Permission with K-Anonymity - HL7 FHIR Implementation Guide: Data Access Policies v1.0.0-current

HL7 FHIR Implementation Guide: Data Access Policies
1.0.0-current - ci-build International flag

HL7 FHIR Implementation Guide: Data Access Policies, published by HL7 International / Security. This guide is not an authorized publication; it is the continuous build for version 1.0.0-current built by the FHIR (HL7® FHIR® Standard) CI Build. This version is based on the current content of https://github.com/HL7/data-access-policies/ and changes regularly. See the Directory of published versions

Resource Profile: Permission with K-Anonymity

Official URL: http://hl7.org/fhir/uv/dap/StructureDefinition/dap.PermissionWithKanonymity				Version: 1.0.0-current
Standards status: Informative			Maturity Level: 0	Computable Name: PermissionWithKanonymity

Permission with the extension for K-Anonymity

Usage:

Examples for this Resource Profile: Permission/ex-permission-k-anonymity

Formal Views of Profile Content

Description of Profiles, Differentials, Snapshots and how the different presentations work.

Differential Table
Key Elements Table
Snapshot Table
Statistics/References
All

This structure is derived from Permission

Name	Card.	Type	Description & Constraints
Permission	0..*	Permission	Access Rules
rule
limit
Slices for extension			Content/Rules for all slices
ka	0..1	integer	Permission imposed K-Anonymity value URL: http://hl7.org/fhir/uv/dap/StructureDefinition/dap.permissionKanonymity
Documentation for this format

Name	Flags	Card.	Type	Description & Constraints
Permission		0..*	Permission	Access Rules
implicitRules	?!Σ	0..1	uri	A set of rules under which this content was created
contained		0..*	Resource	Contained, inline Resources
modifierExtension	?!Σ	0..*	Extension	Extensions that cannot be ignored
status	Σ	1..1	code	active \| entered-in-error \| draft \| rejected Binding: PermissionStatus (required): Codes identifying the lifecycle stage of a product.
combining	?!Σ	1..1	code	deny-overrides \| permit-overrides \| ordered-deny-overrides \| ordered-permit-overrides \| deny-unless-permit \| permit-unless-deny Binding: PermissionRuleCombining (required): How the rules are to be combined.
Documentation for this format

Terminology Bindings

Path	Conformance	ValueSet	URI
Permission.status	required	PermissionStatus `http://hl7.org/fhir/ValueSet/permission-status\|5.0.0` from the FHIR Standard
Permission.combining	required	PermissionRuleCombining `http://hl7.org/fhir/ValueSet/permission-rule-combining\|5.0.0` from the FHIR Standard

Constraints

Id	Grade	Path(s)	Details	Requirements
dom-2	error	Permission	If the resource is contained in another resource, it SHALL NOT contain nested Resources : contained.contained.empty()
dom-3	error	Permission	If the resource is contained in another resource, it SHALL be referred to from elsewhere in the resource or SHALL refer to the containing resource : contained.where((('#'+id in (%resource.descendants().reference \| %resource.descendants().ofType(canonical) \| %resource.descendants().ofType(uri) \| %resource.descendants().ofType(url))) or descendants().where(reference = '#').exists() or descendants().where(ofType(canonical) = '#').exists() or descendants().where(ofType(canonical) = '#').exists()).not()).trace('unmatched', id).empty()
dom-4	error	Permission	If a resource is contained in another resource, it SHALL NOT have a meta.versionId or a meta.lastUpdated : contained.meta.versionId.empty() and contained.meta.lastUpdated.empty()
dom-5	error	Permission	If a resource is contained in another resource, it SHALL NOT have a security label : contained.meta.security.empty()
dom-6	best practice	Permission	A resource should have narrative for robust management : text.`div`.exists()
ele-1	error	ALL elements	All FHIR elements must have a @value or children : hasValue() or (children().count() > id.count())
ext-1	error	ALL extensions	Must have either extensions or value[x], not both : extension.exists() != value.exists()

Description & Constraints

Permission

0..*

Permission

Access Rules

id

Σ

0..1

id

Logical id of this artifact

Meta

Metadata about the resource

implicitRules

?!Σ

0..1

uri

A set of rules under which this content was created

language

0..1

code

Language of the resource content
Binding: AllLanguages (required): IETF language tag for a human language

