Privacy Consent on FHIR (PCF)
1.1.0 - Trial-Implementation International flag

Privacy Consent on FHIR (PCF), published by IHE IT Infrastructure Technical Committee. This guide is not an authorized publication; it is the continuous build for version 1.1.0 built by the FHIR (HL7® FHIR® Standard) CI Build. This version is based on the current content of https://github.com/IHE/ITI.PCF/ and changes regularly. See the Directory of published versions

Example Consent: Consent for purpose of treatment example

Generated Narrative: Consent

Resource Consent "ex-consent-basic-treat"

Profile: IHE PCF Explicit Basic Consent

Security Labels: http://terminology.hl7.org/CodeSystem/v3-ActReason

status: active

scope: Privacy Consent (Consent Scope Codes#patient-privacy)

category: Consent (LOINC#59284-0)

patient: Patient/ex-patient " SMITH"

dateTime: 2022-06-13

performer: Patient/ex-patient " SMITH"

organization: Organization/ex-organization "somewhere org"

source: DocumentReference/ex-documentreference

Policies

-Uri
*http://example.org/policies/basePrivacyConsentPolicy.txt

Provisions

-TypePurpose
*permittreatment (Details: http://terminology.hl7.org/CodeSystem/v3-ActReason code TREAT = 'treatment', stated as 'null'), healthcare payment (Details: http://terminology.hl7.org/CodeSystem/v3-ActReason code HPAYMT = 'healthcare payment', stated as 'null'), healthcare operations (Details: http://terminology.hl7.org/CodeSystem/v3-ActReason code HOPERAT = 'healthcare operations', stated as 'null')

Notes:

IUA Access Token

Provided an ITI-71 results in a PERMIT access token issued. That token would have the following PCF specific element to inform the Consent Enforcement Point.

In this case there is no residual, as the Consent expresses that authorization be given for a given purpose of use. Possibly with scope restrictions based on other business rules, such as a subset of actions (CRUDE) and resources. No token would be issued by ITI-71 for users not authorized, or requests beyond the set of purpose of use.

  • The restriction to the given purpose (FooBar) would be expressed in the ihe_iua extension
    • The other ihe_iua extension parameters are not shown below
  • The consent is indicated in the ihe_pcf
    • no residual element is provided, indicating that no residual rules need be enforced
"extensions" : {
  "ihe_iua" : {
    ...
    "purpose_of_use" : [{
        "system" : "http://terminology.hl7.org/CodeSystem/v3-ActReason",
        "code" : "TREAT"
      },{
        "system" : "http://terminology.hl7.org/CodeSystem/v3-ActReason",
        "code" : "HPAYMT"
      },{
        "system" : "http://terminology.hl7.org/CodeSystem/v3-ActReason",
        "code" : "HOPERAT"
    }]
  }
  "ihe_pcf" : {
    "patient_id" : "http://example.org/fhir/Patient/ex-patient",
    "doc_id" : ["http://example.org/fhir/Consent/ex-consent-basic-treat"]
  }
}