FastAccessControl, published by MITRE. This guide is not an authorized publication; it is the continuous build for version 0.2.2 built by the FHIR (HL7® FHIR® Standard) CI Build. This version is based on the current content of https://github.com/awatson1978/fhir-access-control-ig/ and changes regularly. See the Directory of published versions
Resource Profile: AccessControlConsent
| Official URL: https://gitlab.mitre.org/awatson/fast-access-control/StructureDefinition/ConsentToAcces | Version: 0.2.2 | |||
| Active as of 2017-12-15 | Computable Name: ConsentToAcces | |||
Restriction on use/release of exchanged information
Usage:
- This Resource Profile is not used by any profiles in this Implementation Guide
Formal Views of Profile Content
Description of Profiles, Differentials, Snapshots and how the different presentations work.
This structure is derived from Consent
| Name | Flags | Card. | Type | Description & Constraints |
|---|---|---|---|---|
  Consent |
0..* | Consent | A policy may permit or deny recipients or roles to perform actions for specific purposes and periods of time | |
  status |
S | 1..1 | code | Indicates the current state of this restriction |
| category |
S | 1..* | CodeableConcept | Type of restriction |
| dateTime |
S | 0..1 | dateTime | date/time of last update for this restriction |
 policy |
S | 0..* | BackboneElement | Policies covered by this consent |
 authority |
S | 0..0 | ||
 uri |
S | 0..1 | uri | Specific policy covered by this restriction |
 provision |
S | 0..1 | BackboneElement | Access rights |
 type |
0..1 | code | deny | permit Fixed Value: deny | |
 provision |
0..* | BackboneElement | Nested Exception Rules | |
| type |
S | 0..1 | code | deny | permit Fixed Value: permit |
| actor |
S | 1..* | BackboneElement | Who|what controlled by this rule (or group, by role) |
| role |
S | 1..1 | CodeableConcept | How the actor is involved |
| securityLabel |
S | 1..* | Coding | Security Labels that define affected resources |
| class |
1..* | Coding | e.g. Resource Type, Profile, CDA, etc. | |
| Documentation for this format | ||||
| Name | Flags | Card. | Type | Description & Constraints |
|---|---|---|---|---|
| Consent |
C | 0..* | Consent | A policy may permit or deny recipients or roles to perform actions for specific purposes and periods of time ppc-1: Either a Policy or PolicyRule ppc-2: IF Scope=privacy, there must be a patient ppc-3: IF Scope=research, there must be a patient ppc-4: IF Scope=adr, there must be a patient ppc-5: IF Scope=treatment, there must be a patient |
 implicitRules |
?!Σ | 0..1 | uri | A set of rules under which this content was created |
 modifierExtension |
?! | 0..* | Extension | Extensions that cannot be ignored |
| status |
?!SΣ | 1..1 | code | Indicates the current state of this restriction Binding: ConsentState (required): Indicates the state of the consent. |
| scope |
?!Σ | 1..1 | CodeableConcept | Which of the four areas this resource covers (extensible) Binding: ConsentScopeCodes (extensible): The four anticipated uses for the Consent Resource. |
| category |
SΣ | 1..* | CodeableConcept | Type of restriction Binding: ConsentCategoryCodes (extensible): A classification of the type of consents found in a consent statement. |
| dateTime |
SΣ | 0..1 | dateTime | date/time of last update for this restriction |
| policy |
S | 0..* | BackboneElement | Policies covered by this consent |
| modifierExtension |
?!Σ | 0..* | Extension | Extensions that cannot be ignored even if unrecognized |
| uri |
SC | 0..1 | uri | Specific policy covered by this restriction |
| provision |
SΣ | 0..1 | BackboneElement | Access rights |
| modifierExtension |
?!Σ | 0..* | Extension | Extensions that cannot be ignored even if unrecognized |
| type |
Σ | 0..1 | code | deny | permit Binding: ConsentProvisionType (required): How a rule statement is applied, such as adding additional consent or removing consent. Fixed Value: deny |
| provision |
0..* | BackboneElement | Nested Exception Rules | |
| modifierExtension |
?!Σ | 0..* | Extension | Extensions that cannot be ignored even if unrecognized |
| type |
SΣ | 0..1 | code | deny | permit Binding: ConsentProvisionType (required): How a rule statement is applied, such as adding additional consent or removing consent. Fixed Value: permit |
| actor |
S | 1..* | BackboneElement | Who|what controlled by this rule (or group, by role) |
| modifierExtension |
?!Σ | 0..* | Extension | Extensions that cannot be ignored even if unrecognized |
| role |
S | 1..1 | CodeableConcept | How the actor is involved Binding: SecurityRoleType (extensible): How an actor is involved in the consent considerations. |
 reference |
1..1 | Reference(Device | Group | CareTeam | Organization | Patient | Practitioner | RelatedPerson | PractitionerRole) | Resource for the actor (or group, by role) | |
| securityLabel |
SΣ | 1..* | Coding | Security Labels that define affected resources Binding: All Security Labels (extensible): Security Labels from the Healthcare Privacy and Security Classification System. |
| class |
Σ | 1..* | Coding | e.g. Resource Type, Profile, CDA, etc. Binding: ConsentContentClass (extensible): The class (type) of information a consent rule covers. |
| Documentation for this format | ||||
Terminology Bindings
| Path | Conformance | ValueSet / Code | URI |
| Consent.status | required | ConsentStatehttp://hl7.org/fhir/ValueSet/consent-state-codes|4.0.1from the FHIR Standard | |
| Consent.scope | extensible | ConsentScopeCodeshttp://hl7.org/fhir/ValueSet/consent-scopefrom the FHIR Standard | |
| Consent.category | extensible | ConsentCategoryCodeshttp://hl7.org/fhir/ValueSet/consent-categoryfrom the FHIR Standard | |
| Consent.provision.type | required | Fixed Value: denyhttp://hl7.org/fhir/ValueSet/consent-provision-type|4.0.1from the FHIR Standard | |
