Release 5 Ballot

This page is part of the FHIR Specification (v5.0.0-ballot: R5 Ballot - see ballot notes). The current version which supercedes this version is 5.0.0. For a full list of available versions, see the Directory of published versions . Page versions: R5 R4B R4 R3 R2

6.2 Resource Consent - Content

Community Based Collaborative Care icon

Work Group

Maturity Level: 2

Trial Use

Security Category: Patient

Compartments: Patient

A record of a healthcare consumer’s choices or choices made on their behalf by a third party, which permits or denies identified recipient(s) or recipient role(s) to perform one or more actions within a given policy context, for specific purposes and periods of time.

6.2.1 Scope and Usage

The purpose of this Resource is to be used to express a Consent regarding Healthcare. There are four anticipated uses for the Consent Resource, all of which are written or verbal agreements by a healthcare consumer [grantor] or a personal representative, made to an authorized entity [grantee] concerning authorized or restricted actions with any limitations on purpose of use, and handling instructions to which the authorized entity must comply:

Privacy Consent Directive: Agreement, Restriction, or Prohibition to collect, access, use or disclose (share) information.
Medical Treatment Consent Directive: Consent to undergo a specific treatment (or record of refusal to consent).
Research Consent Directive: Consent to participate in research protocol and information sharing required.

This resource is scoped to cover all three uses, but at this time, only the privacy use case is fully modeled, others are being used but no formal modelling exists. The scope of the resource may change when the other possible scopes are investigated, tested, or profiled. HL7 is working on Advance Directives and would welcome participation by the community.

Usage of the Provenance icon resource may be the best way to manage the tracking of the changes to Consent. In addition, the DocumentReference icon may be used as an attachment to show the stages of consent ceremony with additional or updated document(s) attached at each stage. Contract icon may also be used in this fashion where as signatures are gathered or conditions applied, the Contract resource can be updated and attached to the Consent.

6.2.1.1 Simple vs. Computable Consent

In its simplest form, the Consent resource provides the means to record the content and the metadata of a consent (either implicit consent as an event or an explicit consent document). At this level of implementation, basic metadata about the Consent (e.g., status, data and time, patient, and organization) is recorded in the corresponding attributes of the Consent resource to enable consent discovery by indexing, searching, and retrieval of consents based on this metadata. The source[x] attribute can be used to record the original consent document either in the form of a pointer to another resource or in the form of an attachment.

In a more advanced usage of the Consent resource, in addition to recording the metadata and potentially the original content, the privacy preferences stated in the consent are encoded directly in the form of machine-readable rules. These rules can be processed by a decision engine to adjudicate whether the consent permits a specific given activity (e.g., sharing the patient information with a requester or enrolling the patient in a research project). In other words, the Consent resource is used directly to record rules that can be used by a rules engine to understand and enforce the preferences expressed by the consenter as they were intended.

The current version of the Consent resource provides two different mechanisms for recording computable rules:

the provision structure which provides a simple structure for capturing most common privacy rules.>
the policy attribute which provides a more flexible mechanism to reference a policy coded in a policy language of choice (e.g., XACML , ODRL , etc.).

6.2.2 Boundaries and Relationships

Consent management - particularly privacy consent - is complicated by the fact that consent to share is often itself necessary to protect. The need to protect the privacy of the privacy statement itself competes with the execution of the consent statement. For this reason, it is common to deal with 'consent statements' that are only partial representations of the full consent statement that the patient provided.

For this reason, the consent resource contains two elements that refer back to the source: an inline attachment and a direct reference to content from which this Consent Statement was derived. That reference can be one of several things:

A reference to another consent resource from which this limited statement was derived
A reference to a document format for the original source (e.g. PDF or CDA - see the HL7 CDAR2 ConsentDirective Implementation Guide , which incorporated the IHE Basic Patient Privacy Consents (BPPC) ), either directly, or in a reference
The source can be included in the consent as an attachment

The consent statements represent a chain that refers back to the original source consent directive. Applications may be able to follow the chain back to the source but should not generally assume that they are authorized to do this.

Consent Directives are executed by verbal acknowledgement or by being signed - either on paper, or digitally. Consent Signatures will be found in the Provenance resource. Implementation Guides will generally make rules about what signatures are required, and how they are to be shared and used.

6.2.3 Background and Context

The Consent resource is structured with a base policy (represented as Consent.policy/Consent.policyRule) which is either permit or deny, followed by a listing of exceptions to that policy (represented as Consent.provision(s)). The exceptions can be additional positive or negative exceptions upon the base policy. The set of exceptions include a list of data objects, list of authors, list of recipients, list of Organizations, list of purposeOfUse, and Date Range.

The enforcement of the Privacy Consent Directive is not included but is expected that enforcement can be done using a mix of the various Access Control enforcement methodologies (e.g. OAuth, UMA, XACML). This enforcement includes the details of the enforcement meaning of the elements of the Privacy Consent Directive, such as the rules in place when there is an opt-in consent would be specific about which organizational roles have access to what kinds of resources (e.g. RBAC, ABAC). The specification of these details is not in scope for the Consent resource.

