Permission - HL7 FHIR Implementation Guide: Data Access Policies v1.0.0-current

HL7 FHIR Implementation Guide: Data Access Policies
1.0.0-current - International flag

HL7 FHIR Implementation Guide: Data Access Policies, published by HL7 International / Security. This guide is not an authorized publication; it is the continuous build for version 1.0.0-current built by the FHIR (HL7® FHIR® Standard) CI Build. This version is based on the current content of https://github.com/HL7/data-access-policies/ and changes regularly. See the Directory of published versions

Resource: Permission

Official URL: http://hl7.org/fhir/StructureDefinition/Permission		Version: 1.0.0-current
Standards status: Trial-use Active as of 2021-01-02	Maturity Level: 1	Computable Name: Permission
Other Identifiers: OID:2.16.840.1.113883.4.642.5.1436

Permission resource holds access rules for a given data and access request context.

Scope and Usage

A declarative attribute-based access control policy statement. Permission is used to express who has specific rights to specific data under specific conditions. Permission can express rules including

security labels/codes (policies, refrains, and obligations),
user identity,
application being used,
location of the requester,
organization requesting access,
purposeOfUse of the request and for which the data will be used,
data sensitivity, timeframe, authorship, and
the current status of privacy Consent.

The Permission can express permit or deny rules; and with permit rules there may be residual refrains, obligations, or filtering. The Permission resource may be used to record the access control constraints under which data can be collected, used, or shared.

Boundaries and Relationships

The Permission resource is intended to be used to encode access control policies in a FHIR interoperable language. Where the access control policies protect access to FHIR defined interactions, resources, and operations; from actions done by organizations, practitioners, patients, and etc.

The Permission resource is intended to be used where Consent resource does not apply or where exposure of the full Consent details are not needed or desired. The Permission resource may be used to express transactional access control rules that may be derived from a Consent.

Examples are:

use-cases that are not involving a patient subject.
an organizational directory: who can create, update, delete, and read
an organization wide access control policy expressing user groups and what they generally have available to them
residual policy that must be applied by a recipient of a response Bundle
base policy that Consent builds upon (i.e., `Consent.policyBasis.reference`)
consent provisions (i.e., `Consent.provision`) encoding in a different rule language (i.e., `Permission.rule`) using `Consent.provisionReference`.

The Permission resource should not be used in a conflicting way with security labels in the .meta.security element.

Usages:

Refer to this Resource: Permission and Consent
CapabilityStatements using this Resource: Base FHIR Capability Statement (Full)

You can also check for usages in the FHIR IG Statistics

Formal Views of Resource Content

Description Differentials, Snapshots, and other representations.

