John Moehrke XACML Consent Example, published by John Moehrke (Moehrke Research LLC). This guide is not an authorized publication; it is the continuous build for version 0.1.0 built by the FHIR (HL7® FHIR® Standard) CI Build. This version is based on the current content of https://github.com/JohnMoehrke/xacml-consent/ and changes regularly. See the Directory of published versions

• Content
• Detailed Descriptions
• Mappings
• Examples
• XML
• JSON
• TTL

Resource Profile: FHIR Consent with XACML Policies

A FHIR Consent resource that references XACML policies for access control, without including any rules directly in the Consent. Therefore, it does not include any provisions directly within the Consent. The actual access rules are defined in the referenced XACML policy documents.

changes from R4-R6 Consent:

• no scope element
• policy element is now policyBasis with either a .uri or .reference to DocumentReference containing XACML policy
  • policyBasis.reference to DocumentReference containing XACML policy
  • policyBaisis.uri to point at an external XACML policy
• source[x] is now sourceReference or sourceAttachment
  • sourceReference is a DocumentReference containing patient specific XACML policy
  • sourceAttachment.url is a direct link to the patient specific XACML policy

Usages:

• Examples for this Profile: Consent/ExampleFHIRConsentXACMLcopy, Consent/ExampleFHIRConsentXACMLcopyReference and Consent/ExampleFHIRConsentXACMLreference

You can also check for usages in the FHIR IG Statistics

Formal Views of Profile Content

Description of Profiles, Differentials, Snapshots and how the different presentations work.

• Key Elements Table
• Differential Table
• Snapshot Table
• Statistics/References
• All

Name	Flags	Card.	Type	Description & Constraints    Filter: Bindings Constraints Obligations
Consent	C	0..*	Consent	A healthcare consumer's or third party's choices to permit or deny recipients or roles to perform actions for specific purposes and periods of time Constraints: ppc-1
implicitRules	?!Σ	0..1	uri	A set of rules under which this content was created
contained		0..*	Resource	Contained, inline Resources
modifierExtension	?!Σ	0..*	Extension	Extensions that cannot be ignored
Slices for identifier	Σ	1..*	Identifier	Identifier for this record (external references) Slice: Unordered, Open by type:type.coding.code
identifier:XPS	SΣ	1..*	Identifier	Identifier for this record (external references)
use	?!	0..1	code	usual | official | temp | secondary | old (If known) Binding: IdentifierUse (required): Identifies the purpose for this identifier, if known .
value	C	1..1	string	The value that is unique Example General: 123456
status	?!Σ	1..1	code	draft | active | inactive | not-done | entered-in-error | unknown Binding: ConsentState (required): Indicates the state of the consent.
category	Σ	1..1	CodeableConcept	Classification of the consent statement - for indexing/retrieval Binding: ConsentCategoryCodes (example): A classification of the type of consents found in a consent statement.
coding		1..1	Coding	Code defined by a terminology system Required Pattern: At least the following
id		0..1	string	Unique id for inter-element referencing
extension		0..*	Extension	Additional content defined by implementations
system		1..1	uri	Identity of the terminology system Fixed Value: http://loinc.org
version		0..1	string	Version of the system - if relevant
code		1..1	code	Symbol in syntax defined by the system Fixed Value: 59284-0
display		0..1	string	Representation defined by the system
userSelected		0..1	boolean	If this coding was chosen directly by the user
subject	Σ	1..1	Reference(Patient)	Who the consent applies to
sourceAttachment	S	0..*	Attachment	Source from which this consent is taken
contentType	ΣC	1..1	code	Mime type of the content, with charset etc. Binding: MimeTypes (required): BCP 13 (RFCs 2045, 2046, 2047, 4288, 4289 and 2049) Required Pattern: application/xacml+xml
url	Σ	1..1	url	Uri where the data can be found Example General: http://www.acme.com/logo-small.png
sourceReference	S	0..*	Reference(DocumentReference)	Source from which this consent is taken
policyBasis		1..1	BackboneElement	Computable version of the backing policy
modifierExtension	?!Σ	0..*	Extension	Extensions that cannot be ignored even if unrecognized
reference	S	0..1	Reference(Resource)	Reference backing policy resource
uri	S	0..1	uri	URI to a computable backing policy
decision	?!Σ	0..1	code	deny | permit Binding: ConsentProvisionType (required): Sets the base decision for Consent to be either permit or deny, with provisions assumed to be a negation of the previous level.
Documentation for this format

Terminology Bindings

Path	Status	Usage	ValueSet	Version	Source
Consent.identifier:XPS.​use	Base	required	IdentifierUse	📍6.0.0-ballot3	FHIR Std.
Consent.status	Base	required	Consent State	📍6.0.0-ballot3	FHIR Std.
Consent.category	Base	example	Consent Category Codes	📍6.0.0-ballot3	FHIR Std.
Consent.sourceAttachment.​contentType	Base	required	Mime Types	📍6.0.0-ballot3	FHIR Std.
Consent.decision	Base	required	Consent Provision Type	📍6.0.0-ballot3	FHIR Std.