6.2.4 References to this Resource

Implements: Event
Resource References: itself and ResearchSubject

Structure

Name	Flags	Card.	Type	Description & Constraints
Consent	TU		DomainResource	A healthcare consumer's or third party's choices to permit or deny recipients or roles to perform actions for specific purposes and periods of time Elements defined in Ancestors: id, meta, implicitRules, language, text, contained, extension, modifierExtension
identifier	Σ	0..*	Identifier	Identifier for this record (external references)
status	?!Σ	1..1	code	draft \| active \| inactive \| not-done \| entered-in-error \| unknown ConsentState (Required)
category	Σ	0..*	CodeableConcept	Classification of the consent statement - for indexing/retrieval Consent Category Codes (Example)
subject	Σ	0..1	Reference(Patient \| Practitioner \| Group)	Who the consent applies to
dateTime	Σ	0..1	dateTime	When consent was agreed to
grantor	Σ	0..*	Reference(CareTeam \| HealthcareService \| Organization \| Patient \| Practitioner \| RelatedPerson \| PractitionerRole)	Who is granting rights according to the policy and rules
grantee	Σ	0..*	Reference(CareTeam \| HealthcareService \| Organization \| Patient \| Practitioner \| RelatedPerson \| PractitionerRole)	Who is agreeing to the policy and rules
manager		0..*	Reference(HealthcareService \| Organization \| Patient \| Practitioner)	Consent workflow management
controller		0..*	Reference(HealthcareService \| Organization \| Patient \| Practitioner)	Consent Enforcer
sourceAttachment		0..*	Attachment	Source from which this consent is taken
sourceReference		0..*	Reference(Consent \| DocumentReference \| Contract \| QuestionnaireResponse)	Source from which this consent is taken
regulatoryBasis		0..*	CodeableConcept	Regulations establishing base Consent Consent PolicyRule Codes (Example)
policyBasis		0..1	BackboneElement	Computable version of the backing policy
reference		0..1	Reference(Any)	Reference backing policy resource
url		0..1	url	URL to a computable backing policy
policyText		0..*	Reference(DocumentReference)	Human Readable Policy
verification	Σ	0..*	BackboneElement	Consent Verified by patient or family
verified	Σ	1..1	boolean	Has been verified
verificationType		0..1	CodeableConcept	Business case of verification Consent Vefication Codes (Example)
verifiedBy		0..1	Reference(Organization \| Practitioner \| PractitionerRole)	Person conducting verification
verifiedWith		0..1	Reference(Patient \| RelatedPerson)	Person who verified
verificationDate		0..*	dateTime	When consent verified
provision	Σ	0..1	BackboneElement	Constraints to the base Consent.policyRule/Consent.policy
type	?!Σ	0..1	code	deny \| permit ConsentProvisionType (Required)
period	Σ	0..1	Period	Timeframe for this rule
actor		0..*	BackboneElement	Who\|what controlled by this rule (or group, by role)
role		0..1	CodeableConcept	How the actor is involved ParticipationRoleType (Extensible)
reference		0..1	Reference(Device \| Group \| CareTeam \| Organization \| Patient \| Practitioner \| RelatedPerson \| PractitionerRole)	Resource for the actor (or group, by role)
action	Σ	0..*	CodeableConcept	Actions controlled by this rule Consent Action Codes (Example)
securityLabel	Σ	0..*	Coding	Security Labels that define affected resources Example set of Security Labels (Example)
purpose	Σ	0..*	Coding	Context of activities covered by this rule PurposeOfUse (Extensible)
class	Σ	0..*	Coding	e.g. Resource Type, Profile, CDA, etc. Consent Content Class (Extensible)
code	Σ	0..*	CodeableConcept	e.g. LOINC or SNOMED CT code, etc. in the content Consent Content Codes (Example)
dataPeriod	Σ	0..1	Period	Timeframe for data controlled by this rule
data	Σ	0..*	BackboneElement	Data controlled by this rule
meaning	Σ	1..1	code	instance \| related \| dependents \| authoredby ConsentDataMeaning (Required)
reference	Σ	1..1	Reference(Any)	The actual data reference
expression		0..1	Expression	A computable expression of the consent
provision		0..*	see provision	Nested Exception Rules
Documentation for this format

See the Extensions for this resource

UML Diagram (Legend)

XML Template

<Consent xmlns="http://hl7.org/fhir"> 
 <!-- from Resource: id, meta, implicitRules, and language -->
 <!-- from DomainResource: text, contained, extension, and modifierExtension -->
 <identifier><!-- 0..* Identifier Identifier for this record (external references) --></identifier>
 <status value="[code]"/><!-- 1..1 draft | active | inactive | not-done | entered-in-error | unknown -->
 <category><!-- 0..* CodeableConcept Classification of the consent statement - for indexing/retrieval --></category>
 <subject><!-- 0..1 Reference(Group|Patient|Practitioner) Who the consent applies to --></subject>
 <dateTime value="[dateTime]"/><!-- 0..1 When consent was agreed to -->
 <grantor><!-- 0..* Reference(CareTeam|HealthcareService|Organization|Patient|
   Practitioner|PractitionerRole|RelatedPerson) Who is granting rights according to the policy and rules --></grantor>
 <grantee><!-- 0..* Reference(CareTeam|HealthcareService|Organization|Patient|
   Practitioner|PractitionerRole|RelatedPerson) Who is agreeing to the policy and rules --></grantee>
 <manager><!-- 0..* Reference(HealthcareService|Organization|Patient|Practitioner) Consent workflow management --></manager>
 <controller><!-- 0..* Reference(HealthcareService|Organization|Patient|
   Practitioner) Consent Enforcer --></controller>
 <sourceAttachment><!-- 0..* Attachment Source from which this consent is taken --></sourceAttachment>
 <sourceReference><!-- 0..* Reference(Consent|Contract|DocumentReference|
   QuestionnaireResponse) Source from which this consent is taken --></sourceReference>
 <regulatoryBasis><!-- 0..* CodeableConcept Regulations establishing base Consent --></regulatoryBasis>
 <policyBasis>  <!-- 0..1 Computable version of the backing policy -->
  <reference><!-- 0..1 Reference(Any) Reference backing policy resource --></reference>
  <url value="[url]"/><!-- 0..1 URL to a computable backing policy -->
 </policyBasis>
 <policyText><!-- 0..* Reference(DocumentReference) Human Readable Policy --></policyText>
 <verification>  <!-- 0..* Consent Verified by patient or family -->
  <verified value="[boolean]"/><!-- 1..1 Has been verified -->
  <verificationType><!-- 0..1 CodeableConcept Business case of verification --></verificationType>
  <verifiedBy><!-- 0..1 Reference(Organization|Practitioner|PractitionerRole) Person conducting verification --></verifiedBy>
  <verifiedWith><!-- 0..1 Reference(Patient|RelatedPerson) Person who verified --></verifiedWith>
  <verificationDate value="[dateTime]"/><!-- 0..* When consent verified -->
 </verification>
 <provision>  <!-- 0..1 Constraints to the base Consent.policyRule/Consent.policy -->
  <type value="[code]"/><!-- 0..1 deny | permit -->
  <period><!-- 0..1 Period Timeframe for this rule --></period>
  <actor>  <!-- 0..* Who|what controlled by this rule (or group, by role) -->
   <role><!-- 0..1 CodeableConcept How the actor is involved --></role>
   <reference><!-- 0..1 Reference(CareTeam|Device|Group|Organization|Patient|
     Practitioner|PractitionerRole|RelatedPerson) Resource for the actor (or group, by role) --></reference>
  </actor>
  <action><!-- 0..* CodeableConcept Actions controlled by this rule --></action>
  <securityLabel><!-- 0..* Coding Security Labels that define affected resources --></securityLabel>
  <purpose><!-- 0..* Coding Context of activities covered by this rule  --></purpose>
  <class><!-- 0..* Coding e.g. Resource Type, Profile, CDA, etc. --></class>
  <code><!-- 0..* CodeableConcept e.g. LOINC or SNOMED CT code, etc. in the content --></code>
  <dataPeriod><!-- 0..1 Period Timeframe for data controlled by this rule --></dataPeriod>
  <data>  <!-- 0..* Data controlled by this rule -->
   <meaning value="[code]"/><!-- 1..1 instance | related | dependents | authoredby -->
   <reference><!-- 1..1 Reference(Any) The actual data reference --></reference>
  </data>
  <expression><!-- 0..1 Expression A computable expression of the consent --></expression>
  <provision><!-- 0..* Content as for Consent.provision Nested Exception Rules --></provision>
 </provision>
</Consent>

