UZ Core Consent records the patient's own decision about whether their health data may be shared on the Digital Health Platform. Uzbekistan operates an opt-out model: when no Consent resource exists for a patient, sharing is permitted by default, and a patient opts out by recording a Consent that denies it. The model is intentionally binary - a single provision that either permits or denies - and the patient sets it themselves in the patient portal. The platform enforces it: when a consent denies access, a data request is refused with HTTP 403. Two exceptions exist - a lawful-access path for treating clinicians and other legally authorized parties, and an emergency break-glass path (recorded in AuditEvent with an emergency purpose-of-use). A Consent is anchored to its Patient.

Mandatory and Must Support data elements

The elements below must always be present (mandatory) or must be supported when the data is available (Must Support) - not all are required, but your system must populate each Must Support element when it has the data and process it on receipt. This is the human-readable summary; the formal views below give the exact cardinalities, types, and terminology bindings.

Each UZ Core Consent Must Have

This profile adds no mandatory cardinality of its own. The only required element is the one inherited from the base resource: a status (the state of the consent record itself, bound to the DHP consent-state value set).

Each UZ Core Consent Must Support

• a subject - the patient the consent belongs to;
• a grantor - the party granting the decision (the patient);
• a period - the start and end of the time the consent applies;
• a regulatory basis identifying the law or policy behind it (required binding);
• a decision - permit or deny (required binding);
• a source - either a sourceAttachment (with its url and creation date) or a sourceReference carrying the underlying consent document;
• a provision narrowing the decision, with its action and purpose (both required bindings).

The decision is binary by design: one decision of permit or deny. The platform reads it to allow or refuse each data request.

Building the JSON, step by step

A Consent is mostly system-generated when the patient sets it in the portal, so there is little to build by hand. The example below is the full record - copy it and adapt it; every value shown validates against this profile. The complete instance is the example Consent.

The smallest Consent you should send

status is the only strictly mandatory element, but a Consent is only meaningful when it names whose data it covers (subject), what it decides (decision - the scalar code permit or deny), and what that decision applies to (a provision). Because the absence of a Consent already permits sharing, the record you send is normally an opt-out: a deny whose provision.action says what is being withheld - here, disclosure. Every UZ Core resource must also name the profile it claims to conform to in meta.profile:

{
  "resourceType": "Consent",
  "meta": { "profile": ["https://dhp.uz/fhir/core/StructureDefinition/uz-core-consent"] },
  "status": "active",
  "subject": { "reference": "Patient/example-patient" },
  "decision": "deny",
  "provision": [
    {
      "action": [
        { "coding": [{ "system": "http://terminology.hl7.org/CodeSystem/consentaction", "code": "disclose" }] }
      ]
    }
  ]
}

status and decision each use a required binding - the value must come from the bound value set (the Snapshot view below lists each one). provision.action is a CodeableConcept, so its code sits in a coding array; subject is a plain Reference, so its target sits directly under reference.

A realistic consent record

A fuller record - shown here granting access, as a patient would when re-opting in or scoping consent to a specific purpose and period - also records who granted the decision (grantor, the patient), how long it applies (period), the law it rests on (regulatoryBasis), and a provision narrowing the decision to a specific action and purpose. grantor is a list of References, and regulatoryBasis, provision.action and provision.purpose are coded - each value comes from a bound value set:

{
  "resourceType": "Consent",
  "meta": { "profile": ["https://dhp.uz/fhir/core/StructureDefinition/uz-core-consent"] },
  "status": "active",
  "subject": { "reference": "Patient/example-patient" },
  "grantor": [
    { "reference": "Patient/example-patient" }
  ],
  "period": {
    "start": "2025-02-15T14:02:52+05:00",
    "end": "2026-02-15T14:02:52+05:00"
  },
  "regulatoryBasis": [
    {
      "coding": [
        { "system": "https://terminology.dhp.uz/fhir/core/CodeSystem/consent-policy-cs", "code": "uz-LRU-547" }
      ]
    }
  ],
  "decision": "permit",
  "provision": [
    {
      "action": [
        { "coding": [{ "system": "http://terminology.hl7.org/CodeSystem/consentaction", "code": "disclose" }] }
      ],
      "purpose": [
        { "system": "http://terminology.hl7.org/CodeSystem/v3-ActReason", "code": "RECORDMGT" }
      ],
      "period": {
        "start": "2025-02-15T14:02:52+05:00",
        "end": "2026-02-15T14:02:52+05:00"
      }
    }
  ]
}

Note that provision.purpose is a Coding directly (not wrapped in a coding array), while regulatoryBasis and provision.action are CodeableConcept types that hold a coding array. This record grants access; an opt-out is the same shape with decision set to deny, after which the platform refuses each data request with HTTP 403. See Missing & suppressed data and Terminology for the coded-value rules.

For example API calls and a sample payload, see the Quick Start at the bottom of this page.

• Key Elements Table
• Differential Table
• Snapshot Table
• Statistics/References
• All

