Introduction

A Consent resource is a record of a healthcare consumer’s policy choices, which permits or denies identified actors(s) or identified role(s) to perform one or more actions within a given policy context, for specific purpose(s) and period of time.

Scope and Usage

In the eHealth infrastructure a Consent resource is used

1. as a record of the fact that a Patient has given a Consent and
2. to enforce data policies that require Consent to be given and recorded for a Patient.

The eHealth profile of Consent has the following extensions:

• ehealth-consent-affiliation which specifies the care context level to which the consent applies—either EpisodeOfCare level (mandatory reference) or CarePlan level (optional reference). See section on Affiliation below.

Registration of Consent

When a Patient gives a consent, this consent must be recorded as a Consent resource. This resource can be created by the Patient herself or by a Practitioner as a result of conversations or correspondence with the Patient.

eHealth operates with two categories of consents:

1. Category PITEOC: Consent given by a Patient to be enrolled into a telemedical EpisodeOfCare. This Consent is interpretated to also apply to all CarePlan instances related to the consented EpisodeOfCare.

2. Category SSLPCI: Consent given by a Patient to have his/her contact information (physical address and telecommunication endpoints) being disclosed to a specified actor supplying device(s) and service(s) to the Patient as part of an EpisodeOfCare and related CarePlan(s).

Consents of category PITEOC are expressed by creating a Consent resource with:

• Consent.category.coding.system = "http://ehealth.sundhed.dk/cs/consent-category"
• Consent.category.coding.code = "PITEOC".

Consents of category SSLPCI are expressed by creating a Consent resource with:

• Consent.category.coding.system = "http://ehealth.sundhed.dk/cs/consent-category"
• Consent.category.coding.code = "SSLPCI".

Enforcement of Consent

Business rules are built into eHealth infrastructure to ensure that data can only be processed or forwarded to other systems and actors when the proper Consent is given.

This means, that:

1. An EpisodeOfCare can only change status to active if a Consent with category PITEOC has been given.
2. An SSL Order can only change status to submitted if a Consent with category SSLPCI has been given.

In addition to the Consent.category element, the following elements must be set on a Consent resource for the policy enforcing business logic to take effect:

• Consent.patient - the patient who is the subject of this consent (must coincide with the EpisodeOfCare.patient referenced by Consent.data.reference)
• Consent.provision.data.reference - the EpisodeOfCare for which this Consent is in force.
• Consent.provision.actor - the actor (Organization, CareTeam, Practitioner) whose behaviour is controlled by this consent.
• Consent.status - the status of this consent (only active consents are considered to be in force)
• Consent.provision.period - the (possibly open-ended) period for which this consent is in force.

For more information see the element descriptions in the snapshot table on this page and also see the example Consent resources on the Examples tab.

Affiliation

Specifies the care context level to which the consent applies—either EpisodeOfCare level (mandatory reference) or CarePlan level (optional reference). This enables precise scoping of consent in telemedicine solution, such as controlling patient access to triage results for specific CarePlan or broader EpisodeOfCare. Where provision.data is for data controlled by the consent, ehealth-consent-affiliation indicates the care level to which the consent applies. See Consent/23 for an example of how to use the affiliation extension.

Remarks on operations

Search

• As patient user
  • Search parameter patient is mandatory and must match the patient in the user context.
• As practitioner user
  • Search parameters most contain either data or affiliation that matches the episodeOfCare in the user context.
  • Parameter affiliation:
    • If searching by affiliation for multiple CarePlans the affiliation parameter must be specified two times ?affiliation=episodeOfCareRef&affiliation=careplanRef1,careplanRef2. A single OR search contain both episodeOfCareRef and CarePlanRefs are not allowed as there is no guarantee the CarePlan is referencing the episodeOfCare specified.

• Key Elements Table
• Differential Table
• Snapshot Table
• Statistics/References
• All