JSON Template

{
  "resourceType" : "Consent",
  // from Resource: id, meta, implicitRules, and language
  // from DomainResource: text, contained, extension, and modifierExtension
  "identifier" : [{ Identifier }], // Identifier for this record (external references)
  "status" : "<code>", // R!  draft | active | inactive | not-done | entered-in-error | unknown
  "category" : [{ CodeableConcept }], // Classification of the consent statement - for indexing/retrieval
  "subject" : { Reference(Group|Patient|Practitioner) }, // Who the consent applies to
  "dateTime" : "<dateTime>", // When consent was agreed to
  "grantor" : [{ Reference(CareTeam|HealthcareService|Organization|Patient|
   Practitioner|PractitionerRole|RelatedPerson) }], // Who is granting rights according to the policy and rules
  "grantee" : [{ Reference(CareTeam|HealthcareService|Organization|Patient|
   Practitioner|PractitionerRole|RelatedPerson) }], // Who is agreeing to the policy and rules
  "manager" : [{ Reference(HealthcareService|Organization|Patient|Practitioner) }], // Consent workflow management
  "controller" : [{ Reference(HealthcareService|Organization|Patient|
   Practitioner) }], // Consent Enforcer
  "sourceAttachment" : [{ Attachment }], // Source from which this consent is taken
  "sourceReference" : [{ Reference(Consent|Contract|DocumentReference|
   QuestionnaireResponse) }], // Source from which this consent is taken
  "regulatoryBasis" : [{ CodeableConcept }], // Regulations establishing base Consent
  "policyBasis" : { // Computable version of the backing policy
    "reference" : { Reference(Any) }, // Reference backing policy resource
    "url" : "<url>" // URL to a computable backing policy
  },
  "policyText" : [{ Reference(DocumentReference) }], // Human Readable Policy
  "verification" : [{ // Consent Verified by patient or family
    "verified" : <boolean>, // R!  Has been verified
    "verificationType" : { CodeableConcept }, // Business case of verification
    "verifiedBy" : { Reference(Organization|Practitioner|PractitionerRole) }, // Person conducting verification
    "verifiedWith" : { Reference(Patient|RelatedPerson) }, // Person who verified
    "verificationDate" : ["<dateTime>"] // When consent verified
  }],
  "provision" : { // Constraints to the base Consent.policyRule/Consent.policy
    "type" : "<code>", // deny | permit
    "period" : { Period }, // Timeframe for this rule
    "actor" : [{ // Who|what controlled by this rule (or group, by role)
      "role" : { CodeableConcept }, // How the actor is involved
      "reference" : { Reference(CareTeam|Device|Group|Organization|Patient|
     Practitioner|PractitionerRole|RelatedPerson) } // Resource for the actor (or group, by role)
    }],
    "action" : [{ CodeableConcept }], // Actions controlled by this rule
    "securityLabel" : [{ Coding }], // Security Labels that define affected resources
    "purpose" : [{ Coding }], // Context of activities covered by this rule 
    "class" : [{ Coding }], // e.g. Resource Type, Profile, CDA, etc.
    "code" : [{ CodeableConcept }], // e.g. LOINC or SNOMED CT code, etc. in the content
    "dataPeriod" : { Period }, // Timeframe for data controlled by this rule
    "data" : [{ // Data controlled by this rule
      "meaning" : "<code>", // R!  instance | related | dependents | authoredby
      "reference" : { Reference(Any) } // R!  The actual data reference
    }],
    "expression" : { Expression }, // A computable expression of the consent
    "provision" : [{ Content as for Consent.provision }] // Nested Exception Rules
  }
}

Turtle Template

@prefix fhir: <http://hl7.org/fhir/> .


[ a fhir:Consent;
  fhir:nodeRole fhir:treeRoot; # if this is the parser root

  # from Resource: .id, .meta, .implicitRules, and .language
  # from DomainResource: .text, .contained, .extension, and .modifierExtension
  fhir:Consent.identifier [ Identifier ], ... ; # 0..* Identifier for this record (external references)
  fhir:Consent.status [ code ]; # 1..1 draft | active | inactive | not-done | entered-in-error | unknown
  fhir:Consent.category [ CodeableConcept ], ... ; # 0..* Classification of the consent statement - for indexing/retrieval
  fhir:Consent.subject [ Reference(Group|Patient|Practitioner) ]; # 0..1 Who the consent applies to
  fhir:Consent.dateTime [ dateTime ]; # 0..1 When consent was agreed to
  fhir:Consent.grantor [ Reference(CareTeam|HealthcareService|Organization|Patient|Practitioner|PractitionerRole|
  RelatedPerson) ], ... ; # 0..* Who is granting rights according to the policy and rules
  fhir:Consent.grantee [ Reference(CareTeam|HealthcareService|Organization|Patient|Practitioner|PractitionerRole|
  RelatedPerson) ], ... ; # 0..* Who is agreeing to the policy and rules
  fhir:Consent.manager [ Reference(HealthcareService|Organization|Patient|Practitioner) ], ... ; # 0..* Consent workflow management
  fhir:Consent.controller [ Reference(HealthcareService|Organization|Patient|Practitioner) ], ... ; # 0..* Consent Enforcer
  fhir:Consent.sourceAttachment [ Attachment ], ... ; # 0..* Source from which this consent is taken
  fhir:Consent.sourceReference [ Reference(Consent|Contract|DocumentReference|QuestionnaireResponse) ], ... ; # 0..* Source from which this consent is taken
  fhir:Consent.regulatoryBasis [ CodeableConcept ], ... ; # 0..* Regulations establishing base Consent
  fhir:Consent.policyBasis [ # 0..1 Computable version of the backing policy
    fhir:Consent.policyBasis.reference [ Reference(Any) ]; # 0..1 Reference backing policy resource
    fhir:Consent.policyBasis.url [ url ]; # 0..1 URL to a computable backing policy
  ];
  fhir:Consent.policyText [ Reference(DocumentReference) ], ... ; # 0..* Human Readable Policy
  fhir:Consent.verification [ # 0..* Consent Verified by patient or family
    fhir:Consent.verification.verified [ boolean ]; # 1..1 Has been verified
    fhir:Consent.verification.verificationType [ CodeableConcept ]; # 0..1 Business case of verification
    fhir:Consent.verification.verifiedBy [ Reference(Organization|Practitioner|PractitionerRole) ]; # 0..1 Person conducting verification
    fhir:Consent.verification.verifiedWith [ Reference(Patient|RelatedPerson) ]; # 0..1 Person who verified
    fhir:Consent.verification.verificationDate [ dateTime ], ... ; # 0..* When consent verified
  ], ...;
  fhir:Consent.provision [ # 0..1 Constraints to the base Consent.policyRule/Consent.policy
    fhir:Consent.provision.type [ code ]; # 0..1 deny | permit
    fhir:Consent.provision.period [ Period ]; # 0..1 Timeframe for this rule
    fhir:Consent.provision.actor [ # 0..* Who|what controlled by this rule (or group, by role)
      fhir:Consent.provision.actor.role [ CodeableConcept ]; # 0..1 How the actor is involved
      fhir:Consent.provision.actor.reference [ Reference(CareTeam|Device|Group|Organization|Patient|Practitioner|PractitionerRole|
  RelatedPerson) ]; # 0..1 Resource for the actor (or group, by role)
    ], ...;
    fhir:Consent.provision.action [ CodeableConcept ], ... ; # 0..* Actions controlled by this rule
    fhir:Consent.provision.securityLabel [ Coding ], ... ; # 0..* Security Labels that define affected resources
    fhir:Consent.provision.purpose [ Coding ], ... ; # 0..* Context of activities covered by this rule
    fhir:Consent.provision.class [ Coding ], ... ; # 0..* e.g. Resource Type, Profile, CDA, etc.
    fhir:Consent.provision.code [ CodeableConcept ], ... ; # 0..* e.g. LOINC or SNOMED CT code, etc. in the content
    fhir:Consent.provision.dataPeriod [ Period ]; # 0..1 Timeframe for data controlled by this rule
    fhir:Consent.provision.data [ # 0..* Data controlled by this rule
      fhir:Consent.provision.data.meaning [ code ]; # 1..1 instance | related | dependents | authoredby
      fhir:Consent.provision.data.reference [ Reference(Any) ]; # 1..1 The actual data reference
    ], ...;
    fhir:Consent.provision.expression [ Expression ]; # 0..1 A computable expression of the consent
    fhir:Consent.provision.provision [ See Consent.provision ], ... ; # 0..* Nested Exception Rules
  ];
]