Constraints

Id	Grade	Path(s)	Description	Expression
dom-2	error	Consent	If the resource is contained in another resource, it SHALL NOT contain nested Resources	contained.contained.empty()
dom-3	error	Consent	If the resource is contained in another resource, it SHALL be referred to from elsewhere in the resource or SHALL refer to the containing resource	contained.where((('#'+id.trace('id') in %resource.descendants().select(reference | as(uri))) or descendants().where(reference='#' | as(uri)='#').exists()).not()).trace('unmatched', id).empty()
dom-4	error	Consent	If a resource is contained in another resource, it SHALL NOT have a meta.versionId or a meta.lastUpdated	contained.meta.versionId.empty() and contained.meta.lastUpdated.empty()
dom-5	error	Consent	If a resource is contained in another resource, it SHALL NOT have a security label	contained.meta.security.empty()
dom-6	best practice	Consent	A resource should have narrative for robust management	text.`div`.exists()
ele-1	error	**ALL** elements	All FHIR elements must have a @value or children	hasValue() or (children().count() > id.count())
ppc-1	error	Consent	Either a Permission (.provisionReference) or a .provision tree may exist but not both	provisionReference.exists() or provision.exists()

This structure is derived from Consent

Name	Flags	Card.	Type	Description & Constraints    Filter: Bindings Constraints Obligations
Consent		0..*	Consent	A healthcare consumer's or third party's choices to permit or deny recipients or roles to perform actions for specific purposes and periods of time
Slices for identifier		1..*	Identifier	Identifier for this record (external references) Slice: Unordered, Open by type:type.coding.code
identifier:XPS	S	1..*	Identifier	Identifier for this record (external references)
type
coding
code		0..1	code	Symbol in syntax defined by the system Fixed Value: oasis:names:tc:xacml:1.0:Policy/@PolicyId
value		1..1	string	The value that is unique
category		1..1	CodeableConcept	Classification of the consent statement - for indexing/retrieval
coding		1..1	Coding	Code defined by a terminology system Required Pattern: At least the following
system		1..1	uri	Identity of the terminology system Fixed Value: http://loinc.org
code		1..1	code	Symbol in syntax defined by the system Fixed Value: 59284-0
subject		1..1	Reference(Patient)	Who the consent applies to
sourceAttachment	S	0..*	Attachment	Source from which this consent is taken
contentType		1..1	code	Mime type of the content, with charset etc. Required Pattern: application/xacml+xml
url		1..1	url	Uri where the data can be found
sourceReference	S	0..*	Reference(DocumentReference)	Source from which this consent is taken
policyBasis		1..1	BackboneElement	Computable version of the backing policy
reference	S	0..1	Reference(Resource)	Reference backing policy resource
uri	S	0..1	uri	URI to a computable backing policy
provision		0..0		Constraints to the base Consent.policyRule/Consent.policy
Documentation for this format