Name	Flags	Card.	Type	Description & Constraints    Filter: Bindings Constraints Obligations
Consent	C	0..*	Consent	A healthcare consumer's choices to permit or deny recipients or roles to perform actions for specific purposes and periods of time Constraints: ppc-1, ppc-2, ppc-3, ppc-4, ppc-5
implicitRules	?!Σ	0..1	uri	A set of rules under which this content was created
Slices for extension		0..*	Extension	Extension Slice: Unordered, Open by value:url
extension:affiliation		0..*	Reference(ehealth-episodeofcare | ehealth-careplan) {r}	Affiliation to EpisodeOfCare and optionally CarePlan URL: http://ehealth.sundhed.dk/fhir/StructureDefinition/ehealth-consent-affiliation
modifierExtension	?!	0..*	Extension	Extensions that cannot be ignored
status	?!Σ	1..1	code	draft | proposed | active | rejected | inactive | entered-in-error Binding: ConsentState (required): Indicates the state of the consent.
scope	?!Σ	1..1	CodeableConcept	Specific scope covered by this consent Binding: Consent Scope (required)
category	Σ	1..*	CodeableConcept	Classification of the consent statement - for indexing/retrieval Binding: Consent Category (required)
patient	Σ	1..1	Reference(ehealth-patient) {r}	Who the consent applies to
organization	Σ	0..*	Reference(ehealth-organization) {r}	Custodian of the consent
Slices for source[x]	Σ	0..1		Source from which this consent is taken Slice: Unordered, Open by type:$this
sourceAttachment			Attachment
sourceReference			Reference(Consent | DocumentReference | Contract | QuestionnaireResponse)
source[x]:sourceReference	Σ	0..1	Reference(ehealth-consent | ehealth-documentreference | Contract | ehealth-questionnaireresponse)	Source from which this consent is taken
Documentation for this format

Terminology Bindings

Path	Status	Usage	ValueSet	Version	Source
Consent.status	Base	required	ConsentState	📍4.0.1	FHIR Std.
Consent.scope	Base	required	Consent Scope	📦7.0.0	This IG
Consent.category	Base	required	Consent Category	📦7.0.0	This IG

Constraints

Id	Grade	Path(s)	Description	Expression
dom-2	error	Consent	If the resource is contained in another resource, it SHALL NOT contain nested Resources	contained.contained.empty()
dom-3	error	Consent	If the resource is contained in another resource, it SHALL be referred to from elsewhere in the resource or SHALL refer to the containing resource	contained.where((('#'+id in (%resource.descendants().reference | %resource.descendants().as(canonical) | %resource.descendants().as(uri) | %resource.descendants().as(url))) or descendants().where(reference = '#').exists() or descendants().where(as(canonical) = '#').exists() or descendants().where(as(canonical) = '#').exists()).not()).trace('unmatched', id).empty()
dom-4	error	Consent	If a resource is contained in another resource, it SHALL NOT have a meta.versionId or a meta.lastUpdated	contained.meta.versionId.empty() and contained.meta.lastUpdated.empty()
dom-5	error	Consent	If a resource is contained in another resource, it SHALL NOT have a security label	contained.meta.security.empty()
dom-6	best practice	Consent	A resource should have narrative for robust management	text.`div`.exists()
ele-1	error	**ALL** elements	All FHIR elements must have a @value or children	hasValue() or (children().count() > id.count())
ext-1	error	**ALL** extensions	Must have either extensions or value[x], not both	extension.exists() != value.exists()
ppc-1	error	Consent	Either a Policy or PolicyRule	policy.exists() or policyRule.exists()
ppc-2	error	Consent	IF Scope=privacy, there must be a patient	patient.exists() or scope.coding.where(system='something' and code='patient-privacy').exists().not()
ppc-3	error	Consent	IF Scope=research, there must be a patient	patient.exists() or scope.coding.where(system='something' and code='research').exists().not()
ppc-4	error	Consent	IF Scope=adr, there must be a patient	patient.exists() or scope.coding.where(system='something' and code='adr').exists().not()
ppc-5	error	Consent	IF Scope=treatment, there must be a patient	patient.exists() or scope.coding.where(system='something' and code='treatment').exists().not()

This structure is derived from Consent

Name	Flags	Card.	Type	Description & Constraints    Filter: Bindings Constraints Obligations
Consent		0..*	Consent	A healthcare consumer's choices to permit or deny recipients or roles to perform actions for specific purposes and periods of time
Slices for extension		0..*	Extension	Extension Slice: Unordered, Open by value:url
extension:affiliation		0..*	Reference(ehealth-episodeofcare | ehealth-careplan) {r}	Affiliation to EpisodeOfCare and optionally CarePlan URL: http://ehealth.sundhed.dk/fhir/StructureDefinition/ehealth-consent-affiliation
scope		1..1	CodeableConcept	Specific scope covered by this consent Binding: Consent Scope (required)
category		1..*	CodeableConcept	Classification of the consent statement - for indexing/retrieval Binding: Consent Category (required)
patient		1..1	Reference(ehealth-patient) {r}	Who the consent applies to
organization		0..*	Reference(ehealth-organization) {r}	Custodian of the consent
Slices for source[x]		0..1	Attachment, Reference(Consent | DocumentReference | Contract | QuestionnaireResponse)	Source from which this consent is taken Slice: Unordered, Open by type:$this
source[x]:sourceReference		0..1	Reference(ehealth-consent | ehealth-documentreference | Contract | ehealth-questionnaireresponse)	Source from which this consent is taken
policy
uri		0..1	uri	Specific policy covered by this consent Binding: Consent Policy (required)
provision
class		0..*	Coding	Specific class covered by this consent Binding: Consent Provision Class (required)
code		0..*	CodeableConcept	Specific code covered by this consent Binding: Consent Provision Code (required)
Documentation for this format