| Consent.provision.provision.type | required | Fixed Value: permithttp://hl7.org/fhir/ValueSet/consent-provision-type|4.0.1from the FHIR Standard | |
| Consent.provision.provision.actor.role | extensible | SecurityRoleTypehttp://hl7.org/fhir/ValueSet/security-role-typefrom the FHIR Standard | |
| Consent.provision.provision.securityLabel | extensible | All Security Labelshttp://hl7.org/fhir/ValueSet/security-labelsfrom the FHIR Standard | |
| Consent.provision.provision.class | extensible | ConsentContentClasshttp://hl7.org/fhir/ValueSet/consent-content-classfrom the FHIR Standard |
Constraints
| Id | Grade | Path(s) | Details | Requirements |
| dom-2 | error | Consent | If the resource is contained in another resource, it SHALL NOT contain nested Resources : contained.contained.empty() | |
| dom-3 | error | Consent | If the resource is contained in another resource, it SHALL be referred to from elsewhere in the resource or SHALL refer to the containing resource : contained.where((('#'+id in (%resource.descendants().reference | %resource.descendants().as(canonical) | %resource.descendants().as(uri) | %resource.descendants().as(url))) or descendants().where(reference = '#').exists() or descendants().where(as(canonical) = '#').exists() or descendants().where(as(canonical) = '#').exists()).not()).trace('unmatched', id).empty() | |
| dom-4 | error | Consent | If a resource is contained in another resource, it SHALL NOT have a meta.versionId or a meta.lastUpdated : contained.meta.versionId.empty() and contained.meta.lastUpdated.empty() | |
| dom-5 | error | Consent | If a resource is contained in another resource, it SHALL NOT have a security label : contained.meta.security.empty() | |
| dom-6 | best practice | Consent | A resource should have narrative for robust management : text.`div`.exists() | |
| ele-1 | error | **ALL** elements | All FHIR elements must have a @value or children : hasValue() or (children().count() > id.count()) | |
| ext-1 | error | **ALL** extensions | Must have either extensions or value[x], not both : extension.exists() != value.exists() | |
| ppc-1 | error | Consent | Either a Policy or PolicyRule : policy.exists() or policyRule.exists() | |
| ppc-2 | error | Consent | IF Scope=privacy, there must be a patient : patient.exists() or scope.coding.where(system='something' and code='patient-privacy').exists().not() | |
| ppc-3 | error | Consent | IF Scope=research, there must be a patient : patient.exists() or scope.coding.where(system='something' and code='research').exists().not() | |
| ppc-4 | error | Consent | IF Scope=adr, there must be a patient : patient.exists() or scope.coding.where(system='something' and code='adr').exists().not() | |
| ppc-5 | error | Consent | IF Scope=treatment, there must be a patient : patient.exists() or scope.coding.where(system='something' and code='treatment').exists().not() |
| Name | Flags | Card. | Type | Description & Constraints | ||||
|---|---|---|---|---|---|---|---|---|
| Consent |
C | 0..* | Consent | A policy may permit or deny recipients or roles to perform actions for specific purposes and periods of time ppc-1: Either a Policy or PolicyRule ppc-2: IF Scope=privacy, there must be a patient ppc-3: IF Scope=research, there must be a patient ppc-4: IF Scope=adr, there must be a patient ppc-5: IF Scope=treatment, there must be a patient | ||||
| id |
Σ | 0..1 | id | Logical id of this artifact | ||||
| meta |
Σ | 0..1 | Meta | Metadata about the resource | ||||
| implicitRules |
?!Σ | 0..1 | uri | A set of rules under which this content was created | ||||
| language |
0..1 | code | Language of the resource content Binding: CommonLanguages (preferred): A human language.
| |||||
| text |
0..1 | Narrative | Text summary of the resource, for human interpretation | |||||
| contained |
0..* | Resource | Contained, inline Resources | |||||
 extension |
0..* | Extension | Additional content defined by implementations | |||||
| modifierExtension |
?! | 0..* | Extension | Extensions that cannot be ignored | ||||
| identifier |
Σ | 0..* | Identifier | Identifier for this record (external references) Example General: {"system":"http://acme.org/identifier/local/eCMS","value":"Local eCMS identifier"} | ||||
| status |
?!SΣ | 1..1 | code | Indicates the current state of this restriction Binding: ConsentState (required): Indicates the state of the consent. | ||||
| scope |
?!Σ | 1..1 | CodeableConcept | Which of the four areas this resource covers (extensible) Binding: ConsentScopeCodes (extensible): The four anticipated uses for the Consent Resource. | ||||
| category |
SΣ | 1..* | CodeableConcept | Type of restriction Binding: ConsentCategoryCodes (extensible): A classification of the type of consents found in a consent statement. | ||||
| patient |
Σ | 0..1 | Reference(Patient) | Who the consent applies to | ||||
| dateTime |
SΣ | 0..1 | dateTime | date/time of last update for this restriction | ||||
| performer |
Σ | 0..* | Reference(Organization | Patient | Practitioner | RelatedPerson | PractitionerRole) | Who is agreeing to the policy and rules | ||||
| organization |
Σ | 0..* | Reference(Organization) | Custodian of the consent | ||||
 source[x] |
Σ | 0..1 | Source from which this consent is taken | |||||
| sourceAttachment |
Attachment | |||||||
| sourceReference |
Reference(Consent | DocumentReference | Contract | QuestionnaireResponse) | |||||||
| policy |
S | 0..* | BackboneElement | Policies covered by this consent | ||||
| id |
0..1 | string | Unique id for inter-element referencing | |||||
| extension |
0..* | Extension | Additional content defined by implementations | |||||
| modifierExtension |
?!Σ | 0..* | Extension | Extensions that cannot be ignored even if unrecognized | ||||
| uri |
SC | 0..1 | uri | Specific policy covered by this restriction | ||||
| policyRule |
ΣC | 0..1 | CodeableConcept | Regulation that this consents to Binding: ConsentPolicyRuleCodes (extensible): Regulatory policy examples. | ||||