Changes since R4

Consent

Consent.category

Min Cardinality changed from 1 to 0
Remove Binding http://hl7.org/fhir/ValueSet/consent-category (extensible)
Remove Binding http://hl7.org/fhir/ValueSet/consent-category (extensible)

Consent.subject

Added Element

Consent.grantor

Added Element

Consent.grantee

Added Element

Consent.manager

Added Element

Consent.controller

Added Element

Consent.sourceAttachment

Added Element

Consent.sourceReference

Added Element

Consent.regulatoryBasis

Added Element

Consent.policyBasis

Added Element

Consent.policyBasis.reference

Added Element

Consent.policyBasis.url

Added Element

Consent.policyText

Added Element

Consent.verification.verificationType

Added Element

Consent.verification.verifiedBy

Added Element

Consent.verification.verificationDate

Max Cardinality changed from 1 to *
Max Cardinality changed from 1 to *

Consent.provision.type

Now marked as Modifier
Now marked as Modifier

Consent.provision.actor.role

Min Cardinality changed from 1 to 0
Change value set from http://hl7.org/fhir/ValueSet/security-role-type to http://hl7.org/fhir/ValueSet/participation-role-type
Change value set from http://hl7.org/fhir/ValueSet/security-role-type to http://hl7.org/fhir/ValueSet/participation-role-type

Consent.provision.actor.reference

Min Cardinality changed from 1 to 0
Min Cardinality changed from 1 to 0

Consent.provision.securityLabel

Remove Binding http://hl7.org/fhir/ValueSet/security-labels (extensible)
Remove Binding http://hl7.org/fhir/ValueSet/security-labels (extensible)

Consent.provision.expression

Added Element

Consent.scope

deleted

Consent.patient

deleted

Consent.performer

deleted

Consent.organization

deleted

Consent.source[x]

deleted

Consent.policy

deleted

Consent.policyRule

deleted

See the Full Difference for further information

This analysis is available as XML or JSON.

See R3 <--> R4 Conversion Maps (status = 12 tests that all execute ok. All tests pass round-trip testing and 12 r3 resources are invalid (0 errors).)

Structure

Name	Flags	Card.	Type	Description & Constraints
Consent	TU		DomainResource	A healthcare consumer's or third party's choices to permit or deny recipients or roles to perform actions for specific purposes and periods of time Elements defined in Ancestors: id, meta, implicitRules, language, text, contained, extension, modifierExtension
identifier	Σ	0..*	Identifier	Identifier for this record (external references)
status	?!Σ	1..1	code	draft \| active \| inactive \| not-done \| entered-in-error \| unknown ConsentState (Required)
category	Σ	0..*	CodeableConcept	Classification of the consent statement - for indexing/retrieval Consent Category Codes (Example)
subject	Σ	0..1	Reference(Patient \| Practitioner \| Group)	Who the consent applies to
dateTime	Σ	0..1	dateTime	When consent was agreed to
grantor	Σ	0..*	Reference(CareTeam \| HealthcareService \| Organization \| Patient \| Practitioner \| RelatedPerson \| PractitionerRole)	Who is granting rights according to the policy and rules
grantee	Σ	0..*	Reference(CareTeam \| HealthcareService \| Organization \| Patient \| Practitioner \| RelatedPerson \| PractitionerRole)	Who is agreeing to the policy and rules
manager		0..*	Reference(HealthcareService \| Organization \| Patient \| Practitioner)	Consent workflow management
controller		0..*	Reference(HealthcareService \| Organization \| Patient \| Practitioner)	Consent Enforcer
sourceAttachment		0..*	Attachment	Source from which this consent is taken
sourceReference		0..*	Reference(Consent \| DocumentReference \| Contract \| QuestionnaireResponse)	Source from which this consent is taken
regulatoryBasis		0..*	CodeableConcept	Regulations establishing base Consent Consent PolicyRule Codes (Example)
policyBasis		0..1	BackboneElement	Computable version of the backing policy
reference		0..1	Reference(Any)	Reference backing policy resource
url		0..1	url	URL to a computable backing policy
policyText		0..*	Reference(DocumentReference)	Human Readable Policy
verification	Σ	0..*	BackboneElement	Consent Verified by patient or family
verified	Σ	1..1	boolean	Has been verified
verificationType		0..1	CodeableConcept	Business case of verification Consent Vefication Codes (Example)
verifiedBy		0..1	Reference(Organization \| Practitioner \| PractitionerRole)	Person conducting verification
verifiedWith		0..1	Reference(Patient \| RelatedPerson)	Person who verified
verificationDate		0..*	dateTime	When consent verified
provision	Σ	0..1	BackboneElement	Constraints to the base Consent.policyRule/Consent.policy
type	?!Σ	0..1	code	deny \| permit ConsentProvisionType (Required)
period	Σ	0..1	Period	Timeframe for this rule
actor		0..*	BackboneElement	Who\|what controlled by this rule (or group, by role)
role		0..1	CodeableConcept	How the actor is involved ParticipationRoleType (Extensible)
reference		0..1	Reference(Device \| Group \| CareTeam \| Organization \| Patient \| Practitioner \| RelatedPerson \| PractitionerRole)	Resource for the actor (or group, by role)
action	Σ	0..*	CodeableConcept	Actions controlled by this rule Consent Action Codes (Example)
securityLabel	Σ	0..*	Coding	Security Labels that define affected resources Example set of Security Labels (Example)
purpose	Σ	0..*	Coding	Context of activities covered by this rule PurposeOfUse (Extensible)
class	Σ	0..*	Coding	e.g. Resource Type, Profile, CDA, etc. Consent Content Class (Extensible)
code	Σ	0..*	CodeableConcept	e.g. LOINC or SNOMED CT code, etc. in the content Consent Content Codes (Example)
dataPeriod	Σ	0..1	Period	Timeframe for data controlled by this rule
data	Σ	0..*	BackboneElement	Data controlled by this rule
meaning	Σ	1..1	code	instance \| related \| dependents \| authoredby ConsentDataMeaning (Required)
reference	Σ	1..1	Reference(Any)	The actual data reference
expression		0..1	Expression	A computable expression of the consent
provision		0..*	see provision	Nested Exception Rules
Documentation for this format

See the Extensions for this resource

UML Diagram (Legend)

