This page is part of the FHIR Specification (v4.5.0: R5 Preview #3). The current version which supercedes this version is 5.0.0. For a full list of available versions, see the Directory of published versions . Page versions: R5 R4B R4 R3
Community Based Collaborative Care Work Group | Maturity Level: N/A | Standards Status: Informative | Compartments: Patient |
Raw XML (canonical form + also see XML Format Specification)
Template for recording a Smart on FHIR Authorization (id = "consent-example-smartonfhir")
<?xml version="1.0" encoding="UTF-8"?> <Consent xmlns="http://hl7.org/fhir"> <!-- This example provides a basic template for recording the consent associated with a SMART on FHIR OAuth dance. In SMART on FHIR, the user grants (consents) to a set of actions that the server can take when with regard to release of information from their own record to the application This is not the main intended use of the Consent resource, and there's no need for the consent resource as part of the SMART on FHIR Authorization process, or when using Heart UMA. Using a Consent resource to record and exchange the users consent may be useful for recording and storing the consent and making it available to the user later, or for exchanging the patient's consent between AS and RS, or between systems in a multi-system virtual RS a very common scenario) Note that whichever system builds this Content resource, it needs access to information from both the AS and the RS. Note also, that a situation where a practitioner type user authorises the application to access information on a general set of patients does not count as 'consent'. --> <id value="consent-example-smartonfhir"/> <text> <status value="generated"/> <div xmlns="http://www.w3.org/1999/xhtml"><p> <b> Generated Narrative</b> </p> <p> <b> id</b> : consent-example-smartonfhir</p> <p> <b> status</b> : active</p> <p> <b> scope</b> : <span> Privacy Consent</span> </p> <p> <b> category</b> : <span> Patient Consent</span> </p> <p> <b> subject</b> : <a> Generated Summary: id: xcda; Medical record number: 12345 (USUAL); active; Henry Levin ; gender: male; birthDate: 1932-09-24</a> </p> <p> <b> dateTime</b> : 23/06/2016 5:02:33 PM</p> <p> <b> performer</b> : <a> Generated Summary: id: peter; <span> Emergency Contact</span> ; Peter James Chalmers (OFFICIAL); ph: (03) 5555 6473(WORK); gender: male; period: 2012-03-11 --> (ongoing)</a> </p> <p> <b> controller</b> : <a> Generated Summary: id: f001; id: 91654 (OFFICIAL), id: 17-0112278 (USUAL); <span> University Medical Hospital</span> ; name: Burgers University Medical Center; ph: 022-655 2300(WORK)</a> </p> <p> <b> policyRule</b> : <span> information access</span> </p> <blockquote> <p> <b> provision</b> </p> <p> <b> type</b> : deny</p> <p> <b> period</b> : 23/06/2016 5:02:33 PM --> 23/06/2016 5:32:33 PM</p> <h3> Provisions</h3> <table> <tr> <td> -</td> <td> <b> Type</b> </td> <td> <b> Action</b> </td> <td> <b> Class</b> </td> </tr> <tr> <td> *</td> <td> permit</td> <td> <span> Access</span> </td> <td> <span> MedicationRequest</span> </td> </tr> </table> </blockquote> </div> </text> <status value="active"/> <scope> <coding> <system value="http://terminology.hl7.org/CodeSystem/consentscope"/> <code value="patient-privacy"/> </coding> </scope> <category> <coding> <system value="http://loinc.org"/> <code value="59284-0"/> </coding> </category> <!-- In this SMART on FHIR login, the user consents for data sharing for their elderly parent's record --> <subject> <reference value="Patient/xcda"/> </subject> <dateTime value="2016-06-23T17:02:33+10:00"/> <performer> <!-- this is the patient record that matches the person making the decision. note: it's not always a related person --> <reference value="RelatedPerson/peter"/> </performer> <controller> <!-- The organization running the Authentication server --> <reference value="Organization/f001"/> </controller> <!-- there's no source record for a Smart on FHIR consent smart on fhir requires a base opt-in policy --> <policyRule> <coding> <system value="http://terminology.hl7.org/CodeSystem/v3-ActCode"/> <code value="INFA"/> </coding> </policyRule> <!-- each scope that relates to FHIR resource access is represented as an exception --> <provision> <type value="deny"/> <period> <start value="2016-06-23T17:02:33+10:00"/> <end value="2016-06-23T17:32:33+10:00"/> </period> <provision> <!-- this rule corresponds to MedicationRequest/read --> <type value="permit"/> <!-- no actors here, or anything, just read/write and the resource type --> <action> <coding> <system value="http://terminology.hl7.org/CodeSystem/consentaction"/> <code value="access"/> </coding> </action> <action> <coding> <system value="http://terminology.hl7.org/CodeSystem/consentaction"/> <code value="correct"/> </coding> </action> <class> <system value="http://hl7.org/fhir/resource-types"/> <code value="MedicationRequest"/> </class> </provision> </provision> </Consent>
Usage note: every effort has been made to ensure that the examples are correct and useful, but they are not a normative part of the specification.