VhDir Restriction - Validated Healthcare Directory v1.0.0

Validated Healthcare Directory
1.0.0 - STU1 International flag

Validated Healthcare Directory, published by HL7 International / Patient Administration. This guide is not an authorized publication; it is the continuous build for version 1.0.0 built by the FHIR (HL7® FHIR® Standard) CI Build. This version is based on the current content of https://github.com/HL7/VhDir/ and changes regularly. See the Directory of published versions

Resource Profile: VhDir Restriction

Official URL: http://hl7.org/fhir/uv/vhdir/StructureDefinition/vhdir-restriction				Version: 1.0.0
Active as of 2017-12-15				Computable Name: VhdirRestriction
Copyright/Legal: Used by permission of HL7 International all rights reserved Creative Commons License

Restriction on use/release of exchanged information

This profile sets minimum expectations for searching for and fetching information associated with a restriction. It identifies which core elements, extensions, vocabularies and value sets SHALL be present in the Consent resource when using this profile.

Background and Context

The FHIR specification contains a security meta tag which can be used to inform systems of the sensitivity of resources. The tag can be used by access control mechanisms to ensure content isn't exposed inappropriately. However, the security meta tag can only indicate sensitivity at the resource level, and provides relatively little context about the restriction.

This implementation guide profiles the Consent resource to provide additional details about the nature of restrictions on content passed from the validated healthcare directory to downstream workflow environments.

The restriction profile consists of the following elements:

consent.status indicates whether the restriction is active
consent.category describes the type of restriction (e.g. the data may be further disclosed by the downstream workflow environment per the terms of a Data Use Agreement)
consent.dateTime indicates when the restriction was last updated
consent.policy references a policy or policies defining the restriction
consent.provision defines access rights for restricted content

Examples:

The following are example uses for the vhdir-restriction profile:

Mandatory Data Elements

The following data-elements are mandatory (i.e data MUST be present). These are presented below in a simple human-readable explanation. The Formal Profile Definition below provides the formal summary, definitions, and terminology requirements.

Each Consent resource must have:

A coded value representing the status of the restriction in consent.status
At least one coded and/or text value describing the type of restriction in consent.category
At least one actor when describing access rights via consent.provision. Each actor must include a reference to a practitioner, organization, care team, or group. The role of each actor is fixed to code "IRCP" (information recipient) from the code system defined at http://hl7.org/fhir/v3/ParticipationType

Profile specific implementation guidance:

This resource is expected to be a contained resource in the resources whose content is restricted by it. Therefore, there are no restful interactions defined for this resource type.

Terminology

TBD

Usage:

Refer to this Resource Profile: VhDir Usage Restriction

Formal Views of Profile Content

Description of Profiles, Differentials, Snapshots and how the different presentations work.

Differential Table
Key Elements Table
Snapshot Table
Statistics/References
All

This structure is derived from Consent

Name	Flags	Card.	Type	Description & Constraints
Consent		0..*	Consent	A policy may permit or deny recipients or roles to perform actions for specific purposes and periods of time
identifier	S	0..0
status	S	1..1	code	Indicates the current state of this restriction
scope	S	1..1	CodeableConcept	Which of the four areas this resource covers (extensible) Binding: VhDir Consent Value Set (extensible)
category	S	1..*	CodeableConcept	Type of restriction
patient	S	0..0
dateTime	S	0..1	dateTime	date/time of last update for this restriction
performer	S	0..0
organization	S	0..0
source[x]	S	0..0
policy	S	0..*	BackboneElement	Policies covered by this consent
authority	S	0..0
uri	S	0..1	uri	Specific policy covered by this restriction
policyRule	S	0..0
verification	S	0..0
provision	S	0..1	BackboneElement	Access rights
type	S	0..1	code	deny \| permit Fixed Value: permit
period	S	0..0
actor	S	1..*	BackboneElement	Who\|what controlled by this rule (or group, by role)
role	S	1..1	CodeableConcept	How the actor is involved
reference	S	1..1	Reference(VhDir Organization \| VhDir Care Team \| VhDir Practitioner)	definedUserOrGroup
action	S	0..1	CodeableConcept	reasonType
securityLabel	S	0..*	Coding	userType
purpose	S	0..*	Coding	reasonName
class	S	0..0
code	S	0..0
dataPeriod	S	0..0
data	S	0..0
provision	S	0..0
Documentation for this format