| verification |
Σ | 0..* | BackboneElement | Consent Verified by patient or family | ||||
| id |
0..1 | string | Unique id for inter-element referencing | |||||
| extension |
0..* | Extension | Additional content defined by implementations | |||||
| modifierExtension |
?!Σ | 0..* | Extension | Extensions that cannot be ignored even if unrecognized | ||||
| verified |
Σ | 1..1 | boolean | Has been verified | ||||
| verifiedWith |
0..1 | Reference(Patient | RelatedPerson) | Person who verified | |||||
| verificationDate |
0..1 | dateTime | When consent verified | |||||
| provision |
SΣ | 0..1 | BackboneElement | Access rights | ||||
| id |
0..1 | string | Unique id for inter-element referencing | |||||
| extension |
0..* | Extension | Additional content defined by implementations | |||||
| modifierExtension |
?!Σ | 0..* | Extension | Extensions that cannot be ignored even if unrecognized | ||||
| type |
Σ | 0..1 | code | deny | permit Binding: ConsentProvisionType (required): How a rule statement is applied, such as adding additional consent or removing consent. Fixed Value: deny | ||||
| period |
Σ | 0..1 | Period | Timeframe for this rule | ||||
| actor |
0..* | BackboneElement | Who|what controlled by this rule (or group, by role) | |||||
| id |
0..1 | string | Unique id for inter-element referencing | |||||
| extension |
0..* | Extension | Additional content defined by implementations | |||||
| modifierExtension |
?!Σ | 0..* | Extension | Extensions that cannot be ignored even if unrecognized | ||||
| role |
1..1 | CodeableConcept | How the actor is involved Binding: SecurityRoleType (extensible): How an actor is involved in the consent considerations. | |||||
| reference |
1..1 | Reference(Device | Group | CareTeam | Organization | Patient | Practitioner | RelatedPerson | PractitionerRole) | Resource for the actor (or group, by role) | |||||
| action |
Σ | 0..* | CodeableConcept | Actions controlled by this rule Binding: ConsentActionCodes (example): Detailed codes for the consent action. | ||||
| securityLabel |
Σ | 0..* | Coding | Security Labels that define affected resources Binding: All Security Labels (extensible): Security Labels from the Healthcare Privacy and Security Classification System. | ||||
| purpose |
Σ | 0..* | Coding | Context of activities covered by this rule Binding: PurposeOfUse (extensible): What purposes of use are controlled by this exception. If more than one label is specified, operations must have all the specified labels. | ||||
| class |
Σ | 0..* | Coding | e.g. Resource Type, Profile, CDA, etc. Binding: ConsentContentClass (extensible): The class (type) of information a consent rule covers. | ||||
| code |
Σ | 0..* | CodeableConcept | e.g. LOINC or SNOMED CT code, etc. in the content Binding: ConsentContentCodes (example): If this code is found in an instance, then the exception applies. | ||||
| dataPeriod |
Σ | 0..1 | Period | Timeframe for data controlled by this rule | ||||
| data |
Σ | 0..* | BackboneElement | Data controlled by this rule | ||||
| id |
0..1 | string | Unique id for inter-element referencing | |||||
| extension |
0..* | Extension | Additional content defined by implementations | |||||
| modifierExtension |
?!Σ | 0..* | Extension | Extensions that cannot be ignored even if unrecognized | ||||
| meaning |
Σ | 1..1 | code | instance | related | dependents | authoredby Binding: ConsentDataMeaning (required): How a resource reference is interpreted when testing consent restrictions. | ||||
| reference |
Σ | 1..1 | Reference(Resource) | The actual data reference | ||||
| provision |
0..* | BackboneElement | Nested Exception Rules | |||||
| id |
0..1 | string | Unique id for inter-element referencing | |||||
| extension |
0..* | Extension | Additional content defined by implementations | |||||
| modifierExtension |
?!Σ | 0..* | Extension | Extensions that cannot be ignored even if unrecognized | ||||
| type |
SΣ | 0..1 | code | deny | permit Binding: ConsentProvisionType (required): How a rule statement is applied, such as adding additional consent or removing consent. Fixed Value: permit | ||||
| period |
Σ | 0..1 | Period | Timeframe for this rule | ||||
| actor |
S | 1..* | BackboneElement | Who|what controlled by this rule (or group, by role) | ||||
| id |
0..1 | string | Unique id for inter-element referencing | |||||
| extension |
0..* | Extension | Additional content defined by implementations | |||||
| modifierExtension |
?!Σ | 0..* | Extension | Extensions that cannot be ignored even if unrecognized | ||||
| role |
S | 1..1 | CodeableConcept | How the actor is involved Binding: SecurityRoleType (extensible): How an actor is involved in the consent considerations. | ||||
| reference |
1..1 | Reference(Device | Group | CareTeam | Organization | Patient | Practitioner | RelatedPerson | PractitionerRole) | Resource for the actor (or group, by role) | |||||
| action |
Σ | 0..* | CodeableConcept | Actions controlled by this rule Binding: ConsentActionCodes (example): Detailed codes for the consent action. | ||||
| securityLabel |
SΣ | 1..* | Coding | Security Labels that define affected resources Binding: All Security Labels (extensible): Security Labels from the Healthcare Privacy and Security Classification System. | ||||
| purpose |
Σ | 0..* | Coding | Context of activities covered by this rule Binding: PurposeOfUse (extensible): What purposes of use are controlled by this exception. If more than one label is specified, operations must have all the specified labels. | ||||
| class |
Σ | 1..* | Coding | e.g. Resource Type, Profile, CDA, etc. Binding: ConsentContentClass (extensible): The class (type) of information a consent rule covers. | ||||
| code |
Σ | 0..* | CodeableConcept | e.g. LOINC or SNOMED CT code, etc. in the content Binding: ConsentContentCodes (example): If this code is found in an instance, then the exception applies. | ||||
