HL7 FHIR Implementation Guide: Data Access Policies, published by HL7 International / Security. This guide is not an authorized publication; it is the continuous build for version 1.0.0-current built by the FHIR (HL7® FHIR® Standard) CI Build. This version is based on the current content of https://github.com/HL7/data-access-policies/ and changes regularly. See the Directory of published versions

• Content
• Detailed Descriptions
• Mappings
• Examples
• XML
• JSON
• TTL

Resource Profile: Permission with K-Anonymity

Permission with the extension for K-Anonymity

Usage:

• Examples for this Resource Profile: Permission/ex-permission-k-anonymity

Formal Views of Profile Content

Description of Profiles, Differentials, Snapshots and how the different presentations work.

• Key Elements Table
• Differential Table
• Snapshot Table
• Statistics/References
• All

Name	Flags	Card.	Type	Description & Constraints
Permission		0..*	Permission	Access Rules dom-2: If the resource is contained in another resource, it SHALL NOT contain nested Resources dom-3: If the resource is contained in another resource, it SHALL be referred to from elsewhere in the resource or SHALL refer to the containing resource dom-4: If a resource is contained in another resource, it SHALL NOT have a meta.versionId or a meta.lastUpdated dom-5: If a resource is contained in another resource, it SHALL NOT have a security label dom-6: A resource should have narrative for robust management
implicitRules	?!Σ	0..1	uri	A set of rules under which this content was created ele-1: All FHIR elements must have a @value or children
contained		0..*	Resource	Contained, inline Resources
modifierExtension	?!Σ	0..*	Extension	Extensions that cannot be ignored ele-1: All FHIR elements must have a @value or children
status	Σ	1..1	code	active | entered-in-error | draft | rejected Binding: PermissionStatus (required): Codes identifying the lifecycle stage of a product. ele-1: All FHIR elements must have a @value or children
combining	?!Σ	1..1	code	deny-overrides | permit-overrides | ordered-deny-overrides | ordered-permit-overrides | deny-unless-permit | permit-unless-deny Binding: PermissionRuleCombining (required): How the rules are to be combined. ele-1: All FHIR elements must have a @value or children
Documentation for this format

Terminology Bindings

Path	Conformance	ValueSet	URI
Permission.status	required	PermissionStatus http://hl7.org/fhir/ValueSet/permission-status|6.0.0-ballot2 from the FHIR Standard
Permission.combining	required	PermissionRuleCombining http://hl7.org/fhir/ValueSet/permission-rule-combining|6.0.0-ballot2 from the FHIR Standard

Constraints

Id	Grade	Path(s)	Details	Requirements
dom-2	error	Permission	If the resource is contained in another resource, it SHALL NOT contain nested Resources : contained.contained.empty()
dom-3	error	Permission	If the resource is contained in another resource, it SHALL be referred to from elsewhere in the resource or SHALL refer to the containing resource : contained.where((('#'+id in (%resource.descendants().reference | %resource.descendants().ofType(canonical) | %resource.descendants().ofType(uri) | %resource.descendants().ofType(url))) or descendants().where(reference = '#').exists() or descendants().where(ofType(canonical) = '#').exists() or descendants().where(ofType(canonical) = '#').exists()).not()).trace('unmatched', id).empty()
dom-4	error	Permission	If a resource is contained in another resource, it SHALL NOT have a meta.versionId or a meta.lastUpdated : contained.meta.versionId.empty() and contained.meta.lastUpdated.empty()
dom-5	error	Permission	If a resource is contained in another resource, it SHALL NOT have a security label : contained.meta.security.empty()
dom-6	best practice	Permission	A resource should have narrative for robust management : text.`div`.exists()
ele-1	error	**ALL** elements	All FHIR elements must have a @value or children : hasValue() or (children().count() > id.count())

