Scalable Consent Management
0.1.0 - ci-build
Scalable Consent Management
0.1.0 - ci-build
Scalable Consent Management, published by HL7 International / Community Based Collaborative Care. This guide is not an authorized publication; it is the continuous build for version 0.1.0 built by the FHIR (HL7® FHIR® Standard) CI Build. This version is based on the current content of https://github.com/HL7/fhir-consent-management/ and changes regularly. See the Directory of published versions
| Page standards status: Trial-use | Maturity Level: 1 |
{
"resourceType" : "Requirements",
"id" : "technical-specification-client",
"text" : {
"status" : "generated",
"div" : "<div xmlns=\"http://www.w3.org/1999/xhtml\"><p class=\"res-header-id\"><b>Generated Narrative: Requirements technical-specification-client</b></p><a name=\"technical-specification-client\"> </a><a name=\"hctechnical-specification-client\"> </a><p>These requirements apply to the actor <a href=\"ActorDefinition-client.html\">Client</a></p><table class=\"grid\"><tr><td><b><a name=\"67\"> </a></b>requirement-67</td><td>SHALL</td><td><div><p>Consent Client SHALL query the consent administration service for the identifiers of the involved patients, practitioners, organizations, and related persons<br/><br/>Not testable yet - need lots more details about the lifecycle of relates resource instances.\nQuery or match?\nImplies CAS is an MPI and similar for other resources?\nDoesn’t say what triggers these queries to occur, or what effect it has on workflows, or whether discovered identifiers are used in resources...</p>\n</div><p>Links: </p><ul><li>Derived From: <code>HL7 FAST Consent IG</code></li><li>References: <a href=\"https://build.fhir.org/ig/HL7/fhir-consent-management/technical.html#:~:text=client%20systems%20SHALL%20query%20the%20consent%20administration%20service%20for%20the%20identifiers%20of%20the%20involved%20patients%2C%20practitioners%2C%20organizations%2C%20and%20related%20persons\">https://build.fhir.org/ig/HL7/fhir-consent-management/technical.html</a></li></ul></td></tr><tr><td><b><a name=\"202\"> </a></b>requirement-202</td><td>MAY</td><td><div><p>Consent Client MAY subscribe to Consent topics as defined by the FAST Subscription Topic<br/><br/>- No conformance words "client will...", so not clear which actors SHALL or MAY support. For now, treating as MAY for both clients and servers - tests can be conditional.</p>\n<ul>\n<li>Nature of topic is it allows combinations of criteria. I'll call out each criterion below for traceability.</li>\n<li>TBD whether there need to be requirements for CAS to detect and fire Consent events or if implied by subs framework.</li>\n</ul>\n</div><p>Links: </p><ul><li>Derived From: <code>HL7 FAST Consent IG</code></li><li>References: <a href=\"https://build.fhir.org/ig/HL7/fhir-consent-management/technical.html#:~:text=To%20register%20a%20subscription%2C%20client%20systems%20will%20POST%20to%20a%20consent%20administration%20service%27s%20Subscription%20endpoint\">https://build.fhir.org/ig/HL7/fhir-consent-management/technical.html</a></li></ul></td></tr><tr><td><b><a name=\"265\"> </a></b>requirement-265</td><td>SHALL</td><td><div><p>This guide mandates that Subscriptions be used<br/><br/>Need conformance words - who does this apply to? Assuming clients, but which ones? What triggering actions? Are clients required to support only, or that they positively subscribe to specific other systems? Suggest referencing section with normative workflows.</p>\n</div><p>Links: </p><ul><li>Derived From: <code>HL7 FAST Consent IG</code></li><li>References: <a href=\"https://build.fhir.org/ig/HL7/fhir-consent-management/technical.html#:~:text=this%20guide%20mandates%20that%20Subscriptions%20be%20used\">https://build.fhir.org/ig/HL7/fhir-consent-management/technical.html</a></li></ul></td></tr><tr><td><b><a name=\"167\"> </a></b>requirement-167</td><td>SHALL</td><td><div><p>If a system accesses a Consent instance for determining whether information can be accessed, the Record Disclosure Operation SHALL be used<br/><br/>- Need to clarify which system has the responsibility for calling this - assuming Consent Client, calling the CAS.