| dataPeriod |
Σ | 0..1 | Period | Timeframe for data controlled by this rule | ||||
| data |
Σ | 0..* | BackboneElement | Data controlled by this rule | ||||
| id |
0..1 | string | Unique id for inter-element referencing | |||||
| extension |
0..* | Extension | Additional content defined by implementations | |||||
| modifierExtension |
?!Σ | 0..* | Extension | Extensions that cannot be ignored even if unrecognized | ||||
| meaning |
Σ | 1..1 | code | instance | related | dependents | authoredby Binding: ConsentDataMeaning (required): How a resource reference is interpreted when testing consent restrictions. | ||||
| reference |
Σ | 1..1 | Reference(Resource) | The actual data reference | ||||
| provision |
0..* | See provision (Consent) | Nested Exception Rules | |||||
| Documentation for this format | ||||||||
Terminology Bindings
| Path | Conformance | ValueSet / Code | URI | |||
| Consent.language | preferred | CommonLanguages
http://hl7.org/fhir/ValueSet/languagesfrom the FHIR Standard | ||||
| Consent.status | required | ConsentStatehttp://hl7.org/fhir/ValueSet/consent-state-codes|4.0.1from the FHIR Standard | ||||
| Consent.scope | extensible | ConsentScopeCodeshttp://hl7.org/fhir/ValueSet/consent-scopefrom the FHIR Standard | ||||
| Consent.category | extensible | ConsentCategoryCodeshttp://hl7.org/fhir/ValueSet/consent-categoryfrom the FHIR Standard | ||||
| Consent.policyRule | extensible | ConsentPolicyRuleCodeshttp://hl7.org/fhir/ValueSet/consent-policyfrom the FHIR Standard | ||||
| Consent.provision.type | required | Fixed Value: denyhttp://hl7.org/fhir/ValueSet/consent-provision-type|4.0.1from the FHIR Standard | ||||
| Consent.provision.actor.role | extensible | SecurityRoleTypehttp://hl7.org/fhir/ValueSet/security-role-typefrom the FHIR Standard | ||||
| Consent.provision.action | example | ConsentActionCodeshttp://hl7.org/fhir/ValueSet/consent-actionfrom the FHIR Standard | ||||
| Consent.provision.securityLabel | extensible | All Security Labelshttp://hl7.org/fhir/ValueSet/security-labelsfrom the FHIR Standard | ||||
| Consent.provision.purpose | extensible | PurposeOfUsehttp://terminology.hl7.org/ValueSet/v3-PurposeOfUse | ||||
| Consent.provision.class | extensible | ConsentContentClasshttp://hl7.org/fhir/ValueSet/consent-content-classfrom the FHIR Standard | ||||
| Consent.provision.code | example | ConsentContentCodes (a valid code from LOINC)http://hl7.org/fhir/ValueSet/consent-content-codefrom the FHIR Standard | ||||
| Consent.provision.data.meaning | required | ConsentDataMeaninghttp://hl7.org/fhir/ValueSet/consent-data-meaning|4.0.1from the FHIR Standard | ||||
| Consent.provision.provision.type | required | Fixed Value: permithttp://hl7.org/fhir/ValueSet/consent-provision-type|4.0.1from the FHIR Standard | ||||
| Consent.provision.provision.actor.role | extensible | SecurityRoleTypehttp://hl7.org/fhir/ValueSet/security-role-typefrom the FHIR Standard | ||||
| Consent.provision.provision.action | example | ConsentActionCodeshttp://hl7.org/fhir/ValueSet/consent-actionfrom the FHIR Standard | ||||
| Consent.provision.provision.securityLabel | extensible | All Security Labelshttp://hl7.org/fhir/ValueSet/security-labelsfrom the FHIR Standard | ||||
| Consent.provision.provision.purpose | extensible | PurposeOfUsehttp://terminology.hl7.org/ValueSet/v3-PurposeOfUse | ||||
| Consent.provision.provision.class | extensible | ConsentContentClasshttp://hl7.org/fhir/ValueSet/consent-content-classfrom the FHIR Standard | ||||
| Consent.provision.provision.code | example | ConsentContentCodes (a valid code from LOINC)http://hl7.org/fhir/ValueSet/consent-content-codefrom the FHIR Standard | ||||
| Consent.provision.provision.data.meaning | required | ConsentDataMeaninghttp://hl7.org/fhir/ValueSet/consent-data-meaning|4.0.1from the FHIR Standard |
Constraints
| Id | Grade | Path(s) | Details | Requirements |
| dom-2 | error | Consent | If the resource is contained in another resource, it SHALL NOT contain nested Resources : contained.contained.empty() | |
| dom-3 | error | Consent | If the resource is contained in another resource, it SHALL be referred to from elsewhere in the resource or SHALL refer to the containing resource : contained.where((('#'+id in (%resource.descendants().reference | %resource.descendants().as(canonical) | %resource.descendants().as(uri) | %resource.descendants().as(url))) or descendants().where(reference = '#').exists() or descendants().where(as(canonical) = '#').exists() or descendants().where(as(canonical) = '#').exists()).not()).trace('unmatched', id).empty() | |
| dom-4 | error | Consent | If a resource is contained in another resource, it SHALL NOT have a meta.versionId or a meta.lastUpdated : contained.meta.versionId.empty() and contained.meta.lastUpdated.empty() | |
| dom-5 | error | Consent | If a resource is contained in another resource, it SHALL NOT have a security label : contained.meta.security.empty() | |
| dom-6 | best practice | Consent | A resource should have narrative for robust management : text.`div`.exists() | |
| ele-1 | error | **ALL** elements | All FHIR elements must have a @value or children : hasValue() or (children().count() > id.count()) | |
| ext-1 | error | **ALL** extensions | Must have either extensions or value[x], not both : extension.exists() != value.exists() | |
| ppc-1 | error | Consent | Either a Policy or PolicyRule : policy.exists() or policyRule.exists() | |
| ppc-2 | error | Consent | IF Scope=privacy, there must be a patient : patient.exists() or scope.coding.where(system='something' and code='patient-privacy').exists().not() | |
| ppc-3 | error | Consent | IF Scope=research, there must be a patient : patient.exists() or scope.coding.where(system='something' and code='research').exists().not() | |
