FASTConsent - Scalable Consent Management v0.1.0

Scalable Consent Management
0.1.0 - ci-build United States of America flag

Scalable Consent Management, published by HL7 International / Community Based Collaborative Care. This guide is not an authorized publication; it is the continuous build for version 0.1.0 built by the FHIR (HL7® FHIR® Standard) CI Build. This version is based on the current content of https://github.com/HL7/fhir-consent-management/ and changes regularly. See the Directory of published versions

Resource Profile: FASTConsent

Official URL: http://hl7.org/fhir/us/consent-management/StructureDefinition/FASTConsent				Version: 0.1.0
Standards status: Trial-use			Maturity Level: 1	Computable Name: FASTConsent

This profile captures the details of a Patient's Consent.

Mandatory and Must Support Data Elements

The following data elements must always be present or must be supported if the data is present in the sending system Must Support. They are presented below in a simple human-readable explanation. Profile specific guidance and examples are provided as well. The Formal Views below provides the formal summary, definitions, and terminology requirements.

Each Consent Must Have:

a status
a scope (fixed to the code 'patient-privacy')
a category
an identifier
a patient (where the reference SHALL contain an identifier for the patient)
a dateTime
a performer (where the reference SHALL contain an identifier for the organization, patient, related person, or practitioner)
a source[x] that is either a DocumentReference with an attachment or a QuestionnaireResponse
a provision, that must include the following:
a type
an actor (where role is fixed to IRCP)
a Consent grantee extension (backported from the R5 Consent resource)

Each Consent Must Support:

all Must Have
a policy
a provision purpose
a Consent manager extension (backported from the R5 Consent resource)
a Consent controller extension (backported from the R5 Consent resource)

Each Consent MUST NOT provide:

an organization - this is contained in the extensions
more than two levels of provision

Referencing External Participants

Since a FHIR reference can contain a RESTful id to a patient, organization, practitioner, or related person, and those RESTful ids may not be useful once a Consent instance has propogated to other consent servers, this guide requires that an external identifier for those participants SHALL be populated. The RESTful id can also be sent but it is not necessary since the mandatory identifier conveys the identity of the participant. The FHIR additionalIdentifier extension is also included in the Reference to allow for multiple identifiers for participants to be conveyed.

Usages:

Use this Profile: File Consent Operation Parameters and Update Consent Operation Parameters
Refer to this Profile: Record Disclosure Operation Parameters and Revoke Consent Operation Parameters
Examples for this Profile: Consent/ConsentExample
CapabilityStatements using this Profile: Consent Administrative Server Capabilities and Consent Client Capabilities

You can also check for usages in the FHIR IG Statistics

Formal Views of Profile Content

Description of Profiles, Differentials, Snapshots and how the different presentations work.