Structure
Pseudo XML
Pseudo JSON
Pseudo TTL
All

Name	Flags	Card.	Type	Description & Constraints Filter: Bindings Constraints Obligations
Permission		0..*	DomainResource	Access Rules Elements defined in Ancestors:id, meta, implicitRules, language, text, contained, extension, modifierExtension
identifier	Σ	0..*	Identifier	Business Identifier for permission
status	Σ	1..1	code	active \| entered-in-error \| draft \| rejected Binding: PermissionStatusVS (required): Codes identifying the lifecycle stage of a product.
asserter	Σ	0..1	Reference(Practitioner \| PractitionerRole \| Organization \| CareTeam \| Patient \| RelatedPerson \| HealthcareService)	The person or entity that asserts the permission
date	Σ	0..*	dateTime	The date that permission was asserted
validity	Σ	0..1	Period	The period in which the permission is active
justification	Σ	0..1	BackboneElement	The asserted justification for using the data
basis	Σ	0..*	CodeableConcept	The regulatory grounds upon which this Permission builds Binding: ConsentPolicyRuleCodes (example): Regulatory policy examples
evidence	Σ	0..*	Reference(Resource)	Justifing rational
combining	?!Σ	1..1	code	deny-overrides \| permit-overrides \| ordered-deny-overrides \| ordered-permit-overrides \| deny-unless-permit \| permit-unless-deny Binding: PermissionRuleCombiningVS (required): How the rules are to be combined.
rule	ΣC	0..*	BackboneElement	Constraints to the Permission This repeating element order: The order of the rules processing is defined in rule combining selected in .combining element.
import	ΣC	0..1	Reference(Permission)	Reference to a Permission
type	?!ΣC	0..1	code	deny \| permit Binding: ConsentProvisionType (required): How a rule statement is applied.
data	ΣC	0..*	BackboneElement	The selection criteria to identify data that is within scope of this provision
resource	Σ	0..*	BackboneElement	Explicit FHIR Resource references
meaning	Σ	1..1	code	instance \| related \| dependents \| authoredby Binding: ConsentDataMeaning (required): How a resource reference is interpreted when testing consent restrictions.
reference	Σ	1..1	Reference(Resource)	The actual data reference
resourceType	Σ	0..*	Coding	e.g. Resource Type, Profile, etc Binding: ResourceType (extensible): The resource types a consent provision covers.
security	Σ	0..*	Coding	Security tag code on .meta.security
period	Σ	0..1	Period	Timeframe encompasing data create/update
expression	Σ	0..1	Expression	Expression identifying the data
activity	ΣC	0..*	BackboneElement	A description or definition of which activities are allowed to be done on the data
actor		0..*	BackboneElement	Who\|what is controlled by this rule
role		0..1	CodeableConcept	How the actor is involved Binding: ParticipationRoleType (extensible): How an actor is involved in the rule.
reference	Σ	0..1	Reference(Device \| Group \| CareTeam \| Organization \| Patient \| Practitioner \| RelatedPerson \| PractitionerRole \| DeviceDefinition \| HealthcareService)	Authorized actor(s)
action	Σ	0..*	CodeableConcept	Actions controlled by this rule Binding: TypeRestfulInteraction (preferred): Detailed codes for the action.
purpose	Σ	0..*	CodeableConcept	The purpose for which the permission is given Binding: PurposeOfUse (3.1.0) (preferred): What purposes of use are controlled by this exception. If more than one label is specified, operations must have all the specified labels.
limit		0..*	BackboneElement	What limits apply to the use of the data
control	Σ	0..*	CodeableConcept	What coded limits apply to the use of the data Binding: SecurityControlObservationValue (3.0.0) (preferred): Obligations and Refrains
tag	Σ	0..*	Coding	The sensitivity codes that must be removed from the data Binding: InformationSensitivityPolicy (3.0.0) (preferred): Sensitivity tags
element	Σ	0..*	string	What data elements that must be removed from the data
Documentation for this format

Terminology Bindings (Differential)

Path	Status	Usage	ValueSet	Version	Source
Permission.status	Base	required	ValueSet of Permission Status	📦1.0.0-current	This IG
Permission.justification.basis	Base	example	Consent PolicyRule Codes	📦6.0.0-ballot3	FHIR Std.
Permission.combining	Base	required	ValueSet for Permission Rule Combining	📦1.0.0-current	This IG
Permission.rule.type	Base	required	Consent Provision Type	📦6.0.0-ballot3	FHIR Std.
Permission.rule.data.resource.meaning	Base	required	Consent Data Meaning	📦6.0.0-ballot3	FHIR Std.
Permission.rule.data.resourceType	Base	extensible	Resource Types	📦6.0.0-ballot3	FHIR Std.
Permission.rule.activity.actor.role	Base	extensible	Participation Role Type	📦6.0.0-ballot3	FHIR Std.
Permission.rule.activity.action	Base	preferred	Type Restful Interaction	📦6.0.0-ballot3	FHIR Std.
Permission.rule.activity.purpose	Base	preferred	PurposeOfUse	📍3.1.0	THO v6.5
Permission.rule.limit.control	Base	preferred	SecurityControlObservationValue	📍3.0.0	THO v6.5
Permission.rule.limit.tag	Base	preferred	InformationSensitivityPolicy	📍3.0.0	THO v6.5

Constraints

Id	Grade	Path(s)	Description	Expression
prm-1	error	Permission.rule	If the import element is populated then the type, data, and activity shall not be populated	`import.exists() implies type.exists().not() and data.exists().not() and activity.exists().not()`