| ppc-4 | error | Consent | IF Scope=adr, there must be a patient : patient.exists() or scope.coding.where(system='something' and code='adr').exists().not() | |
| ppc-5 | error | Consent | IF Scope=treatment, there must be a patient : patient.exists() or scope.coding.where(system='something' and code='treatment').exists().not() |
This structure is derived from Consent
Differential View
This structure is derived from Consent
| Name | Flags | Card. | Type | Description & Constraints |
|---|---|---|---|---|
| Consent |
0..* | Consent | A policy may permit or deny recipients or roles to perform actions for specific purposes and periods of time | |
| status |
S | 1..1 | code | Indicates the current state of this restriction |
| category |
S | 1..* | CodeableConcept | Type of restriction |
| dateTime |
S | 0..1 | dateTime | date/time of last update for this restriction |
| policy |
S | 0..* | BackboneElement | Policies covered by this consent |
| authority |
S | 0..0 | ||
| uri |
S | 0..1 | uri | Specific policy covered by this restriction |
| provision |
S | 0..1 | BackboneElement | Access rights |
| type |
0..1 | code | deny | permit Fixed Value: deny | |
| provision |
0..* | BackboneElement | Nested Exception Rules | |
| type |
S | 0..1 | code | deny | permit Fixed Value: permit |
| actor |
S | 1..* | BackboneElement | Who|what controlled by this rule (or group, by role) |
| role |
S | 1..1 | CodeableConcept | How the actor is involved |
| securityLabel |
S | 1..* | Coding | Security Labels that define affected resources |
| class |
1..* | Coding | e.g. Resource Type, Profile, CDA, etc. | |
| Documentation for this format | ||||
Key Elements View
| Name | Flags | Card. | Type | Description & Constraints |
|---|---|---|---|---|
| Consent |
C | 0..* | Consent | A policy may permit or deny recipients or roles to perform actions for specific purposes and periods of time ppc-1: Either a Policy or PolicyRule ppc-2: IF Scope=privacy, there must be a patient ppc-3: IF Scope=research, there must be a patient ppc-4: IF Scope=adr, there must be a patient ppc-5: IF Scope=treatment, there must be a patient |
| implicitRules |
?!Σ | 0..1 | uri | A set of rules under which this content was created |
| modifierExtension |
?! | 0..* | Extension | Extensions that cannot be ignored |
| status |
?!SΣ | 1..1 | code | Indicates the current state of this restriction Binding: ConsentState (required): Indicates the state of the consent. |
| scope |
?!Σ | 1..1 | CodeableConcept | Which of the four areas this resource covers (extensible) Binding: ConsentScopeCodes (extensible): The four anticipated uses for the Consent Resource. |
| category |
SΣ | 1..* | CodeableConcept | Type of restriction Binding: ConsentCategoryCodes (extensible): A classification of the type of consents found in a consent statement. |
| dateTime |
SΣ | 0..1 | dateTime | date/time of last update for this restriction |
| policy |
S | 0..* | BackboneElement | Policies covered by this consent |
| modifierExtension |
?!Σ | 0..* | Extension | Extensions that cannot be ignored even if unrecognized |
| uri |
SC | 0..1 | uri | Specific policy covered by this restriction |
| provision |
SΣ | 0..1 | BackboneElement | Access rights |
| modifierExtension |
?!Σ | 0..* | Extension | Extensions that cannot be ignored even if unrecognized |
| type |
Σ | 0..1 | code | deny | permit Binding: ConsentProvisionType (required): How a rule statement is applied, such as adding additional consent or removing consent. Fixed Value: deny |
| provision |
0..* | BackboneElement | Nested Exception Rules | |
| modifierExtension |
?!Σ | 0..* | Extension | Extensions that cannot be ignored even if unrecognized |
| type |
SΣ | 0..1 | code | deny | permit Binding: ConsentProvisionType (required): How a rule statement is applied, such as adding additional consent or removing consent. Fixed Value: permit |
| actor |
S | 1..* | BackboneElement | Who|what controlled by this rule (or group, by role) |
| modifierExtension |
?!Σ | 0..* | Extension | Extensions that cannot be ignored even if unrecognized |
| role |
S | 1..1 | CodeableConcept | How the actor is involved Binding: SecurityRoleType (extensible): How an actor is involved in the consent considerations. |
| reference |
1..1 | Reference(Device | Group | CareTeam | Organization | Patient | Practitioner | RelatedPerson | PractitionerRole) | Resource for the actor (or group, by role) | |
| securityLabel |
SΣ | 1..* | Coding | Security Labels that define affected resources Binding: All Security Labels (extensible): Security Labels from the Healthcare Privacy and Security Classification System. |
| class |
Σ | 1..* | Coding | e.g. Resource Type, Profile, CDA, etc. Binding: ConsentContentClass (extensible): The class (type) of information a consent rule covers. |
| Documentation for this format | ||||
Terminology Bindings
| Path | Conformance | ValueSet / Code | URI |
| Consent.status | required | ConsentStatehttp://hl7.org/fhir/ValueSet/consent-state-codes|4.0.1from the FHIR Standard | |
| Consent.scope | extensible | ConsentScopeCodeshttp://hl7.org/fhir/ValueSet/consent-scopefrom the FHIR Standard | |
| Consent.category | extensible | ConsentCategoryCodeshttp://hl7.org/fhir/ValueSet/consent-categoryfrom the FHIR Standard | |
| Consent.provision.type | required | Fixed Value: denyhttp://hl7.org/fhir/ValueSet/consent-provision-type|4.0.1from the FHIR Standard | |
| Consent.provision.provision.type | required | Fixed Value: permithttp://hl7.org/fhir/ValueSet/consent-provision-type|4.0.1from the FHIR Standard | |
| Consent.provision.provision.actor.role | extensible | SecurityRoleTypehttp://hl7.org/fhir/ValueSet/security-role-typefrom the FHIR Standard | |
| Consent.provision.provision.securityLabel | extensible | All Security Labelshttp://hl7.org/fhir/ValueSet/security-labelsfrom the FHIR Standard | |