XML Template

<Consent xmlns="http://hl7.org/fhir"> 
 <!-- from Resource: id, meta, implicitRules, and language -->
 <!-- from DomainResource: text, contained, extension, and modifierExtension -->
 <identifier><!-- 0..* Identifier Identifier for this record (external references) --></identifier>
 <status value="[code]"/><!-- 1..1 draft | active | inactive | not-done | entered-in-error | unknown -->
 <category><!-- 0..* CodeableConcept Classification of the consent statement - for indexing/retrieval --></category>
 <subject><!-- 0..1 Reference(Group|Patient|Practitioner) Who the consent applies to --></subject>
 <dateTime value="[dateTime]"/><!-- 0..1 When consent was agreed to -->
 <grantor><!-- 0..* Reference(CareTeam|HealthcareService|Organization|Patient|
   Practitioner|PractitionerRole|RelatedPerson) Who is granting rights according to the policy and rules --></grantor>
 <grantee><!-- 0..* Reference(CareTeam|HealthcareService|Organization|Patient|
   Practitioner|PractitionerRole|RelatedPerson) Who is agreeing to the policy and rules --></grantee>
 <manager><!-- 0..* Reference(HealthcareService|Organization|Patient|Practitioner) Consent workflow management --></manager>
 <controller><!-- 0..* Reference(HealthcareService|Organization|Patient|
   Practitioner) Consent Enforcer --></controller>
 <sourceAttachment><!-- 0..* Attachment Source from which this consent is taken --></sourceAttachment>
 <sourceReference><!-- 0..* Reference(Consent|Contract|DocumentReference|
   QuestionnaireResponse) Source from which this consent is taken --></sourceReference>
 <regulatoryBasis><!-- 0..* CodeableConcept Regulations establishing base Consent --></regulatoryBasis>
 <policyBasis>  <!-- 0..1 Computable version of the backing policy -->
  <reference><!-- 0..1 Reference(Any) Reference backing policy resource --></reference>
  <url value="[url]"/><!-- 0..1 URL to a computable backing policy -->
 </policyBasis>
 <policyText><!-- 0..* Reference(DocumentReference) Human Readable Policy --></policyText>
 <verification>  <!-- 0..* Consent Verified by patient or family -->
  <verified value="[boolean]"/><!-- 1..1 Has been verified -->
  <verificationType><!-- 0..1 CodeableConcept Business case of verification --></verificationType>
  <verifiedBy><!-- 0..1 Reference(Organization|Practitioner|PractitionerRole) Person conducting verification --></verifiedBy>
  <verifiedWith><!-- 0..1 Reference(Patient|RelatedPerson) Person who verified --></verifiedWith>
  <verificationDate value="[dateTime]"/><!-- 0..* When consent verified -->
 </verification>
 <provision>  <!-- 0..1 Constraints to the base Consent.policyRule/Consent.policy -->
  <type value="[code]"/><!-- 0..1 deny | permit -->
  <period><!-- 0..1 Period Timeframe for this rule --></period>
  <actor>  <!-- 0..* Who|what controlled by this rule (or group, by role) -->
   <role><!-- 0..1 CodeableConcept How the actor is involved --></role>
   <reference><!-- 0..1 Reference(CareTeam|Device|Group|Organization|Patient|
     Practitioner|PractitionerRole|RelatedPerson) Resource for the actor (or group, by role) --></reference>
  </actor>
  <action><!-- 0..* CodeableConcept Actions controlled by this rule --></action>
  <securityLabel><!-- 0..* Coding Security Labels that define affected resources --></securityLabel>
  <purpose><!-- 0..* Coding Context of activities covered by this rule  --></purpose>
  <class><!-- 0..* Coding e.g. Resource Type, Profile, CDA, etc. --></class>
  <code><!-- 0..* CodeableConcept e.g. LOINC or SNOMED CT code, etc. in the content --></code>
  <dataPeriod><!-- 0..1 Period Timeframe for data controlled by this rule --></dataPeriod>
  <data>  <!-- 0..* Data controlled by this rule -->
   <meaning value="[code]"/><!-- 1..1 instance | related | dependents | authoredby -->
   <reference><!-- 1..1 Reference(Any) The actual data reference --></reference>
  </data>
  <expression><!-- 0..1 Expression A computable expression of the consent --></expression>
  <provision><!-- 0..* Content as for Consent.provision Nested Exception Rules --></provision>
 </provision>
</Consent>

JSON Template

{
  "resourceType" : "Consent",
  // from Resource: id, meta, implicitRules, and language
  // from DomainResource: text, contained, extension, and modifierExtension
  "identifier" : [{ Identifier }], // Identifier for this record (external references)
  "status" : "<code>", // R!  draft | active | inactive | not-done | entered-in-error | unknown
  "category" : [{ CodeableConcept }], // Classification of the consent statement - for indexing/retrieval
  "subject" : { Reference(Group|Patient|Practitioner) }, // Who the consent applies to
  "dateTime" : "<dateTime>", // When consent was agreed to
  "grantor" : [{ Reference(CareTeam|HealthcareService|Organization|Patient|
   Practitioner|PractitionerRole|RelatedPerson) }], // Who is granting rights according to the policy and rules
  "grantee" : [{ Reference(CareTeam|HealthcareService|Organization|Patient|
   Practitioner|PractitionerRole|RelatedPerson) }], // Who is agreeing to the policy and rules
  "manager" : [{ Reference(HealthcareService|Organization|Patient|Practitioner) }], // Consent workflow management
  "controller" : [{ Reference(HealthcareService|Organization|Patient|
   Practitioner) }], // Consent Enforcer
  "sourceAttachment" : [{ Attachment }], // Source from which this consent is taken
  "sourceReference" : [{ Reference(Consent|Contract|DocumentReference|
   QuestionnaireResponse) }], // Source from which this consent is taken
  "regulatoryBasis" : [{ CodeableConcept }], // Regulations establishing base Consent
  "policyBasis" : { // Computable version of the backing policy
    "reference" : { Reference(Any) }, // Reference backing policy resource
    "url" : "<url>" // URL to a computable backing policy
  },
  "policyText" : [{ Reference(DocumentReference) }], // Human Readable Policy
  "verification" : [{ // Consent Verified by patient or family
    "verified" : <boolean>, // R!  Has been verified
    "verificationType" : { CodeableConcept }, // Business case of verification
    "verifiedBy" : { Reference(Organization|Practitioner|PractitionerRole) }, // Person conducting verification
    "verifiedWith" : { Reference(Patient|RelatedPerson) }, // Person who verified
    "verificationDate" : ["<dateTime>"] // When consent verified
  }],
  "provision" : { // Constraints to the base Consent.policyRule/Consent.policy
    "type" : "<code>", // deny | permit
    "period" : { Period }, // Timeframe for this rule
    "actor" : [{ // Who|what controlled by this rule (or group, by role)
      "role" : { CodeableConcept }, // How the actor is involved
      "reference" : { Reference(CareTeam|Device|Group|Organization|Patient|
     Practitioner|PractitionerRole|RelatedPerson) } // Resource for the actor (or group, by role)
    }],
    "action" : [{ CodeableConcept }], // Actions controlled by this rule
    "securityLabel" : [{ Coding }], // Security Labels that define affected resources
    "purpose" : [{ Coding }], // Context of activities covered by this rule 
    "class" : [{ Coding }], // e.g. Resource Type, Profile, CDA, etc.
    "code" : [{ CodeableConcept }], // e.g. LOINC or SNOMED CT code, etc. in the content
    "dataPeriod" : { Period }, // Timeframe for data controlled by this rule
    "data" : [{ // Data controlled by this rule
      "meaning" : "<code>", // R!  instance | related | dependents | authoredby
      "reference" : { Reference(Any) } // R!  The actual data reference
    }],
    "expression" : { Expression }, // A computable expression of the consent
    "provision" : [{ Content as for Consent.provision }] // Nested Exception Rules
  }
}

Turtle Template

@prefix fhir: <http://hl7.org/fhir/> .