<Permission xmlns="http://hl7.org/fhir"> 
 <id value="[id]"/><!-- 0..1 * Logical id of this artifact  -->
 <meta><!-- I 0..1 * Metadata about the resource  --></meta>
 <implicitRules value="[uri]"/><!-- I 0..1 * A set of rules under which this content was created  -->
 <language value="[code]"/><!-- I 0..1 * Language of the resource content  -->
 <text><!-- I 0..1 * Text summary of the resource, for human interpretation  --></text>
 <contained><!-- 0..* * Contained, inline Resources  --></contained>
 <extension><!-- See Extensions  Additional content defined by implementations  --></extension>
 <modifierExtension><!-- I 0..* * Extensions that cannot be ignored  --></modifierExtension>
 <identifier><!-- 0..* * Business Identifier for permission  --></identifier>
 <status value="[code]"/><!-- 1..1 * active | entered-in-error | draft | rejected  -->
 <asserter><!-- 0..1 * The person or entity that asserts the permission  --></asserter>
 <date value="[dateTime]"/><!-- 0..* * The date that permission was asserted  -->
 <validity><!-- 0..1 * The period in which the permission is active  --></validity>
 <justification> I 0..1 *  <!-- I 0..1 The asserted justification for using the data -->
  <id value="[id]"/><!-- 0..1 * Unique id for inter-element referencing   -->
  <extension><!-- See Extensions  Additional content defined by implementations   --></extension>
  <modifierExtension><!-- I 0..* * Extensions that cannot be ignored even if unrecognized   --></modifierExtension>
  <basis><!-- 0..* * The regulatory grounds upon which this Permission builds   --></basis>
  <evidence><!-- 0..* * Justifing rational   --></evidence>
 </justification>
 <combining value="[code]"/><!-- 1..1 * deny-overrides | permit-overrides | ordered-deny-overrides | ordered-permit-overrides | deny-unless-permit | permit-unless-deny  -->
 <rule> I 0..* *  <!-- I 0..* Constraints to the Permission -->
  <id value="[id]"/><!-- 0..1 * Unique id for inter-element referencing   -->
  <extension><!-- See Extensions  Additional content defined by implementations   --></extension>
  <modifierExtension><!-- I 0..* * Extensions that cannot be ignored even if unrecognized   --></modifierExtension>
  <import><!-- 0..1 * Reference to a Permission   --></import>
  <type value="[code]"/><!-- 0..1 * deny | permit   -->
  <data> I 0..* *  <!-- I 0..* The selection criteria to identify data that is within scope of this provision -->
   <id value="[id]"/><!-- 0..1 * Unique id for inter-element referencing    -->
   <extension><!-- See Extensions  Additional content defined by implementations    --></extension>
   <modifierExtension><!-- I 0..* * Extensions that cannot be ignored even if unrecognized    --></modifierExtension>
   <resource> I 0..* *  <!-- I 0..* Explicit FHIR Resource references -->
    <id value="[id]"/><!-- 0..1 * Unique id for inter-element referencing     -->
    <extension><!-- See Extensions  Additional content defined by implementations     --></extension>
    <modifierExtension><!-- I 0..* * Extensions that cannot be ignored even if unrecognized     --></modifierExtension>
    <meaning value="[code]"/><!-- 1..1 * instance | related | dependents | authoredby     -->
    <reference><!-- 1..1 * The actual data reference     --></reference>
   </resource>
   <resourceType><!-- 0..* * e.g. Resource Type, Profile, etc    --></resourceType>
   <security><!-- 0..* * Security tag code on .meta.security    --></security>
   <period><!-- 0..1 * Timeframe encompasing data create/update    --></period>
   <expression><!-- 0..1 * Expression identifying the data    --></expression>
  </data>
  <activity> I 0..* *  <!-- I 0..* A description or definition of which activities are allowed to be done on the data -->
   <id value="[id]"/><!-- 0..1 * Unique id for inter-element referencing    -->
   <extension><!-- See Extensions  Additional content defined by implementations    --></extension>
   <modifierExtension><!-- I 0..* * Extensions that cannot be ignored even if unrecognized    --></modifierExtension>
   <actor> I 0..* *  <!-- I 0..* Who|what is controlled by this rule -->
    <id value="[id]"/><!-- 0..1 * Unique id for inter-element referencing     -->
    <extension><!-- See Extensions  Additional content defined by implementations     --></extension>
    <modifierExtension><!-- I 0..* * Extensions that cannot be ignored even if unrecognized     --></modifierExtension>
    <role><!-- 0..1 * How the actor is involved     --></role>
    <reference><!-- 0..1 * Authorized actor(s)     --></reference>
   </actor>
   <action><!-- 0..* * Actions controlled by this rule    --></action>
   <purpose><!-- 0..* * The purpose for which the permission is given    --></purpose>
  </activity>
  <limit> I 0..* *  <!-- I 0..* What limits apply to the use of the data -->
   <id value="[id]"/><!-- 0..1 * Unique id for inter-element referencing    -->
   <extension><!-- See Extensions  Additional content defined by implementations    --></extension>
   <modifierExtension><!-- I 0..* * Extensions that cannot be ignored even if unrecognized    --></modifierExtension>
   <control><!-- 0..* * What coded limits apply to the use of the data    --></control>
   <tag><!-- 0..* * The sensitivity codes that must be removed from the data    --></tag>
   <element value="[string]"/><!-- 0..* * What data elements that must be removed from the data    -->
  </limit>
 </rule>
</Permission>