Terminology Bindings (Differential)

Path	Conformance	ValueSet	URI
Consent.scope	extensible	VhDirConsent `http://hl7.org/fhir/uv/vhdir/ValueSet/consent` from this IG

Name	Flags	Card.	Type	Description & Constraints
Consent	C	0..*	Consent	A policy may permit or deny recipients or roles to perform actions for specific purposes and periods of time ppc-1: Either a Policy or PolicyRule ppc-2: IF Scope=privacy, there must be a patient ppc-3: IF Scope=research, there must be a patient ppc-4: IF Scope=adr, there must be a patient ppc-5: IF Scope=treatment, there must be a patient
implicitRules	?!Σ	0..1	uri	A set of rules under which this content was created
modifierExtension	?!	0..*	Extension	Extensions that cannot be ignored
status	?!SΣ	1..1	code	Indicates the current state of this restriction Binding: ConsentState (required): Indicates the state of the consent.
scope	?!SΣ	1..1	CodeableConcept	Which of the four areas this resource covers (extensible) Binding: VhDir Consent Value Set (extensible)
category	SΣ	1..*	CodeableConcept	Type of restriction Binding: ConsentCategoryCodes (extensible): A classification of the type of consents found in a consent statement.
dateTime	SΣ	0..1	dateTime	date/time of last update for this restriction
policy	S	0..*	BackboneElement	Policies covered by this consent
modifierExtension	?!Σ	0..*	Extension	Extensions that cannot be ignored even if unrecognized
uri	SC	0..1	uri	Specific policy covered by this restriction
provision	SΣ	0..1	BackboneElement	Access rights
modifierExtension	?!Σ	0..*	Extension	Extensions that cannot be ignored even if unrecognized
type	SΣ	0..1	code	deny \| permit Binding: ConsentProvisionType (required): How a rule statement is applied, such as adding additional consent or removing consent. Fixed Value: permit
actor	S	1..*	BackboneElement	Who\|what controlled by this rule (or group, by role)
modifierExtension	?!Σ	0..*	Extension	Extensions that cannot be ignored even if unrecognized
role	S	1..1	CodeableConcept	How the actor is involved Binding: SecurityRoleType (extensible): How an actor is involved in the consent considerations.
reference	S	1..1	Reference(VhDir Organization \| VhDir Care Team \| VhDir Practitioner)	definedUserOrGroup
action	SΣ	0..1	CodeableConcept	reasonType Binding: ConsentActionCodes (example): Detailed codes for the consent action.
securityLabel	SΣ	0..*	Coding	userType Binding: All Security Labels (extensible): Security Labels from the Healthcare Privacy and Security Classification System.
purpose	SΣ	0..*	Coding	reasonName Binding: PurposeOfUse (extensible): What purposes of use are controlled by this exception. If more than one label is specified, operations must have all the specified labels.
Documentation for this format