Terminology Bindings (Differential)

Path	Status	Usage	ValueSet	Version	Source
Consent.scope	Base	required	Consent Scope	📦7.0.0	This IG
Consent.category	Base	required	Consent Category	📦7.0.0	This IG
Consent.policy.uri	Base	required	Consent Policy	📦7.0.0	This IG
Consent.provision.class	Base	required	Consent Provision Class	📦7.0.0	This IG
Consent.provision.code	Base	required	Consent Provision Code	📦7.0.0	This IG

Name	Flags	Card.	Type	Description & Constraints    Filter: Bindings Constraints Obligations
Consent	C	0..*	Consent	A healthcare consumer's choices to permit or deny recipients or roles to perform actions for specific purposes and periods of time Constraints: ppc-1, ppc-2, ppc-3, ppc-4, ppc-5
id	Σ	0..1	id	Logical id of this artifact
meta	Σ	0..1	Meta	Metadata about the resource
implicitRules	?!Σ	0..1	uri	A set of rules under which this content was created
language		0..1	code	Language of the resource content Binding: CommonLanguages (preferred): A human language. Additional Bindings Purpose AllLanguages Max Binding
text		0..1	Narrative	Text summary of the resource, for human interpretation This profile does not constrain the narrative in regard to content, language, or traceability to data elements
contained		0..*	Resource	Contained, inline Resources
Slices for extension		0..*	Extension	Extension Slice: Unordered, Open by value:url
extension:affiliation		0..*	Reference(ehealth-episodeofcare | ehealth-careplan) {r}	Affiliation to EpisodeOfCare and optionally CarePlan URL: http://ehealth.sundhed.dk/fhir/StructureDefinition/ehealth-consent-affiliation
modifierExtension	?!	0..*	Extension	Extensions that cannot be ignored
identifier	Σ	0..*	Identifier	Identifier for this record (external references) Example General: {"system":"http://acme.org/identifier/local/eCMS","value":"Local eCMS identifier"}
status	?!Σ	1..1	code	draft | proposed | active | rejected | inactive | entered-in-error Binding: ConsentState (required): Indicates the state of the consent.
scope	?!Σ	1..1	CodeableConcept	Specific scope covered by this consent Binding: Consent Scope (required)
category	Σ	1..*	CodeableConcept	Classification of the consent statement - for indexing/retrieval Binding: Consent Category (required)
patient	Σ	1..1	Reference(ehealth-patient) {r}	Who the consent applies to
dateTime	Σ	0..1	dateTime	When this Consent was created or indexed
performer	Σ	0..*	Reference(Organization | Patient | Practitioner | RelatedPerson | PractitionerRole)	Who is agreeing to the policy and rules
organization	Σ	0..*	Reference(ehealth-organization) {r}	Custodian of the consent
Slices for source[x]	Σ	0..1		Source from which this consent is taken Slice: Unordered, Open by type:$this
sourceAttachment			Attachment
sourceReference			Reference(Consent | DocumentReference | Contract | QuestionnaireResponse)
source[x]:sourceReference	Σ	0..1	Reference(ehealth-consent | ehealth-documentreference | Contract | ehealth-questionnaireresponse)	Source from which this consent is taken
policy		0..*	BackboneElement	Policies covered by this consent
id		0..1	string	Unique id for inter-element referencing
extension		0..*	Extension	Additional content defined by implementations
modifierExtension	?!Σ	0..*	Extension	Extensions that cannot be ignored even if unrecognized
authority	C	0..1	uri	Enforcement source for policy
uri	C	0..1	uri	Specific policy covered by this consent Binding: Consent Policy (required)
policyRule	ΣC	0..1	CodeableConcept	Regulation that this consents to Binding: ConsentPolicyRuleCodes (extensible): Regulatory policy examples.
verification	Σ	0..*	BackboneElement	Consent Verified by patient or family
id		0..1	string	Unique id for inter-element referencing
extension		0..*	Extension	Additional content defined by implementations
modifierExtension	?!Σ	0..*	Extension	Extensions that cannot be ignored even if unrecognized
verified	Σ	1..1	boolean	Has been verified
verifiedWith		0..1	Reference(Patient | RelatedPerson)	Person who verified
verificationDate		0..1	dateTime	When consent verified
provision	Σ	0..1	BackboneElement	Constraints to the base Consent.policyRule
id		0..1	string	Unique id for inter-element referencing
extension		0..*	Extension	Additional content defined by implementations
modifierExtension	?!Σ	0..*	Extension	Extensions that cannot be ignored even if unrecognized
type	Σ	0..1	code	deny | permit Binding: ConsentProvisionType (required): How a rule statement is applied, such as adding additional consent or removing consent.
period	Σ	0..1	Period	Timeframe for this rule
actor		0..*	BackboneElement	Who|what controlled by this rule (or group, by role)
id		0..1	string	Unique id for inter-element referencing
extension		0..*	Extension	Additional content defined by implementations
modifierExtension	?!Σ	0..*	Extension	Extensions that cannot be ignored even if unrecognized
role		1..1	CodeableConcept	How the actor is involved Binding: SecurityRoleType (extensible): How an actor is involved in the consent considerations.
reference		1..1	Reference(Device | Group | CareTeam | Organization | Patient | Practitioner | RelatedPerson | PractitionerRole)	Resource for the actor (or group, by role)
action	Σ	0..*	CodeableConcept	Actions controlled by this rule Binding: ConsentActionCodes (example): Detailed codes for the consent action.
securityLabel	Σ	0..*	Coding	Security Labels that define affected resources Binding: All Security Labels (extensible): Security Labels from the Healthcare Privacy and Security Classification System.
purpose	Σ	0..*	Coding	Context of activities covered by this rule Binding: PurposeOfUse (extensible): What purposes of use are controlled by this exception. If more than one label is specified, operations must have all the specified labels.
class	Σ	0..*	Coding	Specific class covered by this consent Binding: Consent Provision Class (required)
code	Σ	0..*	CodeableConcept	Specific code covered by this consent Binding: Consent Provision Code (required)
dataPeriod	Σ	0..1	Period	Timeframe for data controlled by this rule
data	Σ	0..*	BackboneElement	Data controlled by this rule
id		0..1	string	Unique id for inter-element referencing
extension		0..*	Extension	Additional content defined by implementations
modifierExtension	?!Σ	0..*	Extension	Extensions that cannot be ignored even if unrecognized
meaning	Σ	1..1	code	instance | related | dependents | authoredby Binding: ConsentDataMeaning (required): How a resource reference is interpreted when testing consent restrictions.
reference	Σ	1..1	Reference(Resource)	The actual data reference
provision		0..*	See provision (Consent)	Nested Exception Rules
Documentation for this format