[ a fhir:Consent;
  fhir:nodeRole fhir:treeRoot; # if this is the parser root

  # from Resource: .id, .meta, .implicitRules, and .language
  # from DomainResource: .text, .contained, .extension, and .modifierExtension
  fhir:Consent.identifier [ Identifier ], ... ; # 0..* Identifier for this record (external references)
  fhir:Consent.status [ code ]; # 1..1 draft | active | inactive | not-done | entered-in-error | unknown
  fhir:Consent.category [ CodeableConcept ], ... ; # 0..* Classification of the consent statement - for indexing/retrieval
  fhir:Consent.subject [ Reference(Group|Patient|Practitioner) ]; # 0..1 Who the consent applies to
  fhir:Consent.dateTime [ dateTime ]; # 0..1 When consent was agreed to
  fhir:Consent.grantor [ Reference(CareTeam|HealthcareService|Organization|Patient|Practitioner|PractitionerRole|
  RelatedPerson) ], ... ; # 0..* Who is granting rights according to the policy and rules
  fhir:Consent.grantee [ Reference(CareTeam|HealthcareService|Organization|Patient|Practitioner|PractitionerRole|
  RelatedPerson) ], ... ; # 0..* Who is agreeing to the policy and rules
  fhir:Consent.manager [ Reference(HealthcareService|Organization|Patient|Practitioner) ], ... ; # 0..* Consent workflow management
  fhir:Consent.controller [ Reference(HealthcareService|Organization|Patient|Practitioner) ], ... ; # 0..* Consent Enforcer
  fhir:Consent.sourceAttachment [ Attachment ], ... ; # 0..* Source from which this consent is taken
  fhir:Consent.sourceReference [ Reference(Consent|Contract|DocumentReference|QuestionnaireResponse) ], ... ; # 0..* Source from which this consent is taken
  fhir:Consent.regulatoryBasis [ CodeableConcept ], ... ; # 0..* Regulations establishing base Consent
  fhir:Consent.policyBasis [ # 0..1 Computable version of the backing policy
    fhir:Consent.policyBasis.reference [ Reference(Any) ]; # 0..1 Reference backing policy resource
    fhir:Consent.policyBasis.url [ url ]; # 0..1 URL to a computable backing policy
  ];
  fhir:Consent.policyText [ Reference(DocumentReference) ], ... ; # 0..* Human Readable Policy
  fhir:Consent.verification [ # 0..* Consent Verified by patient or family
    fhir:Consent.verification.verified [ boolean ]; # 1..1 Has been verified
    fhir:Consent.verification.verificationType [ CodeableConcept ]; # 0..1 Business case of verification
    fhir:Consent.verification.verifiedBy [ Reference(Organization|Practitioner|PractitionerRole) ]; # 0..1 Person conducting verification
    fhir:Consent.verification.verifiedWith [ Reference(Patient|RelatedPerson) ]; # 0..1 Person who verified
    fhir:Consent.verification.verificationDate [ dateTime ], ... ; # 0..* When consent verified
  ], ...;
  fhir:Consent.provision [ # 0..1 Constraints to the base Consent.policyRule/Consent.policy
    fhir:Consent.provision.type [ code ]; # 0..1 deny | permit
    fhir:Consent.provision.period [ Period ]; # 0..1 Timeframe for this rule
    fhir:Consent.provision.actor [ # 0..* Who|what controlled by this rule (or group, by role)
      fhir:Consent.provision.actor.role [ CodeableConcept ]; # 0..1 How the actor is involved
      fhir:Consent.provision.actor.reference [ Reference(CareTeam|Device|Group|Organization|Patient|Practitioner|PractitionerRole|
  RelatedPerson) ]; # 0..1 Resource for the actor (or group, by role)
    ], ...;
    fhir:Consent.provision.action [ CodeableConcept ], ... ; # 0..* Actions controlled by this rule
    fhir:Consent.provision.securityLabel [ Coding ], ... ; # 0..* Security Labels that define affected resources
    fhir:Consent.provision.purpose [ Coding ], ... ; # 0..* Context of activities covered by this rule
    fhir:Consent.provision.class [ Coding ], ... ; # 0..* e.g. Resource Type, Profile, CDA, etc.
    fhir:Consent.provision.code [ CodeableConcept ], ... ; # 0..* e.g. LOINC or SNOMED CT code, etc. in the content
    fhir:Consent.provision.dataPeriod [ Period ]; # 0..1 Timeframe for data controlled by this rule
    fhir:Consent.provision.data [ # 0..* Data controlled by this rule
      fhir:Consent.provision.data.meaning [ code ]; # 1..1 instance | related | dependents | authoredby
      fhir:Consent.provision.data.reference [ Reference(Any) ]; # 1..1 The actual data reference
    ], ...;
    fhir:Consent.provision.expression [ Expression ]; # 0..1 A computable expression of the consent
    fhir:Consent.provision.provision [ See Consent.provision ], ... ; # 0..* Nested Exception Rules
  ];
]

Changes since Release 4

Consent

Consent.category

Min Cardinality changed from 1 to 0
Remove Binding http://hl7.org/fhir/ValueSet/consent-category (extensible)
Remove Binding http://hl7.org/fhir/ValueSet/consent-category (extensible)

Consent.subject

Added Element

Consent.grantor

Added Element

Consent.grantee

Added Element

Consent.manager

Added Element

Consent.controller

Added Element

Consent.sourceAttachment

Added Element

Consent.sourceReference

Added Element

Consent.regulatoryBasis

Added Element

Consent.policyBasis

Added Element

Consent.policyBasis.reference

Added Element

Consent.policyBasis.url

Added Element

Consent.policyText

Added Element

Consent.verification.verificationType

Added Element

Consent.verification.verifiedBy

Added Element

Consent.verification.verificationDate

Max Cardinality changed from 1 to *
Max Cardinality changed from 1 to *

Consent.provision.type

Now marked as Modifier
Now marked as Modifier

Consent.provision.actor.role

Min Cardinality changed from 1 to 0
Change value set from http://hl7.org/fhir/ValueSet/security-role-type to http://hl7.org/fhir/ValueSet/participation-role-type
Change value set from http://hl7.org/fhir/ValueSet/security-role-type to http://hl7.org/fhir/ValueSet/participation-role-type

Consent.provision.actor.reference

Min Cardinality changed from 1 to 0
Min Cardinality changed from 1 to 0

Consent.provision.securityLabel

Remove Binding http://hl7.org/fhir/ValueSet/security-labels (extensible)
Remove Binding http://hl7.org/fhir/ValueSet/security-labels (extensible)

Consent.provision.expression

Added Element

Consent.scope

deleted

Consent.patient

deleted

Consent.performer

deleted

Consent.organization

deleted

Consent.source[x]

deleted

Consent.policy

deleted

Consent.policyRule

deleted

See the Full Difference for further information

This analysis is available as XML or JSON.