{
  "resourceType" : "Permission",
  "id" : "<id>", // 0..1 Logical id of this artifact
  "meta" : { Meta }, // I 0..1 Metadata about the resource
  "implicitRules" : "<uri>", // I 0..1 A set of rules under which this content was created
  "language" : "<code>", // I 0..1 Language of the resource content
  "text" : { Narrative }, // I 0..1 Text summary of the resource, for human interpretation
  "contained" : [{ Resource }], // 0..* Contained, inline Resources
  (Extensions - see JSON page)
  (Modifier Extensions - see JSON page)
  "identifier" : [{ Identifier }], // 0..* Business Identifier for permission
  "status" : "<code>", // 1..1 active | entered-in-error | draft | rejected
  "asserter" : { Reference(CareTeam|HealthcareService|Organization|Patient|
   Practitioner|PractitionerRole|RelatedPerson) }, // 0..1 The person or entity that asserts the permission
  "date" : ["<dateTime>"], // 0..* The date that permission was asserted
  "validity" : { Period }, // 0..1 The period in which the permission is active
  "justification" : { BackboneElement }, // I 0..1 The asserted justification for using the data
    "id" : "<id>", // 0..1 Unique id for inter-element referencing
  (Extensions - see JSON page)
  (Modifier Extensions - see JSON page)
    "basis" : [{ CodeableConcept }], // 0..* The regulatory grounds upon which this Permission builds
    "evidence" : [{ Reference(Resource) }] // 0..* Justifing rational
  }
  "combining" : "<code>", // 1..1 deny-overrides | permit-overrides | ordered-deny-overrides | ordered-permit-overrides | deny-unless-permit | permit-unless-deny
  "rule" : [{ BackboneElement }] // I 0..* Constraints to the Permission
    "id" : "<id>", // 0..1 Unique id for inter-element referencing
  (Extensions - see JSON page)
  (Modifier Extensions - see JSON page)
    "import" : { Reference(Permission) }, // 0..1 Reference to a Permission
    "type" : "<code>", // 0..1 deny | permit
    "data" : [{ BackboneElement }], // I 0..* The selection criteria to identify data that is within scope of this provision
      "id" : "<id>", // 0..1 Unique id for inter-element referencing
  (Extensions - see JSON page)
  (Modifier Extensions - see JSON page)
      "resource" : [{ BackboneElement }], // I 0..* Explicit FHIR Resource references
        "id" : "<id>", // 0..1 Unique id for inter-element referencing
  (Extensions - see JSON page)
  (Modifier Extensions - see JSON page)
        "meaning" : "<code>", // 1..1 instance | related | dependents | authoredby
        "reference" : { Reference(Resource) } // 1..1 The actual data reference
      }
      "resourceType" : [{ Coding }], // 0..* e.g. Resource Type, Profile, etc
      "security" : [{ Coding }], // 0..* Security tag code on .meta.security
      "period" : { Period }, // 0..1 Timeframe encompasing data create/update
      "expression" : { Expression } // 0..1 Expression identifying the data
    }
    "activity" : [{ BackboneElement }], // I 0..* A description or definition of which activities are allowed to be done on the data
      "id" : "<id>", // 0..1 Unique id for inter-element referencing
  (Extensions - see JSON page)
  (Modifier Extensions - see JSON page)
      "actor" : [{ BackboneElement }], // I 0..* Who|what is controlled by this rule
        "id" : "<id>", // 0..1 Unique id for inter-element referencing
  (Extensions - see JSON page)
  (Modifier Extensions - see JSON page)
        "role" : { CodeableConcept }, // 0..1 How the actor is involved
        "reference" : { Reference(CareTeam|Device|DeviceDefinition|Group|
      HealthcareService|Organization|Patient|Practitioner|PractitionerRole|
      RelatedPerson) } // 0..1 Authorized actor(s)
      }
      "action" : [{ CodeableConcept }], // 0..* Actions controlled by this rule
      "purpose" : [{ CodeableConcept }] // 0..* The purpose for which the permission is given
    }
    "limit" : [{ BackboneElement }] // I 0..* What limits apply to the use of the data
      "id" : "<id>", // 0..1 Unique id for inter-element referencing
  (Extensions - see JSON page)
  (Modifier Extensions - see JSON page)
      "control" : [{ CodeableConcept }], // 0..* What coded limits apply to the use of the data
      "tag" : [{ Coding }], // 0..* The sensitivity codes that must be removed from the data
      "element" : ["<string>"] // 0..* What data elements that must be removed from the data
    }
  }
}


