HL7 FHIR Implementation Guide: Data Access Policies, published by HL7 International / Security. This guide is not an authorized publication; it is the continuous build for version 1.0.0-current built by the FHIR (HL7® FHIR® Standard) CI Build. This version is based on the current content of https://github.com/HL7/data-access-policies/ and changes regularly. See the Directory of published versions

• Content
• Detailed Descriptions
• Mappings
• Examples
• XML
• JSON
• TTL

Resource Profile: Permission with support for rule on Resource-Type

Adds the PermissionResourceType extension to Permission.rule.data

Usages:

• Examples for this Profile: Permission/ex-fingrained-patient-access, Permission/ex-overriding-rbac-by-resource and Permission/ex-overriding-rbac-by-role

Formal Views of Profile Content

Description of Profiles, Differentials, Snapshots and how the different presentations work.

• Key Elements Table
• Differential Table
• Snapshot Table
• Statistics/References
• All

Name	Flags	Card.	Type	Description & Constraints    Filter: Bindings Constraints Obligations
Permission		0..*	Permission	Access Rules
implicitRules	?!Σ	0..1	uri	A set of rules under which this content was created
contained		0..*	Resource	Contained, inline Resources
modifierExtension	?!Σ	0..*	Extension	Extensions that cannot be ignored
status	Σ	1..1	code	active | entered-in-error | draft | rejected Binding: PermissionStatus (required): Codes identifying the lifecycle stage of a product.
combining	?!Σ	1..1	code	deny-overrides | permit-overrides | ordered-deny-overrides | ordered-permit-overrides | deny-unless-permit | permit-unless-deny Binding: PermissionRuleCombining (required): How the rules are to be combined.
Documentation for this format

Terminology Bindings

Path	Conformance	ValueSet	URI
Permission.status	required	PermissionStatus http://hl7.org/fhir/ValueSet/permission-status|6.0.0-ballot3 From the FHIR Standard
Permission.combining	required	PermissionRuleCombining http://hl7.org/fhir/ValueSet/permission-rule-combining|6.0.0-ballot3 From the FHIR Standard

Constraints

Id	Grade	Path(s)	Details	Requirements
dom-2	error	Permission	If the resource is contained in another resource, it SHALL NOT contain nested Resources : contained.contained.empty()
dom-3	error	Permission	If the resource is contained in another resource, it SHALL be referred to from elsewhere in the resource or SHALL refer to the containing resource : contained.where((('#'+id.trace('id') in %resource.descendants().select(reference | as(uri))) or descendants().where(reference='#' | as(uri)='#').exists()).not()).trace('unmatched', id).empty()
dom-4	error	Permission	If a resource is contained in another resource, it SHALL NOT have a meta.versionId or a meta.lastUpdated : contained.meta.versionId.empty() and contained.meta.lastUpdated.empty()
dom-5	error	Permission	If a resource is contained in another resource, it SHALL NOT have a security label : contained.meta.security.empty()
dom-6	best practice	Permission	A resource should have narrative for robust management : text.`div`.exists()
ele-1	error	**ALL** elements	All FHIR elements must have a @value or children : hasValue() or (children().count() > id.count())

This structure is derived from Permission

Name	Flags	Card.	Type	Description & Constraints    Filter: Bindings Constraints Obligations
Permission		0..*	Permission	Access Rules
rule
data
Slices for extension		0..*	Extension	Extension Slice: Unordered, Open by value:url
extension:resourceType		0..1	code	Permission rule by Resource Type URL: http://hl7.org/fhir/uv/dap/StructureDefinition/dap.permissionResourceType Binding: ResourceType (required)
Documentation for this format