Name	Flags	Card.	Type	Description & Constraints    Filter: Bindings Constraints Obligations
Consent		0..*	Consent(5.0.0)	A healthcare consumer's or third party's choices to permit or deny recipients or roles to perform actions for specific purposes and periods of time
implicitRules	?!Σ	0..1	uri	A set of rules under which this content was created
contained		0..*	Resource	Contained, inline Resources
modifierExtension	?!Σ	0..*	Extension	Extensions that cannot be ignored Constraints: ext-1
status	?!SΣ	1..1	code	draft | active | inactive | not-done | entered-in-error | unknown Binding: ConsentStateCodesVS (0.5.0) (required)
subject	SΣ	0..1	Reference(Patient | Practitioner | Group)	Who the consent applies to
period	SΣ	0..1	Period	Effective period for this Consent
start	SΣC	0..1	dateTime	Starting time with inclusive boundary
end	SΣC	0..1	dateTime	End time with inclusive boundary, if not ongoing
grantor	SΣ	0..*	Reference(CareTeam | HealthcareService | Organization | Patient | Practitioner | RelatedPerson | PractitionerRole)	Who is granting rights according to the policy and rules
sourceAttachment	S	0..*	Attachment	Source from which this consent is taken
url	SΣ	0..1	url	Uri where the data can be found Example General: http://www.acme.com/logo-small.png
creation	SΣ	0..1	dateTime	Date attachment was first created
sourceReference	S	0..*	Reference(Consent | DocumentReference | Contract | QuestionnaireResponse)	Source from which this consent is taken
regulatoryBasis	S	0..*	CodeableConcept	Regulations establishing base Consent Binding: ConsentPolicyVS (0.5.0) (required)
decision	?!SΣ	0..1	code	deny | permit Binding: ConsentProvisionTypeVS (0.5.0) (required)
provision	SΣ	0..*	BackboneElement	Constraints to the base Consent.policyRule/Consent.policy
modifierExtension	?!Σ	0..*	Extension	Extensions that cannot be ignored even if unrecognized Constraints: ext-1
action	Σ	0..*	CodeableConcept	Actions controlled by this provision Binding: ConsentActionVS (0.5.0) (required)
purpose	Σ	0..*	Coding	Context of activities covered by this provision Binding: ConsentPurposeOfUseVS (0.5.0) (required)
Documentation for this format

Terminology Bindings

Path	Status	Usage	ValueSet	Version	Source
Consent.status	Base	required	Consent State Codes	📍0.5.0	This IG
Consent.regulatoryBasis	Base	required	Consent policies	📍0.5.0	This IG
Consent.decision	Base	required	Consent provision type	📍0.5.0	This IG
Consent.provision.action	Base	required	Possible consent actions	📍0.5.0	This IG
Consent.provision.purpose	Base	required	Consent purpose of use	📍0.5.0	This IG

Constraints

Id	Grade	Path(s)	Description	Expression
dom-2	error	Consent	If the resource is contained in another resource, it SHALL NOT contain nested Resources	contained.contained.empty()
dom-3	error	Consent	If the resource is contained in another resource, it SHALL be referred to from elsewhere in the resource or SHALL refer to the containing resource	contained.where((('#'+id in (%resource.descendants().reference | %resource.descendants().ofType(canonical) | %resource.descendants().ofType(uri) | %resource.descendants().ofType(url))) or descendants().where(reference = '#').exists() or descendants().where(ofType(canonical) = '#').exists() or descendants().where(ofType(canonical) = '#').exists()).not()).trace('unmatched', id).empty()
dom-4	error	Consent	If a resource is contained in another resource, it SHALL NOT have a meta.versionId or a meta.lastUpdated	contained.meta.versionId.empty() and contained.meta.lastUpdated.empty()
dom-5	error	Consent	If a resource is contained in another resource, it SHALL NOT have a security label	contained.meta.security.empty()
dom-6	best practice	Consent	A resource should have narrative for robust management	text.`div`.exists()
ele-1	error	Consent.implicitRules, Consent.modifierExtension, Consent.status, Consent.subject, Consent.period, Consent.period.start, Consent.period.end, Consent.grantor, Consent.sourceAttachment, Consent.sourceAttachment.url, Consent.sourceAttachment.creation, Consent.sourceReference, Consent.regulatoryBasis, Consent.decision, Consent.provision, Consent.provision.modifierExtension, Consent.provision.action, Consent.provision.purpose	All FHIR elements must have a @value or children	hasValue() or (children().count() > id.count())
ext-1	error	Consent.modifierExtension, Consent.provision.modifierExtension	Must have either extensions or value[x], not both	extension.exists() != value.exists()

Name	Flags	Card.	Type	Description & Constraints    Filter: Bindings Constraints Obligations
Consent		0..*	Consent(5.0.0)	A healthcare consumer's or third party's choices to permit or deny recipients or roles to perform actions for specific purposes and periods of time
status	S	1..1	code	draft | active | inactive | not-done | entered-in-error | unknown Binding: ConsentStateCodesVS (0.5.0) (required)
subject	S	0..1	Reference(Patient | Practitioner | Group)	Who the consent applies to
period	S	0..1	Period	Effective period for this Consent
start	S	0..1	dateTime	Starting time with inclusive boundary
end	S	0..1	dateTime	End time with inclusive boundary, if not ongoing
grantor	S	0..*	Reference(CareTeam | HealthcareService | Organization | Patient | Practitioner | RelatedPerson | PractitionerRole)	Who is granting rights according to the policy and rules
sourceAttachment	S	0..*	Attachment	Source from which this consent is taken
url	S	0..1	url	Uri where the data can be found
creation	S	0..1	dateTime	Date attachment was first created
sourceReference	S	0..*	Reference(Consent | DocumentReference | Contract | QuestionnaireResponse)	Source from which this consent is taken
regulatoryBasis	S	0..*	CodeableConcept	Regulations establishing base Consent Binding: ConsentPolicyVS (0.5.0) (required)
decision	S	0..1	code	deny | permit Binding: ConsentProvisionTypeVS (0.5.0) (required)
provision	S	0..*	BackboneElement	Constraints to the base Consent.policyRule/Consent.policy
action		0..*	CodeableConcept	Actions controlled by this provision Binding: ConsentActionVS (0.5.0) (required)
purpose		0..*	Coding	Context of activities covered by this provision Binding: ConsentPurposeOfUseVS (0.5.0) (required)
Documentation for this format

Terminology Bindings (Differential)

Path	Status	Usage	ValueSet	Version	Source
Consent.status	Base	required	Consent State Codes	📍0.5.0	This IG
Consent.regulatoryBasis	Base	required	Consent policies	📍0.5.0	This IG
Consent.decision	Base	required	Consent provision type	📍0.5.0	This IG
Consent.provision.action	Base	required	Possible consent actions	📍0.5.0	This IG
Consent.provision.purpose	Base	required	Consent purpose of use	📍0.5.0	This IG