See R3 <--> R4 Conversion Maps (status = 12 tests that all execute ok. All tests pass round-trip testing and 12 r3 resources are invalid (0 errors).)

Additional definitions: Master Definition XML + JSON, XML Schema/Schematron + JSON Schema, ShEx (for Turtle) + see the extensions, the spreadsheet version & the dependency analysis

6.2.5.1 Terminology Bindings

Path	Definition	Type	Reference
Consent.status	Indicates the state of the consent.	Required	ConsentState
Consent.category	This value set includes sample Consent Directive Type codes, including several consent directive related LOINC codes; HL7 VALUE SET: ActConsentType(2.16.840.1.113883.1.11.19897); examples of US realm consent directive legal descriptions and references to online and/or downloadable forms such as the SSA-827 Authorization to Disclose Information to the Social Security Administration; and other anticipated consent directives related to participation in a clinical trial, medical procedures, reproductive procedures; health care directive (Living Will); advance directive, do not resuscitate (DNR); Physician Orders for Life-Sustaining Treatment (POLST)	Example	ConsentCategoryCodes
Consent.regulatoryBasis	This value set includes sample Regulatory consent policy types from the US and other regions.	Example	ConsentPolicyRuleCodes
Consent.verification.verificationType	This value set includes base Consent Verification codes.	Example	ConsentVerificationCodes
Consent.provision.type	How a rule statement is applied, such as adding additional consent or removing consent.	Required	ConsentProvisionType
Consent.provision.actor.role	This FHIR value set is comprised of Actor participation Type codes, which can be used to value FHIR agents, actors, and other role elements. The codes are intended to express how the agent participated in some activity. Sometimes refered to the agent functional-role relative to the activity.	Extensible	ParticipationRoleType
Consent.provision.action	This value set includes sample Consent Action codes.	Example	ConsentActionCodes
Consent.provision.securityLabel	A sample of security labels from Healthcare Privacy and Security Classification System as the combination of data and event codes.	Example	SecurityLabelExamples
Consent.provision.purpose	Supports communication of purpose of use at a general level.	Extensible	PurposeOfUse
Consent.provision.class	This value set includes the FHIR resource types, along with some other important content class codes	Extensible	ConsentContentClass
Consent.provision.code	This example value set contains all LOINC code	Example	ConsentContentCodes
Consent.provision.data.meaning	How a resource reference is interpreted when testing consent restrictions.	Required	ConsentDataMeaning

Path

Definition

Type

Reference

Consent.status

Indicates the state of the consent.

Required

ConsentState

Consent.category

This value set includes sample Consent Directive Type codes, including several consent directive related LOINC codes; HL7 VALUE SET: ActConsentType(2.16.840.1.113883.1.11.19897); examples of US realm consent directive legal descriptions and references to online and/or downloadable forms such as the SSA-827 Authorization to Disclose Information to the Social Security Administration; and other anticipated consent directives related to participation in a clinical trial, medical procedures, reproductive procedures; health care directive (Living Will); advance directive, do not resuscitate (DNR); Physician Orders for Life-Sustaining Treatment (POLST)

Example

ConsentCategoryCodes

Consent.regulatoryBasis

This value set includes sample Regulatory consent policy types from the US and other regions.

Example

ConsentPolicyRuleCodes

Consent.verification.verificationType

This value set includes base Consent Verification codes.

Example

ConsentVerificationCodes

Consent.provision.type

How a rule statement is applied, such as adding additional consent or removing consent.

Required

ConsentProvisionType

Consent.provision.actor.role

This FHIR value set is comprised of Actor participation Type codes, which can be used to value FHIR agents, actors, and other role elements. The codes are intended to express how the agent participated in some activity. Sometimes refered to the agent functional-role relative to the activity.

Extensible

ParticipationRoleType

Consent.provision.action

This value set includes sample Consent Action codes.

Example

ConsentActionCodes

Consent.provision.securityLabel

A sample of security labels from Healthcare Privacy and Security Classification System as the combination of data and event codes.

Example

SecurityLabelExamples

Consent.provision.purpose

Supports communication of purpose of use at a general level.

Extensible

PurposeOfUse icon

Consent.provision.class

This value set includes the FHIR resource types, along with some other important content class codes

Extensible

ConsentContentClass

Consent.provision.code

This example value set contains all LOINC code

Example

ConsentContentCodes

Consent.provision.data.meaning

How a resource reference is interpreted when testing consent restrictions.

Required

ConsentDataMeaning

6.2.6 Policies

The Consent resource has a reference to a single policyRule. Many organizations will work in a context where multiple different consent regulations and policies apply. In these cases, the single policy rule reference refers to a policy document that resolves and reconciles the various policies and presents a single policy for patient consent. If it is still necessary to track which of the underlying policies an exception is make in regard to, the policy may be used.

Policies attached to Consent.policyRule language should be written using positive language. For an example, a patient wanting to opt-out will be recorded with an opt-in policy where the Consent.provision[0].type indicates "deny".

6.2.7 Privacy Consent General Model

The following is the general model of Privacy Consent Directives.

There are context setting parameters:

Who - The patientor third-party grantor
What - The data - specific resources are listed, empty list means all data covered by the consent.
Where Required - The location boundary and authority boundary of this consent policy domain.
Where Accountability Lies - The organization or performer
When - The date issued or captured
When - The timeframe for which the Consent applies
How - The actions covered. (such as purposes of use that are covered)
Whom - The actor are grantees by the consent.

A Privacy Consent may transition through many states including: that no consent has been sought, consent has been proposed, consent has been rejected, and consent approved.

There are set of patterns.

No consent: All settings need a policy for when no consent has been captured. Often this allows treatment only.;
Opt-out: No sharing allowed for the specified domain, location, actions, and purposes;
Opt-out with exceptions: No sharing allowed, with some exceptions where it is allowed. Example: Withhold Authorization for Treatment except for Emergency Treatment;
Opt-in: Sharing for some purpose of use is authorized Sharing allowed for Treatment, Payment, and normal Operations; and
Opt-in with restrictions: Sharing allowed, but the patient may make exceptions.

For each of these patterns (positive or negative pattern), there can be exceptions. These exceptions are explicitly recorded in the provision element.

6.2.8 Provisions

The provision structure provides a mechanism for modeling consent rules in a machine-readable and computable way. This is the FHIR Consent's native mechanism for expressing and encoding policy rules within the resource --an alternative to using an external policy language.

Provisions are organized in a tree structure where the root states the default decision and each subsequent level specifies exceptions to the rules stated in the parent provision. The following figure depicts this structure:

The root provision states the default decision by setting the value of the type attribute to permit or deny. It also defines other broad conditions about the applicability of the consent, such as the purpose of use to which the consent applies.

