.org/fhir/ValueSet/security-role-type
from the FHIR Standard
Consent.provision.actionexampleConsentActionCodes
http://hl7.org/fhir/ValueSet/consent-action
from the FHIR Standard
Consent.provision.securityLabelextensibleAll Security Labels
http://hl7.org/fhir/ValueSet/security-labels
from the FHIR Standard
Consent.provision.purposeextensiblePurposeOfUse
http://terminology.hl7.org/ValueSet/v3-PurposeOfUse
Consent.provision.data.meaningrequiredConsentDataMeaning
http://hl7.org/fhir/ValueSet/consent-data-meaning|4.0.1
from the FHIR Standard

Snapshot View

NameFlagsCard.TypeDescription & Constraintsdoco
.. Consent C 0..* Consent A policy may permit or deny recipients or roles to perform actions for specific purposes and periods of time
ppc-1: Either a Policy or PolicyRule
ppc-2: IF Scope=privacy, there must be a patient
ppc-3: IF Scope=research, there must be a patient
ppc-4: IF Scope=adr, there must be a patient
ppc-5: IF Scope=treatment, there must be a patient
... id Σ 0..1 id Logical id of this artifact
... meta Σ 0..1 Meta Metadata about the resource
... implicitRules ?!Σ 0..1 uri A set of rules under which this content was created
... language 0..1 code Language of the resource content
Binding: CommonLanguages (preferred): A human language.

Additional BindingsPurpose
AllLanguages Max Binding
... text 0..1 Narrative Text summary of the resource, for human interpretation
... contained 0..* Resource Contained, inline Resources
... extension 0..* Extension Additional content defined by implementations
... modifierExtension ?! 0..* Extension Extensions that cannot be ignored
... status ?!SΣ 1..1 code Indicates the current state of this restriction
Binding: ConsentState (required): Indicates the state of the consent.

... scope ?!SΣ 1..1 CodeableConcept Which of the four areas this resource covers (extensible)
Binding: VhDir Consent Value Set (extensible)
... category SΣ 1..* CodeableConcept Type of restriction
Binding: ConsentCategoryCodes (extensible): A classification of the type of consents found in a consent statement.


... dateTime SΣ 0..1 dateTime date/time of last update for this restriction
... policy S 0..* BackboneElement Policies covered by this consent
.... id 0..1 string Unique id for inter-element referencing
.... extension 0..* Extension Additional content defined by implementations
.... modifierExtension ?!Σ 0..* Extension Extensions that cannot be ignored even if unrecognized
.... uri SC 0..1 uri Specific policy covered by this restriction
... provision SΣ 0..1 BackboneElement Access rights
.... id 0..1 string Unique id for inter-element referencing
.... extension 0..* Extension Additional content defined by implementations
.... modifierExtension ?!Σ 0..* Extension Extensions that cannot be ignored even if unrecognized
.... type SΣ 0..1 code deny | permit
Binding: ConsentProvisionType (required): How a rule statement is applied, such as adding additional consent or removing consent.


Fixed Value: permit
.... actor S 1..* BackboneElement Who|what controlled by this rule (or group, by role)
..... id 0..1 string Unique id for inter-element referencing
..... extension 0..* Extension Additional content defined by implementations
..... modifierExtension ?!Σ 0..* Extension Extensions that cannot be ignored even if unrecognized
..... role S 1..1 CodeableConcept How the actor is involved
Binding: SecurityRoleType (extensible): How an actor is involved in the consent considerations.

..... reference S 1..1 Reference(VhDir Organization | VhDir Care Team | VhDir Practitioner) definedUserOrGroup
.... action SΣ 0..1 CodeableConcept reasonType
Binding: ConsentActionCodes (example): Detailed codes for the consent action.


.... securityLabel SΣ 0..* Coding userType
Binding: All Security Labels (extensible): Security Labels from the Healthcare Privacy and Security Classification System.


.... purpose SΣ 0..* Coding reasonName
Binding: PurposeOfUse (extensible): What purposes of use are controlled by this exception. If more than one label is specified, operations must have all the specified labels.



doco Documentation for this format

Terminology Bindings

PathConformanceValueSet / CodeURI
Consent.languagepreferredCommonLanguages
Additional Bindings Purpose
AllLanguages Max Binding
http://hl7.org/fhir/ValueSet/languages
from the FHIR Standard
Consent.statusrequiredConsentState
http://hl7.org/fhir/ValueSet/consent-state-codes|4.0.1
from the FHIR Standard
Consent.scopeextensibleVhDirConsent
http://hl7.org/fhir/uv/vhdir/ValueSet/consent
from this IG
Consent.categoryextensibleConsentCategoryCodes
http://hl7.org/fhir/ValueSet/consent-category
from the FHIR Standard
Consent.provision.typerequiredFixed Value: permit
http://hl7.org/fhir/ValueSet/consent-provision-type|4.0.1
from the FHIR Standard
Consent.provision.actor.roleextensibleSecurityRoleType
http://hl7.org/fhir/ValueSet/security-role-type
from the FHIR Standard
Consent.provision.actionexampleConsentActionCodes
http://hl7.org/fhir/ValueSet/consent-action
from the FHIR Standard
Consent.provision.securityLabelextensibleAll Security Labels
http://hl7.org/fhir/ValueSet/security-labels
from the FHIR Standard
Consent.provision.purposeextensiblePurposeOfUse
http://terminology.hl7.org/ValueSet/v3-PurposeOfUse
Consent.provision.data.meaningrequiredConsentDataMeaning
http://hl7.org/fhir/ValueSet/consent-data-meaning|4.0.1
from the FHIR Standard

This structure is derived from Consent

Summary

Mandatory: 0 element(1 nested mandatory element)
Must-Support: 33 elements
Fixed: 1 element
Prohibited: 14 elements

Structures

This structure refers to these other structures:

 

Other representations of profile: CSV, Excel, Schematron

Notes:

Because this resource is expected to be a contained resource in the resources whose content is restricted, there are no RESTful interactions defined for this profile.