Name	Flags	Card.	Type	Description & Constraints    Filter: Bindings Constraints Obligations
Permission		0..*	Permission	Access Rules
id	Σ	0..1	id	Logical id of this artifact
meta	Σ	0..1	Meta	Metadata about the resource
implicitRules	?!Σ	0..1	uri	A set of rules under which this content was created
language		0..1	code	Language of the resource content Binding: AllLanguages (required): IETF language tag for a human language Additional Bindings Purpose CommonLanguages Starter
text		0..1	Narrative	Text summary of the resource, for human interpretation This profile does not constrain the narrative in regard to content, language, or traceability to data elements
contained		0..*	Resource	Contained, inline Resources
extension		0..*	Extension	Additional content defined by implementations
modifierExtension	?!Σ	0..*	Extension	Extensions that cannot be ignored
identifier	Σ	0..*	Identifier	Business Identifier for permission
status	Σ	1..1	code	active | entered-in-error | draft | rejected Binding: PermissionStatus (required): Codes identifying the lifecycle stage of a product.
asserter	Σ	0..1	Reference(Practitioner | PractitionerRole | Organization | CareTeam | Patient | RelatedPerson | HealthcareService)	The person or entity that asserts the permission
date	Σ	0..*	dateTime	The date that permission was asserted
validity	Σ	0..1	Period	The period in which the permission is active
justification	Σ	0..1	BackboneElement	The asserted justification for using the data
id		0..1	string	Unique id for inter-element referencing
extension		0..*	Extension	Additional content defined by implementations
modifierExtension	?!Σ	0..*	Extension	Extensions that cannot be ignored even if unrecognized
basis	Σ	0..*	CodeableConcept	The regulatory grounds upon which this Permission builds Binding: ConsentPolicyRuleCodes (example): Regulatory policy examples
evidence	Σ	0..*	Reference(Resource)	Justifing rational
combining	?!Σ	1..1	code	deny-overrides | permit-overrides | ordered-deny-overrides | ordered-permit-overrides | deny-unless-permit | permit-unless-deny Binding: PermissionRuleCombining (required): How the rules are to be combined.
rule	ΣC	0..*	BackboneElement	Constraints to the Permission Constraints: per-1 This repeating element order: The order of the rules processing is defined in rule combining selected in .combining element.
id		0..1	string	Unique id for inter-element referencing
extension		0..*	Extension	Additional content defined by implementations
modifierExtension	?!Σ	0..*	Extension	Extensions that cannot be ignored even if unrecognized
import	ΣC	0..1	Reference(Permission)	Reference to a Permission
type	?!ΣC	0..1	code	deny | permit Binding: ConsentProvisionType (required): How a rule statement is applied.
data	ΣC	0..*	BackboneElement	The selection criteria to identify data that is within scope of this provision
id		0..1	string	Unique id for inter-element referencing
Slices for extension		0..*	Extension	Extension Slice: Unordered, Open by value:url
extension:resourceType		0..1	code	Permission rule by Resource Type URL: http://hl7.org/fhir/uv/dap/StructureDefinition/dap.permissionResourceType Binding: ResourceType (required)
modifierExtension	?!Σ	0..*	Extension	Extensions that cannot be ignored even if unrecognized
resource	Σ	0..*	BackboneElement	Explicit FHIR Resource references
id		0..1	string	Unique id for inter-element referencing
extension		0..*	Extension	Additional content defined by implementations
modifierExtension	?!Σ	0..*	Extension	Extensions that cannot be ignored even if unrecognized
meaning	Σ	1..1	code	instance | related | dependents | authoredby Binding: ConsentDataMeaning (required): How a resource reference is interpreted when testing consent restrictions.
reference	Σ	1..1	Reference(Resource)	The actual data reference
security	Σ	0..*	Coding	Security tag code on .meta.security
period	Σ	0..1	Period	Timeframe encompasing data create/update
expression	Σ	0..1	Expression	Expression identifying the data
activity	ΣC	0..*	BackboneElement	A description or definition of which activities are allowed to be done on the data
id		0..1	string	Unique id for inter-element referencing
extension		0..*	Extension	Additional content defined by implementations
modifierExtension	?!Σ	0..*	Extension	Extensions that cannot be ignored even if unrecognized
actor		0..*	BackboneElement	Who|what is controlled by this rule
id		0..1	string	Unique id for inter-element referencing
extension		0..*	Extension	Additional content defined by implementations
modifierExtension	?!Σ	0..*	Extension	Extensions that cannot be ignored even if unrecognized
role		0..1	CodeableConcept	How the actor is involved Binding: ParticipationRoleType (extensible): How an actor is involved in the rule.
reference	Σ	0..1	Reference(Device | Group | CareTeam | Organization | Patient | Practitioner | RelatedPerson | PractitionerRole | DeviceDefinition | Group | HealthcareService)	Authorized actor(s)
action	Σ	0..*	CodeableConcept	Actions controlled by this rule Binding: TypeRestfulInteraction (preferred): Detailed codes for the action.
purpose	Σ	0..*	CodeableConcept	The purpose for which the permission is given Binding: PurposeOfUse (3.1.0) (preferred): What purposes of use are controlled by this exception. If more than one label is specified, operations must have all the specified labels.
limit		0..*	BackboneElement	What limits apply to the use of the data
id		0..1	string	Unique id for inter-element referencing
extension		0..*	Extension	Additional content defined by implementations
modifierExtension	?!Σ	0..*	Extension	Extensions that cannot be ignored even if unrecognized
control	Σ	0..*	CodeableConcept	What coded limits apply to the use of the data Binding: SecurityControlObservationValue (3.0.0) (preferred): Obligations and Refrains
tag	Σ	0..*	Coding	The sensitivity codes that must be removed from the data Binding: InformationSensitivityPolicy (3.0.0) (preferred): Sensitivity tags
element	Σ	0..*	string	What data elements that must be removed from the data
Documentation for this format