Name	Flags	Card.	Type	Description & Constraints    Filter: Bindings Constraints Obligations
Consent		0..*	Consent(5.0.0)	A healthcare consumer's or third party's choices to permit or deny recipients or roles to perform actions for specific purposes and periods of time
id	Σ	0..1	id	Logical id of this artifact
meta	Σ	0..1	Meta	Metadata about the resource
implicitRules	?!Σ	0..1	uri	A set of rules under which this content was created
language		0..1	code	Language of the resource content Binding: AllLanguages (required): IETF language tag for a human language Additional Bindings Purpose CommonLanguages Starter
text		0..1	Narrative	Text summary of the resource, for human interpretation This profile does not constrain the narrative in regard to content, language, or traceability to data elements
contained		0..*	Resource	Contained, inline Resources
extension		0..*	Extension	Additional content defined by implementations Constraints: ext-1
modifierExtension	?!Σ	0..*	Extension	Extensions that cannot be ignored Constraints: ext-1
identifier	Σ	0..*	Identifier	Identifier for this record (external references)
status	?!SΣ	1..1	code	draft | active | inactive | not-done | entered-in-error | unknown Binding: ConsentStateCodesVS (0.5.0) (required)
category	Σ	0..*	CodeableConcept	Classification of the consent statement - for indexing/retrieval Binding: ConsentCategoryCodes (example): A classification of the type of consents found in a consent statement.
subject	SΣ	0..1	Reference(Patient | Practitioner | Group)	Who the consent applies to
date	Σ	0..1	date	Fully executed date of the consent
period	SΣ	0..1	Period	Effective period for this Consent
id		0..1	id	Unique id for inter-element referencing
extension		0..*	Extension	Additional content defined by implementations Slice: Unordered, Open by value:url Constraints: ext-1
start	SΣC	0..1	dateTime	Starting time with inclusive boundary
end	SΣC	0..1	dateTime	End time with inclusive boundary, if not ongoing
grantor	SΣ	0..*	Reference(CareTeam | HealthcareService | Organization | Patient | Practitioner | RelatedPerson | PractitionerRole)	Who is granting rights according to the policy and rules
grantee	Σ	0..*	Reference(CareTeam | HealthcareService | Organization | Patient | Practitioner | RelatedPerson | PractitionerRole)	Who is agreeing to the policy and rules
manager		0..*	Reference(HealthcareService | Organization | Patient | Practitioner)	Consent workflow management
controller		0..*	Reference(HealthcareService | Organization | Patient | Practitioner)	Consent Enforcer
sourceAttachment	S	0..*	Attachment	Source from which this consent is taken
id		0..1	id	Unique id for inter-element referencing
extension		0..*	Extension	Additional content defined by implementations Slice: Unordered, Open by value:url Constraints: ext-1
contentType	ΣC	0..1	code	Mime type of the content, with charset etc. Binding: MimeTypes (required): BCP 13 (RFCs 2045, 2046, 2047, 4288, 4289 and 2049) Example General: text/plain; charset=UTF-8, image/png
language	Σ	0..1	code	Human language of the content (BCP-47) Binding: AllLanguages (required): IETF language tag for a human language. Additional Bindings Purpose CommonLanguages Starter Example General: en-AU
data	C	0..1	base64Binary	Data inline, base64ed
url	SΣ	0..1	url	Uri where the data can be found Example General: http://www.acme.com/logo-small.png
size	Σ	0..1	integer64	Number of bytes of content (if url provided)
hash	Σ	0..1	base64Binary	Hash of the data (sha-1, base64ed)
title	Σ	0..1	string	Label to display in place of the data Example General: Official Corporate Logo
creation	SΣ	0..1	dateTime	Date attachment was first created
height		0..1	positiveInt	Height of the image in pixels (photo/video)
width		0..1	positiveInt	Width of the image in pixels (photo/video)
frames		0..1	positiveInt	Number of frames if > 1 (photo)
duration		0..1	decimal	Length in seconds (audio / video)
pages		0..1	positiveInt	Number of printed pages
sourceReference	S	0..*	Reference(Consent | DocumentReference | Contract | QuestionnaireResponse)	Source from which this consent is taken
regulatoryBasis	S	0..*	CodeableConcept	Regulations establishing base Consent Binding: ConsentPolicyVS (0.5.0) (required)
policyBasis		0..1	BackboneElement	Computable version of the backing policy
id		0..1	string	Unique id for inter-element referencing
extension		0..*	Extension	Additional content defined by implementations Constraints: ext-1
modifierExtension	?!Σ	0..*	Extension	Extensions that cannot be ignored even if unrecognized Constraints: ext-1
reference		0..1	Reference(Resource)	Reference backing policy resource
url		0..1	url	URL to a computable backing policy
policyText		0..*	Reference(DocumentReference)	Human Readable Policy
verification	Σ	0..*	BackboneElement	Consent Verified by patient or family
id		0..1	string	Unique id for inter-element referencing
extension		0..*	Extension	Additional content defined by implementations Constraints: ext-1
modifierExtension	?!Σ	0..*	Extension	Extensions that cannot be ignored even if unrecognized Constraints: ext-1
verified	Σ	1..1	boolean	Has been verified
verificationType		0..1	CodeableConcept	Business case of verification Binding: ConsentVerificationCodes (example): Types of Verification/Validation.
verifiedBy		0..1	Reference(Organization | Practitioner | PractitionerRole)	Person conducting verification
verifiedWith		0..1	Reference(Patient | RelatedPerson)	Person who verified
verificationDate		0..*	dateTime	When consent verified
decision	?!SΣ	0..1	code	deny | permit Binding: ConsentProvisionTypeVS (0.5.0) (required)
provision	SΣ	0..*	BackboneElement	Constraints to the base Consent.policyRule/Consent.policy
id		0..1	string	Unique id for inter-element referencing
extension		0..*	Extension	Additional content defined by implementations Constraints: ext-1
modifierExtension	?!Σ	0..*	Extension	Extensions that cannot be ignored even if unrecognized Constraints: ext-1
period	Σ	0..1	Period	Timeframe for this provision
actor		0..*	BackboneElement	Who|what controlled by this provision (or group, by role)
id		0..1	string	Unique id for inter-element referencing
extension		0..*	Extension	Additional content defined by implementations Constraints: ext-1
modifierExtension	?!Σ	0..*	Extension	Extensions that cannot be ignored even if unrecognized Constraints: ext-1
role		0..1	CodeableConcept	How the actor is involved Binding: ParticipationRoleType (extensible): How an actor is involved in the consent considerations.
reference		0..1	Reference(Device | Group | CareTeam | Organization | Patient | Practitioner | RelatedPerson | PractitionerRole)	Resource for the actor (or group, by role)
action	Σ	0..*	CodeableConcept	Actions controlled by this provision Binding: ConsentActionVS (0.5.0) (required)
securityLabel	Σ	0..*	Coding	Security Labels that define affected resources Binding: SecurityLabelExamples (example): Example Security Labels from the Healthcare Privacy and Security Classification System.
purpose	Σ	0..*	Coding	Context of activities covered by this provision Binding: ConsentPurposeOfUseVS (0.5.0) (required)
documentType	Σ	0..*	Coding	e.g. Resource Type, Profile, CDA, etc Binding: ConsentContentClass (preferred): The document type a consent provision covers.
resourceType	Σ	0..*	Coding	e.g. Resource Type, Profile, etc Binding: ResourceType (extensible): The resource types a consent provision covers.
code	Σ	0..*	CodeableConcept	e.g. LOINC or SNOMED CT code, etc. in the content Binding: ConsentContentCodes (example): If this code is found in an instance, then the exception applies.
dataPeriod	Σ	0..1	Period	Timeframe for data controlled by this provision
data	Σ	0..*	BackboneElement	Data controlled by this provision
id		0..1	string	Unique id for inter-element referencing
extension		0..*	Extension	Additional content defined by implementations Constraints: ext-1
modifierExtension	?!Σ	0..*	Extension	Extensions that cannot be ignored even if unrecognized Constraints: ext-1
meaning	Σ	1..1	code	instance | related | dependents | authoredby Binding: ConsentDataMeaning (required): How a resource reference is interpreted when testing consent restrictions.
reference	Σ	1..1	Reference(Resource)	The actual data reference
expression		0..1	Expression	A computable expression of the consent
provision		0..*	See provision (Consent)	Nested Exception Provisions
Documentation for this format