| Consent.provision.provision.class | extensible | ConsentContentClasshttp://hl7.org/fhir/ValueSet/consent-content-classfrom the FHIR Standard |
Constraints
| Id | Grade | Path(s) | Details | Requirements |
| dom-2 | error | Consent | If the resource is contained in another resource, it SHALL NOT contain nested Resources : contained.contained.empty() | |
| dom-3 | error | Consent | If the resource is contained in another resource, it SHALL be referred to from elsewhere in the resource or SHALL refer to the containing resource : contained.where((('#'+id in (%resource.descendants().reference | %resource.descendants().as(canonical) | %resource.descendants().as(uri) | %resource.descendants().as(url))) or descendants().where(reference = '#').exists() or descendants().where(as(canonical) = '#').exists() or descendants().where(as(canonical) = '#').exists()).not()).trace('unmatched', id).empty() | |
| dom-4 | error | Consent | If a resource is contained in another resource, it SHALL NOT have a meta.versionId or a meta.lastUpdated : contained.meta.versionId.empty() and contained.meta.lastUpdated.empty() | |
| dom-5 | error | Consent | If a resource is contained in another resource, it SHALL NOT have a security label : contained.meta.security.empty() | |
| dom-6 | best practice | Consent | A resource should have narrative for robust management : text.`div`.exists() | |
| ele-1 | error | **ALL** elements | All FHIR elements must have a @value or children : hasValue() or (children().count() > id.count()) | |
| ext-1 | error | **ALL** extensions | Must have either extensions or value[x], not both : extension.exists() != value.exists() | |
| ppc-1 | error | Consent | Either a Policy or PolicyRule : policy.exists() or policyRule.exists() | |
| ppc-2 | error | Consent | IF Scope=privacy, there must be a patient : patient.exists() or scope.coding.where(system='something' and code='patient-privacy').exists().not() | |
| ppc-3 | error | Consent | IF Scope=research, there must be a patient : patient.exists() or scope.coding.where(system='something' and code='research').exists().not() | |
| ppc-4 | error | Consent | IF Scope=adr, there must be a patient : patient.exists() or scope.coding.where(system='something' and code='adr').exists().not() | |
| ppc-5 | error | Consent | IF Scope=treatment, there must be a patient : patient.exists() or scope.coding.where(system='something' and code='treatment').exists().not() |
Snapshot View
| Name | Flags | Card. | Type | Description & Constraints | ||||
|---|---|---|---|---|---|---|---|---|
| Consent |
C | 0..* | Consent | A policy may permit or deny recipients or roles to perform actions for specific purposes and periods of time ppc-1: Either a Policy or PolicyRule ppc-2: IF Scope=privacy, there must be a patient ppc-3: IF Scope=research, there must be a patient ppc-4: IF Scope=adr, there must be a patient ppc-5: IF Scope=treatment, there must be a patient | ||||
| id |
Σ | 0..1 | id | Logical id of this artifact | ||||
| meta |
Σ | 0..1 | Meta | Metadata about the resource | ||||
| implicitRules |
?!Σ | 0..1 | uri | A set of rules under which this content was created | ||||
| language |
0..1 | code | Language of the resource content Binding: CommonLanguages (preferred): A human language.
| |||||
| text |
0..1 | Narrative | Text summary of the resource, for human interpretation | |||||
| contained |
0..* | Resource | Contained, inline Resources | |||||
| extension |
0..* | Extension | Additional content defined by implementations | |||||
| modifierExtension |
?! | 0..* | Extension | Extensions that cannot be ignored | ||||
| identifier |
Σ | 0..* | Identifier | Identifier for this record (external references) Example General: {"system":"http://acme.org/identifier/local/eCMS","value":"Local eCMS identifier"} | ||||
| status |
?!SΣ | 1..1 | code | Indicates the current state of this restriction Binding: ConsentState (required): Indicates the state of the consent. | ||||
| scope |
?!Σ | 1..1 | CodeableConcept | Which of the four areas this resource covers (extensible) Binding: ConsentScopeCodes (extensible): The four anticipated uses for the Consent Resource. | ||||
| category |
SΣ | 1..* | CodeableConcept | Type of restriction Binding: ConsentCategoryCodes (extensible): A classification of the type of consents found in a consent statement. | ||||
| patient |
Σ | 0..1 | Reference(Patient) | Who the consent applies to | ||||
| dateTime |
SΣ | 0..1 | dateTime | date/time of last update for this restriction | ||||
| performer |
Σ | 0..* | Reference(Organization | Patient | Practitioner | RelatedPerson | PractitionerRole) | Who is agreeing to the policy and rules | ||||
| organization |
Σ | 0..* | Reference(Organization) | Custodian of the consent | ||||
| source[x] |
Σ | 0..1 | Source from which this consent is taken | |||||
| sourceAttachment |
Attachment | |||||||
| sourceReference |
Reference(Consent | DocumentReference | Contract | QuestionnaireResponse) | |||||||
| policy |
S | 0..* | BackboneElement | Policies covered by this consent | ||||
| id |
0..1 | string | Unique id for inter-element referencing | |||||
| extension |
0..* | Extension | Additional content defined by implementations | |||||
| modifierExtension |
?!Σ | 0..* | Extension | Extensions that cannot be ignored even if unrecognized | ||||
| uri |
SC | 0..1 | uri | Specific policy covered by this restriction | ||||
| policyRule |
ΣC | 0..1 | CodeableConcept | Regulation that this consents to Binding: ConsentPolicyRuleCodes (extensible): Regulatory policy examples. | ||||
| verification |
Σ | 0..* | BackboneElement | Consent Verified by patient or family | ||||
| id |
0..1 | string | Unique id for inter-element referencing | |||||
| extension |
0..* | Extension | Additional content defined by implementations | |||||
| modifierExtension |
?!Σ | 0..* | Extension | Extensions that cannot be ignored even if unrecognized | ||||