@prefix fhir: <http://hl7.org/fhir/> .


[ a fhir:Permission;
  fhir:nodeRole fhir:treeRoot; # if this is the parser root

  fhir:id [ id ] ; # 0..1 Logical id of this artifact
  fhir:meta [ Meta ] ; # 0..1 I Metadata about the resource
  fhir:implicitRules [ uri ] ; # 0..1 I A set of rules under which this content was created
  fhir:language [ code ] ; # 0..1 I Language of the resource content
  fhir:text [ Narrative ] ; # 0..1 I Text summary of the resource, for human interpretation
  fhir:contained  ( [ Resource ] ... ) ; # 0..* Contained, inline Resources
  fhir:extension  ( [ Extension ] ... ) ; # 0..* I Additional content defined by implementations
  fhir:modifierExtension  ( [ Extension ] ... ) ; # 0..* I Extensions that cannot be ignored
  fhir:identifier  ( [ Identifier ] ... ) ; # 0..* Business Identifier for permission
  fhir:status [ code ] ; # 1..1 active | entered-in-error | draft | rejected
  fhir:asserter [ Reference(CareTeam|HealthcareService|Organization|Patient|Practitioner|PractitionerRole|
  RelatedPerson) ] ; # 0..1 The person or entity that asserts the permission
  fhir:date  ( [ dateTime ] ... ) ; # 0..* The date that permission was asserted
  fhir:validity [ Period ] ; # 0..1 The period in which the permission is active
  fhir:justification [ BackboneElement ] ; # 0..1 I The asserted justification for using the data
  fhir:combining [ code ] ; # 1..1 deny-overrides | permit-overrides | ordered-deny-overrides | ordered-permit-overrides | deny-unless-permit | permit-unless-deny
  fhir:rule  ( [ BackboneElement ] ... ) ; # 0..* I Constraints to the Permission
]