Key Elements Table
Differential Table
Snapshot Table
Statistics/References
All

Name	Flags	Card.	Type	Description & Constraints Filter: Bindings Constraints Obligations
Consent	C	0..*	Consent	A healthcare consumer's choices to permit or deny recipients or roles to perform actions for specific purposes and periods of time Constraints: ppc-1, ppc-2, ppc-3, ppc-4, ppc-5
implicitRules	?!Σ	0..1	uri	A set of rules under which this content was created
Slices for extension		1..*	Extension	Extension Slice: Unordered, Open by value:url
extension:grantee	S	1..*	Reference(CareTeam \| HealthcareService \| Organization \| Patient \| Practitioner \| RelatedPerson \| PractitionerRole)	Optional Extensions Element URL: http://hl7.org/fhir/5.0/StructureDefinition/extension-Consent.grantee
extension:manager	S	0..*	Reference(HealthcareService \| Organization \| Patient \| Practitioner)	Optional Extensions Element URL: http://hl7.org/fhir/5.0/StructureDefinition/extension-Consent.manager
extension:controller	S	0..*	Reference(HealthcareService \| Organization \| Patient \| Practitioner)	Optional Extensions Element URL: http://hl7.org/fhir/5.0/StructureDefinition/extension-Consent.controller
modifierExtension	?!	0..*	Extension	Extensions that cannot be ignored
identifier	SΣ	1..1	Identifier	Identifier for this record (external references) Example General: {"system":"http://acme.org/identifier/local/eCMS","value":"Local eCMS identifier"}
status	?!SΣ	1..1	code	draft \| proposed \| active \| rejected \| inactive \| entered-in-error Binding: ConsentState (required): Indicates the state of the consent.
scope	?!SΣ	1..1	CodeableConcept	Which of the four areas this resource covers (extensible) Binding: ConsentScopeCodes (extensible): The four anticipated uses for the Consent Resource. Required Pattern: At least the following
id		0..1	string	Unique id for inter-element referencing
extension		0..*	Extension	Additional content defined by implementations
coding		1..*	Coding	Code defined by a terminology system Fixed Value: (Complex)
id		0..1	string	Unique id for inter-element referencing
extension		0..*	Extension	Additional content defined by implementations
system		1..1	uri	Identity of the terminology system Fixed Value: http://terminology.hl7.org/CodeSystem/consentscope
version		0..1	string	Version of the system - if relevant
code		1..1	code	Symbol in syntax defined by the system Fixed Value: patient-privacy
display		0..1	string	Representation defined by the system
userSelected		0..1	boolean	If this coding was chosen directly by the user
text		0..1	string	Plain text representation of the concept
category	SΣ	1..*	CodeableConcept	Classification of the consent statement - for indexing/retrieval Binding: ConsentCategoryCodes (extensible): A classification of the type of consents found in a consent statement.
patient	SΣ	1..1	FASTReference(US Core Patient Profile)	Who the consent applies to
dateTime	SΣ	1..1	dateTime	When this Consent was created or indexed
performer	SΣ	1..*	FASTReference(US Core Organization Profile \| US Core Patient Profile \| US Core Practitioner Profile \| US Core RelatedPerson Profile \| US Core PractitionerRole Profile)	Who is agreeing to the policy and rules
source[x]	SΣ	1..1	Reference(US Core QuestionnaireResponse Profile \| FASTDocumentReference)	Source from which this consent is taken
policy	S	0..*	BackboneElement	Policies covered by this consent
modifierExtension	?!Σ	0..*	Extension	Extensions that cannot be ignored even if unrecognized
uri	SC	1..1	uri	Specific policy covered by this consent
provision	SΣ	1..1	BackboneElement	Constraints to the base Consent.policyRule
modifierExtension	?!Σ	0..*	Extension	Extensions that cannot be ignored even if unrecognized
type	SΣ	1..1	code	deny \| permit Binding: ConsentProvisionType (required): How a rule statement is applied, such as adding additional consent or removing consent.
actor	S	0..*	BackboneElement	Who\|what controlled by this rule (or group, by role)
modifierExtension	?!Σ	0..*	Extension	Extensions that cannot be ignored even if unrecognized
role	S	1..1	CodeableConcept	How the actor is involved Binding: SecurityRoleType (extensible): How an actor is involved in the consent considerations. Required Pattern: At least the following
id		0..1	string	Unique id for inter-element referencing
extension		0..*	Extension	Additional content defined by implementations
coding		1..*	Coding	Code defined by a terminology system Fixed Value: (Complex)
id		0..1	string	Unique id for inter-element referencing
extension		0..*	Extension	Additional content defined by implementations
system		1..1	uri	Identity of the terminology system Fixed Value: http://terminology.hl7.org/CodeSystem/v3-ParticipationType
version		0..1	string	Version of the system - if relevant
code		1..1	code	Symbol in syntax defined by the system Fixed Value: IRCP
display		0..1	string	Representation defined by the system
userSelected		0..1	boolean	If this coding was chosen directly by the user
text		0..1	string	Plain text representation of the concept
reference	S	1..1	Reference(Device \| Group \| CareTeam \| Organization \| Patient \| Practitioner \| RelatedPerson \| PractitionerRole)	Resource for the actor (or group, by role)
purpose	SΣ	0..*	Coding	Context of activities covered by this rule Binding: PurposeOfUse (3.1.0) (extensible): What purposes of use are controlled by this exception. If more than one label is specified, operations must have all the specified labels.
provision	S	0..*	BackboneElement	Nested Exception Rules
modifierExtension	?!Σ	0..*	Extension	Extensions that cannot be ignored even if unrecognized
Documentation for this format

Terminology Bindings

Path	Conformance	ValueSet / Code	URI
Consent.status	required	ConsentState `http://hl7.org/fhir/ValueSet/consent-state-codes\|4.0.1` From the FHIR Standard
Consent.scope	extensible	Pattern Value: patient-privacy `http://hl7.org/fhir/ValueSet/consent-scope` From the FHIR Standard
Consent.category	extensible	ConsentCategoryCodes `http://hl7.org/fhir/ValueSet/consent-category` From the FHIR Standard
Consent.provision.type	required	ConsentProvisionType `http://hl7.org/fhir/ValueSet/consent-provision-type\|4.0.1` From the FHIR Standard
Consent.provision.actor.role	extensible	Pattern Value: IRCP `http://hl7.org/fhir/ValueSet/security-role-type` From the FHIR Standard
Consent.provision.purpose	extensible	PurposeOfUse `http://terminology.hl7.org/ValueSet/v3-PurposeOfUse\|3.1.0`