Additional Bindings

Purpose

CommonLanguages

Starter Set

text

0..1

Narrative

Text summary of the resource, for human interpretation

contained

0..*

Resource

Contained, inline Resources

extension

0..*

Extension

Additional content defined by implementations

modifierExtension

?!Σ

0..*

Extension

Extensions that cannot be ignored

status

Σ

1..1

code

active | entered-in-error | draft | rejected
Binding: PermissionStatus (required): Codes identifying the lifecycle stage of a product.

asserter

Σ

0..1

The person or entity that asserts the permission

date

Σ

0..*

dateTime

The date that permission was asserted

validity

Σ

0..1

Period

The period in which the permission is active

justification

Σ

0..1

BackboneElement

The asserted justification for using the data

id

0..1

string

Unique id for inter-element referencing

extension

0..*

Extension

Additional content defined by implementations

modifierExtension

?!Σ

0..*

Extension

Extensions that cannot be ignored even if unrecognized

basis

Σ

0..*

CodeableConcept

The regulatory grounds upon which this Permission builds
Binding: ConsentPolicyRuleCodes (example): Regulatory policy examples

evidence

Σ

0..*

Reference(Resource)

Justifing rational

combining

?!Σ

1..1

code

rule

Σ

0..*

BackboneElement

Constraints to the Permission
This repeating element order: The order of the rules processing is defined in rule-combining

id

0..1

string

Unique id for inter-element referencing

extension

0..*

Extension

Additional content defined by implementations

modifierExtension

?!Σ

0..*

Extension

Extensions that cannot be ignored even if unrecognized

type

?!Σ

0..1

code

deny | permit
Binding: ConsentProvisionType (required): How a rule statement is applied.

data

Σ

0..*

BackboneElement

The selection criteria to identify data that is within scope of this provision

id

0..1

string

Unique id for inter-element referencing

extension

0..*

Extension

Additional content defined by implementations

modifierExtension

?!Σ

0..*

Extension

Extensions that cannot be ignored even if unrecognized

resource

Σ

0..*

BackboneElement

Explicit FHIR Resource references

id

0..1

string

Unique id for inter-element referencing

extension

0..*

Extension

Additional content defined by implementations

modifierExtension

?!Σ

0..*

Extension

Extensions that cannot be ignored even if unrecognized

meaning

Σ

1..1

code

instance | related | dependents | authoredby
Binding: ConsentDataMeaning (required): How a resource reference is interpreted when testing consent restrictions.

reference

Σ

1..1

Reference(Resource)

The actual data reference

security

Σ

0..*

Coding

Security tag code on .meta.security

period

Σ

0..*

Period

Timeframe encompasing data create/update

expression

Σ

0..1

Expression

Expression identifying the data

activity

Σ

0..*

BackboneElement

A description or definition of which activities are allowed to be done on the data

id

0..1

string

Unique id for inter-element referencing

extension

0..*

Extension

Additional content defined by implementations

modifierExtension

?!Σ

0..*

Extension

Extensions that cannot be ignored even if unrecognized

actor

Σ

0..*

Authorized actor(s)

action

Σ

0..*

CodeableConcept

Actions controlled by this rule
Binding: ConsentActionCodes (example): Detailed codes for the action.

purpose

Σ

0..*

CodeableConcept

The purpose for which the permission is given
Binding: PurposeOfUse (preferred): What purposes of use are controlled by this exception. If more than one label is specified, operations must have all the specified labels.

limit

Σ

0..*

CodeableConcept

What limits apply to the use of the data
Binding: SecurityLabelEventExamples (example): Obligations and Refrains

id

0..1

id

Unique id for inter-element referencing

Slices for extension

0..*

Extension

Additional content defined by implementations
Slice: Unordered, Open by value:url

ka

0..1

integer

Permission imposed K-Anonymity value
URL: http://hl7.org/fhir/uv/dap/StructureDefinition/dap.permissionKanonymity