This structure is derived from Permission

Name	Flags	Card.	Type	Description & Constraints
Permission		0..*	Permission	Access Rules
rule
limit
Slices for extension				Content/Rules for all slices
extension:ka		0..1	integer	Permission imposed K-Anonymity value URL: http://hl7.org/fhir/uv/dap/StructureDefinition/dap.permissionKanonymity
Documentation for this format

Name	Flags	Card.	Type	Description & Constraints
Permission		0..*	Permission	Access Rules
id	Σ	0..1	id	Logical id of this artifact
meta	Σ	0..1	Meta	Metadata about the resource
implicitRules	?!Σ	0..1	uri	A set of rules under which this content was created
language		0..1	code	Language of the resource content Binding: AllLanguages (required): IETF language tag for a human language Additional Bindings Purpose CommonLanguages Starter Set
text		0..1	Narrative	Text summary of the resource, for human interpretation
contained		0..*	Resource	Contained, inline Resources
extension		0..*	Extension	Additional content defined by implementations
modifierExtension	?!Σ	0..*	Extension	Extensions that cannot be ignored
identifier	Σ	0..*	Identifier	Business Identifier for permission
status	Σ	1..1	code	active | entered-in-error | draft | rejected Binding: PermissionStatus (required): Codes identifying the lifecycle stage of a product.
asserter	Σ	0..1	Reference(Practitioner | PractitionerRole | Organization | CareTeam | Patient | RelatedPerson | HealthcareService)	The person or entity that asserts the permission
date	Σ	0..*	dateTime	The date that permission was asserted
validity	Σ	0..1	Period	The period in which the permission is active
justification	Σ	0..1	BackboneElement	The asserted justification for using the data
id		0..1	string	Unique id for inter-element referencing
extension		0..*	Extension	Additional content defined by implementations
modifierExtension	?!Σ	0..*	Extension	Extensions that cannot be ignored even if unrecognized
basis	Σ	0..*	CodeableConcept	The regulatory grounds upon which this Permission builds Binding: ConsentPolicyRuleCodes (example): Regulatory policy examples
evidence	Σ	0..*	Reference(Resource)	Justifing rational
combining	?!Σ	1..1	code	deny-overrides | permit-overrides | ordered-deny-overrides | ordered-permit-overrides | deny-unless-permit | permit-unless-deny Binding: PermissionRuleCombining (required): How the rules are to be combined.
rule	Σ	0..*	BackboneElement	Constraints to the Permission This repeating element order: The order of the rules processing is defined in rule combining selected in .combining element.
id		0..1	string	Unique id for inter-element referencing
extension		0..*	Extension	Additional content defined by implementations
modifierExtension	?!Σ	0..*	Extension	Extensions that cannot be ignored even if unrecognized
type	?!Σ	0..1	code	deny | permit Binding: ConsentProvisionType (required): How a rule statement is applied.
data	Σ	0..*	BackboneElement	The selection criteria to identify data that is within scope of this provision
id		0..1	string	Unique id for inter-element referencing
extension		0..*	Extension	Additional content defined by implementations
modifierExtension	?!Σ	0..*	Extension	Extensions that cannot be ignored even if unrecognized
resource	Σ	0..*	BackboneElement	Explicit FHIR Resource references
id		0..1	string	Unique id for inter-element referencing
extension		0..*	Extension	Additional content defined by implementations
modifierExtension	?!Σ	0..*	Extension	Extensions that cannot be ignored even if unrecognized
meaning	Σ	1..1	code	instance | related | dependents | authoredby Binding: ConsentDataMeaning (required): How a resource reference is interpreted when testing consent restrictions.
reference	Σ	1..1	Reference(Resource)	The actual data reference
security	Σ	0..*	Coding	Security tag code on .meta.security
period	Σ	0..1	Period	Timeframe encompasing data create/update
expression	Σ	0..1	Expression	Expression identifying the data
activity	Σ	0..*	BackboneElement	A description or definition of which activities are allowed to be done on the data
id		0..1	string	Unique id for inter-element referencing
extension		0..*	Extension	Additional content defined by implementations
modifierExtension	?!Σ	0..*	Extension	Extensions that cannot be ignored even if unrecognized
actor	Σ	0..*	Reference(Device | Group | CareTeam | Organization | Patient | Practitioner | RelatedPerson | PractitionerRole)	Authorized actor(s)
action	Σ	0..*	CodeableConcept	Actions controlled by this rule Binding: ConsentActionCodes (example): Detailed codes for the action.
purpose	Σ	0..*	CodeableConcept	The purpose for which the permission is given Binding: PurposeOfUse (preferred): What purposes of use are controlled by this exception. If more than one label is specified, operations must have all the specified labels.
limit	Σ	0..*	CodeableConcept	What limits apply to the use of the data Binding: SecurityLabelEventExamples (example): Obligations and Refrains
id		0..1	id	Unique id for inter-element referencing
Slices for extension		0..*	Extension	Additional content defined by implementations Slice: Unordered, Open by value:url
extension:ka		0..1	integer	Permission imposed K-Anonymity value URL: http://hl7.org/fhir/uv/dap/StructureDefinition/dap.permissionKanonymity
coding		0..*	Coding	Code defined by a terminology system
text		0..1	string	Plain text representation of the concept
Documentation for this format