Terminology Bindings

Path	Status	Usage	ValueSet	Version	Source
Consent.language	Base	preferred	Common Languages	📍4.0.1	FHIR Std.
Consent.status	Base	required	ConsentState	📍4.0.1	FHIR Std.
Consent.scope	Base	required	Consent Scope	📦7.0.0	This IG
Consent.category	Base	required	Consent Category	📦7.0.0	This IG
Consent.policy.uri	Base	required	Consent Policy	📦7.0.0	This IG
Consent.policyRule	Base	extensible	Consent PolicyRule Codes	📍4.0.1	FHIR Std.
Consent.provision.type	Base	required	ConsentProvisionType	📍4.0.1	FHIR Std.
Consent.provision.actor.​role	Base	extensible	SecurityRoleType	📍4.0.1	FHIR Std.
Consent.provision.action	Base	example	Consent Action Codes	📍4.0.1	FHIR Std.
Consent.provision.securityLabel	Base	extensible	SecurityLabels	📍4.0.1	FHIR Std.
Consent.provision.purpose	Base	extensible	PurposeOfUse	📦3.1.0	THO v7.0
Consent.provision.class	Base	required	Consent Provision Class	📦7.0.0	This IG
Consent.provision.code	Base	required	Consent Provision Code	📦7.0.0	This IG
Consent.provision.data.​meaning	Base	required	ConsentDataMeaning	📍4.0.1	FHIR Std.