Terminology Bindings

Path	Conformance	ValueSet	URI
Permission.language	required	AllLanguages http://hl7.org/fhir/ValueSet/all-languages|6.0.0-ballot3 From the FHIR Standard
Permission.status	required	PermissionStatus http://hl7.org/fhir/ValueSet/permission-status|6.0.0-ballot3 From the FHIR Standard
Permission.justification.basis	example	ConsentPolicyRuleCodes http://hl7.org/fhir/ValueSet/consent-policy From the FHIR Standard
Permission.combining	required	PermissionRuleCombining http://hl7.org/fhir/ValueSet/permission-rule-combining|6.0.0-ballot3 From the FHIR Standard
Permission.rule.type	required	ConsentProvisionType http://hl7.org/fhir/ValueSet/consent-provision-type|6.0.0-ballot3 From the FHIR Standard
Permission.rule.data.resource.meaning	required	ConsentDataMeaning http://hl7.org/fhir/ValueSet/consent-data-meaning|6.0.0-ballot3 From the FHIR Standard
Permission.rule.activity.actor.role	extensible	ParticipationRoleType http://hl7.org/fhir/ValueSet/participation-role-type From the FHIR Standard
Permission.rule.activity.action	preferred	TypeRestfulInteraction http://hl7.org/fhir/ValueSet/type-restful-interaction From the FHIR Standard
Permission.rule.activity.purpose	preferred	PurposeOfUse http://terminology.hl7.org/ValueSet/v3-PurposeOfUse|3.1.0
Permission.rule.limit.control	preferred	SecurityControlObservationValue http://terminology.hl7.org/ValueSet/v3-SecurityControlObservationValue|3.0.0
Permission.rule.limit.tag	preferred	InformationSensitivityPolicy http://terminology.hl7.org/ValueSet/v3-InformationSensitivityPolicy|3.0.0

Constraints

Id	Grade	Path(s)	Details	Requirements
dom-2	error	Permission	If the resource is contained in another resource, it SHALL NOT contain nested Resources : contained.contained.empty()
dom-3	error	Permission	If the resource is contained in another resource, it SHALL be referred to from elsewhere in the resource or SHALL refer to the containing resource : contained.where((('#'+id.trace('id') in %resource.descendants().select(reference | as(uri))) or descendants().where(reference='#' | as(uri)='#').exists()).not()).trace('unmatched', id).empty()
dom-4	error	Permission	If a resource is contained in another resource, it SHALL NOT have a meta.versionId or a meta.lastUpdated : contained.meta.versionId.empty() and contained.meta.lastUpdated.empty()
dom-5	error	Permission	If a resource is contained in another resource, it SHALL NOT have a security label : contained.meta.security.empty()
dom-6	best practice	Permission	A resource should have narrative for robust management : text.`div`.exists()
ele-1	error	**ALL** elements	All FHIR elements must have a @value or children : hasValue() or (children().count() > id.count())
ext-1	error	**ALL** extensions	Must have either extensions or value[x], not both : extension.exists() != value.exists()
per-1	error	Permission.rule	If the import element is populated then the type, data, and activity shall not be populated : import.exists() implies type.exists().not() and data.exists().not() and activity.exists().not()