Terminology Bindings

Path	Conformance	ValueSet	URI
Permission.language	required	AllLanguages http://hl7.org/fhir/ValueSet/all-languages|6.0.0-ballot2 from the FHIR Standard
Permission.status	required	PermissionStatus http://hl7.org/fhir/ValueSet/permission-status|6.0.0-ballot2 from the FHIR Standard
Permission.justification.basis	example	ConsentPolicyRuleCodes http://hl7.org/fhir/ValueSet/consent-policy from the FHIR Standard
Permission.combining	required	PermissionRuleCombining http://hl7.org/fhir/ValueSet/permission-rule-combining|6.0.0-ballot2 from the FHIR Standard
Permission.rule.type	required	ConsentProvisionType http://hl7.org/fhir/ValueSet/consent-provision-type|6.0.0-ballot2 from the FHIR Standard
Permission.rule.data.resource.meaning	required	ConsentDataMeaning http://hl7.org/fhir/ValueSet/consent-data-meaning|6.0.0-ballot2 from the FHIR Standard
Permission.rule.activity.action	example	ConsentActionCodes http://hl7.org/fhir/ValueSet/consent-action from the FHIR Standard
Permission.rule.activity.purpose	preferred	PurposeOfUse http://terminology.hl7.org/ValueSet/v3-PurposeOfUse
Permission.rule.limit	example	SecurityLabelEventExamples http://hl7.org/fhir/ValueSet/security-label-event-examples from the FHIR Standard

Constraints

Id	Grade	Path(s)	Details	Requirements
dom-2	error	Permission	If the resource is contained in another resource, it SHALL NOT contain nested Resources : contained.contained.empty()
dom-3	error	Permission	If the resource is contained in another resource, it SHALL be referred to from elsewhere in the resource or SHALL refer to the containing resource : contained.where((('#'+id in (%resource.descendants().reference | %resource.descendants().ofType(canonical) | %resource.descendants().ofType(uri) | %resource.descendants().ofType(url))) or descendants().where(reference = '#').exists() or descendants().where(ofType(canonical) = '#').exists() or descendants().where(ofType(canonical) = '#').exists()).not()).trace('unmatched', id).empty()
dom-4	error	Permission	If a resource is contained in another resource, it SHALL NOT have a meta.versionId or a meta.lastUpdated : contained.meta.versionId.empty() and contained.meta.lastUpdated.empty()
dom-5	error	Permission	If a resource is contained in another resource, it SHALL NOT have a security label : contained.meta.security.empty()
dom-6	best practice	Permission	A resource should have narrative for robust management : text.`div`.exists()
ele-1	error	**ALL** elements	All FHIR elements must have a @value or children : hasValue() or (children().count() > id.count())