Constraints

Id	Grade	Path(s)	Description	Expression
dom-2	error	Consent	If the resource is contained in another resource, it SHALL NOT contain nested Resources	contained.contained.empty()
dom-3	error	Consent	If the resource is contained in another resource, it SHALL be referred to from elsewhere in the resource or SHALL refer to the containing resource	contained.where((('#'+id in (%resource.descendants().reference | %resource.descendants().as(canonical) | %resource.descendants().as(uri) | %resource.descendants().as(url))) or descendants().where(reference = '#').exists() or descendants().where(as(canonical) = '#').exists() or descendants().where(as(canonical) = '#').exists()).not()).trace('unmatched', id).empty()
dom-4	error	Consent	If a resource is contained in another resource, it SHALL NOT have a meta.versionId or a meta.lastUpdated	contained.meta.versionId.empty() and contained.meta.lastUpdated.empty()
dom-5	error	Consent	If a resource is contained in another resource, it SHALL NOT have a security label	contained.meta.security.empty()
dom-6	best practice	Consent	A resource should have narrative for robust management	text.`div`.exists()
ele-1	error	**ALL** elements	All FHIR elements must have a @value or children	hasValue() or (children().count() > id.count())
ext-1	error	**ALL** extensions	Must have either extensions or value[x], not both	extension.exists() != value.exists()
ppc-1	error	Consent	Either a Policy or PolicyRule	policy.exists() or policyRule.exists()
ppc-2	error	Consent	IF Scope=privacy, there must be a patient	patient.exists() or scope.coding.where(system='something' and code='patient-privacy').exists().not()
ppc-3	error	Consent	IF Scope=research, there must be a patient	patient.exists() or scope.coding.where(system='something' and code='research').exists().not()
ppc-4	error	Consent	IF Scope=adr, there must be a patient	patient.exists() or scope.coding.where(system='something' and code='adr').exists().not()
ppc-5	error	Consent	IF Scope=treatment, there must be a patient	patient.exists() or scope.coding.where(system='something' and code='treatment').exists().not()

Key Elements View

Name	Flags	Card.	Type	Description & Constraints    Filter: Bindings Constraints Obligations
Consent	C	0..*	Consent	A healthcare consumer's choices to permit or deny recipients or roles to perform actions for specific purposes and periods of time Constraints: ppc-1, ppc-2, ppc-3, ppc-4, ppc-5
implicitRules	?!Σ	0..1	uri	A set of rules under which this content was created
Slices for extension		0..*	Extension	Extension Slice: Unordered, Open by value:url
extension:affiliation		0..*	Reference(ehealth-episodeofcare | ehealth-careplan) {r}	Affiliation to EpisodeOfCare and optionally CarePlan URL: http://ehealth.sundhed.dk/fhir/StructureDefinition/ehealth-consent-affiliation
modifierExtension	?!	0..*	Extension	Extensions that cannot be ignored
status	?!Σ	1..1	code	draft | proposed | active | rejected | inactive | entered-in-error Binding: ConsentState (required): Indicates the state of the consent.
scope	?!Σ	1..1	CodeableConcept	Specific scope covered by this consent Binding: Consent Scope (required)
category	Σ	1..*	CodeableConcept	Classification of the consent statement - for indexing/retrieval Binding: Consent Category (required)
patient	Σ	1..1	Reference(ehealth-patient) {r}	Who the consent applies to
organization	Σ	0..*	Reference(ehealth-organization) {r}	Custodian of the consent
Slices for source[x]	Σ	0..1		Source from which this consent is taken Slice: Unordered, Open by type:$this
sourceAttachment			Attachment
sourceReference			Reference(Consent | DocumentReference | Contract | QuestionnaireResponse)
source[x]:sourceReference	Σ	0..1	Reference(ehealth-consent | ehealth-documentreference | Contract | ehealth-questionnaireresponse)	Source from which this consent is taken
Documentation for this format

Terminology Bindings

Path	Status	Usage	ValueSet	Version	Source
Consent.status	Base	required	ConsentState	📍4.0.1	FHIR Std.
Consent.scope	Base	required	Consent Scope	📦7.0.0	This IG
Consent.category	Base	required	Consent Category	📦7.0.0	This IG

Constraints

Id	Grade	Path(s)	Description	Expression
dom-2	error	Consent	If the resource is contained in another resource, it SHALL NOT contain nested Resources	contained.contained.empty()
dom-3	error	Consent	If the resource is contained in another resource, it SHALL be referred to from elsewhere in the resource or SHALL refer to the containing resource	contained.where((('#'+id in (%resource.descendants().reference | %resource.descendants().as(canonical) | %resource.descendants().as(uri) | %resource.descendants().as(url))) or descendants().where(reference = '#').exists() or descendants().where(as(canonical) = '#').exists() or descendants().where(as(canonical) = '#').exists()).not()).trace('unmatched', id).empty()
dom-4	error	Consent	If a resource is contained in another resource, it SHALL NOT have a meta.versionId or a meta.lastUpdated	contained.meta.versionId.empty() and contained.meta.lastUpdated.empty()
dom-5	error	Consent	If a resource is contained in another resource, it SHALL NOT have a security label	contained.meta.security.empty()
dom-6	best practice	Consent	A resource should have narrative for robust management	text.`div`.exists()
ele-1	error	**ALL** elements	All FHIR elements must have a @value or children	hasValue() or (children().count() > id.count())
ext-1	error	**ALL** extensions	Must have either extensions or value[x], not both	extension.exists() != value.exists()
ppc-1	error	Consent	Either a Policy or PolicyRule	policy.exists() or policyRule.exists()
ppc-2	error	Consent	IF Scope=privacy, there must be a patient	patient.exists() or scope.coding.where(system='something' and code='patient-privacy').exists().not()
ppc-3	error	Consent	IF Scope=research, there must be a patient	patient.exists() or scope.coding.where(system='something' and code='research').exists().not()
ppc-4	error	Consent	IF Scope=adr, there must be a patient	patient.exists() or scope.coding.where(system='something' and code='adr').exists().not()
ppc-5	error	Consent	IF Scope=treatment, there must be a patient	patient.exists() or scope.coding.where(system='something' and code='treatment').exists().not()