coding

Σ

0..*

Coding

Code defined by a terminology system

text

Σ

0..1

string

Plain text representation of the concept

Documentation for this format

Terminology Bindings

Path	Conformance	ValueSet	URI
Permission.language	required	AllLanguages `http://hl7.org/fhir/ValueSet/all-languages\|5.0.0` from the FHIR Standard
Permission.status	required	PermissionStatus `http://hl7.org/fhir/ValueSet/permission-status\|5.0.0` from the FHIR Standard
Permission.justification.basis	example	ConsentPolicyRuleCodes `http://hl7.org/fhir/ValueSet/consent-policy` from the FHIR Standard
Permission.combining	required	PermissionRuleCombining `http://hl7.org/fhir/ValueSet/permission-rule-combining\|5.0.0` from the FHIR Standard
Permission.rule.type	required	ConsentProvisionType `http://hl7.org/fhir/ValueSet/consent-provision-type\|5.0.0` from the FHIR Standard
Permission.rule.data.resource.meaning	required	ConsentDataMeaning `http://hl7.org/fhir/ValueSet/consent-data-meaning\|5.0.0` from the FHIR Standard
Permission.rule.activity.action	example	ConsentActionCodes `http://hl7.org/fhir/ValueSet/consent-action` from the FHIR Standard
Permission.rule.activity.purpose	preferred	PurposeOfUse `http://terminology.hl7.org/ValueSet/v3-PurposeOfUse`
Permission.rule.limit	example	SecurityLabelEventExamples `http://hl7.org/fhir/ValueSet/security-label-event-examples` from the FHIR Standard

Constraints

Id	Grade	Path(s)	Details	Requirements
dom-2	error	Permission	If the resource is contained in another resource, it SHALL NOT contain nested Resources : contained.contained.empty()
dom-3	error	Permission	If the resource is contained in another resource, it SHALL be referred to from elsewhere in the resource or SHALL refer to the containing resource : contained.where((('#'+id in (%resource.descendants().reference \| %resource.descendants().ofType(canonical) \| %resource.descendants().ofType(uri) \| %resource.descendants().ofType(url))) or descendants().where(reference = '#').exists() or descendants().where(ofType(canonical) = '#').exists() or descendants().where(ofType(canonical) = '#').exists()).not()).trace('unmatched', id).empty()
dom-4	error	Permission	If a resource is contained in another resource, it SHALL NOT have a meta.versionId or a meta.lastUpdated : contained.meta.versionId.empty() and contained.meta.lastUpdated.empty()
dom-5	error	Permission	If a resource is contained in another resource, it SHALL NOT have a security label : contained.meta.security.empty()
dom-6	best practice	Permission	A resource should have narrative for robust management : text.`div`.exists()
ele-1	error	ALL elements	All FHIR elements must have a @value or children : hasValue() or (children().count() > id.count())
ext-1	error	ALL extensions	Must have either extensions or value[x], not both : extension.exists() != value.exists()

This structure is derived from Permission

Summary

Extensions

This structure refers to these extensions:

http://hl7.org/fhir/uv/dap/StructureDefinition/dap.permissionKanonymity

Maturity: 0

Differential View

This structure is derived from Permission

Name	Card.	Type	Description & Constraints
Permission	0..*	Permission	Access Rules
rule
limit
Slices for extension			Content/Rules for all slices
ka	0..1	integer	Permission imposed K-Anonymity value URL: http://hl7.org/fhir/uv/dap/StructureDefinition/dap.permissionKanonymity
Documentation for this format

Key Elements View

Name	Flags	Card.	Type	Description & Constraints
Permission		0..*	Permission	Access Rules
implicitRules	?!Σ	0..1	uri	A set of rules under which this content was created
contained		0..*	Resource	Contained, inline Resources
modifierExtension	?!Σ	0..*	Extension	Extensions that cannot be ignored
status	Σ	1..1	code	active \| entered-in-error \| draft \| rejected Binding: PermissionStatus (required): Codes identifying the lifecycle stage of a product.
combining	?!Σ	1..1	code	deny-overrides \| permit-overrides \| ordered-deny-overrides \| ordered-permit-overrides \| deny-unless-permit \| permit-unless-deny Binding: PermissionRuleCombining (required): How the rules are to be combined.
Documentation for this format

Terminology Bindings

Path	Conformance	ValueSet	URI
Permission.status	required	PermissionStatus `http://hl7.org/fhir/ValueSet/permission-status\|5.0.0` from the FHIR Standard
Permission.combining	required	PermissionRuleCombining `http://hl7.org/fhir/ValueSet/permission-rule-combining\|5.0.0` from the FHIR Standard