Differential View

Name	Flags	Card.	Type	Description & Constraints Filter: Bindings Constraints Obligations
Permission		0..*	DomainResource	Access Rules Elements defined in Ancestors:id, meta, implicitRules, language, text, contained, extension, modifierExtension
identifier	Σ	0..*	Identifier	Business Identifier for permission
status	Σ	1..1	code	active \| entered-in-error \| draft \| rejected Binding: PermissionStatusVS (required): Codes identifying the lifecycle stage of a product.
asserter	Σ	0..1	Reference(Practitioner \| PractitionerRole \| Organization \| CareTeam \| Patient \| RelatedPerson \| HealthcareService)	The person or entity that asserts the permission
date	Σ	0..*	dateTime	The date that permission was asserted
validity	Σ	0..1	Period	The period in which the permission is active
justification	Σ	0..1	BackboneElement	The asserted justification for using the data
basis	Σ	0..*	CodeableConcept	The regulatory grounds upon which this Permission builds Binding: ConsentPolicyRuleCodes (example): Regulatory policy examples
evidence	Σ	0..*	Reference(Resource)	Justifing rational
combining	?!Σ	1..1	code	deny-overrides \| permit-overrides \| ordered-deny-overrides \| ordered-permit-overrides \| deny-unless-permit \| permit-unless-deny Binding: PermissionRuleCombiningVS (required): How the rules are to be combined.
rule	ΣC	0..*	BackboneElement	Constraints to the Permission This repeating element order: The order of the rules processing is defined in rule combining selected in .combining element.
import	ΣC	0..1	Reference(Permission)	Reference to a Permission
type	?!ΣC	0..1	code	deny \| permit Binding: ConsentProvisionType (required): How a rule statement is applied.
data	ΣC	0..*	BackboneElement	The selection criteria to identify data that is within scope of this provision
resource	Σ	0..*	BackboneElement	Explicit FHIR Resource references
meaning	Σ	1..1	code	instance \| related \| dependents \| authoredby Binding: ConsentDataMeaning (required): How a resource reference is interpreted when testing consent restrictions.
reference	Σ	1..1	Reference(Resource)	The actual data reference
resourceType	Σ	0..*	Coding	e.g. Resource Type, Profile, etc Binding: ResourceType (extensible): The resource types a consent provision covers.
security	Σ	0..*	Coding	Security tag code on .meta.security
period	Σ	0..1	Period	Timeframe encompasing data create/update
expression	Σ	0..1	Expression	Expression identifying the data
activity	ΣC	0..*	BackboneElement	A description or definition of which activities are allowed to be done on the data
actor		0..*	BackboneElement	Who\|what is controlled by this rule
role		0..1	CodeableConcept	How the actor is involved Binding: ParticipationRoleType (extensible): How an actor is involved in the rule.
reference	Σ	0..1	Reference(Device \| Group \| CareTeam \| Organization \| Patient \| Practitioner \| RelatedPerson \| PractitionerRole \| DeviceDefinition \| HealthcareService)	Authorized actor(s)
action	Σ	0..*	CodeableConcept	Actions controlled by this rule Binding: TypeRestfulInteraction (preferred): Detailed codes for the action.
purpose	Σ	0..*	CodeableConcept	The purpose for which the permission is given Binding: PurposeOfUse (3.1.0) (preferred): What purposes of use are controlled by this exception. If more than one label is specified, operations must have all the specified labels.
limit		0..*	BackboneElement	What limits apply to the use of the data
control	Σ	0..*	CodeableConcept	What coded limits apply to the use of the data Binding: SecurityControlObservationValue (3.0.0) (preferred): Obligations and Refrains
tag	Σ	0..*	Coding	The sensitivity codes that must be removed from the data Binding: InformationSensitivityPolicy (3.0.0) (preferred): Sensitivity tags
element	Σ	0..*	string	What data elements that must be removed from the data
Documentation for this format

Terminology Bindings (Differential)

Path	Status	Usage	ValueSet	Version	Source
Permission.status	Base	required	ValueSet of Permission Status	📦1.0.0-current	This IG
Permission.justification.basis	Base	example	Consent PolicyRule Codes	📦6.0.0-ballot3	FHIR Std.
Permission.combining	Base	required	ValueSet for Permission Rule Combining	📦1.0.0-current	This IG
Permission.rule.type	Base	required	Consent Provision Type	📦6.0.0-ballot3	FHIR Std.
Permission.rule.data.resource.meaning	Base	required	Consent Data Meaning	📦6.0.0-ballot3	FHIR Std.
Permission.rule.data.resourceType	Base	extensible	Resource Types	📦6.0.0-ballot3	FHIR Std.
Permission.rule.activity.actor.role	Base	extensible	Participation Role Type	📦6.0.0-ballot3	FHIR Std.
Permission.rule.activity.action	Base	preferred	Type Restful Interaction	📦6.0.0-ballot3	FHIR Std.
Permission.rule.activity.purpose	Base	preferred	PurposeOfUse	📍3.1.0	THO v6.5
Permission.rule.limit.control	Base	preferred	SecurityControlObservationValue	📍3.0.0	THO v6.5
Permission.rule.limit.tag	Base	preferred	InformationSensitivityPolicy	📍3.0.0	THO v6.5

