Consent Client SHALL query the consent administration service for the identifiers of the involved patients, practitioners, organizations, and related persons<br/><br/>Not testable yet - need lots more details about the lifecycle of relates resource instances. Query or match? Implies CAS is an MPI and similar for other resources? Doesn’t say what triggers these queries to occur, or what effect it has on workflows, or whether discovered identifiers are used in resources...

Consent Client MAY subscribe to Consent topics as defined by the FAST Subscription Topic<br/><br/>- No conformance words "client will...", so not clear which actors SHALL or MAY support. For now, treating as MAY for both clients and servers - tests can be conditional.

• Nature of topic is it allows combinations of criteria. I'll call out each criterion below for traceability.
• TBD whether there need to be requirements for CAS to detect and fire Consent events or if implied by subs framework.

This guide mandates that Subscriptions be used<br/><br/>Need conformance words - who does this apply to? Assuming clients, but which ones? What triggering actions? Are clients required to support only, or that they positively subscribe to specific other systems? Suggest referencing section with normative workflows.

If a system accesses a Consent instance for determining whether information can be accessed, the Record Disclosure Operation SHALL be used<br/><br/>- Need to clarify which system has the responsibility for calling this - assuming Consent Client, calling the CAS.

• For now, assuming client calls after accessing.

Consent Client SHALL support AuditEvent search by FASTAuditEventConsent<br/><br/>Implied - need requirement

Consent Client SHALL support AuditEvent search by patient<br/><br/>Implied - need requirement