This structure is derived from Permission

Summary

Extensions

This structure refers to these extensions:

• http://hl7.org/fhir/uv/dap/StructureDefinition/dap.permissionKanonymity

Maturity: 0

Key Elements View

Name	Flags	Card.	Type	Description & Constraints
Permission		0..*	Permission	Access Rules dom-2: If the resource is contained in another resource, it SHALL NOT contain nested Resources dom-3: If the resource is contained in another resource, it SHALL be referred to from elsewhere in the resource or SHALL refer to the containing resource dom-4: If a resource is contained in another resource, it SHALL NOT have a meta.versionId or a meta.lastUpdated dom-5: If a resource is contained in another resource, it SHALL NOT have a security label dom-6: A resource should have narrative for robust management
implicitRules	?!Σ	0..1	uri	A set of rules under which this content was created ele-1: All FHIR elements must have a @value or children
contained		0..*	Resource	Contained, inline Resources
modifierExtension	?!Σ	0..*	Extension	Extensions that cannot be ignored ele-1: All FHIR elements must have a @value or children
status	Σ	1..1	code	active | entered-in-error | draft | rejected Binding: PermissionStatus (required): Codes identifying the lifecycle stage of a product. ele-1: All FHIR elements must have a @value or children
combining	?!Σ	1..1	code	deny-overrides | permit-overrides | ordered-deny-overrides | ordered-permit-overrides | deny-unless-permit | permit-unless-deny Binding: PermissionRuleCombining (required): How the rules are to be combined. ele-1: All FHIR elements must have a @value or children
Documentation for this format

Terminology Bindings

Path	Conformance	ValueSet	URI
Permission.status	required	PermissionStatus http://hl7.org/fhir/ValueSet/permission-status|6.0.0-ballot2 from the FHIR Standard
Permission.combining	required	PermissionRuleCombining http://hl7.org/fhir/ValueSet/permission-rule-combining|6.0.0-ballot2 from the FHIR Standard

Constraints

Id	Grade	Path(s)	Details	Requirements
dom-2	error	Permission	If the resource is contained in another resource, it SHALL NOT contain nested Resources : contained.contained.empty()
dom-3	error	Permission	If the resource is contained in another resource, it SHALL be referred to from elsewhere in the resource or SHALL refer to the containing resource : contained.where((('#'+id in (%resource.descendants().reference | %resource.descendants().ofType(canonical) | %resource.descendants().ofType(uri) | %resource.descendants().ofType(url))) or descendants().where(reference = '#').exists() or descendants().where(ofType(canonical) = '#').exists() or descendants().where(ofType(canonical) = '#').exists()).not()).trace('unmatched', id).empty()
dom-4	error	Permission	If a resource is contained in another resource, it SHALL NOT have a meta.versionId or a meta.lastUpdated : contained.meta.versionId.empty() and contained.meta.lastUpdated.empty()
dom-5	error	Permission	If a resource is contained in another resource, it SHALL NOT have a security label : contained.meta.security.empty()
dom-6	best practice	Permission	A resource should have narrative for robust management : text.`div`.exists()
ele-1	error	**ALL** elements	All FHIR elements must have a @value or children : hasValue() or (children().count() > id.count())

Differential View

This structure is derived from Permission

Name	Flags	Card.	Type	Description & Constraints
Permission		0..*	Permission	Access Rules
rule
limit
Slices for extension				Content/Rules for all slices
extension:ka		0..1	integer	Permission imposed K-Anonymity value URL: http://hl7.org/fhir/uv/dap/StructureDefinition/dap.permissionKanonymity
Documentation for this format