Terminology Bindings

Path	Conformance	ValueSet / Code	URI
Consent.status	required	ConsentState `http://hl7.org/fhir/ValueSet/consent-state-codes\|4.0.1` from the FHIR Standard
Consent.scope	extensible	VhDirConsent `http://hl7.org/fhir/uv/vhdir/ValueSet/consent` from this IG
Consent.category	extensible	ConsentCategoryCodes `http://hl7.org/fhir/ValueSet/consent-category` from the FHIR Standard
Consent.provision.type	required	Fixed Value: permit `http://hl7.org/fhir/ValueSet/consent-provision-type\|4.0.1` from the FHIR Standard
Consent.provision.actor.role	extensible	SecurityRoleType `http://hl7.org/fhir/ValueSet/security-role-type` from the FHIR Standard
Consent.provision.action	example	ConsentActionCodes `http://hl7.org/fhir/ValueSet/consent-action` from the FHIR Standard
Consent.provision.securityLabel	extensible	All Security Labels `http://hl7.org/fhir/ValueSet/security-labels` from the FHIR Standard
Consent.provision.purpose	extensible	PurposeOfUse `http://terminology.hl7.org/ValueSet/v3-PurposeOfUse`
Consent.provision.data.meaning	required	ConsentDataMeaning `http://hl7.org/fhir/ValueSet/consent-data-meaning\|4.0.1` from the FHIR Standard

Description & Constraints

Consent

C

0..*

Consent

A policy may permit or deny recipients or roles to perform actions for specific purposes and periods of time
ppc-1: Either a Policy or PolicyRule
ppc-2: IF Scope=privacy, there must be a patient
ppc-3: IF Scope=research, there must be a patient
ppc-4: IF Scope=adr, there must be a patient
ppc-5: IF Scope=treatment, there must be a patient

id

Σ

0..1

id

Logical id of this artifact

Terminology Bindings

Path Conformance ValueSet / Code URI

Consent.language

preferred

CommonLanguages

Additional Bindings

Purpose

AllLanguages

Max Binding

http://hl7.org/fhir/ValueSet/languages

from the FHIR Standard

Consent.status

required

ConsentState

http://hl7.org/fhir/ValueSet/consent-state-codes|4.0.1

from the FHIR Standard

Consent.scope

extensible

VhDirConsent

http://hl7.org/fhir/uv/vhdir/ValueSet/consent

from this IG

Consent.category

extensible

ConsentCategoryCodes

http://hl7.org/fhir/ValueSet/consent-category

from the FHIR Standard

Consent.provision.type

required

Fixed Value: permit

http://hl7.org/fhir/ValueSet/consent-provision-type|4.0.1

from the FHIR Standard

Consent.provision.actor.role

extensible

SecurityRoleType

http://hl7.org/fhir/ValueSet/security-role-type

from the FHIR Standard

Consent.provision.action

example

ConsentActionCodes

http://hl7.org/fhir/ValueSet/consent-action

from the FHIR Standard

Consent.provision.securityLabel

extensible

All Security Labels

http://hl7.org/fhir/ValueSet/security-labels

from the FHIR Standard

Consent.provision.purpose

extensible

PurposeOfUse

http://terminology.hl7.org/ValueSet/v3-PurposeOfUse

Consent.provision.data.meaning

required

ConsentDataMeaning

http://hl7.org/fhir/ValueSet/consent-data-meaning|4.0.1

from the FHIR Standard

This structure is derived from Consent

Summary

Mandatory: 0 element(1 nested mandatory element)
Must-Support: 33 elements
Fixed: 1 element
Prohibited: 14 elements

Structures

This structure refers to these other structures:

