FHIR Extensions Pack
5.3.0 - May 2026 International flag

FHIR Extensions Pack, published by HL7 International / FHIR Infrastructure. This guide is not an authorized publication; it is the continuous build for version 5.3.0 built by the FHIR (HL7® FHIR® Standard) CI Build. This version is based on the current content of https://github.com/HL7/fhir-extensions/ and changes regularly. See the Directory of published versions

Extension: Limits placed on permitted activities by a consent provision

Official URL: http://hl7.org/fhir/StructureDefinition/consent-provision-limit Version: 5.3.0
Standards status: Trial-use Maturity Level: 3 Responsible: HL7 International / Security Computable Name: ConsentProvisionLimit

Extension to express limits on the permitted use of data. This extension expresses limits to be placed on the release of data authorized by the provision in which it exists. The limits are restrictions on the permitted use. Limits may be expressed by refrain or obligation codes applied to the activity, meta.security tags to be applied to Resources, identified elements to be removed from Resources used in this activity, or data paths to be removed from Resources used in this activity.

This extension should be used as a ModifierExtension as it is critical to the proper understanding of the consent. If the provision limit is not observed, then the consent is effectively not valid and should not be applied.

Context of Use

This extension is a modifier extension.

This extension may be used on the following element(s)

Usage info

Usages:

  • This Extension is not used by any profiles in this Specification

You can also check for usages in the FHIR IG Statistics

Changes since version 5.2.0:

  • New Content
  • Formal Views of Extension Content

    Description of Profiles, Differentials, Snapshots, and how the XML and JSON presentations work.

    This structure is derived from Extension

    Summary

    Complex Extension: Extension to express limits on the permitted use of data. This extension expresses limits to be placed on the release of data authorized by the provision in which it exists. The limits are restrictions on the permitted use. Limits may be expressed by refrain or obligation codes applied to the activity, meta.security tags to be applied to Resources, identified elements to be removed from Resources used in this activity, or data paths to be removed from Resources used in this activity. This extension should be used as a ModifierExtension as it is critical to the proper understanding of the consent. If the provision limit is not observed, then the consent is effectively not valid and should not be applied.

    • control: CodeableConcept: Control is used when the authorized activity must include a control vocabulary such as a refrain or obligation.
    • tag: CodeableConcept: Tag is used when the authorized activity must apply a given meta.security tag(s) to all data used/released under this provision.
    • element: id: When this provision authorizes data use, the data identified by its element id, must be redacted from the authorized data provided for that authorized use.
    • path: string: When this provision authorizes data use, the data identified by the FHIRPath, must be redacted from the authorized data provided for that authorized use.

    Maturity: 3

    This structure is derived from Extension

    This structure is derived from Extension

    Summary

    Complex Extension: Extension to express limits on the permitted use of data. This extension expresses limits to be placed on the release of data authorized by the provision in which it exists. The limits are restrictions on the permitted use. Limits may be expressed by refrain or obligation codes applied to the activity, meta.security tags to be applied to Resources, identified elements to be removed from Resources used in this activity, or data paths to be removed from Resources used in this activity. This extension should be used as a ModifierExtension as it is critical to the proper understanding of the consent. If the provision limit is not observed, then the consent is effectively not valid and should not be applied.

    • control: CodeableConcept: Control is used when the authorized activity must include a control vocabulary such as a refrain or obligation.
    • tag: CodeableConcept: Tag is used when the authorized activity must apply a given meta.security tag(s) to all data used/released under this provision.
    • element: id: When this provision authorizes data use, the data identified by its element id, must be redacted from the authorized data provided for that authorized use.
    • path: string: When this provision authorizes data use, the data identified by the FHIRPath, must be redacted from the authorized data provided for that authorized use.

    Maturity: 3

    Differential View

    This structure is derived from Extension

    Snapshot View

     

    Other representations of profile: CSV, Excel, Schematron

    Terminology Bindings

    Path Status Usage ValueSet Version Source
    Extension.extension:control.​value[x] Base preferred SecurityControlObservationValue 📦3.0.0 THO v7.2
    Extension.extension:tag.​value[x] Base preferred InformationSensitivityPolicy 📦3.0.0 THO v7.2

    Constraints

    Id Grade Path(s) Description Expression
    ele-1 error **ALL** elements All FHIR elements must have a @value or children hasValue() or (children().count() > id.count())
    ext-1 error **ALL** extensions Must have either extensions or value[x], not both extension.exists() != value.exists()

    R4B

    The extension is unchanged in R4B

    R4

    The extension is unchanged in R4

    R3

    The extension is unchanged in R3

    Search Parameters for this Extension

    (none found)