Snapshot View

Name	Flags	Card.	Type	Description & Constraints
Permission		0..*	Permission	Access Rules
id	Σ	0..1	id	Logical id of this artifact
meta	Σ	0..1	Meta	Metadata about the resource
implicitRules	?!Σ	0..1	uri	A set of rules under which this content was created
language		0..1	code	Language of the resource content Binding: AllLanguages (required): IETF language tag for a human language Additional Bindings Purpose CommonLanguages Starter Set
text		0..1	Narrative	Text summary of the resource, for human interpretation
contained		0..*	Resource	Contained, inline Resources
extension		0..*	Extension	Additional content defined by implementations
modifierExtension	?!Σ	0..*	Extension	Extensions that cannot be ignored
identifier	Σ	0..*	Identifier	Business Identifier for permission
status	Σ	1..1	code	active | entered-in-error | draft | rejected Binding: PermissionStatus (required): Codes identifying the lifecycle stage of a product.
asserter	Σ	0..1	Reference(Practitioner | PractitionerRole | Organization | CareTeam | Patient | RelatedPerson | HealthcareService)	The person or entity that asserts the permission
date	Σ	0..*	dateTime	The date that permission was asserted
validity	Σ	0..1	Period	The period in which the permission is active
justification	Σ	0..1	BackboneElement	The asserted justification for using the data
id		0..1	string	Unique id for inter-element referencing
extension		0..*	Extension	Additional content defined by implementations
modifierExtension	?!Σ	0..*	Extension	Extensions that cannot be ignored even if unrecognized
basis	Σ	0..*	CodeableConcept	The regulatory grounds upon which this Permission builds Binding: ConsentPolicyRuleCodes (example): Regulatory policy examples
evidence	Σ	0..*	Reference(Resource)	Justifing rational
combining	?!Σ	1..1	code	deny-overrides | permit-overrides | ordered-deny-overrides | ordered-permit-overrides | deny-unless-permit | permit-unless-deny Binding: PermissionRuleCombining (required): How the rules are to be combined.
rule	Σ	0..*	BackboneElement	Constraints to the Permission This repeating element order: The order of the rules processing is defined in rule combining selected in .combining element.
id		0..1	string	Unique id for inter-element referencing
extension		0..*	Extension	Additional content defined by implementations
modifierExtension	?!Σ	0..*	Extension	Extensions that cannot be ignored even if unrecognized
type	?!Σ	0..1	code	deny | permit Binding: ConsentProvisionType (required): How a rule statement is applied.
data	Σ	0..*	BackboneElement	The selection criteria to identify data that is within scope of this provision
id		0..1	string	Unique id for inter-element referencing
extension		0..*	Extension	Additional content defined by implementations
modifierExtension	?!Σ	0..*	Extension	Extensions that cannot be ignored even if unrecognized
resource	Σ	0..*	BackboneElement	Explicit FHIR Resource references
id		0..1	string	Unique id for inter-element referencing
extension		0..*	Extension	Additional content defined by implementations
modifierExtension	?!Σ	0..*	Extension	Extensions that cannot be ignored even if unrecognized
meaning	Σ	1..1	code	instance | related | dependents | authoredby Binding: ConsentDataMeaning (required): How a resource reference is interpreted when testing consent restrictions.
reference	Σ	1..1	Reference(Resource)	The actual data reference
security	Σ	0..*	Coding	Security tag code on .meta.security
period	Σ	0..1	Period	Timeframe encompasing data create/update
expression	Σ	0..1	Expression	Expression identifying the data
activity	Σ	0..*	BackboneElement	A description or definition of which activities are allowed to be done on the data
id		0..1	string	Unique id for inter-element referencing
extension		0..*	Extension	Additional content defined by implementations
modifierExtension	?!Σ	0..*	Extension	Extensions that cannot be ignored even if unrecognized
actor	Σ	0..*	Reference(Device | Group | CareTeam | Organization | Patient | Practitioner | RelatedPerson | PractitionerRole)	Authorized actor(s)
action	Σ	0..*	CodeableConcept	Actions controlled by this rule Binding: ConsentActionCodes (example): Detailed codes for the action.
purpose	Σ	0..*	CodeableConcept	The purpose for which the permission is given Binding: PurposeOfUse (preferred): What purposes of use are controlled by this exception. If more than one label is specified, operations must have all the specified labels.
limit	Σ	0..*	CodeableConcept	What limits apply to the use of the data Binding: SecurityLabelEventExamples (example): Obligations and Refrains
id		0..1	id	Unique id for inter-element referencing
Slices for extension		0..*	Extension	Additional content defined by implementations Slice: Unordered, Open by value:url
extension:ka		0..1	integer	Permission imposed K-Anonymity value URL: http://hl7.org/fhir/uv/dap/StructureDefinition/dap.permissionKanonymity
coding		0..*	Coding	Code defined by a terminology system
text		0..1	string	Plain text representation of the concept
Documentation for this format