Differential View

This structure is derived from Consent

Name	Flags	Card.	Type	Description & Constraints
Consent		0..*	Consent	A policy may permit or deny recipients or roles to perform actions for specific purposes and periods of time
identifier	S	0..0
status	S	1..1	code	Indicates the current state of this restriction
scope	S	1..1	CodeableConcept	Which of the four areas this resource covers (extensible) Binding: VhDir Consent Value Set (extensible)
category	S	1..*	CodeableConcept	Type of restriction
patient	S	0..0
dateTime	S	0..1	dateTime	date/time of last update for this restriction
performer	S	0..0
organization	S	0..0
source[x]	S	0..0
policy	S	0..*	BackboneElement	Policies covered by this consent
authority	S	0..0
uri	S	0..1	uri	Specific policy covered by this restriction
policyRule	S	0..0
verification	S	0..0
provision	S	0..1	BackboneElement	Access rights
type	S	0..1	code	deny \| permit Fixed Value: permit
period	S	0..0
actor	S	1..*	BackboneElement	Who\|what controlled by this rule (or group, by role)
role	S	1..1	CodeableConcept	How the actor is involved
reference	S	1..1	Reference(VhDir Organization \| VhDir Care Team \| VhDir Practitioner)	definedUserOrGroup
action	S	0..1	CodeableConcept	reasonType
securityLabel	S	0..*	Coding	userType
purpose	S	0..*	Coding	reasonName
class	S	0..0
code	S	0..0
dataPeriod	S	0..0
data	S	0..0
provision	S	0..0
Documentation for this format

Terminology Bindings (Differential)

Path	Conformance	ValueSet	URI
Consent.scope	extensible	VhDirConsent `http://hl7.org/fhir/uv/vhdir/ValueSet/consent` from this IG

Key Elements View

Name	Flags	Card.	Type	Description & Constraints
Consent	C	0..*	Consent	A policy may permit or deny recipients or roles to perform actions for specific purposes and periods of time ppc-1: Either a Policy or PolicyRule ppc-2: IF Scope=privacy, there must be a patient ppc-3: IF Scope=research, there must be a patient ppc-4: IF Scope=adr, there must be a patient ppc-5: IF Scope=treatment, there must be a patient
implicitRules	?!Σ	0..1	uri	A set of rules under which this content was created
modifierExtension	?!	0..*	Extension	Extensions that cannot be ignored
status	?!SΣ	1..1	code	Indicates the current state of this restriction Binding: ConsentState (required): Indicates the state of the consent.
scope	?!SΣ	1..1	CodeableConcept	Which of the four areas this resource covers (extensible) Binding: VhDir Consent Value Set (extensible)
category	SΣ	1..*	CodeableConcept	Type of restriction Binding: ConsentCategoryCodes (extensible): A classification of the type of consents found in a consent statement.
dateTime	SΣ	0..1	dateTime	date/time of last update for this restriction
policy	S	0..*	BackboneElement	Policies covered by this consent
modifierExtension	?!Σ	0..*	Extension	Extensions that cannot be ignored even if unrecognized
uri	SC	0..1	uri	Specific policy covered by this restriction
provision	SΣ	0..1	BackboneElement	Access rights
modifierExtension	?!Σ	0..*	Extension	Extensions that cannot be ignored even if unrecognized
type	SΣ	0..1	code	deny \| permit Binding: ConsentProvisionType (required): How a rule statement is applied, such as adding additional consent or removing consent. Fixed Value: permit
actor	S	1..*	BackboneElement	Who\|what controlled by this rule (or group, by role)
modifierExtension	?!Σ	0..*	Extension	Extensions that cannot be ignored even if unrecognized
role	S	1..1	CodeableConcept	How the actor is involved Binding: SecurityRoleType (extensible): How an actor is involved in the consent considerations.
reference	S	1..1	Reference(VhDir Organization \| VhDir Care Team \| VhDir Practitioner)	definedUserOrGroup
action	SΣ	0..1	CodeableConcept	reasonType Binding: ConsentActionCodes (example): Detailed codes for the consent action.
securityLabel	SΣ	0..*	Coding	userType Binding: All Security Labels (extensible): Security Labels from the Healthcare Privacy and Security Classification System.
purpose	SΣ	0..*	Coding	reasonName Binding: PurposeOfUse (extensible): What purposes of use are controlled by this exception. If more than one label is specified, operations must have all the specified labels.
Documentation for this format