</p>\n<ul>\n<li>For now, assuming client calls after accessing.</li>\n</ul>\n</div><p>Links: </p><ul><li>Derived From: <code>HL7 FAST Consent IG</code></li><li>References: <a href=\"https://build.fhir.org/ig/HL7/fhir-consent-management/technical.html#:~:text=The%20Record%20Disclosure%20Operation%20SHALL%20be%20used%20when%20a%20system%20accesses%20a%20Consent%20instance%20for%20determining%20whether%20informtion%20can%20be%20accessed\">https://build.fhir.org/ig/HL7/fhir-consent-management/technical.html</a></li></ul></td></tr><tr><td><b><a name=\"267\"> </a></b>requirement-267</td><td>SHALL</td><td><div><p>Consent Client SHALL support AuditEvent search by FASTAuditEventConsent<br/><br/>Implied - need requirement</p>\n</div><p>Links: </p><ul><li>Derived From: <code>HL7 FAST Consent IG</code></li><li>References: <a href=\"https://build.fhir.org/ig/HL7/fhir-consent-management/technical.html#:~:text=systems%20SHALL%20support%20the,consent\">https://build.fhir.org/ig/HL7/fhir-consent-management/technical.html</a></li></ul></td></tr><tr><td><b><a name=\"299\"> </a></b>requirement-299</td><td>SHALL</td><td><div><p>Consent Client SHALL support AuditEvent search by patient<br/><br/>Implied - need requirement</p>\n</div><p>Links: </p><ul><li>Derived From: <code>HL7 FAST Consent IG</code></li><li>References: <a href=\"https://build.fhir.org/ig/HL7/fhir-consent-management/technical.html#:~:text=systems%20SHALL%20support%20the,patient\">https://build.fhir.org/ig/HL7/fhir-consent-management/technical.html</a></li></ul></td></tr></table></div>"
},
"extension" : [
{
"url" : "http://hl7.org/fhir/StructureDefinition/structuredefinition-wg",
"valueCode" : "cbcc"
},
{
"url" : "http://hl7.org/fhir/StructureDefinition/structuredefinition-fmm",
"valueInteger" : 1,
"_valueInteger" : {
"extension" : [
{
"url" : "http://hl7.org/fhir/StructureDefinition/structuredefinition-conformance-derivedFrom",
"valueCanonical" : "http://hl7.org/fhir/us/consent-management/ImplementationGuide/hl7.fhir.us.consent-management"
}
]
}
},
{
"url" : "http://hl7.org/fhir/StructureDefinition/structuredefinition-standards-status",
"valueCode" : "trial-use",
"_valueCode" : {
"extension" : [
{
"url" : "http://hl7.org/fhir/StructureDefinition/structuredefinition-conformance-derivedFrom",
"valueCanonical" : "http://hl7.org/fhir/us/consent-management/ImplementationGuide/hl7.fhir.us.consent-management"
}
]
}
}
],
"url" : "http://hl7.org/fhir/us/consent-management/Requirements/technical-specification-client",
"version" : "0.1.0",
"name" : "TechnicalSpecificationClient",
"title" : "Technical Specification Client",
"status" : "active",
"experimental" : false,
"date" : "2025-09-03T19:43:24-04:00",
"publisher" : "HL7 International / Community Based Collaborative Care",
"contact" : [
{
"name" : "HL7 International / Community Based Collaborative Care",
"telecom" : [
{
"system" : "url",
"value" : "http://www.hl7.org/Special/committees/cbcc"
}
]
}
],
"description" : "Technical Specification Requirements for Client",
"jurisdiction" : [
{
"coding" : [
{
"system" : "urn:iso:std:iso:3166",
"code" : "US",
"display" : "United States of America"
}
]
}
],
"actor" : [
🔗 "http://hl7.org/fhir/us/consent-management/ActorDefinition/client"
],
"statement" : [
{
"key" : "67",
"label" : "requirement-67",
"conformance" : [
"SHALL"
],
"conditionality" : false,
"requirement" : "Consent Client SHALL query the consent administration service for the identifiers of the involved patients, practitioners, organizations, and related persons<br/><br/>Not testable yet - need lots more details about the lifecycle of relates resource instances. \nQuery or match?\nImplies CAS is an MPI and similar for other resources?\nDoesn’t say what triggers these queries to occur, or what effect it has on workflows, or whether discovered identifiers are used in resources...",