Name	Flags	Card.	Type	Description & Constraints    Filter: Bindings Constraints Obligations
Consent	C	0..*	Consent	A healthcare consumer's or third party's choices to permit or deny recipients or roles to perform actions for specific purposes and periods of time Constraints: ppc-1
id	Σ	0..1	id	Logical id of this artifact
meta	Σ	0..1	Meta	Metadata about the resource
implicitRules	?!Σ	0..1	uri	A set of rules under which this content was created
language		0..1	code	Language of the resource content Binding: AllLanguages (required): IETF language tag for a human language Additional Bindings Purpose CommonLanguages Starter
text		0..1	Narrative	Text summary of the resource, for human interpretation This profile does not constrain the narrative in regard to content, language, or traceability to data elements
contained		0..*	Resource	Contained, inline Resources
extension		0..*	Extension	Additional content defined by implementations
modifierExtension	?!Σ	0..*	Extension	Extensions that cannot be ignored
Slices for identifier	Σ	1..*	Identifier	Identifier for this record (external references) Slice: Unordered, Open by type:type.coding.code
identifier:XPS	SΣ	1..*	Identifier	Identifier for this record (external references)
id		0..1	id	Unique id for inter-element referencing
extension		0..*	Extension	Additional content defined by implementations Slice: Unordered, Open by value:url
use	?!	0..1	code	usual | official | temp | secondary | old (If known) Binding: IdentifierUse (required): Identifies the purpose for this identifier, if known .
type		0..1	CodeableConcept	Description of identifier Binding: IdentifierTypeCodes (extensible): A coded type for an identifier that can be used to determine which identifier to use for a specific purpose.
id		0..1	id	Unique id for inter-element referencing
extension		0..*	Extension	Additional content defined by implementations Slice: Unordered, Open by value:url
coding		0..*	Coding	Code defined by a terminology system
id		0..1	id	Unique id for inter-element referencing
extension		0..*	Extension	Additional content defined by implementations Slice: Unordered, Open by value:url
system		0..1	uri	Identity of the terminology system
version		0..1	string	Version of the system - if relevant
code	C	0..1	code	Symbol in syntax defined by the system Fixed Value: oasis:names:tc:xacml:1.0:Policy/@PolicyId
display	C	0..1	string	Representation defined by the system
userSelected		0..1	boolean	If this coding was chosen directly by the user
text		0..1	string	Plain text representation of the concept
system		0..1	uri	The namespace for the identifier value Example General: http://www.acme.com/identifiers/patient
value	C	1..1	string	The value that is unique Example General: 123456
period		0..1	Period	Time period when id is/was valid for use
assigner		0..1	Reference(Organization)	Organization that issued id (may be just text)
status	?!Σ	1..1	code	draft | active | inactive | not-done | entered-in-error | unknown Binding: ConsentState (required): Indicates the state of the consent.
category	Σ	1..1	CodeableConcept	Classification of the consent statement - for indexing/retrieval Binding: ConsentCategoryCodes (example): A classification of the type of consents found in a consent statement.
id		0..1	id	Unique id for inter-element referencing
extension		0..*	Extension	Additional content defined by implementations Slice: Unordered, Open by value:url
coding		1..1	Coding	Code defined by a terminology system Required Pattern: At least the following
id		0..1	string	Unique id for inter-element referencing
extension		0..*	Extension	Additional content defined by implementations
system		1..1	uri	Identity of the terminology system Fixed Value: http://loinc.org
version		0..1	string	Version of the system - if relevant
code		1..1	code	Symbol in syntax defined by the system Fixed Value: 59284-0
display		0..1	string	Representation defined by the system
userSelected		0..1	boolean	If this coding was chosen directly by the user
text		0..1	string	Plain text representation of the concept
subject	Σ	1..1	Reference(Patient)	Who the consent applies to
date	Σ	0..1	date	Fully executed date of the consent
period	Σ	0..1	Period	Effective period for this Consent
grantor	Σ	0..*	Reference(CareTeam | Group | HealthcareService | Organization | Patient | Practitioner | RelatedPerson | PractitionerRole)	Who is granting rights according to the policy and rules
grantee	Σ	0..*	Reference(CareTeam | Group | HealthcareService | Organization | Patient | Practitioner | RelatedPerson | PractitionerRole)	Who is agreeing to the policy and rules
manager		0..*	Reference(HealthcareService | Organization | Patient | Practitioner)	Consent workflow management
controller		0..*	Reference(HealthcareService | Organization | Patient | Practitioner)	Consent Enforcer
sourceAttachment	S	0..*	Attachment	Source from which this consent is taken
id		0..1	id	Unique id for inter-element referencing
extension		0..*	Extension	Additional content defined by implementations Slice: Unordered, Open by value:url
contentType	ΣC	1..1	code	Mime type of the content, with charset etc. Binding: MimeTypes (required): BCP 13 (RFCs 2045, 2046, 2047, 4288, 4289 and 2049) Required Pattern: application/xacml+xml
language	Σ	0..1	code	Human language of the content (BCP-47) Binding: AllLanguages (required): IETF language tag for a human language. Additional Bindings Purpose CommonLanguages Starter Example General: en-AU
data	C	0..1	base64Binary	Data inline, base64ed
url	Σ	1..1	url	Uri where the data can be found Example General: http://www.acme.com/logo-small.png
size	Σ	0..1	integer64	Number of bytes of content (if url provided)
hash	Σ	0..1	base64Binary	Hash of the data (sha-1, base64ed)
title	Σ	0..1	string	Label to display in place of the data Example General: Official Corporate Logo
creation	Σ	0..1	dateTime	Date attachment was first created
height		0..1	positiveInt	Height of the image in pixels (photo/video)
width		0..1	positiveInt	Width of the image in pixels (photo/video)
frames		0..1	positiveInt	Number of frames if > 1 (photo)
duration		0..1	decimal	Length in seconds (audio / video)
pages		0..1	positiveInt	Number of printed pages
sourceReference	S	0..*	Reference(DocumentReference)	Source from which this consent is taken
regulatoryBasis		0..*	CodeableConcept	Regulations establishing base Consent Binding: ConsentPolicyRuleCodes (example): Regulatory policy examples
policyBasis		1..1	BackboneElement	Computable version of the backing policy
id		0..1	string	Unique id for inter-element referencing
extension		0..*	Extension	Additional content defined by implementations
modifierExtension	?!Σ	0..*	Extension	Extensions that cannot be ignored even if unrecognized
reference	S	0..1	Reference(Resource)	Reference backing policy resource
uri	S	0..1	uri	URI to a computable backing policy
policyText		0..*	Reference(DocumentReference)	Human Readable Policy
verification	Σ	0..*	BackboneElement	Consent Verified by patient or family
id		0..1	string	Unique id for inter-element referencing
extension		0..*	Extension	Additional content defined by implementations
modifierExtension	?!Σ	0..*	Extension	Extensions that cannot be ignored even if unrecognized
verified	Σ	1..1	boolean	Has been verified
verificationType		0..1	CodeableConcept	Business case of verification Binding: ConsentVerificationCodes (example): Types of Verification/Validation.
verifiedBy		0..1	Reference(Organization | Practitioner | PractitionerRole)	Person conducting verification
verifiedWith		0..1	Reference(Patient | RelatedPerson | Group)	Person who verified
verificationDate		0..*	dateTime	When consent verified
decision	?!Σ	0..1	code	deny | permit Binding: ConsentProvisionType (required): Sets the base decision for Consent to be either permit or deny, with provisions assumed to be a negation of the previous level.
provisionReference		0..*	Reference(Permission)	Permission Resource for provisions
Documentation for this format