Terminology Bindings

Path	Conformance	ValueSet / Code	URI
Consent.status	required	ConsentState `http://hl7.org/fhir/ValueSet/consent-state-codes\|4.0.1` from the FHIR Standard
Consent.scope	extensible	VhDirConsent `http://hl7.org/fhir/uv/vhdir/ValueSet/consent` from this IG
Consent.category	extensible	ConsentCategoryCodes `http://hl7.org/fhir/ValueSet/consent-category` from the FHIR Standard
Consent.provision.type	required	Fixed Value: permit `http://hl7.org/fhir/ValueSet/consent-provision-type\|4.0.1` from the FHIR Standard
Consent.provision.actor.role	extensible	SecurityRoleType `http://hl7.org/fhir/ValueSet/security-role-type` from the FHIR Standard
Consent.provision.action	example	ConsentActionCodes `http://hl7.org/fhir/ValueSet/consent-action` from the FHIR Standard
Consent.provision.securityLabel	extensible	All Security Labels `http://hl7.org/fhir/ValueSet/security-labels` from the FHIR Standard
Consent.provision.purpose	extensible	PurposeOfUse `http://terminology.hl7.org/ValueSet/v3-PurposeOfUse`
Consent.provision.data.meaning	required	ConsentDataMeaning `http://hl7.org/fhir/ValueSet/consent-data-meaning\|4.0.1` from the FHIR Standard

Snapshot View

Description & Constraints

Consent

C

0..*

Consent

A policy may permit or deny recipients or roles to perform actions for specific purposes and periods of time
ppc-1: Either a Policy or PolicyRule
ppc-2: IF Scope=privacy, there must be a patient
ppc-3: IF Scope=research, there must be a patient
ppc-4: IF Scope=adr, there must be a patient
ppc-5: IF Scope=treatment, there must be a patient

id

Σ

0..1

id

Logical id of this artifact

Terminology Bindings

Path Conformance ValueSet / Code URI

Consent.language

preferred

CommonLanguages

Additional Bindings

Purpose

AllLanguages

Max Binding

http://hl7.org/fhir/ValueSet/languages

from the FHIR Standard

Consent.status

required

ConsentState

http://hl7.org/fhir/ValueSet/consent-state-codes|4.0.1

from the FHIR Standard

Consent.scope

extensible

VhDirConsent

http://hl7.org/fhir/uv/vhdir/ValueSet/consent

from this IG

Consent.category

extensible

ConsentCategoryCodes

http://hl7.org/fhir/ValueSet/consent-category

from the FHIR Standard

Consent.provision.type

required

Fixed Value: permit

http://hl7.org/fhir/ValueSet/consent-provision-type|4.0.1

from the FHIR Standard

Consent.provision.actor.role

extensible

SecurityRoleType

http://hl7.org/fhir/ValueSet/security-role-type

from the FHIR Standard

Consent.provision.action

example

ConsentActionCodes

http://hl7.org/fhir/ValueSet/consent-action

from the FHIR Standard

Consent.provision.securityLabel

extensible

All Security Labels

http://hl7.org/fhir/ValueSet/security-labels

from the FHIR Standard

Consent.provision.purpose

extensible

PurposeOfUse

http://terminology.hl7.org/ValueSet/v3-PurposeOfUse

Consent.provision.data.meaning

required

ConsentDataMeaning

http://hl7.org/fhir/ValueSet/consent-data-meaning|4.0.1

from the FHIR Standard

This structure is derived from Consent

Summary

Mandatory: 0 element(1 nested mandatory element)
Must-Support: 33 elements
Fixed: 1 element
Prohibited: 14 elements

Structures

This structure refers to these other structures:

Other representations of profile: CSV, Excel, Schematron

Notes:

Because this resource is expected to be a contained resource in the resources whose content is restricted, there are no RESTful interactions defined for this profile.

IG © 2022+ HL7 International / Patient Administration. Package hl7.fhir.uv.vhdir#1.0.0 based on FHIR 4.0.1. Generated 2024-08-26
Links: Table of Contents | QA Report | Version History | | Propose a change