Differential View

This structure is derived from Consent

Name	Flags	Card.	Type	Description & Constraints    Filter: Bindings Constraints Obligations
Consent		0..*	Consent	A healthcare consumer's choices to permit or deny recipients or roles to perform actions for specific purposes and periods of time
Slices for extension		0..*	Extension	Extension Slice: Unordered, Open by value:url
extension:affiliation		0..*	Reference(ehealth-episodeofcare | ehealth-careplan) {r}	Affiliation to EpisodeOfCare and optionally CarePlan URL: http://ehealth.sundhed.dk/fhir/StructureDefinition/ehealth-consent-affiliation
scope		1..1	CodeableConcept	Specific scope covered by this consent Binding: Consent Scope (required)
category		1..*	CodeableConcept	Classification of the consent statement - for indexing/retrieval Binding: Consent Category (required)
patient		1..1	Reference(ehealth-patient) {r}	Who the consent applies to
organization		0..*	Reference(ehealth-organization) {r}	Custodian of the consent
Slices for source[x]		0..1	Attachment, Reference(Consent | DocumentReference | Contract | QuestionnaireResponse)	Source from which this consent is taken Slice: Unordered, Open by type:$this
source[x]:sourceReference		0..1	Reference(ehealth-consent | ehealth-documentreference | Contract | ehealth-questionnaireresponse)	Source from which this consent is taken
policy
uri		0..1	uri	Specific policy covered by this consent Binding: Consent Policy (required)
provision
class		0..*	Coding	Specific class covered by this consent Binding: Consent Provision Class (required)
code		0..*	CodeableConcept	Specific code covered by this consent Binding: Consent Provision Code (required)
Documentation for this format

Terminology Bindings (Differential)

Path	Status	Usage	ValueSet	Version	Source
Consent.scope	Base	required	Consent Scope	📦7.0.0	This IG
Consent.category	Base	required	Consent Category	📦7.0.0	This IG
Consent.policy.uri	Base	required	Consent Policy	📦7.0.0	This IG
Consent.provision.class	Base	required	Consent Provision Class	📦7.0.0	This IG
Consent.provision.code	Base	required	Consent Provision Code	📦7.0.0	This IG