Terminology Bindings

Path	Status	Usage	ValueSet	Version	Source
Consent.language	Base	required	All Languages	📍6.0.0-ballot3	FHIR Std.
Consent.identifier:XPS.​use	Base	required	IdentifierUse	📍6.0.0-ballot3	FHIR Std.
Consent.identifier:XPS.​type	Base	extensible	Identifier Type Codes	📍6.0.0-ballot3	FHIR Std.
Consent.status	Base	required	Consent State	📍6.0.0-ballot3	FHIR Std.
Consent.category	Base	example	Consent Category Codes	📍6.0.0-ballot3	FHIR Std.
Consent.sourceAttachment.​contentType	Base	required	Mime Types	📍6.0.0-ballot3	FHIR Std.
Consent.sourceAttachment.​language	Base	required	All Languages	📍6.0.0-ballot3	FHIR Std.
Consent.regulatoryBasis	Base	example	Consent PolicyRule Codes	📍6.0.0-ballot3	FHIR Std.
Consent.verification.​verificationType	Base	example	Consent Vefication Codes	📍6.0.0-ballot3	FHIR Std.
Consent.decision	Base	required	Consent Provision Type	📍6.0.0-ballot3	FHIR Std.
Consent.provision.actor.​role	Base	extensible	Participation Role Type	📍6.0.0-ballot3	FHIR Std.
Consent.provision.action	Base	example	Consent Action Codes	📍6.0.0-ballot3	FHIR Std.
Consent.provision.securityLabel	Base	example	Example set of Security Labels	📍6.0.0-ballot3	FHIR Std.
Consent.provision.purpose	Base	extensible	PurposeOfUse	📦3.1.0	THO v7.0
Consent.provision.documentType	Base	preferred	Consent Content Class	📍6.0.0-ballot3	FHIR Std.
Consent.provision.resourceType	Base	extensible	Resource Types	📍6.0.0-ballot3	FHIR Std.
Consent.provision.code	Base	example	Consent Content Codes	📍6.0.0-ballot3	FHIR Std.
Consent.provision.data.​meaning	Base	required	Consent Data Meaning	📍6.0.0-ballot3	FHIR Std.

Constraints

Id	Grade	Path(s)	Description	Expression
dom-2	error	Consent	If the resource is contained in another resource, it SHALL NOT contain nested Resources	contained.contained.empty()
dom-3	error	Consent	If the resource is contained in another resource, it SHALL be referred to from elsewhere in the resource or SHALL refer to the containing resource	contained.where((('#'+id.trace('id') in %resource.descendants().select(reference | as(uri))) or descendants().where(reference='#' | as(uri)='#').exists()).not()).trace('unmatched', id).empty()
dom-4	error	Consent	If a resource is contained in another resource, it SHALL NOT have a meta.versionId or a meta.lastUpdated	contained.meta.versionId.empty() and contained.meta.lastUpdated.empty()
dom-5	error	Consent	If a resource is contained in another resource, it SHALL NOT have a security label	contained.meta.security.empty()
dom-6	best practice	Consent	A resource should have narrative for robust management	text.`div`.exists()
ele-1	error	**ALL** elements	All FHIR elements must have a @value or children	hasValue() or (children().count() > id.count())
ppc-1	error	Consent	Either a Permission (.provisionReference) or a .provision tree may exist but not both	provisionReference.exists() or provision.exists()