Constraints

Id	Grade	Path(s)	Details	Requirements
dom-2	error	Permission	If the resource is contained in another resource, it SHALL NOT contain nested Resources : contained.contained.empty()
dom-3	error	Permission	If the resource is contained in another resource, it SHALL be referred to from elsewhere in the resource or SHALL refer to the containing resource : contained.where((('#'+id in (%resource.descendants().reference \| %resource.descendants().ofType(canonical) \| %resource.descendants().ofType(uri) \| %resource.descendants().ofType(url))) or descendants().where(reference = '#').exists() or descendants().where(ofType(canonical) = '#').exists() or descendants().where(ofType(canonical) = '#').exists()).not()).trace('unmatched', id).empty()
dom-4	error	Permission	If a resource is contained in another resource, it SHALL NOT have a meta.versionId or a meta.lastUpdated : contained.meta.versionId.empty() and contained.meta.lastUpdated.empty()
dom-5	error	Permission	If a resource is contained in another resource, it SHALL NOT have a security label : contained.meta.security.empty()
dom-6	best practice	Permission	A resource should have narrative for robust management : text.`div`.exists()
ele-1	error	ALL elements	All FHIR elements must have a @value or children : hasValue() or (children().count() > id.count())
ext-1	error	ALL extensions	Must have either extensions or value[x], not both : extension.exists() != value.exists()

Snapshot View

Description & Constraints

Permission

0..*

Permission

Access Rules

id

Σ

0..1

id

Logical id of this artifact

Meta

Metadata about the resource

implicitRules

?!Σ

0..1

uri

A set of rules under which this content was created

language

0..1

code

Language of the resource content
Binding: AllLanguages (required): IETF language tag for a human language

Additional Bindings

Purpose

CommonLanguages

Starter Set

text

0..1

Narrative

Text summary of the resource, for human interpretation

contained

0..*

Resource

Contained, inline Resources

extension

0..*

Extension

Additional content defined by implementations

modifierExtension

?!Σ

0..*

Extension

Extensions that cannot be ignored

status

Σ

1..1

code

active | entered-in-error | draft | rejected
Binding: PermissionStatus (required): Codes identifying the lifecycle stage of a product.

asserter

Σ

0..1

The person or entity that asserts the permission

date

Σ

0..*

dateTime

The date that permission was asserted

validity

Σ

0..1

Period

The period in which the permission is active

justification

Σ

0..1

BackboneElement

The asserted justification for using the data

id

0..1

string

Unique id for inter-element referencing

extension

0..*

Extension

Additional content defined by implementations

modifierExtension

?!Σ

0..*

Extension

Extensions that cannot be ignored even if unrecognized

basis

Σ

0..*

CodeableConcept

The regulatory grounds upon which this Permission builds
Binding: ConsentPolicyRuleCodes (example): Regulatory policy examples

evidence

Σ

0..*

Reference(Resource)

Justifing rational

combining

?!Σ

1..1

code

rule

Σ

0..*

BackboneElement

Constraints to the Permission
This repeating element order: The order of the rules processing is defined in rule-combining

id

0..1

string

Unique id for inter-element referencing

extension

0..*

Extension

Additional content defined by implementations

modifierExtension

?!Σ

0..*

Extension

Extensions that cannot be ignored even if unrecognized

type

?!Σ

0..1

code

deny | permit
Binding: ConsentProvisionType (required): How a rule statement is applied.

data

Σ

0..*

BackboneElement

The selection criteria to identify data that is within scope of this provision

id

0..1

string

Unique id for inter-element referencing

extension

0..*

Extension

Additional content defined by implementations

modifierExtension

?!Σ

0..*

Extension

Extensions that cannot be ignored even if unrecognized

resource

Σ

0..*

BackboneElement

Explicit FHIR Resource references

id

0..1

string

Unique id for inter-element referencing

extension

0..*

Extension

Additional content defined by implementations

modifierExtension

?!Σ

0..*

Extension

Extensions that cannot be ignored even if unrecognized

meaning

Σ

1..1

code

instance | related | dependents | authoredby
Binding: ConsentDataMeaning (required): How a resource reference is interpreted when testing consent restrictions.

reference

Σ

1..1

Reference(Resource)

The actual data reference

security

Σ

0..*

Coding

Security tag code on .meta.security

period

Σ

0..*

Period

Timeframe encompasing data create/update

expression

Σ

0..1

Expression

Expression identifying the data

activity

Σ

0..*

BackboneElement

A description or definition of which activities are allowed to be done on the data

id

0..1

string

Unique id for inter-element referencing

extension

0..*

Extension

Additional content defined by implementations

modifierExtension

?!Σ

0..*

Extension

Extensions that cannot be ignored even if unrecognized

actor

Σ

0..*

Authorized actor(s)

action

Σ

0..*

CodeableConcept

Actions controlled by this rule
Binding: ConsentActionCodes (example): Detailed codes for the action.