Terminology Bindings

Path	Status	Usage	ValueSet	Version	Source
Consent.language	Base	required	All Languages	📍5.0.0	FHIR Std.
Consent.status	Base	required	Consent State Codes	📍0.5.0	This IG
Consent.category	Base	example	Consent Category Codes	📍5.0.0	FHIR Std.
Consent.sourceAttachment.​contentType	Base	required	Mime Types	📍5.0.0	FHIR Std.
Consent.sourceAttachment.​language	Base	required	All Languages	📍5.0.0	FHIR Std.
Consent.regulatoryBasis	Base	required	Consent policies	📍0.5.0	This IG
Consent.verification.​verificationType	Base	example	Consent Vefication Codes	📍5.0.0	FHIR Std.
Consent.decision	Base	required	Consent provision type	📍0.5.0	This IG
Consent.provision.actor.​role	Base	extensible	Participation Role Type	📍5.0.0	FHIR Std.
Consent.provision.action	Base	required	Possible consent actions	📍0.5.0	This IG
Consent.provision.securityLabel	Base	example	Example set of Security Labels	📍5.0.0	FHIR Std.
Consent.provision.purpose	Base	required	Consent purpose of use	📍0.5.0	This IG
Consent.provision.documentType	Base	preferred	Consent Content Class	📍5.0.0	FHIR Std.
Consent.provision.resourceType	Base	extensible	Resource Types	📍5.0.0	FHIR Std.
Consent.provision.code	Base	example	Consent Content Codes	📍5.0.0	FHIR Std.
Consent.provision.data.​meaning	Base	required	Consent Data Meaning	📍5.0.0	FHIR Std.

Constraints

Id	Grade	Path(s)	Description	Expression
dom-2	error	Consent	If the resource is contained in another resource, it SHALL NOT contain nested Resources	contained.contained.empty()
dom-3	error	Consent	If the resource is contained in another resource, it SHALL be referred to from elsewhere in the resource or SHALL refer to the containing resource	contained.where((('#'+id in (%resource.descendants().reference | %resource.descendants().ofType(canonical) | %resource.descendants().ofType(uri) | %resource.descendants().ofType(url))) or descendants().where(reference = '#').exists() or descendants().where(ofType(canonical) = '#').exists() or descendants().where(ofType(canonical) = '#').exists()).not()).trace('unmatched', id).empty()
dom-4	error	Consent	If a resource is contained in another resource, it SHALL NOT have a meta.versionId or a meta.lastUpdated	contained.meta.versionId.empty() and contained.meta.lastUpdated.empty()
dom-5	error	Consent	If a resource is contained in another resource, it SHALL NOT have a security label	contained.meta.security.empty()
dom-6	best practice	Consent	A resource should have narrative for robust management	text.`div`.exists()
ele-1	error	Consent.meta, Consent.implicitRules, Consent.language, Consent.text, Consent.extension, Consent.modifierExtension, Consent.identifier, Consent.status, Consent.category, Consent.subject, Consent.date, Consent.period, Consent.period.extension, Consent.period.start, Consent.period.end, Consent.grantor, Consent.grantee, Consent.manager, Consent.controller, Consent.sourceAttachment, Consent.sourceAttachment.extension, Consent.sourceAttachment.contentType, Consent.sourceAttachment.language, Consent.sourceAttachment.data, Consent.sourceAttachment.url, Consent.sourceAttachment.size, Consent.sourceAttachment.hash, Consent.sourceAttachment.title, Consent.sourceAttachment.creation, Consent.sourceAttachment.height, Consent.sourceAttachment.width, Consent.sourceAttachment.frames, Consent.sourceAttachment.duration, Consent.sourceAttachment.pages, Consent.sourceReference, Consent.regulatoryBasis, Consent.policyBasis, Consent.policyBasis.extension, Consent.policyBasis.modifierExtension, Consent.policyBasis.reference, Consent.policyBasis.url, Consent.policyText, Consent.verification, Consent.verification.extension, Consent.verification.modifierExtension, Consent.verification.verified, Consent.verification.verificationType, Consent.verification.verifiedBy, Consent.verification.verifiedWith, Consent.verification.verificationDate, Consent.decision, Consent.provision, Consent.provision.extension, Consent.provision.modifierExtension, Consent.provision.period, Consent.provision.actor, Consent.provision.actor.extension, Consent.provision.actor.modifierExtension, Consent.provision.actor.role, Consent.provision.actor.reference, Consent.provision.action, Consent.provision.securityLabel, Consent.provision.purpose, Consent.provision.documentType, Consent.provision.resourceType, Consent.provision.code, Consent.provision.dataPeriod, Consent.provision.data, Consent.provision.data.extension, Consent.provision.data.modifierExtension, Consent.provision.data.meaning, Consent.provision.data.reference, Consent.provision.expression, Consent.provision.provision	All FHIR elements must have a @value or children	hasValue() or (children().count() > id.count())
ext-1	error	Consent.extension, Consent.modifierExtension, Consent.period.extension, Consent.sourceAttachment.extension, Consent.policyBasis.extension, Consent.policyBasis.modifierExtension, Consent.verification.extension, Consent.verification.modifierExtension, Consent.provision.extension, Consent.provision.modifierExtension, Consent.provision.actor.extension, Consent.provision.actor.modifierExtension, Consent.provision.data.extension, Consent.provision.data.modifierExtension	Must have either extensions or value[x], not both	extension.exists() != value.exists()