Snapshot View

Name	Flags	Card.	Type	Description & Constraints    Filter: Bindings Constraints Obligations
Consent	C	0..*	Consent	A healthcare consumer's choices to permit or deny recipients or roles to perform actions for specific purposes and periods of time Constraints: ppc-1, ppc-2, ppc-3, ppc-4, ppc-5
id	Σ	0..1	id	Logical id of this artifact
meta	Σ	0..1	Meta	Metadata about the resource
implicitRules	?!Σ	0..1	uri	A set of rules under which this content was created
language		0..1	code	Language of the resource content Binding: CommonLanguages (preferred): A human language. Additional Bindings Purpose AllLanguages Max Binding
text		0..1	Narrative	Text summary of the resource, for human interpretation This profile does not constrain the narrative in regard to content, language, or traceability to data elements
contained		0..*	Resource	Contained, inline Resources
Slices for extension		0..*	Extension	Extension Slice: Unordered, Open by value:url
extension:affiliation		0..*	Reference(ehealth-episodeofcare | ehealth-careplan) {r}	Affiliation to EpisodeOfCare and optionally CarePlan URL: http://ehealth.sundhed.dk/fhir/StructureDefinition/ehealth-consent-affiliation
modifierExtension	?!	0..*	Extension	Extensions that cannot be ignored
identifier	Σ	0..*	Identifier	Identifier for this record (external references) Example General: {"system":"http://acme.org/identifier/local/eCMS","value":"Local eCMS identifier"}
status	?!Σ	1..1	code	draft | proposed | active | rejected | inactive | entered-in-error Binding: ConsentState (required): Indicates the state of the consent.
scope	?!Σ	1..1	CodeableConcept	Specific scope covered by this consent Binding: Consent Scope (required)
category	Σ	1..*	CodeableConcept	Classification of the consent statement - for indexing/retrieval Binding: Consent Category (required)
patient	Σ	1..1	Reference(ehealth-patient) {r}	Who the consent applies to
dateTime	Σ	0..1	dateTime	When this Consent was created or indexed
performer	Σ	0..*	Reference(Organization | Patient | Practitioner | RelatedPerson | PractitionerRole)	Who is agreeing to the policy and rules
organization	Σ	0..*	Reference(ehealth-organization) {r}	Custodian of the consent
Slices for source[x]	Σ	0..1		Source from which this consent is taken Slice: Unordered, Open by type:$this
sourceAttachment			Attachment
sourceReference			Reference(Consent | DocumentReference | Contract | QuestionnaireResponse)
source[x]:sourceReference	Σ	0..1	Reference(ehealth-consent | ehealth-documentreference | Contract | ehealth-questionnaireresponse)	Source from which this consent is taken
policy		0..*	BackboneElement	Policies covered by this consent
id		0..1	string	Unique id for inter-element referencing
extension		0..*	Extension	Additional content defined by implementations
modifierExtension	?!Σ	0..*	Extension	Extensions that cannot be ignored even if unrecognized
authority	C	0..1	uri	Enforcement source for policy
uri	C	0..1	uri	Specific policy covered by this consent Binding: Consent Policy (required)
policyRule	ΣC	0..1	CodeableConcept	Regulation that this consents to Binding: ConsentPolicyRuleCodes (extensible): Regulatory policy examples.
verification	Σ	0..*	BackboneElement	Consent Verified by patient or family
id		0..1	string	Unique id for inter-element referencing
extension		0..*	Extension	Additional content defined by implementations
modifierExtension	?!Σ	0..*	Extension	Extensions that cannot be ignored even if unrecognized
verified	Σ	1..1	boolean	Has been verified
verifiedWith		0..1	Reference(Patient | RelatedPerson)	Person who verified
verificationDate		0..1	dateTime	When consent verified
provision	Σ	0..1	BackboneElement	Constraints to the base Consent.policyRule
id		0..1	string	Unique id for inter-element referencing
extension		0..*	Extension	Additional content defined by implementations
modifierExtension	?!Σ	0..*	Extension	Extensions that cannot be ignored even if unrecognized
type	Σ	0..1	code	deny | permit Binding: ConsentProvisionType (required): How a rule statement is applied, such as adding additional consent or removing consent.
period	Σ	0..1	Period	Timeframe for this rule
actor		0..*	BackboneElement	Who|what controlled by this rule (or group, by role)
id		0..1	string	Unique id for inter-element referencing
extension		0..*	Extension	Additional content defined by implementations
modifierExtension	?!Σ	0..*	Extension	Extensions that cannot be ignored even if unrecognized
role		1..1	CodeableConcept	How the actor is involved Binding: SecurityRoleType (extensible): How an actor is involved in the consent considerations.
reference		1..1	Reference(Device | Group | CareTeam | Organization | Patient | Practitioner | RelatedPerson | PractitionerRole)	Resource for the actor (or group, by role)
action	Σ	0..*	CodeableConcept	Actions controlled by this rule Binding: ConsentActionCodes (example): Detailed codes for the consent action.
securityLabel	Σ	0..*	Coding	Security Labels that define affected resources Binding: All Security Labels (extensible): Security Labels from the Healthcare Privacy and Security Classification System.
purpose	Σ	0..*	Coding	Context of activities covered by this rule Binding: PurposeOfUse (extensible): What purposes of use are controlled by this exception. If more than one label is specified, operations must have all the specified labels.
class	Σ	0..*	Coding	Specific class covered by this consent Binding: Consent Provision Class (required)
code	Σ	0..*	CodeableConcept	Specific code covered by this consent Binding: Consent Provision Code (required)
dataPeriod	Σ	0..1	Period	Timeframe for data controlled by this rule
data	Σ	0..*	BackboneElement	Data controlled by this rule
id		0..1	string	Unique id for inter-element referencing
extension		0..*	Extension	Additional content defined by implementations
modifierExtension	?!Σ	0..*	Extension	Extensions that cannot be ignored even if unrecognized
meaning	Σ	1..1	code	instance | related | dependents | authoredby Binding: ConsentDataMeaning (required): How a resource reference is interpreted when testing consent restrictions.
reference	Σ	1..1	Reference(Resource)	The actual data reference
provision		0..*	See provision (Consent)	Nested Exception Rules
Documentation for this format