This structure is derived from Consent

Summary

Mandatory: 7 elements(2 nested mandatory elements)
Must-Support: 5 elements
Fixed: 1 element
Prohibited: 1 element

Slices

This structure defines the following Slices:

• The element 1 is sliced based on the value of Consent.identifier

Key Elements View

Name	Flags	Card.	Type	Description & Constraints    Filter: Bindings Constraints Obligations
Consent	C	0..*	Consent	A healthcare consumer's or third party's choices to permit or deny recipients or roles to perform actions for specific purposes and periods of time Constraints: ppc-1
implicitRules	?!Σ	0..1	uri	A set of rules under which this content was created
contained		0..*	Resource	Contained, inline Resources
modifierExtension	?!Σ	0..*	Extension	Extensions that cannot be ignored
Slices for identifier	Σ	1..*	Identifier	Identifier for this record (external references) Slice: Unordered, Open by type:type.coding.code
identifier:XPS	SΣ	1..*	Identifier	Identifier for this record (external references)
use	?!	0..1	code	usual | official | temp | secondary | old (If known) Binding: IdentifierUse (required): Identifies the purpose for this identifier, if known .
value	C	1..1	string	The value that is unique Example General: 123456
status	?!Σ	1..1	code	draft | active | inactive | not-done | entered-in-error | unknown Binding: ConsentState (required): Indicates the state of the consent.
category	Σ	1..1	CodeableConcept	Classification of the consent statement - for indexing/retrieval Binding: ConsentCategoryCodes (example): A classification of the type of consents found in a consent statement.
coding		1..1	Coding	Code defined by a terminology system Required Pattern: At least the following
id		0..1	string	Unique id for inter-element referencing
extension		0..*	Extension	Additional content defined by implementations
system		1..1	uri	Identity of the terminology system Fixed Value: http://loinc.org
version		0..1	string	Version of the system - if relevant
code		1..1	code	Symbol in syntax defined by the system Fixed Value: 59284-0
display		0..1	string	Representation defined by the system
userSelected		0..1	boolean	If this coding was chosen directly by the user
subject	Σ	1..1	Reference(Patient)	Who the consent applies to
sourceAttachment	S	0..*	Attachment	Source from which this consent is taken
contentType	ΣC	1..1	code	Mime type of the content, with charset etc. Binding: MimeTypes (required): BCP 13 (RFCs 2045, 2046, 2047, 4288, 4289 and 2049) Required Pattern: application/xacml+xml
url	Σ	1..1	url	Uri where the data can be found Example General: http://www.acme.com/logo-small.png
sourceReference	S	0..*	Reference(DocumentReference)	Source from which this consent is taken
policyBasis		1..1	BackboneElement	Computable version of the backing policy
modifierExtension	?!Σ	0..*	Extension	Extensions that cannot be ignored even if unrecognized
reference	S	0..1	Reference(Resource)	Reference backing policy resource
uri	S	0..1	uri	URI to a computable backing policy
decision	?!Σ	0..1	code	deny | permit Binding: ConsentProvisionType (required): Sets the base decision for Consent to be either permit or deny, with provisions assumed to be a negation of the previous level.
Documentation for this format

Terminology Bindings

Path	Status	Usage	ValueSet	Version	Source
Consent.identifier:XPS.​use	Base	required	IdentifierUse	📍6.0.0-ballot3	FHIR Std.
Consent.status	Base	required	Consent State	📍6.0.0-ballot3	FHIR Std.
Consent.category	Base	example	Consent Category Codes	📍6.0.0-ballot3	FHIR Std.
Consent.sourceAttachment.​contentType	Base	required	Mime Types	📍6.0.0-ballot3	FHIR Std.
Consent.decision	Base	required	Consent Provision Type	📍6.0.0-ballot3	FHIR Std.