Constraints

Id	Grade	Path(s)	Details	Requirements
dom-2	error	Consent	If the resource is contained in another resource, it SHALL NOT contain nested Resources : contained.contained.empty()
dom-3	error	Consent	If the resource is contained in another resource, it SHALL be referred to from elsewhere in the resource or SHALL refer to the containing resource : contained.where((('#'+id in (%resource.descendants().reference \| %resource.descendants().as(canonical) \| %resource.descendants().as(uri) \| %resource.descendants().as(url))) or descendants().where(reference = '#').exists() or descendants().where(as(canonical) = '#').exists() or descendants().where(as(canonical) = '#').exists()).not()).trace('unmatched', id).empty()
dom-4	error	Consent	If a resource is contained in another resource, it SHALL NOT have a meta.versionId or a meta.lastUpdated : contained.meta.versionId.empty() and contained.meta.lastUpdated.empty()
dom-5	error	Consent	If a resource is contained in another resource, it SHALL NOT have a security label : contained.meta.security.empty()
dom-6	best practice	Consent	A resource should have narrative for robust management : text.`div`.exists()
ele-1	error	ALL elements	All FHIR elements must have a @value or children : hasValue() or (children().count() > id.count())
ext-1	error	ALL extensions	Must have either extensions or value[x], not both : extension.exists() != value.exists()
ppc-1	error	Consent	Either a Policy or PolicyRule : policy.exists() or policyRule.exists()
ppc-2	error	Consent	IF Scope=privacy, there must be a patient : patient.exists() or scope.coding.where(system='something' and code='patient-privacy').exists().not()
ppc-3	error	Consent	IF Scope=research, there must be a patient : patient.exists() or scope.coding.where(system='something' and code='research').exists().not()
ppc-4	error	Consent	IF Scope=adr, there must be a patient : patient.exists() or scope.coding.where(system='something' and code='adr').exists().not()
ppc-5	error	Consent	IF Scope=treatment, there must be a patient : patient.exists() or scope.coding.where(system='something' and code='treatment').exists().not()

This structure is derived from Consent

Name	Flags	Card.	Type	Description & Constraints Filter: Bindings Constraints Obligations
Consent		0..*	Consent	A healthcare consumer's choices to permit or deny recipients or roles to perform actions for specific purposes and periods of time
Slices for extension		1..*	Extension	Extension Slice: Unordered, Open by value:url
extension:grantee	S	1..*	Reference(CareTeam \| HealthcareService \| Organization \| Patient \| Practitioner \| RelatedPerson \| PractitionerRole)	Optional Extensions Element URL: http://hl7.org/fhir/5.0/StructureDefinition/extension-Consent.grantee
extension:manager	S	0..*	Reference(HealthcareService \| Organization \| Patient \| Practitioner)	Optional Extensions Element URL: http://hl7.org/fhir/5.0/StructureDefinition/extension-Consent.manager
extension:controller	S	0..*	Reference(HealthcareService \| Organization \| Patient \| Practitioner)	Optional Extensions Element URL: http://hl7.org/fhir/5.0/StructureDefinition/extension-Consent.controller
identifier	S	1..1	Identifier	Identifier for this record (external references)
status	S	1..1	code	draft \| proposed \| active \| rejected \| inactive \| entered-in-error
scope	S	1..1	CodeableConcept	Which of the four areas this resource covers (extensible) Required Pattern: At least the following
coding		1..*	Coding	Code defined by a terminology system Fixed Value: (Complex)
system		1..1	uri	Identity of the terminology system Fixed Value: http://terminology.hl7.org/CodeSystem/consentscope
code		1..1	code	Symbol in syntax defined by the system Fixed Value: patient-privacy
category	S	1..*	CodeableConcept	Classification of the consent statement - for indexing/retrieval
patient	S	1..1	FASTReference(US Core Patient Profile)	Who the consent applies to
dateTime	S	1..1	dateTime	When this Consent was created or indexed
performer	S	1..*	FASTReference(US Core Organization Profile \| US Core Patient Profile \| US Core Practitioner Profile \| US Core RelatedPerson Profile \| US Core PractitionerRole Profile)	Who is agreeing to the policy and rules
organization		0..0
source[x]	S	1..1	Reference(US Core QuestionnaireResponse Profile \| FASTDocumentReference)	Source from which this consent is taken
policy	S	0..*	BackboneElement	Policies covered by this consent
uri	S	1..1	uri	Specific policy covered by this consent
provision	S	1..1	BackboneElement	Constraints to the base Consent.policyRule
type	S	1..1	code	deny \| permit
actor	S	0..*	BackboneElement	Who\|what controlled by this rule (or group, by role)
role	S	1..1	CodeableConcept	How the actor is involved Required Pattern: At least the following
coding		1..*	Coding	Code defined by a terminology system Fixed Value: (Complex)
system		1..1	uri	Identity of the terminology system Fixed Value: http://terminology.hl7.org/CodeSystem/v3-ParticipationType
code		1..1	code	Symbol in syntax defined by the system Fixed Value: IRCP
reference	S	1..1	Reference(Device \| Group \| CareTeam \| Organization \| Patient \| Practitioner \| RelatedPerson \| PractitionerRole)	Resource for the actor (or group, by role)
purpose	S	0..*	Coding	Context of activities covered by this rule
provision	S	0..*	BackboneElement	Nested Exception Rules
provision		0..0
Documentation for this format

Description & Constraints Filter: Filters

Consent

C

0..*

Consent

A healthcare consumer's choices to permit or deny recipients or roles to perform actions for specific purposes and periods of time
Constraints: ppc-1, ppc-2, ppc-3, ppc-4, ppc-5

id

Σ

0..1

id

Logical id of this artifact