Key Elements View

Name	Flags	Card.	Type	Description & Constraints    Filter: Bindings Constraints Obligations
Consent		0..*	Consent(5.0.0)	A healthcare consumer's or third party's choices to permit or deny recipients or roles to perform actions for specific purposes and periods of time
implicitRules	?!Σ	0..1	uri	A set of rules under which this content was created
contained		0..*	Resource	Contained, inline Resources
modifierExtension	?!Σ	0..*	Extension	Extensions that cannot be ignored Constraints: ext-1
status	?!SΣ	1..1	code	draft | active | inactive | not-done | entered-in-error | unknown Binding: ConsentStateCodesVS (0.5.0) (required)
subject	SΣ	0..1	Reference(Patient | Practitioner | Group)	Who the consent applies to
period	SΣ	0..1	Period	Effective period for this Consent
start	SΣC	0..1	dateTime	Starting time with inclusive boundary
end	SΣC	0..1	dateTime	End time with inclusive boundary, if not ongoing
grantor	SΣ	0..*	Reference(CareTeam | HealthcareService | Organization | Patient | Practitioner | RelatedPerson | PractitionerRole)	Who is granting rights according to the policy and rules
sourceAttachment	S	0..*	Attachment	Source from which this consent is taken
url	SΣ	0..1	url	Uri where the data can be found Example General: http://www.acme.com/logo-small.png
creation	SΣ	0..1	dateTime	Date attachment was first created
sourceReference	S	0..*	Reference(Consent | DocumentReference | Contract | QuestionnaireResponse)	Source from which this consent is taken
regulatoryBasis	S	0..*	CodeableConcept	Regulations establishing base Consent Binding: ConsentPolicyVS (0.5.0) (required)
decision	?!SΣ	0..1	code	deny | permit Binding: ConsentProvisionTypeVS (0.5.0) (required)
provision	SΣ	0..*	BackboneElement	Constraints to the base Consent.policyRule/Consent.policy
modifierExtension	?!Σ	0..*	Extension	Extensions that cannot be ignored even if unrecognized Constraints: ext-1
action	Σ	0..*	CodeableConcept	Actions controlled by this provision Binding: ConsentActionVS (0.5.0) (required)
purpose	Σ	0..*	Coding	Context of activities covered by this provision Binding: ConsentPurposeOfUseVS (0.5.0) (required)
Documentation for this format

Terminology Bindings

Path	Status	Usage	ValueSet	Version	Source
Consent.status	Base	required	Consent State Codes	📍0.5.0	This IG
Consent.regulatoryBasis	Base	required	Consent policies	📍0.5.0	This IG
Consent.decision	Base	required	Consent provision type	📍0.5.0	This IG
Consent.provision.action	Base	required	Possible consent actions	📍0.5.0	This IG
Consent.provision.purpose	Base	required	Consent purpose of use	📍0.5.0	This IG

Constraints

Id	Grade	Path(s)	Description	Expression
dom-2	error	Consent	If the resource is contained in another resource, it SHALL NOT contain nested Resources	contained.contained.empty()
dom-3	error	Consent	If the resource is contained in another resource, it SHALL be referred to from elsewhere in the resource or SHALL refer to the containing resource	contained.where((('#'+id in (%resource.descendants().reference | %resource.descendants().ofType(canonical) | %resource.descendants().ofType(uri) | %resource.descendants().ofType(url))) or descendants().where(reference = '#').exists() or descendants().where(ofType(canonical) = '#').exists() or descendants().where(ofType(canonical) = '#').exists()).not()).trace('unmatched', id).empty()
dom-4	error	Consent	If a resource is contained in another resource, it SHALL NOT have a meta.versionId or a meta.lastUpdated	contained.meta.versionId.empty() and contained.meta.lastUpdated.empty()
dom-5	error	Consent	If a resource is contained in another resource, it SHALL NOT have a security label	contained.meta.security.empty()
dom-6	best practice	Consent	A resource should have narrative for robust management	text.`div`.exists()
ele-1	error	Consent.implicitRules, Consent.modifierExtension, Consent.status, Consent.subject, Consent.period, Consent.period.start, Consent.period.end, Consent.grantor, Consent.sourceAttachment, Consent.sourceAttachment.url, Consent.sourceAttachment.creation, Consent.sourceReference, Consent.regulatoryBasis, Consent.decision, Consent.provision, Consent.provision.modifierExtension, Consent.provision.action, Consent.provision.purpose	All FHIR elements must have a @value or children	hasValue() or (children().count() > id.count())
ext-1	error	Consent.modifierExtension, Consent.provision.modifierExtension	Must have either extensions or value[x], not both	extension.exists() != value.exists()