Constraints

Id	Grade	Path(s)	Description	Expression
dom-2	error	Consent	If the resource is contained in another resource, it SHALL NOT contain nested Resources	contained.contained.empty()
dom-3	error	Consent	If the resource is contained in another resource, it SHALL be referred to from elsewhere in the resource or SHALL refer to the containing resource	contained.where((('#'+id.trace('id') in %resource.descendants().select(reference | as(uri))) or descendants().where(reference='#' | as(uri)='#').exists()).not()).trace('unmatched', id).empty()
dom-4	error	Consent	If a resource is contained in another resource, it SHALL NOT have a meta.versionId or a meta.lastUpdated	contained.meta.versionId.empty() and contained.meta.lastUpdated.empty()
dom-5	error	Consent	If a resource is contained in another resource, it SHALL NOT have a security label	contained.meta.security.empty()
dom-6	best practice	Consent	A resource should have narrative for robust management	text.`div`.exists()
ele-1	error	**ALL** elements	All FHIR elements must have a @value or children	hasValue() or (children().count() > id.count())
ppc-1	error	Consent	Either a Permission (.provisionReference) or a .provision tree may exist but not both	provisionReference.exists() or provision.exists()

Differential View

This structure is derived from Consent

Name	Flags	Card.	Type	Description & Constraints    Filter: Bindings Constraints Obligations
Consent		0..*	Consent	A healthcare consumer's or third party's choices to permit or deny recipients or roles to perform actions for specific purposes and periods of time
Slices for identifier		1..*	Identifier	Identifier for this record (external references) Slice: Unordered, Open by type:type.coding.code
identifier:XPS	S	1..*	Identifier	Identifier for this record (external references)
type
coding
code		0..1	code	Symbol in syntax defined by the system Fixed Value: oasis:names:tc:xacml:1.0:Policy/@PolicyId
value		1..1	string	The value that is unique
category		1..1	CodeableConcept	Classification of the consent statement - for indexing/retrieval
coding		1..1	Coding	Code defined by a terminology system Required Pattern: At least the following
system		1..1	uri	Identity of the terminology system Fixed Value: http://loinc.org
code		1..1	code	Symbol in syntax defined by the system Fixed Value: 59284-0
subject		1..1	Reference(Patient)	Who the consent applies to
sourceAttachment	S	0..*	Attachment	Source from which this consent is taken
contentType		1..1	code	Mime type of the content, with charset etc. Required Pattern: application/xacml+xml
url		1..1	url	Uri where the data can be found
sourceReference	S	0..*	Reference(DocumentReference)	Source from which this consent is taken
policyBasis		1..1	BackboneElement	Computable version of the backing policy
reference	S	0..1	Reference(Resource)	Reference backing policy resource
uri	S	0..1	uri	URI to a computable backing policy
provision		0..0		Constraints to the base Consent.policyRule/Consent.policy
Documentation for this format