| verified |
Σ | 1..1 | boolean | Has been verified | ||||
| verifiedWith |
0..1 | Reference(Patient | RelatedPerson) | Person who verified | |||||
| verificationDate |
0..1 | dateTime | When consent verified | |||||
| provision |
SΣ | 0..1 | BackboneElement | Access rights | ||||
| id |
0..1 | string | Unique id for inter-element referencing | |||||
| extension |
0..* | Extension | Additional content defined by implementations | |||||
| modifierExtension |
?!Σ | 0..* | Extension | Extensions that cannot be ignored even if unrecognized | ||||
| type |
Σ | 0..1 | code | deny | permit Binding: ConsentProvisionType (required): How a rule statement is applied, such as adding additional consent or removing consent. Fixed Value: deny | ||||
| period |
Σ | 0..1 | Period | Timeframe for this rule | ||||
| actor |
0..* | BackboneElement | Who|what controlled by this rule (or group, by role) | |||||
| id |
0..1 | string | Unique id for inter-element referencing | |||||
| extension |
0..* | Extension | Additional content defined by implementations | |||||
| modifierExtension |
?!Σ | 0..* | Extension | Extensions that cannot be ignored even if unrecognized | ||||
| role |
1..1 | CodeableConcept | How the actor is involved Binding: SecurityRoleType (extensible): How an actor is involved in the consent considerations. | |||||
| reference |
1..1 | Reference(Device | Group | CareTeam | Organization | Patient | Practitioner | RelatedPerson | PractitionerRole) | Resource for the actor (or group, by role) | |||||
| action |
Σ | 0..* | CodeableConcept | Actions controlled by this rule Binding: ConsentActionCodes (example): Detailed codes for the consent action. | ||||
| securityLabel |
Σ | 0..* | Coding | Security Labels that define affected resources Binding: All Security Labels (extensible): Security Labels from the Healthcare Privacy and Security Classification System. | ||||
| purpose |
Σ | 0..* | Coding | Context of activities covered by this rule Binding: PurposeOfUse (extensible): What purposes of use are controlled by this exception. If more than one label is specified, operations must have all the specified labels. | ||||
| class |
Σ | 0..* | Coding | e.g. Resource Type, Profile, CDA, etc. Binding: ConsentContentClass (extensible): The class (type) of information a consent rule covers. | ||||
| code |
Σ | 0..* | CodeableConcept | e.g. LOINC or SNOMED CT code, etc. in the content Binding: ConsentContentCodes (example): If this code is found in an instance, then the exception applies. | ||||
| dataPeriod |
Σ | 0..1 | Period | Timeframe for data controlled by this rule | ||||
| data |
Σ | 0..* | BackboneElement | Data controlled by this rule | ||||
| id |
0..1 | string | Unique id for inter-element referencing | |||||
| extension |
0..* | Extension | Additional content defined by implementations | |||||
| modifierExtension |
?!Σ | 0..* | Extension | Extensions that cannot be ignored even if unrecognized | ||||
| meaning |
Σ | 1..1 | code | instance | related | dependents | authoredby Binding: ConsentDataMeaning (required): How a resource reference is interpreted when testing consent restrictions. | ||||
| reference |
Σ | 1..1 | Reference(Resource) | The actual data reference | ||||
| provision |
0..* | BackboneElement | Nested Exception Rules | |||||
| id |
0..1 | string | Unique id for inter-element referencing | |||||
| extension |
0..* | Extension | Additional content defined by implementations | |||||
| modifierExtension |
?!Σ | 0..* | Extension | Extensions that cannot be ignored even if unrecognized | ||||
| type |
SΣ | 0..1 | code | deny | permit Binding: ConsentProvisionType (required): How a rule statement is applied, such as adding additional consent or removing consent. Fixed Value: permit | ||||
| period |
Σ | 0..1 | Period | Timeframe for this rule | ||||
| actor |
S | 1..* | BackboneElement | Who|what controlled by this rule (or group, by role) | ||||
| id |
0..1 | string | Unique id for inter-element referencing | |||||
| extension |
0..* | Extension | Additional content defined by implementations | |||||
| modifierExtension |
?!Σ | 0..* | Extension | Extensions that cannot be ignored even if unrecognized | ||||
| role |
S | 1..1 | CodeableConcept | How the actor is involved Binding: SecurityRoleType (extensible): How an actor is involved in the consent considerations. | ||||
| reference |
1..1 | Reference(Device | Group | CareTeam | Organization | Patient | Practitioner | RelatedPerson | PractitionerRole) | Resource for the actor (or group, by role) | |||||
| action |
Σ | 0..* | CodeableConcept | Actions controlled by this rule Binding: ConsentActionCodes (example): Detailed codes for the consent action. | ||||
| securityLabel |
SΣ | 1..* | Coding | Security Labels that define affected resources Binding: All Security Labels (extensible): Security Labels from the Healthcare Privacy and Security Classification System. | ||||
| purpose |
Σ | 0..* | Coding | Context of activities covered by this rule Binding: PurposeOfUse (extensible): What purposes of use are controlled by this exception. If more than one label is specified, operations must have all the specified labels. | ||||
| class |
Σ | 1..* | Coding | e.g. Resource Type, Profile, CDA, etc. Binding: ConsentContentClass (extensible): The class (type) of information a consent rule covers. | ||||
| code |
Σ | 0..* | CodeableConcept | e.g. LOINC or SNOMED CT code, etc. in the content Binding: ConsentContentCodes (example): If this code is found in an instance, then the exception applies. | ||||
| dataPeriod |
Σ | 0..1 | Period | Timeframe for data controlled by this rule | ||||
| data |
Σ | 0..* | BackboneElement | Data controlled by this rule | ||||
| id |
0..1 | string | Unique id for inter-element referencing | |||||
| extension |
0..* | Extension | Additional content defined by implementations | |||||
| modifierExtension |