Differential View

Name	Flags	Card.	Type	Description & Constraints    Filter: Bindings Constraints Obligations
Consent		0..*	Consent(5.0.0)	A healthcare consumer's or third party's choices to permit or deny recipients or roles to perform actions for specific purposes and periods of time
status	S	1..1	code	draft | active | inactive | not-done | entered-in-error | unknown Binding: ConsentStateCodesVS (0.5.0) (required)
subject	S	0..1	Reference(Patient | Practitioner | Group)	Who the consent applies to
period	S	0..1	Period	Effective period for this Consent
start	S	0..1	dateTime	Starting time with inclusive boundary
end	S	0..1	dateTime	End time with inclusive boundary, if not ongoing
grantor	S	0..*	Reference(CareTeam | HealthcareService | Organization | Patient | Practitioner | RelatedPerson | PractitionerRole)	Who is granting rights according to the policy and rules
sourceAttachment	S	0..*	Attachment	Source from which this consent is taken
url	S	0..1	url	Uri where the data can be found
creation	S	0..1	dateTime	Date attachment was first created
sourceReference	S	0..*	Reference(Consent | DocumentReference | Contract | QuestionnaireResponse)	Source from which this consent is taken
regulatoryBasis	S	0..*	CodeableConcept	Regulations establishing base Consent Binding: ConsentPolicyVS (0.5.0) (required)
decision	S	0..1	code	deny | permit Binding: ConsentProvisionTypeVS (0.5.0) (required)
provision	S	0..*	BackboneElement	Constraints to the base Consent.policyRule/Consent.policy
action		0..*	CodeableConcept	Actions controlled by this provision Binding: ConsentActionVS (0.5.0) (required)
purpose		0..*	Coding	Context of activities covered by this provision Binding: ConsentPurposeOfUseVS (0.5.0) (required)
Documentation for this format

Terminology Bindings (Differential)

Path	Status	Usage	ValueSet	Version	Source
Consent.status	Base	required	Consent State Codes	📍0.5.0	This IG
Consent.regulatoryBasis	Base	required	Consent policies	📍0.5.0	This IG
Consent.decision	Base	required	Consent provision type	📍0.5.0	This IG
Consent.provision.action	Base	required	Possible consent actions	📍0.5.0	This IG
Consent.provision.purpose	Base	required	Consent purpose of use	📍0.5.0	This IG