Snapshot View

Name	Flags	Card.	Type	Description & Constraints    Filter: Bindings Constraints Obligations
Consent	C	0..*	Consent	A healthcare consumer's or third party's choices to permit or deny recipients or roles to perform actions for specific purposes and periods of time Constraints: ppc-1
id	Σ	0..1	id	Logical id of this artifact
meta	Σ	0..1	Meta	Metadata about the resource
implicitRules	?!Σ	0..1	uri	A set of rules under which this content was created
language		0..1	code	Language of the resource content Binding: AllLanguages (required): IETF language tag for a human language Additional Bindings Purpose CommonLanguages Starter
text		0..1	Narrative	Text summary of the resource, for human interpretation This profile does not constrain the narrative in regard to content, language, or traceability to data elements
contained		0..*	Resource	Contained, inline Resources
extension		0..*	Extension	Additional content defined by implementations
modifierExtension	?!Σ	0..*	Extension	Extensions that cannot be ignored
Slices for identifier	Σ	1..*	Identifier	Identifier for this record (external references) Slice: Unordered, Open by type:type.coding.code
identifier:XPS	SΣ	1..*	Identifier	Identifier for this record (external references)
id		0..1	id	Unique id for inter-element referencing
extension		0..*	Extension	Additional content defined by implementations Slice: Unordered, Open by value:url
use	?!	0..1	code	usual | official | temp | secondary | old (If known) Binding: IdentifierUse (required): Identifies the purpose for this identifier, if known .
type		0..1	CodeableConcept	Description of identifier Binding: IdentifierTypeCodes (extensible): A coded type for an identifier that can be used to determine which identifier to use for a specific purpose.
id		0..1	id	Unique id for inter-element referencing
extension		0..*	Extension	Additional content defined by implementations Slice: Unordered, Open by value:url
coding		0..*	Coding	Code defined by a terminology system
id		0..1	id	Unique id for inter-element referencing
extension		0..*	Extension	Additional content defined by implementations Slice: Unordered, Open by value:url
system		0..1	uri	Identity of the terminology system
version		0..1	string	Version of the system - if relevant
code	C	0..1	code	Symbol in syntax defined by the system Fixed Value: oasis:names:tc:xacml:1.0:Policy/@PolicyId
display	C	0..1	string	Representation defined by the system
userSelected		0..1	boolean	If this coding was chosen directly by the user
text		0..1	string	Plain text representation of the concept
system		0..1	uri	The namespace for the identifier value Example General: http://www.acme.com/identifiers/patient
value	C	1..1	string	The value that is unique Example General: 123456
period		0..1	Period	Time period when id is/was valid for use
assigner		0..1	Reference(Organization)	Organization that issued id (may be just text)
status	?!Σ	1..1	code	draft | active | inactive | not-done | entered-in-error | unknown Binding: ConsentState (required): Indicates the state of the consent.
category	Σ	1..1	CodeableConcept	Classification of the consent statement - for indexing/retrieval Binding: ConsentCategoryCodes (example): A classification of the type of consents found in a consent statement.
id		0..1	id	Unique id for inter-element referencing
extension		0..*	Extension	Additional content defined by implementations Slice: Unordered, Open by value:url
coding		1..1	Coding	Code defined by a terminology system Required Pattern: At least the following
id		0..1	string	Unique id for inter-element referencing
extension		0..*	Extension	Additional content defined by implementations
system		1..1	uri	Identity of the terminology system Fixed Value: http://loinc.org
version		0..1	string	Version of the system - if relevant
code		1..1	code	Symbol in syntax defined by the system Fixed Value: 59284-0
display		0..1	string	Representation defined by the system
userSelected		0..1	boolean	If this coding was chosen directly by the user
text		0..1	string	Plain text representation of the concept
subject	Σ	1..1	Reference(Patient)	Who the consent applies to
date	Σ	0..1	date	Fully executed date of the consent
period	Σ	0..1	Period	Effective period for this Consent
grantor	Σ	0..*	Reference(CareTeam | Group | HealthcareService | Organization | Patient | Practitioner | RelatedPerson | PractitionerRole)	Who is granting rights according to the policy and rules
grantee	Σ	0..*	Reference(CareTeam | Group | HealthcareService | Organization | Patient | Practitioner | RelatedPerson | PractitionerRole)	Who is agreeing to the policy and rules
manager		0..*	Reference(HealthcareService | Organization | Patient | Practitioner)	Consent workflow management
controller		0..*	Reference(HealthcareService | Organization | Patient | Practitioner)	Consent Enforcer
sourceAttachment	S	0..*	Attachment	Source from which this consent is taken
id		0..1	id	Unique id for inter-element referencing
extension		0..*	Extension	Additional content defined by implementations Slice: Unordered, Open by value:url
contentType	ΣC	1..1	code	Mime type of the content, with charset etc. Binding: MimeTypes (required): BCP 13 (RFCs 2045, 2046, 2047, 4288, 4289 and 2049) Required Pattern: application/xacml+xml
language	Σ	0..1	code	Human language of the content (BCP-47) Binding: AllLanguages (required): IETF language tag for a human language. Additional Bindings Purpose CommonLanguages Starter Example General: en-AU
data	C	0..1	base64Binary	Data inline, base64ed
url	Σ	1..1	url	Uri where the data can be found Example General: http://www.acme.com/logo-small.png
size	Σ	0..1	integer64	Number of bytes of content (if url provided)
hash	Σ	0..1	base64Binary	Hash of the data (sha-1, base64ed)
title	Σ	0..1	string	Label to display in place of the data Example General: Official Corporate Logo
creation	Σ	0..1	dateTime	Date attachment was first created
height		0..1	positiveInt	Height of the image in pixels (photo/video)
width		0..1	positiveInt	Width of the image in pixels (photo/video)
frames		0..1	positiveInt	Number of frames if > 1 (photo)
duration		0..1	decimal	Length in seconds (audio / video)
pages		0..1	positiveInt	Number of printed pages
sourceReference	S	0..*	Reference(DocumentReference)	Source from which this consent is taken
regulatoryBasis		0..*	CodeableConcept	Regulations establishing base Consent Binding: ConsentPolicyRuleCodes (example): Regulatory policy examples
policyBasis		1..1	BackboneElement	Computable version of the backing policy
id		0..1	string	Unique id for inter-element referencing
extension		0..*	Extension	Additional content defined by implementations
modifierExtension	?!Σ	0..*	Extension	Extensions that cannot be ignored even if unrecognized
reference	S	0..1	Reference(Resource)	Reference backing policy resource
uri	S	0..1	uri	URI to a computable backing policy
policyText		0..*	Reference(DocumentReference)	Human Readable Policy
verification	Σ	0..*	BackboneElement	Consent Verified by patient or family
id		0..1	string	Unique id for inter-element referencing
extension		0..*	Extension	Additional content defined by implementations
modifierExtension	?!Σ	0..*	Extension	Extensions that cannot be ignored even if unrecognized
verified	Σ	1..1	boolean	Has been verified
verificationType		0..1	CodeableConcept	Business case of verification Binding: ConsentVerificationCodes (example): Types of Verification/Validation.
verifiedBy		0..1	Reference(Organization | Practitioner | PractitionerRole)	Person conducting verification
verifiedWith		0..1	Reference(Patient | RelatedPerson | Group)	Person who verified
verificationDate		0..*	dateTime	When consent verified
decision	?!Σ	0..1	code	deny | permit Binding: ConsentProvisionType (required): Sets the base decision for Consent to be either permit or deny, with provisions assumed to be a negation of the previous level.
provisionReference		0..*	Reference(Permission)	Permission Resource for provisions
Documentation for this format