This structure is derived from Permission

Summary

Extensions

This structure refers to these extensions:

• http://hl7.org/fhir/uv/dap/StructureDefinition/dap.permissionResourceType

Maturity: 0

Key Elements View

Name	Flags	Card.	Type	Description & Constraints    Filter: Bindings Constraints Obligations
Permission		0..*	Permission	Access Rules
implicitRules	?!Σ	0..1	uri	A set of rules under which this content was created
contained		0..*	Resource	Contained, inline Resources
modifierExtension	?!Σ	0..*	Extension	Extensions that cannot be ignored
status	Σ	1..1	code	active | entered-in-error | draft | rejected Binding: PermissionStatus (required): Codes identifying the lifecycle stage of a product.
combining	?!Σ	1..1	code	deny-overrides | permit-overrides | ordered-deny-overrides | ordered-permit-overrides | deny-unless-permit | permit-unless-deny Binding: PermissionRuleCombining (required): How the rules are to be combined.
Documentation for this format

Terminology Bindings

Path	Conformance	ValueSet	URI
Permission.status	required	PermissionStatus http://hl7.org/fhir/ValueSet/permission-status|6.0.0-ballot3 From the FHIR Standard
Permission.combining	required	PermissionRuleCombining http://hl7.org/fhir/ValueSet/permission-rule-combining|6.0.0-ballot3 From the FHIR Standard

Constraints

Id	Grade	Path(s)	Details	Requirements
dom-2	error	Permission	If the resource is contained in another resource, it SHALL NOT contain nested Resources : contained.contained.empty()
dom-3	error	Permission	If the resource is contained in another resource, it SHALL be referred to from elsewhere in the resource or SHALL refer to the containing resource : contained.where((('#'+id.trace('id') in %resource.descendants().select(reference | as(uri))) or descendants().where(reference='#' | as(uri)='#').exists()).not()).trace('unmatched', id).empty()
dom-4	error	Permission	If a resource is contained in another resource, it SHALL NOT have a meta.versionId or a meta.lastUpdated : contained.meta.versionId.empty() and contained.meta.lastUpdated.empty()
dom-5	error	Permission	If a resource is contained in another resource, it SHALL NOT have a security label : contained.meta.security.empty()
dom-6	best practice	Permission	A resource should have narrative for robust management : text.`div`.exists()
ele-1	error	**ALL** elements	All FHIR elements must have a @value or children : hasValue() or (children().count() > id.count())

Differential View

This structure is derived from Permission

Name	Flags	Card.	Type	Description & Constraints    Filter: Bindings Constraints Obligations
Permission		0..*	Permission	Access Rules
rule
data
Slices for extension		0..*	Extension	Extension Slice: Unordered, Open by value:url
extension:resourceType		0..1	code	Permission rule by Resource Type URL: http://hl7.org/fhir/uv/dap/StructureDefinition/dap.permissionResourceType Binding: ResourceType (required)
Documentation for this format