Snapshot ViewView

Name	Flags	Card.	Type	Description & Constraints    Filter: Bindings Constraints Obligations
Consent		0..*	Consent(5.0.0)	A healthcare consumer's or third party's choices to permit or deny recipients or roles to perform actions for specific purposes and periods of time
id	Σ	0..1	id	Logical id of this artifact
meta	Σ	0..1	Meta	Metadata about the resource
implicitRules	?!Σ	0..1	uri	A set of rules under which this content was created
language		0..1	code	Language of the resource content Binding: AllLanguages (required): IETF language tag for a human language Additional Bindings Purpose CommonLanguages Starter
text		0..1	Narrative	Text summary of the resource, for human interpretation This profile does not constrain the narrative in regard to content, language, or traceability to data elements
contained		0..*	Resource	Contained, inline Resources
extension		0..*	Extension	Additional content defined by implementations Constraints: ext-1
modifierExtension	?!Σ	0..*	Extension	Extensions that cannot be ignored Constraints: ext-1
identifier	Σ	0..*	Identifier	Identifier for this record (external references)
status	?!SΣ	1..1	code	draft | active | inactive | not-done | entered-in-error | unknown Binding: ConsentStateCodesVS (0.5.0) (required)
category	Σ	0..*	CodeableConcept	Classification of the consent statement - for indexing/retrieval Binding: ConsentCategoryCodes (example): A classification of the type of consents found in a consent statement.
subject	SΣ	0..1	Reference(Patient | Practitioner | Group)	Who the consent applies to
date	Σ	0..1	date	Fully executed date of the consent
period	SΣ	0..1	Period	Effective period for this Consent
id		0..1	id	Unique id for inter-element referencing
extension		0..*	Extension	Additional content defined by implementations Slice: Unordered, Open by value:url Constraints: ext-1
start	SΣC	0..1	dateTime	Starting time with inclusive boundary
end	SΣC	0..1	dateTime	End time with inclusive boundary, if not ongoing
grantor	SΣ	0..*	Reference(CareTeam | HealthcareService | Organization | Patient | Practitioner | RelatedPerson | PractitionerRole)	Who is granting rights according to the policy and rules
grantee	Σ	0..*	Reference(CareTeam | HealthcareService | Organization | Patient | Practitioner | RelatedPerson | PractitionerRole)	Who is agreeing to the policy and rules
manager		0..*	Reference(HealthcareService | Organization | Patient | Practitioner)	Consent workflow management
controller		0..*	Reference(HealthcareService | Organization | Patient | Practitioner)	Consent Enforcer
sourceAttachment	S	0..*	Attachment	Source from which this consent is taken
id		0..1	id	Unique id for inter-element referencing
extension		0..*	Extension	Additional content defined by implementations Slice: Unordered, Open by value:url Constraints: ext-1
contentType	ΣC	0..1	code	Mime type of the content, with charset etc. Binding: MimeTypes (required): BCP 13 (RFCs 2045, 2046, 2047, 4288, 4289 and 2049) Example General: text/plain; charset=UTF-8, image/png
language	Σ	0..1	code	Human language of the content (BCP-47) Binding: AllLanguages (required): IETF language tag for a human language. Additional Bindings Purpose CommonLanguages Starter Example General: en-AU
data	C	0..1	base64Binary	Data inline, base64ed
url	SΣ	0..1	url	Uri where the data can be found Example General: http://www.acme.com/logo-small.png
size	Σ	0..1	integer64	Number of bytes of content (if url provided)
hash	Σ	0..1	base64Binary	Hash of the data (sha-1, base64ed)
title	Σ	0..1	string	Label to display in place of the data Example General: Official Corporate Logo
creation	SΣ	0..1	dateTime	Date attachment was first created
height		0..1	positiveInt	Height of the image in pixels (photo/video)
width		0..1	positiveInt	Width of the image in pixels (photo/video)
frames		0..1	positiveInt	Number of frames if > 1 (photo)
duration		0..1	decimal	Length in seconds (audio / video)
pages		0..1	positiveInt	Number of printed pages
sourceReference	S	0..*	Reference(Consent | DocumentReference | Contract | QuestionnaireResponse)	Source from which this consent is taken
regulatoryBasis	S	0..*	CodeableConcept	Regulations establishing base Consent Binding: ConsentPolicyVS (0.5.0) (required)
policyBasis		0..1	BackboneElement	Computable version of the backing policy
id		0..1	string	Unique id for inter-element referencing
extension		0..*	Extension	Additional content defined by implementations Constraints: ext-1
modifierExtension	?!Σ	0..*	Extension	Extensions that cannot be ignored even if unrecognized Constraints: ext-1
reference		0..1	Reference(Resource)	Reference backing policy resource
url		0..1	url	URL to a computable backing policy
policyText		0..*	Reference(DocumentReference)	Human Readable Policy
verification	Σ	0..*	BackboneElement	Consent Verified by patient or family
id		0..1	string	Unique id for inter-element referencing
extension		0..*	Extension	Additional content defined by implementations Constraints: ext-1
modifierExtension	?!Σ	0..*	Extension	Extensions that cannot be ignored even if unrecognized Constraints: ext-1
verified	Σ	1..1	boolean	Has been verified
verificationType		0..1	CodeableConcept	Business case of verification Binding: ConsentVerificationCodes (example): Types of Verification/Validation.
verifiedBy		0..1	Reference(Organization | Practitioner | PractitionerRole)	Person conducting verification
verifiedWith		0..1	Reference(Patient | RelatedPerson)	Person who verified
verificationDate		0..*	dateTime	When consent verified
decision	?!SΣ	0..1	code	deny | permit Binding: ConsentProvisionTypeVS (0.5.0) (required)
provision	SΣ	0..*	BackboneElement	Constraints to the base Consent.policyRule/Consent.policy
id		0..1	string	Unique id for inter-element referencing
extension		0..*	Extension	Additional content defined by implementations Constraints: ext-1
modifierExtension	?!Σ	0..*	Extension	Extensions that cannot be ignored even if unrecognized Constraints: ext-1
period	Σ	0..1	Period	Timeframe for this provision
actor		0..*	BackboneElement	Who|what controlled by this provision (or group, by role)
id		0..1	string	Unique id for inter-element referencing
extension		0..*	Extension	Additional content defined by implementations Constraints: ext-1
modifierExtension	?!Σ	0..*	Extension	Extensions that cannot be ignored even if unrecognized Constraints: ext-1
role		0..1	CodeableConcept	How the actor is involved Binding: ParticipationRoleType (extensible): How an actor is involved in the consent considerations.
reference		0..1	Reference(Device | Group | CareTeam | Organization | Patient | Practitioner | RelatedPerson | PractitionerRole)	Resource for the actor (or group, by role)
action	Σ	0..*	CodeableConcept	Actions controlled by this provision Binding: ConsentActionVS (0.5.0) (required)
securityLabel	Σ	0..*	Coding	Security Labels that define affected resources Binding: SecurityLabelExamples (example): Example Security Labels from the Healthcare Privacy and Security Classification System.
purpose	Σ	0..*	Coding	Context of activities covered by this provision Binding: ConsentPurposeOfUseVS (0.5.0) (required)
documentType	Σ	0..*	Coding	e.g. Resource Type, Profile, CDA, etc Binding: ConsentContentClass (preferred): The document type a consent provision covers.
resourceType	Σ	0..*	Coding	e.g. Resource Type, Profile, etc Binding: ResourceType (extensible): The resource types a consent provision covers.
code	Σ	0..*	CodeableConcept	e.g. LOINC or SNOMED CT code, etc. in the content Binding: ConsentContentCodes (example): If this code is found in an instance, then the exception applies.
dataPeriod	Σ	0..1	Period	Timeframe for data controlled by this provision
data	Σ	0..*	BackboneElement	Data controlled by this provision
id		0..1	string	Unique id for inter-element referencing
extension		0..*	Extension	Additional content defined by implementations Constraints: ext-1
modifierExtension	?!Σ	0..*	Extension	Extensions that cannot be ignored even if unrecognized Constraints: ext-1
meaning	Σ	1..1	code	instance | related | dependents | authoredby Binding: ConsentDataMeaning (required): How a resource reference is interpreted when testing consent restrictions.
reference	Σ	1..1	Reference(Resource)	The actual data reference
expression		0..1	Expression	A computable expression of the consent
provision		0..*	See provision (Consent)	Nested Exception Provisions
Documentation for this format

Terminology Bindings

Path	Status	Usage	ValueSet	Version	Source
Consent.language	Base	required	All Languages	📍5.0.0	FHIR Std.
Consent.status	Base	required	Consent State Codes	📍0.5.0	This IG
Consent.category	Base	example	Consent Category Codes	📍5.0.0	FHIR Std.
Consent.sourceAttachment.​contentType	Base	required	Mime Types	📍5.0.0	FHIR Std.
Consent.sourceAttachment.​language	Base	required	All Languages	📍5.0.0	FHIR Std.
Consent.regulatoryBasis	Base	required	Consent policies	📍0.5.0	This IG
Consent.verification.​verificationType	Base	example	Consent Vefication Codes	📍5.0.0	FHIR Std.
Consent.decision	Base	required	Consent provision type	📍0.5.0	This IG
Consent.provision.actor.​role	Base	extensible	Participation Role Type	📍5.0.0	FHIR Std.
Consent.provision.action	Base	required	Possible consent actions	📍0.5.0	This IG
Consent.provision.securityLabel	Base	example	Example set of Security Labels	📍5.0.0	FHIR Std.
Consent.provision.purpose	Base	required	Consent purpose of use	📍0.5.0	This IG
Consent.provision.documentType	Base	preferred	Consent Content Class	📍5.0.0	FHIR Std.
Consent.provision.resourceType	Base	extensible	Resource Types	📍5.0.0	FHIR Std.
Consent.provision.code	Base	example	Consent Content Codes	📍5.0.0	FHIR Std.
Consent.provision.data.​meaning	Base	required	Consent Data Meaning	📍5.0.0	FHIR Std.

