Privacy Consent on FHIR (PCF), published by IHE IT Infrastructure Technical Committee. This guide is not an authorized publication; it is the continuous build for version 1.1.0 built by the FHIR (HL7® FHIR® Standard) CI Build. This version is based on the current content of https://github.com/IHE/ITI.PCF/ and changes regularly. See the Directory of published versions

Privacy Consent on FHIR (PCF) Home

Official URL: https://profiles.ihe.net/ITI/PCF/ImplementationGuide/ihe.iti.pcf				Version: 1.1.0
Active as of 2024-02-23				Computable Name: IHE_ITI_PCF

The Privacy Consent on FHIR (PCF) Profile provides support for patient privacy consents and access control where a FHIR API is used to access Document Sharing Health Information Exchanges.

This includes refinement of the consent handling defined in MHDS. The scope does not intend to cover all consent use cases, such as the consent use cases for within an organization, or more advanced consents that may be addressed in future versions of PCF.

Organization of This Guide

This guide is organized into the following sections:

• Volume 1: Profiles
  • Introduction
  • Actors, Transactions, and Content
  • Actor Options
  • Actor Required Groupings
  • Overview
  • Security Considerations
  • Cross Profile Considerations
  • Appendix P: Privacy Access Policies
• Volume 2: Transaction Detail
  • Get Access Token [ITI-71]
  • Incorporate Access Token [ITI-72]
  • Introspect Token [ITI-102]
  • Get Authorization Server Metadata [ITI-103]
  • Access Consent [ITI-108]
• Volume 3: Metadata and Content
  • Privacy Consent Patterns
• Other
  • Changes to Other IHE Specification
  • Updates to ITI-71
  • Test Plan
  • Download and Analysis

See also the Table of Contents and the index of Artifacts defined as part of this implementation guide.

Conformance Expectations

IHE uses the normative words: Shall, Should, and May according to standards conventions.

Must Support

The use of mustSupport in StructureDefinition profiles equivalent to the IHE use of R2 as defined in Appendix Z.

mustSupport of true - only has a meaning on items that are minimal cardinality of zero (0), and applies only to the source actor populating the data. The source actor shall populate the elements marked with MustSupport, if the concept is supported by the actor, a value exists, and security and consent rules permit. The consuming actors should handle these elements being populated or being absent/empty. Note that sometimes mustSupport will appear on elements with a minimal cardinality greater than zero (0), this is due to inheritance from a less constrained profile.