?!Σ | 0..* | Extension | Extensions that cannot be ignored even if unrecognized | ||||
| meaning |
Σ | 1..1 | code | instance | related | dependents | authoredby Binding: ConsentDataMeaning (required): How a resource reference is interpreted when testing consent restrictions. | ||||
| reference |
Σ | 1..1 | Reference(Resource) | The actual data reference | ||||
| provision |
0..* | See provision (Consent) | Nested Exception Rules | |||||
| Documentation for this format | ||||||||
Terminology Bindings
| Path | Conformance | ValueSet / Code | URI | |||
| Consent.language | preferred | CommonLanguages
http://hl7.org/fhir/ValueSet/languagesfrom the FHIR Standard | ||||
| Consent.status | required | ConsentStatehttp://hl7.org/fhir/ValueSet/consent-state-codes|4.0.1from the FHIR Standard | ||||
| Consent.scope | extensible | ConsentScopeCodeshttp://hl7.org/fhir/ValueSet/consent-scopefrom the FHIR Standard | ||||
| Consent.category | extensible | ConsentCategoryCodeshttp://hl7.org/fhir/ValueSet/consent-categoryfrom the FHIR Standard | ||||
| Consent.policyRule | extensible | ConsentPolicyRuleCodeshttp://hl7.org/fhir/ValueSet/consent-policyfrom the FHIR Standard | ||||
| Consent.provision.type | required | Fixed Value: denyhttp://hl7.org/fhir/ValueSet/consent-provision-type|4.0.1from the FHIR Standard | ||||
| Consent.provision.actor.role | extensible | SecurityRoleTypehttp://hl7.org/fhir/ValueSet/security-role-typefrom the FHIR Standard | ||||
| Consent.provision.action | example | ConsentActionCodeshttp://hl7.org/fhir/ValueSet/consent-actionfrom the FHIR Standard | ||||
| Consent.provision.securityLabel | extensible | All Security Labelshttp://hl7.org/fhir/ValueSet/security-labelsfrom the FHIR Standard | ||||
| Consent.provision.purpose | extensible | PurposeOfUsehttp://terminology.hl7.org/ValueSet/v3-PurposeOfUse | ||||
| Consent.provision.class | extensible | ConsentContentClasshttp://hl7.org/fhir/ValueSet/consent-content-classfrom the FHIR Standard | ||||
| Consent.provision.code | example | ConsentContentCodes (a valid code from LOINC)http://hl7.org/fhir/ValueSet/consent-content-codefrom the FHIR Standard | ||||
| Consent.provision.data.meaning | required | ConsentDataMeaninghttp://hl7.org/fhir/ValueSet/consent-data-meaning|4.0.1from the FHIR Standard | ||||
| Consent.provision.provision.type | required | Fixed Value: permithttp://hl7.org/fhir/ValueSet/consent-provision-type|4.0.1from the FHIR Standard | ||||
| Consent.provision.provision.actor.role | extensible | SecurityRoleTypehttp://hl7.org/fhir/ValueSet/security-role-typefrom the FHIR Standard | ||||
| Consent.provision.provision.action | example | ConsentActionCodeshttp://hl7.org/fhir/ValueSet/consent-actionfrom the FHIR Standard | ||||
| Consent.provision.provision.securityLabel | extensible | All Security Labelshttp://hl7.org/fhir/ValueSet/security-labelsfrom the FHIR Standard | ||||
| Consent.provision.provision.purpose | extensible | PurposeOfUsehttp://terminology.hl7.org/ValueSet/v3-PurposeOfUse | ||||
| Consent.provision.provision.class | extensible | ConsentContentClasshttp://hl7.org/fhir/ValueSet/consent-content-classfrom the FHIR Standard | ||||
| Consent.provision.provision.code | example | ConsentContentCodes (a valid code from LOINC)http://hl7.org/fhir/ValueSet/consent-content-codefrom the FHIR Standard | ||||
| Consent.provision.provision.data.meaning | required | ConsentDataMeaninghttp://hl7.org/fhir/ValueSet/consent-data-meaning|4.0.1from the FHIR Standard |
Constraints
| Id | Grade | Path(s) | Details | Requirements |
| dom-2 | error | Consent | If the resource is contained in another resource, it SHALL NOT contain nested Resources : contained.contained.empty() | |
| dom-3 | error | Consent | If the resource is contained in another resource, it SHALL be referred to from elsewhere in the resource or SHALL refer to the containing resource : contained.where((('#'+id in (%resource.descendants().reference | %resource.descendants().as(canonical) | %resource.descendants().as(uri) | %resource.descendants().as(url))) or descendants().where(reference = '#').exists() or descendants().where(as(canonical) = '#').exists() or descendants().where(as(canonical) = '#').exists()).not()).trace('unmatched', id).empty() | |
| dom-4 | error | Consent | If a resource is contained in another resource, it SHALL NOT have a meta.versionId or a meta.lastUpdated : contained.meta.versionId.empty() and contained.meta.lastUpdated.empty() | |
| dom-5 | error | Consent | If a resource is contained in another resource, it SHALL NOT have a security label : contained.meta.security.empty() | |
| dom-6 | best practice | Consent | A resource should have narrative for robust management : text.`div`.exists() | |
| ele-1 | error | **ALL** elements | All FHIR elements must have a @value or children : hasValue() or (children().count() > id.count()) | |
| ext-1 | error | **ALL** extensions | Must have either extensions or value[x], not both : extension.exists() != value.exists() | |
| ppc-1 | error | Consent | Either a Policy or PolicyRule : policy.exists() or policyRule.exists() | |
| ppc-2 | error | Consent | IF Scope=privacy, there must be a patient : patient.exists() or scope.coding.where(system='something' and code='patient-privacy').exists().not() | |
| ppc-3 | error | Consent | IF Scope=research, there must be a patient : patient.exists() or scope.coding.where(system='something' and code='research').exists().not() | |
| ppc-4 | error | Consent | IF Scope=adr, there must be a patient : patient.exists() or scope.coding.where(system='something' and code='adr').exists().not() | |
| ppc-5 | error | Consent | IF Scope=treatment, there must be a patient : patient.exists() or scope.coding.where(system='something' and code='treatment').exists().not() |
This structure is derived from Consent
Other representations of profile: CSV, Excel, Schematron