purpose

Σ

0..*

CodeableConcept

The purpose for which the permission is given
Binding: PurposeOfUse (preferred): What purposes of use are controlled by this exception. If more than one label is specified, operations must have all the specified labels.

limit

Σ

0..*

CodeableConcept

What limits apply to the use of the data
Binding: SecurityLabelEventExamples (example): Obligations and Refrains

id

0..1

id

Unique id for inter-element referencing

Slices for extension

0..*

Extension

Additional content defined by implementations
Slice: Unordered, Open by value:url

ka

0..1

integer

Permission imposed K-Anonymity value
URL: http://hl7.org/fhir/uv/dap/StructureDefinition/dap.permissionKanonymity

coding

Σ

0..*

Coding

Code defined by a terminology system

text

Σ

0..1

string

Plain text representation of the concept

Documentation for this format

Terminology Bindings

Path	Conformance	ValueSet	URI
Permission.language	required	AllLanguages `http://hl7.org/fhir/ValueSet/all-languages\|5.0.0` from the FHIR Standard
Permission.status	required	PermissionStatus `http://hl7.org/fhir/ValueSet/permission-status\|5.0.0` from the FHIR Standard
Permission.justification.basis	example	ConsentPolicyRuleCodes `http://hl7.org/fhir/ValueSet/consent-policy` from the FHIR Standard
Permission.combining	required	PermissionRuleCombining `http://hl7.org/fhir/ValueSet/permission-rule-combining\|5.0.0` from the FHIR Standard
Permission.rule.type	required	ConsentProvisionType `http://hl7.org/fhir/ValueSet/consent-provision-type\|5.0.0` from the FHIR Standard
Permission.rule.data.resource.meaning	required	ConsentDataMeaning `http://hl7.org/fhir/ValueSet/consent-data-meaning\|5.0.0` from the FHIR Standard
Permission.rule.activity.action	example	ConsentActionCodes `http://hl7.org/fhir/ValueSet/consent-action` from the FHIR Standard
Permission.rule.activity.purpose	preferred	PurposeOfUse `http://terminology.hl7.org/ValueSet/v3-PurposeOfUse`
Permission.rule.limit	example	SecurityLabelEventExamples `http://hl7.org/fhir/ValueSet/security-label-event-examples` from the FHIR Standard

Constraints

Id	Grade	Path(s)	Details	Requirements
dom-2	error	Permission	If the resource is contained in another resource, it SHALL NOT contain nested Resources : contained.contained.empty()
dom-3	error	Permission	If the resource is contained in another resource, it SHALL be referred to from elsewhere in the resource or SHALL refer to the containing resource : contained.where((('#'+id in (%resource.descendants().reference \| %resource.descendants().ofType(canonical) \| %resource.descendants().ofType(uri) \| %resource.descendants().ofType(url))) or descendants().where(reference = '#').exists() or descendants().where(ofType(canonical) = '#').exists() or descendants().where(ofType(canonical) = '#').exists()).not()).trace('unmatched', id).empty()
dom-4	error	Permission	If a resource is contained in another resource, it SHALL NOT have a meta.versionId or a meta.lastUpdated : contained.meta.versionId.empty() and contained.meta.lastUpdated.empty()
dom-5	error	Permission	If a resource is contained in another resource, it SHALL NOT have a security label : contained.meta.security.empty()
dom-6	best practice	Permission	A resource should have narrative for robust management : text.`div`.exists()
ele-1	error	ALL elements	All FHIR elements must have a @value or children : hasValue() or (children().count() > id.count())
ext-1	error	ALL extensions	Must have either extensions or value[x], not both : extension.exists() != value.exists()

This structure is derived from Permission

Summary

Extensions

This structure refers to these extensions:

http://hl7.org/fhir/uv/dap/StructureDefinition/dap.permissionKanonymity

Maturity: 0

Other representations of profile: CSV, Excel, Schematron

<prev

top

next>

IG © 2023+ HL7 International / Security. Package hl7.fhir.uv.dap#1.0.0-current based on FHIR 5.0.0. Generated 2024-08-21
Links: Table of Contents | QA Report | Version History | | Propose a change