HL7 FHIR Implementation Guide: Data Access Policies
1.0.0-current - ci-build International flag

HL7 FHIR Implementation Guide: Data Access Policies, published by HL7 International / Security. This guide is not an authorized publication; it is the continuous build for version 1.0.0-current built by the FHIR (HL7® FHIR® Standard) CI Build. This version is based on the current content of https://github.com/HL7/data-access-policies/ and changes regularly. See the Directory of published versions

Consent

Page standards status: Informative

These use-cases show the alternative way to encode Consent rules using the Permission. The Consent resource would still be used to capture the consent ceremony, but would not include any access control rules. The Consent would point at the Permission that holds the access control rules.

Leverage for documentation sake the IG published by IHE on Privacy Consent on FHIR (PCF)

Thus we show some Consent use-cases and how they are encoded in FHIR Consent.provisions, then the equivalent using Consent and Permission together.

This Consent is covered in PCF - Consent allowing data authored by a practitioner

* provision.type = #permit
* provision.purpose[+] = http://terminology.hl7.org/CodeSystem/v3-ActReason#TREAT
* provision.purpose[+] = http://terminology.hl7.org/CodeSystem/v3-ActReason#HPAYMT
* provision.purpose[+] = http://terminology.hl7.org/CodeSystem/v3-ActReason#HOPERAT
* provision.data[aData].meaning = #authoredby
* provision.data[aData].reference = Reference(Practitioner/ex-practitioner)

Analysis

This Permission encodes

  • base rule is #permit
  • base rule includes TPO so as to be clear this is a consent about TPO
  • Permits access to data authored by practitioner 1
  • Given that there is only one targeted permit rule, then nothing else is allowed.

Example Permission explicitly identifying the authorization for TPO access to data authored by a given practitioner

Given PCF example

* provision.type = #permit
* provision.purpose[+] = http://terminology.hl7.org/CodeSystem/v3-ActReason#TREAT
* provision.purpose[+] = http://terminology.hl7.org/CodeSystem/v3-ActReason#HPAYMT
* provision.purpose[+] = http://terminology.hl7.org/CodeSystem/v3-ActReason#HOPERAT
* provision.provision.type = #deny
* provision.provision.data[aDataP].meaning = #authoredby
* provision.provision.data[aDataP].reference = Reference(Practitioner/ex-practitioner)

Analysis

This Permission encodes

  • base rule includes TPO so as to be clear this is a consent about TPO
  • second rule denying access to data authored by ex-practitioner
  • nothing else is authorized by this Permission
* combining = #deny-overrides
* rule[+].type = #permit
* rule[=].activity.purpose[+] = http://terminology.hl7.org/CodeSystem/v3-ActReason#TREAT
* rule[=].activity.purpose[+] = http://terminology.hl7.org/CodeSystem/v3-ActReason#HPAYMT
* rule[=].activity.purpose[+] = http://terminology.hl7.org/CodeSystem/v3-ActReason#HOPERAT
* rule[+].type = #deny
* rule[=].data.resource.reference = Reference(Practitioner/ex-practitioner)
* rule[=].data.resource.meaning = http://hl7.org/fhir/consent-data-meaning#authoredby

Given that a Consent provisions are rather encoded in Permissions. Here is how that Consent could reference the Permission.

...
* decision = #permit
* provision[+].expression.expression = "Permission/ex-permission-intermediate-not-authoredby"
* provision[=].expression.language = #application/x-fhir-query
* provision[=].expression.description = "Points to the instance of Permission with THIS patients provisions encoded in Permission.rule form."

Note that there is a JIRA ticket FHIR-46021 on file to add clarity for FHIR R6.