Privacy Consent on FHIR (PCF)
1.1.0 - Trial-Implementation
Privacy Consent on FHIR (PCF), published by IHE IT Infrastructure Technical Committee. This guide is not an authorized publication; it is the continuous build for version 1.1.0 built by the FHIR (HL7® FHIR® Standard) CI Build. This version is based on the current content of https://github.com/IHE/ITI.PCF/ and changes regularly. See the Directory of published versions
Resource Consent "ex-consent-intermediate-purpose"
Profile: IHE PCF Explicit Intermediate Consent
Security Labels: http://terminology.hl7.org/CodeSystem/v3-ActReason
status: active
scope: Privacy Consent (Consent Scope Codes#patient-privacy)
category: Consent (LOINC#59284-0)
patient: Patient/ex-patient " SMITH"
dateTime: 2022-06-13
performer: Patient/ex-patient " SMITH"
organization: Organization/ex-organization "somewhere org"
source: DocumentReference/ex-documentreference
Uri |
https://profiles.ihe.net/ITI/PCF/Policy-basic-normal |
provision
type: permit
Actors
Role Reference information recipient (ParticipationType#IRCP) Organization/ex-org-researcher "research house org" purpose: FooBar (Details: http://example.org/policies/purposeOfUse code FooBar = 'FooBar', stated as 'null')
Provided an ITI-71 results in a PERMIT access token issued. That token would have the following residual element to inform the Consent Enforcement Point that it needs to restrict the results.
In this case there is no residual, as the Consent expresses that authorization be given only to a given Research organization for a given purpose of use. Possibly with scope restrictions based on other business rules, such as a subset of actions (CRUDE) and resources. No token would be issued by ITI-71 for users not a part of the Research organization, or requests by that organization that are not purpose FooBar.
ihe_iua
extension
ihe_iua
extension parameters are not shown belowihe_pcf
residual
element is provided, indicating that no residual rules need be enforced"extensions" : {
"ihe_iua" : {
...
"purpose_of_use" : [{
"system" : "http://example.org/policies/purposeOfUse",
"code" : "FooBar"
}]
}
"ihe_pcf" : {
"patient_id" : "http://example.org/fhir/Patient/ex-patient",
"doc_id" : ["http://example.org/fhir/Consent/ex-consent-intermediate-purpose"]
}
}