Constraints

Id	Grade	Path(s)	Description	Expression
dom-2	error	Consent	If the resource is contained in another resource, it SHALL NOT contain nested Resources	contained.contained.empty()
dom-3	error	Consent	If the resource is contained in another resource, it SHALL be referred to from elsewhere in the resource or SHALL refer to the containing resource	contained.where((('#'+id in (%resource.descendants().reference | %resource.descendants().ofType(canonical) | %resource.descendants().ofType(uri) | %resource.descendants().ofType(url))) or descendants().where(reference = '#').exists() or descendants().where(ofType(canonical) = '#').exists() or descendants().where(ofType(canonical) = '#').exists()).not()).trace('unmatched', id).empty()
dom-4	error	Consent	If a resource is contained in another resource, it SHALL NOT have a meta.versionId or a meta.lastUpdated	contained.meta.versionId.empty() and contained.meta.lastUpdated.empty()
dom-5	error	Consent	If a resource is contained in another resource, it SHALL NOT have a security label	contained.meta.security.empty()
dom-6	best practice	Consent	A resource should have narrative for robust management	text.`div`.exists()
ele-1	error	Consent.meta, Consent.implicitRules, Consent.language, Consent.text, Consent.extension, Consent.modifierExtension, Consent.identifier, Consent.status, Consent.category, Consent.subject, Consent.date, Consent.period, Consent.period.extension, Consent.period.start, Consent.period.end, Consent.grantor, Consent.grantee, Consent.manager, Consent.controller, Consent.sourceAttachment, Consent.sourceAttachment.extension, Consent.sourceAttachment.contentType, Consent.sourceAttachment.language, Consent.sourceAttachment.data, Consent.sourceAttachment.url, Consent.sourceAttachment.size, Consent.sourceAttachment.hash, Consent.sourceAttachment.title, Consent.sourceAttachment.creation, Consent.sourceAttachment.height, Consent.sourceAttachment.width, Consent.sourceAttachment.frames, Consent.sourceAttachment.duration, Consent.sourceAttachment.pages, Consent.sourceReference, Consent.regulatoryBasis, Consent.policyBasis, Consent.policyBasis.extension, Consent.policyBasis.modifierExtension, Consent.policyBasis.reference, Consent.policyBasis.url, Consent.policyText, Consent.verification, Consent.verification.extension, Consent.verification.modifierExtension, Consent.verification.verified, Consent.verification.verificationType, Consent.verification.verifiedBy, Consent.verification.verifiedWith, Consent.verification.verificationDate, Consent.decision, Consent.provision, Consent.provision.extension, Consent.provision.modifierExtension, Consent.provision.period, Consent.provision.actor, Consent.provision.actor.extension, Consent.provision.actor.modifierExtension, Consent.provision.actor.role, Consent.provision.actor.reference, Consent.provision.action, Consent.provision.securityLabel, Consent.provision.purpose, Consent.provision.documentType, Consent.provision.resourceType, Consent.provision.code, Consent.provision.dataPeriod, Consent.provision.data, Consent.provision.data.extension, Consent.provision.data.modifierExtension, Consent.provision.data.meaning, Consent.provision.data.reference, Consent.provision.expression, Consent.provision.provision	All FHIR elements must have a @value or children	hasValue() or (children().count() > id.count())
ext-1	error	Consent.extension, Consent.modifierExtension, Consent.period.extension, Consent.sourceAttachment.extension, Consent.policyBasis.extension, Consent.policyBasis.modifierExtension, Consent.verification.extension, Consent.verification.modifierExtension, Consent.provision.extension, Consent.provision.modifierExtension, Consent.provision.actor.extension, Consent.provision.actor.modifierExtension, Consent.provision.data.extension, Consent.provision.data.modifierExtension	Must have either extensions or value[x], not both	extension.exists() != value.exists()

Summary

Must-Support: 13 elements

Quick Start

Common API interactions for this profile. Requests require a JWT access token - see Security and authentication. [base] is the FHIR server base URL; | separates a code system from its value and must be URL-encoded as %7C.

Read by server id

GET [base]/Consent/[id]

Find a patient's consent decisions

GET [base]/Consent?patient=Patient/[id]
GET [base]/Consent?patient=Patient/[id]&status=active
GET [base]/Consent?patient=Patient/[id]&category=http://terminology.hl7.org/CodeSystem/consentcategorycodes%7Cinfa
GET [base]/Consent?patient=Patient/[id]&period=ge2025-01-01
GET [base]/Consent?patient=Patient/[id]&date=ge2025-01-01

Create (opt a patient out - absent a Consent, sharing is permitted by default)

POST [base]/Consent
{
  "resourceType": "Consent",
  "meta": { "profile": [ "https://dhp.uz/fhir/core/StructureDefinition/uz-core-consent" ] },
  "status": "active",
  "subject": { "reference": "Patient/[id]" },
  "decision": "deny",
  ...
}

Update (e.g. the patient opts out, or re-grants) - PUT the full resource back with the new decision:

PUT [base]/Consent/[id]
If-Match: W/"3"   # the ETag from your last read; 412 if it changed since

Consent is normally set by the patient in the portal. A denied consent causes data requests to be refused with HTTP 403; clients should handle that outcome.

See the CapabilityStatement for the full list of supported search parameters.

Related

• Workflows
• How to read this guide · Must Support · General guidance