Snapshot View

Name	Flags	Card.	Type	Description & Constraints    Filter: Bindings Constraints Obligations
Permission		0..*	Permission	Access Rules
id	Σ	0..1	id	Logical id of this artifact
meta	Σ	0..1	Meta	Metadata about the resource
implicitRules	?!Σ	0..1	uri	A set of rules under which this content was created
language		0..1	code	Language of the resource content Binding: AllLanguages (required): IETF language tag for a human language Additional Bindings Purpose CommonLanguages Starter
text		0..1	Narrative	Text summary of the resource, for human interpretation This profile does not constrain the narrative in regard to content, language, or traceability to data elements
contained		0..*	Resource	Contained, inline Resources
extension		0..*	Extension	Additional content defined by implementations
modifierExtension	?!Σ	0..*	Extension	Extensions that cannot be ignored
identifier	Σ	0..*	Identifier	Business Identifier for permission
status	Σ	1..1	code	active | entered-in-error | draft | rejected Binding: PermissionStatus (required): Codes identifying the lifecycle stage of a product.
asserter	Σ	0..1	Reference(Practitioner | PractitionerRole | Organization | CareTeam | Patient | RelatedPerson | HealthcareService)	The person or entity that asserts the permission
date	Σ	0..*	dateTime	The date that permission was asserted
validity	Σ	0..1	Period	The period in which the permission is active
justification	Σ	0..1	BackboneElement	The asserted justification for using the data
id		0..1	string	Unique id for inter-element referencing
extension		0..*	Extension	Additional content defined by implementations
modifierExtension	?!Σ	0..*	Extension	Extensions that cannot be ignored even if unrecognized
basis	Σ	0..*	CodeableConcept	The regulatory grounds upon which this Permission builds Binding: ConsentPolicyRuleCodes (example): Regulatory policy examples
evidence	Σ	0..*	Reference(Resource)	Justifing rational
combining	?!Σ	1..1	code	deny-overrides | permit-overrides | ordered-deny-overrides | ordered-permit-overrides | deny-unless-permit | permit-unless-deny Binding: PermissionRuleCombining (required): How the rules are to be combined.
rule	ΣC	0..*	BackboneElement	Constraints to the Permission Constraints: per-1 This repeating element order: The order of the rules processing is defined in rule combining selected in .combining element.
id		0..1	string	Unique id for inter-element referencing
extension		0..*	Extension	Additional content defined by implementations
modifierExtension	?!Σ	0..*	Extension	Extensions that cannot be ignored even if unrecognized
import	ΣC	0..1	Reference(Permission)	Reference to a Permission
type	?!ΣC	0..1	code	deny | permit Binding: ConsentProvisionType (required): How a rule statement is applied.
data	ΣC	0..*	BackboneElement	The selection criteria to identify data that is within scope of this provision
id		0..1	string	Unique id for inter-element referencing
Slices for extension		0..*	Extension	Extension Slice: Unordered, Open by value:url
extension:resourceType		0..1	code	Permission rule by Resource Type URL: http://hl7.org/fhir/uv/dap/StructureDefinition/dap.permissionResourceType Binding: ResourceType (required)
modifierExtension	?!Σ	0..*	Extension	Extensions that cannot be ignored even if unrecognized
resource	Σ	0..*	BackboneElement	Explicit FHIR Resource references
id		0..1	string	Unique id for inter-element referencing
extension		0..*	Extension	Additional content defined by implementations
modifierExtension	?!Σ	0..*	Extension	Extensions that cannot be ignored even if unrecognized
meaning	Σ	1..1	code	instance | related | dependents | authoredby Binding: ConsentDataMeaning (required): How a resource reference is interpreted when testing consent restrictions.
reference	Σ	1..1	Reference(Resource)	The actual data reference
security	Σ	0..*	Coding	Security tag code on .meta.security
period	Σ	0..1	Period	Timeframe encompasing data create/update
expression	Σ	0..1	Expression	Expression identifying the data
activity	ΣC	0..*	BackboneElement	A description or definition of which activities are allowed to be done on the data
id		0..1	string	Unique id for inter-element referencing
extension		0..*	Extension	Additional content defined by implementations
modifierExtension	?!Σ	0..*	Extension	Extensions that cannot be ignored even if unrecognized
actor		0..*	BackboneElement	Who|what is controlled by this rule
id		0..1	string	Unique id for inter-element referencing
extension		0..*	Extension	Additional content defined by implementations
modifierExtension	?!Σ	0..*	Extension	Extensions that cannot be ignored even if unrecognized
role		0..1	CodeableConcept	How the actor is involved Binding: ParticipationRoleType (extensible): How an actor is involved in the rule.
reference	Σ	0..1	Reference(Device | Group | CareTeam | Organization | Patient | Practitioner | RelatedPerson | PractitionerRole | DeviceDefinition | Group | HealthcareService)	Authorized actor(s)
action	Σ	0..*	CodeableConcept	Actions controlled by this rule Binding: TypeRestfulInteraction (preferred): Detailed codes for the action.
purpose	Σ	0..*	CodeableConcept	The purpose for which the permission is given Binding: PurposeOfUse (3.1.0) (preferred): What purposes of use are controlled by this exception. If more than one label is specified, operations must have all the specified labels.
limit		0..*	BackboneElement	What limits apply to the use of the data
id		0..1	string	Unique id for inter-element referencing
extension		0..*	Extension	Additional content defined by implementations
modifierExtension	?!Σ	0..*	Extension	Extensions that cannot be ignored even if unrecognized
control	Σ	0..*	CodeableConcept	What coded limits apply to the use of the data Binding: SecurityControlObservationValue (3.0.0) (preferred): Obligations and Refrains
tag	Σ	0..*	Coding	The sensitivity codes that must be removed from the data Binding: InformationSensitivityPolicy (3.0.0) (preferred): Sensitivity tags
element	Σ	0..*	string	What data elements that must be removed from the data
Documentation for this format