"derivedFrom" : "HL7 FAST Consent IG",
"reference" : [
"https://build.fhir.org/ig/HL7/fhir-consent-management/technical.html#:~:text=client%20systems%20SHALL%20query%20the%20consent%20administration%20service%20for%20the%20identifiers%20of%20the%20involved%20patients%2C%20practitioners%2C%20organizations%2C%20and%20related%20persons"
]
},
{
"key" : "202",
"label" : "requirement-202",
"conformance" : [
"MAY"
],
"conditionality" : false,
"requirement" : "Consent Client MAY subscribe to Consent topics as defined by the FAST Subscription Topic<br/><br/>- No conformance words \"client will...\", so not clear which actors SHALL or MAY support. For now, treating as MAY for both clients and servers - tests can be conditional.\n- Nature of topic is it allows combinations of criteria. I'll call out each criterion below for traceability.\n- TBD whether there need to be requirements for CAS to detect and fire Consent events or if implied by subs framework.",
"derivedFrom" : "HL7 FAST Consent IG",
"reference" : [
"https://build.fhir.org/ig/HL7/fhir-consent-management/technical.html#:~:text=To%20register%20a%20subscription%2C%20client%20systems%20will%20POST%20to%20a%20consent%20administration%20service%27s%20Subscription%20endpoint"
]
},
{
"key" : "265",
"label" : "requirement-265",
"conformance" : [
"SHALL"
],
"conditionality" : false,
"requirement" : "This guide mandates that Subscriptions be used<br/><br/>Need conformance words - who does this apply to? Assuming clients, but which ones? What triggering actions? Are clients required to support only, or that they positively subscribe to specific other systems? Suggest referencing section with normative workflows.",
"derivedFrom" : "HL7 FAST Consent IG",
"reference" : [
"https://build.fhir.org/ig/HL7/fhir-consent-management/technical.html#:~:text=this%20guide%20mandates%20that%20Subscriptions%20be%20used"
]
},
{
"key" : "167",
"label" : "requirement-167",
"conformance" : [
"SHALL"
],
"conditionality" : false,
"requirement" : "If a system accesses a Consent instance for determining whether information can be accessed, the Record Disclosure Operation SHALL be used<br/><br/>- Need to clarify which system has the responsibility for calling this - assuming Consent Client, calling the CAS.\n- For now, assuming client calls after accessing.",
"derivedFrom" : "HL7 FAST Consent IG",
"reference" : [
"https://build.fhir.org/ig/HL7/fhir-consent-management/technical.html#:~:text=The%20Record%20Disclosure%20Operation%20SHALL%20be%20used%20when%20a%20system%20accesses%20a%20Consent%20instance%20for%20determining%20whether%20informtion%20can%20be%20accessed"
]
},
{
"key" : "267",
"label" : "requirement-267",
"conformance" : [
"SHALL"
],
"conditionality" : false,
"requirement" : "Consent Client SHALL support AuditEvent search by FASTAuditEventConsent<br/><br/>Implied - need requirement",
"derivedFrom" : "HL7 FAST Consent IG",
"reference" : [
"https://build.fhir.org/ig/HL7/fhir-consent-management/technical.html#:~:text=systems%20SHALL%20support%20the,consent"
]
},
{
"key" : "299",
"label" : "requirement-299",
"conformance" : [
"SHALL"
],
"conditionality" : false,
"requirement" : "Consent Client SHALL support AuditEvent search by patient<br/><br/>Implied - need requirement",
"derivedFrom" : "HL7 FAST Consent IG",
"reference" : [
"https://build.fhir.org/ig/HL7/fhir-consent-management/technical.html#:~:text=systems%20SHALL%20support%20the,patient"
]
}
]
}
IG © 2024+ HL7 International / Community Based Collaborative Care. Package hl7.fhir.us.consent-management#0.1.0 based on FHIR 4.0.1. Generated 2025-09-05
Links: Table of Contents |
QA Report
| Version History |
|
Propose a change