Terminology Bindings

Path	Status	Usage	ValueSet	Version	Source
Consent.language	Base	preferred	Common Languages	📍4.0.1	FHIR Std.
Consent.status	Base	required	ConsentState	📍4.0.1	FHIR Std.
Consent.scope	Base	required	Consent Scope	📦7.0.0	This IG
Consent.category	Base	required	Consent Category	📦7.0.0	This IG
Consent.policy.uri	Base	required	Consent Policy	📦7.0.0	This IG
Consent.policyRule	Base	extensible	Consent PolicyRule Codes	📍4.0.1	FHIR Std.
Consent.provision.type	Base	required	ConsentProvisionType	📍4.0.1	FHIR Std.
Consent.provision.actor.​role	Base	extensible	SecurityRoleType	📍4.0.1	FHIR Std.
Consent.provision.action	Base	example	Consent Action Codes	📍4.0.1	FHIR Std.
Consent.provision.securityLabel	Base	extensible	SecurityLabels	📍4.0.1	FHIR Std.
Consent.provision.purpose	Base	extensible	PurposeOfUse	📦3.1.0	THO v7.0
Consent.provision.class	Base	required	Consent Provision Class	📦7.0.0	This IG
Consent.provision.code	Base	required	Consent Provision Code	📦7.0.0	This IG
Consent.provision.data.​meaning	Base	required	ConsentDataMeaning	📍4.0.1	FHIR Std.

Constraints

Id	Grade	Path(s)	Description	Expression
dom-2	error	Consent	If the resource is contained in another resource, it SHALL NOT contain nested Resources	contained.contained.empty()
dom-3	error	Consent	If the resource is contained in another resource, it SHALL be referred to from elsewhere in the resource or SHALL refer to the containing resource	contained.where((('#'+id in (%resource.descendants().reference | %resource.descendants().as(canonical) | %resource.descendants().as(uri) | %resource.descendants().as(url))) or descendants().where(reference = '#').exists() or descendants().where(as(canonical) = '#').exists() or descendants().where(as(canonical) = '#').exists()).not()).trace('unmatched', id).empty()
dom-4	error	Consent	If a resource is contained in another resource, it SHALL NOT have a meta.versionId or a meta.lastUpdated	contained.meta.versionId.empty() and contained.meta.lastUpdated.empty()
dom-5	error	Consent	If a resource is contained in another resource, it SHALL NOT have a security label	contained.meta.security.empty()
dom-6	best practice	Consent	A resource should have narrative for robust management	text.`div`.exists()
ele-1	error	**ALL** elements	All FHIR elements must have a @value or children	hasValue() or (children().count() > id.count())
ext-1	error	**ALL** extensions	Must have either extensions or value[x], not both	extension.exists() != value.exists()
ppc-1	error	Consent	Either a Policy or PolicyRule	policy.exists() or policyRule.exists()
ppc-2	error	Consent	IF Scope=privacy, there must be a patient	patient.exists() or scope.coding.where(system='something' and code='patient-privacy').exists().not()
ppc-3	error	Consent	IF Scope=research, there must be a patient	patient.exists() or scope.coding.where(system='something' and code='research').exists().not()
ppc-4	error	Consent	IF Scope=adr, there must be a patient	patient.exists() or scope.coding.where(system='something' and code='adr').exists().not()
ppc-5	error	Consent	IF Scope=treatment, there must be a patient	patient.exists() or scope.coding.where(system='something' and code='treatment').exists().not()

This structure is derived from Consent

Summary

Mandatory: 1 element

Structures

This structure refers to these other structures:

• ehealth-patient (http://ehealth.sundhed.dk/fhir/StructureDefinition/ehealth-patient)
• ehealth-organization (http://ehealth.sundhed.dk/fhir/StructureDefinition/ehealth-organization)
• ehealth-consent (http://ehealth.sundhed.dk/fhir/StructureDefinition/ehealth-consent)
• ehealth-documentreference (http://ehealth.sundhed.dk/fhir/StructureDefinition/ehealth-documentreference)
• ehealth-questionnaireresponse (http://ehealth.sundhed.dk/fhir/StructureDefinition/ehealth-questionnaireresponse)

Extensions

This structure refers to these extensions:

• http://ehealth.sundhed.dk/fhir/StructureDefinition/ehealth-consent-affiliation

Slices

This structure defines the following Slices:

• The element 1 is sliced based on the value of Consent.source[x]