Terminology Bindings

Path	Conformance	ValueSet	URI
Permission.language	required	AllLanguages http://hl7.org/fhir/ValueSet/all-languages|6.0.0-ballot2 from the FHIR Standard
Permission.status	required	PermissionStatus http://hl7.org/fhir/ValueSet/permission-status|6.0.0-ballot2 from the FHIR Standard
Permission.justification.basis	example	ConsentPolicyRuleCodes http://hl7.org/fhir/ValueSet/consent-policy from the FHIR Standard
Permission.combining	required	PermissionRuleCombining http://hl7.org/fhir/ValueSet/permission-rule-combining|6.0.0-ballot2 from the FHIR Standard
Permission.rule.type	required	ConsentProvisionType http://hl7.org/fhir/ValueSet/consent-provision-type|6.0.0-ballot2 from the FHIR Standard
Permission.rule.data.resource.meaning	required	ConsentDataMeaning http://hl7.org/fhir/ValueSet/consent-data-meaning|6.0.0-ballot2 from the FHIR Standard
Permission.rule.activity.action	example	ConsentActionCodes http://hl7.org/fhir/ValueSet/consent-action from the FHIR Standard
Permission.rule.activity.purpose	preferred	PurposeOfUse http://terminology.hl7.org/ValueSet/v3-PurposeOfUse
Permission.rule.limit	example	SecurityLabelEventExamples http://hl7.org/fhir/ValueSet/security-label-event-examples from the FHIR Standard

Constraints

Id	Grade	Path(s)	Details	Requirements
dom-2	error	Permission	If the resource is contained in another resource, it SHALL NOT contain nested Resources : contained.contained.empty()
dom-3	error	Permission	If the resource is contained in another resource, it SHALL be referred to from elsewhere in the resource or SHALL refer to the containing resource : contained.where((('#'+id in (%resource.descendants().reference | %resource.descendants().ofType(canonical) | %resource.descendants().ofType(uri) | %resource.descendants().ofType(url))) or descendants().where(reference = '#').exists() or descendants().where(ofType(canonical) = '#').exists() or descendants().where(ofType(canonical) = '#').exists()).not()).trace('unmatched', id).empty()
dom-4	error	Permission	If a resource is contained in another resource, it SHALL NOT have a meta.versionId or a meta.lastUpdated : contained.meta.versionId.empty() and contained.meta.lastUpdated.empty()
dom-5	error	Permission	If a resource is contained in another resource, it SHALL NOT have a security label : contained.meta.security.empty()
dom-6	best practice	Permission	A resource should have narrative for robust management : text.`div`.exists()
ele-1	error	**ALL** elements	All FHIR elements must have a @value or children : hasValue() or (children().count() > id.count())

This structure is derived from Permission

Summary

Extensions

This structure refers to these extensions:

• http://hl7.org/fhir/uv/dap/StructureDefinition/dap.permissionKanonymity

Maturity: 0

Other representations of profile: CSV, Excel, Schematron