Terminology Bindings

Path	Conformance	ValueSet	URI
Permission.language	required	AllLanguages http://hl7.org/fhir/ValueSet/all-languages|6.0.0-ballot3 From the FHIR Standard
Permission.status	required	PermissionStatus http://hl7.org/fhir/ValueSet/permission-status|6.0.0-ballot3 From the FHIR Standard
Permission.justification.basis	example	ConsentPolicyRuleCodes http://hl7.org/fhir/ValueSet/consent-policy From the FHIR Standard
Permission.combining	required	PermissionRuleCombining http://hl7.org/fhir/ValueSet/permission-rule-combining|6.0.0-ballot3 From the FHIR Standard
Permission.rule.type	required	ConsentProvisionType http://hl7.org/fhir/ValueSet/consent-provision-type|6.0.0-ballot3 From the FHIR Standard
Permission.rule.data.resource.meaning	required	ConsentDataMeaning http://hl7.org/fhir/ValueSet/consent-data-meaning|6.0.0-ballot3 From the FHIR Standard
Permission.rule.activity.actor.role	extensible	ParticipationRoleType http://hl7.org/fhir/ValueSet/participation-role-type From the FHIR Standard
Permission.rule.activity.action	preferred	TypeRestfulInteraction http://hl7.org/fhir/ValueSet/type-restful-interaction From the FHIR Standard
Permission.rule.activity.purpose	preferred	PurposeOfUse http://terminology.hl7.org/ValueSet/v3-PurposeOfUse|3.1.0
Permission.rule.limit.control	preferred	SecurityControlObservationValue http://terminology.hl7.org/ValueSet/v3-SecurityControlObservationValue|3.0.0
Permission.rule.limit.tag	preferred	InformationSensitivityPolicy http://terminology.hl7.org/ValueSet/v3-InformationSensitivityPolicy|3.0.0

Constraints

Id	Grade	Path(s)	Details	Requirements
dom-2	error	Permission	If the resource is contained in another resource, it SHALL NOT contain nested Resources : contained.contained.empty()
dom-3	error	Permission	If the resource is contained in another resource, it SHALL be referred to from elsewhere in the resource or SHALL refer to the containing resource : contained.where((('#'+id.trace('id') in %resource.descendants().select(reference | as(uri))) or descendants().where(reference='#' | as(uri)='#').exists()).not()).trace('unmatched', id).empty()
dom-4	error	Permission	If a resource is contained in another resource, it SHALL NOT have a meta.versionId or a meta.lastUpdated : contained.meta.versionId.empty() and contained.meta.lastUpdated.empty()
dom-5	error	Permission	If a resource is contained in another resource, it SHALL NOT have a security label : contained.meta.security.empty()
dom-6	best practice	Permission	A resource should have narrative for robust management : text.`div`.exists()
ele-1	error	**ALL** elements	All FHIR elements must have a @value or children : hasValue() or (children().count() > id.count())
ext-1	error	**ALL** extensions	Must have either extensions or value[x], not both : extension.exists() != value.exists()
per-1	error	Permission.rule	If the import element is populated then the type, data, and activity shall not be populated : import.exists() implies type.exists().not() and data.exists().not() and activity.exists().not()

This structure is derived from Permission

Summary

Extensions

This structure refers to these extensions:

• http://hl7.org/fhir/uv/dap/StructureDefinition/dap.permissionResourceType

Maturity: 0

Other representations of profile: CSV, Excel, Schematron