Terminology Bindings

Path	Status	Usage	ValueSet	Version	Source
Consent.language	Base	required	All Languages	📍6.0.0-ballot3	FHIR Std.
Consent.identifier:XPS.​use	Base	required	IdentifierUse	📍6.0.0-ballot3	FHIR Std.
Consent.identifier:XPS.​type	Base	extensible	Identifier Type Codes	📍6.0.0-ballot3	FHIR Std.
Consent.status	Base	required	Consent State	📍6.0.0-ballot3	FHIR Std.
Consent.category	Base	example	Consent Category Codes	📍6.0.0-ballot3	FHIR Std.
Consent.sourceAttachment.​contentType	Base	required	Mime Types	📍6.0.0-ballot3	FHIR Std.
Consent.sourceAttachment.​language	Base	required	All Languages	📍6.0.0-ballot3	FHIR Std.
Consent.regulatoryBasis	Base	example	Consent PolicyRule Codes	📍6.0.0-ballot3	FHIR Std.
Consent.verification.​verificationType	Base	example	Consent Vefication Codes	📍6.0.0-ballot3	FHIR Std.
Consent.decision	Base	required	Consent Provision Type	📍6.0.0-ballot3	FHIR Std.
Consent.provision.actor.​role	Base	extensible	Participation Role Type	📍6.0.0-ballot3	FHIR Std.
Consent.provision.action	Base	example	Consent Action Codes	📍6.0.0-ballot3	FHIR Std.
Consent.provision.securityLabel	Base	example	Example set of Security Labels	📍6.0.0-ballot3	FHIR Std.
Consent.provision.purpose	Base	extensible	PurposeOfUse	📦3.1.0	THO v7.0
Consent.provision.documentType	Base	preferred	Consent Content Class	📍6.0.0-ballot3	FHIR Std.
Consent.provision.resourceType	Base	extensible	Resource Types	📍6.0.0-ballot3	FHIR Std.
Consent.provision.code	Base	example	Consent Content Codes	📍6.0.0-ballot3	FHIR Std.
Consent.provision.data.​meaning	Base	required	Consent Data Meaning	📍6.0.0-ballot3	FHIR Std.

Constraints

Id	Grade	Path(s)	Description	Expression
dom-2	error	Consent	If the resource is contained in another resource, it SHALL NOT contain nested Resources	contained.contained.empty()
dom-3	error	Consent	If the resource is contained in another resource, it SHALL be referred to from elsewhere in the resource or SHALL refer to the containing resource	contained.where((('#'+id.trace('id') in %resource.descendants().select(reference | as(uri))) or descendants().where(reference='#' | as(uri)='#').exists()).not()).trace('unmatched', id).empty()
dom-4	error	Consent	If a resource is contained in another resource, it SHALL NOT have a meta.versionId or a meta.lastUpdated	contained.meta.versionId.empty() and contained.meta.lastUpdated.empty()
dom-5	error	Consent	If a resource is contained in another resource, it SHALL NOT have a security label	contained.meta.security.empty()
dom-6	best practice	Consent	A resource should have narrative for robust management	text.`div`.exists()
ele-1	error	**ALL** elements	All FHIR elements must have a @value or children	hasValue() or (children().count() > id.count())
ppc-1	error	Consent	Either a Permission (.provisionReference) or a .provision tree may exist but not both	provisionReference.exists() or provision.exists()

This structure is derived from Consent

Summary

Mandatory: 7 elements(2 nested mandatory elements)
Must-Support: 5 elements
Fixed: 1 element
Prohibited: 1 element

Slices

This structure defines the following Slices:

• The element 1 is sliced based on the value of Consent.identifier

Other representations of profile: CSV, Excel, Schematron