Constraints

Id	Grade	Path(s)	Description	Expression
prm-1	error	Permission.rule	If the import element is populated then the type, data, and activity shall not be populated	`import.exists() implies type.exists().not() and data.exists().not() and activity.exists().not()`

Other representations of resource: CSV, Excel

Notes:

Composite Permissions

In some cases, there are common components across different Permission rules and repeating those common rules could lead to redundancy which in turn could lead to the risk on inconsistency, if the common components are not formulated precisely in the same manner. Therefore, it is desirable to have a mechanism to define a common set of rules and refer to them in a single Permission resources. The import attribute enables pointing to such common rules by referencing the Permission resource.

If the import attribute is used in rule, the rule element shall not contain any other elements. The result of evluating a rule with an import is defined to be the result of evaluating the referenced Permission resource. The decision from that evaluation will then be combined with the decision from the other rues based on the combining algorithm specified in the combining element.

If the referenced Permission is not active or expired, this should be interpreted as returning a not-applicable decision because the referenced permission is silent about whether access should be permitted or denied in the given context.

A circular reference in processing linked Permissions should be treated as an error, leading to a not-applicable decision bubbling up from the Permission resource in which the circular reference was encountered.

Implementers shoud rely on pragmatic limits on the length of the chain of linked Permission and put in place reasonable guardrails against (maliciously or erroneously) large chains that could lead to draining of resources at the time of processing.

Rules Processing Logic

Each .rule is evaulated within the combining rule identified in the .combining element.

Within a .rule any repititions of the .data element are in an OR relationship. That is to say that the data identified by the rule is all the data identified by all repititions of .data. Thus to identify one rule that applies to data tagged with STD and data that is tagged with HIV, one would repeat this at the .data level.

Within a .rule any repititions of the .activity element are in an OR relationship. That is to say that the rule applies to all the repititions of .activity. Thus to identify one rule that applies to both TREAT and HOPERAT, one would have one rule with repititions at the .activity level.

Within a .rule all repititions of the .limit all apply to the rule. That is to say if there are multiple limits, and the rule permits the activity, then all the identified limits are applied to that authorized activity.

Within the .data element, all elements and all repetitions of elements, are in an AND relationship. Thus to select data that has both STD and HIV one puts both into one .rule. To have different rules for STD from HIV, one would need to have two .rule elements. To have a rule that applies to both, those that have just STD and just HIV, this repitition may also be done at the data level as described above.

Within the .activity element, all elements and all repetitions of elements, are in an AND relationship. Thus to control an actity that is covering purpose of both TREAT and HOPERAT, one rule with an .activity .purpose holding both TREAT and HOPERAT can define that rule. However this will not cover activities covering only TREAT, for that repeat at the .activity with just a .purpose of TREAT.

Search Parameters

Name	Type	Description	Expression
identifier	token	The unique id for a particular permission	`Permission.identifier`
rule-activity-actor	reference	The activity actor mentioned in a permission rule (permit or deny).	`Permission.rule.activity.actor.reference`
rule-data-period	date	The data period mentioned in a permission rule (permit or deny).	`Permission.rule.data.period`
rule-data-resource	reference	The data resource mentioned in a permission rule (permit or deny).	`Permission.rule.data.resource.reference`
rule-limit-element	string	The element limits mentioned in a permission rule (permit or deny).	`Permission.rule.limit.element`
status	token	active \| entered-in-error \| draft \| rejected	`Permission.status`

< prev

top

next >

IG © 2023+ HL7 International / Security. Package hl7.fhir.uv.dap#1.0.0-current based on FHIR 6.0.0-ballot3. Generated 2025-11-07
Links: Table of Contents | QA Report | Version History | | Propose a change