Note that the type attribute is only permitted in the root provision; the type of subsequent levels of provisions is implied by the type of the parent provision --since they express exceptions to the parent provision. For example, if the type in the root provision is permit, the children of this provision express exceptions to this rule, therefore, the decision when matching these children will be a deny.

The provision structure provides a rich mechanism to construct complex rules using logical AND and OR:

Provisions at the same level of depth are interpreted as disjunctive (i.e., OR-ed). This means that matching any of the sibling provisions at one level constitutes an exception to the rule stated in the parent provision.
Within a provision, the conditions implied by different attributes are interpreted conjunctively (i.e., AND-ed). This means that in order to match the provision, all the attributes must match.
Within an attribute, if the attribute is multi-valued, the values are interpreted as disjunctive (i.e., OR-ed). This means that matching any of the values listed for the attribute is sufficient for the attribute to match. For single-valued attributes, matching is simply based on matching the value of the attribute.

If the value of an attribute is a code from a hierarchical code structure (e.g., a Confidentiality code icon ), the subsumption relationship between the codes in the hierarchy must be considered in the interpretation of the provision:

If the (implicit or explicit) type of the provision is permit, all the subsumed descending codes (that are below the mentioned code in the hierarchy) are also permitted. For example, if a provision permits access to very restricted (V) data, it also permits access to restricted (R) data.
If the (implicit or explicit) type of the provision is deny, all the subsuming parent codes (that are above the mentioned code in the hierarchy) are also denied. For example, if a provision denies access to restricted (R) data, it also denies access to very restricted (V) data.

The following figure visualizes this in the course of an example.

The root provision articulates that during the time period from 01/01/2020 to 31/12/2022, all access by Org A is permitted. In order to match this provision (and therefore for this permit decision to be applicable) the requestor identifier must match Org A AND the current date must be within the range 01/01/2020-31/12/2022.

The subsequent child provisions state exceptions to this base rule. Matching any of these provisions results in a deny since these are exceptions to a permit parent provision.

access is denied if the purpose of use is marketing (HMK).
access is denied if the requested data is restricted (R). Note that this implies access is also denied if the requested data is very restricted (V).
access is denied if the purpose of use is payment (PAY) unless:

content type is Claims, OR Claim Responses, OR Accounts.

6.2.9 Tracking Changes in Consent

Tracking changes in consent can be managed in two possible ways:

Submitting changes to the Consent resource and tracking the changes via a versioning server
Submitting a new Consent resource and marking the old resource as inactive

HL7 does not recommend a specific method.

A FHIR Consent Directive instance is considered the encoded legally binding Consent Directive if it meets requirements of a policy domain requirements for an enforceable contract. In some domains, electronic signatures of one or both of the parties to the content of an encoded representation of a Consent Form is deemed to constitute a legally binding Consent Directive. Some domains accept a notary’s electronic signature over the wet or electronic signature of a party to the Consent Directive as the additional identity proofing required to make an encoded Consent Directive legally binding. Other domains may only accept a wet signature or might not require the parties’ signatures at all.

Whatever the criteria are for making an encoded FHIR Consent Directive legally binding, anything less than a legally binding representation of a Consent Directive must be identified as such, i.e., as a derivative of the legally binding Consent Directive, which has specific usage in Consent Directive workflow management.

Definitions:

Consent

The record of a healthcare consumer’s policy choices or choices made on their behalf by a third party, which permits or denies identified recipient(s) or recipient role(s) to perform one or more actions within a given policy context, for specific purposes and periods of time

Consent Directive

The legal record of a healthcare consumer's agreement or agreements made on their behalf with a party responsible for enforcing the consumer’s choices or choices made on their behalf by a third party, which permits or denies identified actors or roles to perform actions affecting the consumer within a given context for specific purposes and periods of time

Consent Form

Human readable consent content describing one or more actions impacting the grantor for which the grantee would be authorized or prohibited from performing. It includes the terms, rules, and conditions pertaining to the authorization or restrictions, such as effective time, applicability or scope, purposes of use, obligations and prohibitions to which the grantee must comply. Once a Consent Form is “executed” by means required by policy, such as verbal agreement, wet signature, or electronic/digital signature, it becomes a legally binding Consent Directive.

Consent Directive Derivative

Consent Content that conveys the minimal set of information needed to manage Consent Directive workflow, including providing Consent Directive content sufficient to:

Represent a Consent Directive
Register or index a Consent Directive
Query and respond about a Consent Directive
Retrieve a Consent Directive
Notify authorized entities about Consent Directive status changes
Determine entities authorized to collect, access, use or disclose information about the Consent Directive or about the information governed by the Consent Directive.

Derived Consent content includes the Security Labels encoding the applicable privacy and security policies. Consent Security Labels inform recipients about specific access control measures required for compliance.

Consent Statement

A Consent Directive derivative has less than full fidelity to the legally binding Consent Directive from which it was "transcribed". It provides recipients with the full content representation they may require for compliance purposes, and typically include a reference to or an attached unstructured representation for recipients needing an exact copy of the legal agreement.

Consent Registration

The legal record of a healthcare consumer's agreement with a party responsible for enforcing the consumer’s choices, which permits or denies identified actors or roles to perform actions affecting the consumer within a given context for specific purposes and periods of timeA Consent Directive derivative that conveys the minimal set of information needed to register an active and revoked Consent Directive, or to update Consent status as it changes during its lifecycle.

Policy context

Any organizational or jurisdictional policies, which may limit the consumer’s policy choices, and which includes the named range of actions allowed

Healthcare Consumer

The individual establishing his/her personal consent (i.e. Consenter). In FHIR, this is referred to as the 'Patient' though this word is not used across all contexts of care

6.2.9.1 Privacy Consent Directive (PCD)

Privacy policies define how Individually Identifiable Health Information (IIHI) is to be collected, accessed, used and disclosed. A Privacy Consent Directive as a legal record of a patient's (e.g. a healthcare consumer) agreement with a party responsible for enforcing the patient's choices, which permits or denies identified actors or roles to perform actions affecting the patient within a given context for specific purposes and periods of time. All consent directives have a policy context, which is any set of organizational or jurisdictional policies which may limit the consumer’s policy choices, and which include a named range of actions allowed. In addition, Privacy Consent Directives provide the ability for a healthcare consumer to delegate authority to a Substitute Decision Maker who may act on behalf of that individual. Alternatively, a consumer may author/publish their privacy preferences as a self-declared Privacy Consent Directive.

The Consent resource on FHIR provides support for alternative representations for expressing interoperable health information privacy consent directives in a standard form for the exchange and enforcement by sending, intermediating, or receiving systems of privacy policies that can be enforced by consuming systems (e.g., scanned documents, of computable structured entries elements, FHIR structures with optional attached, or referenced unstructured representations.) It may be used to represent the Privacy Consent Directive itself, a Consent Statement, which electronically represents a Consent Directive, or Consent Metadata, which is the minimum necessary consent content derived from a Consent Directive for use in workflow management.

6.2.10 Optimal Searching

The following steps represent the optimal path for searching for a Consent resource.

Request one or more Consent where status=active by Consent.scope (with patient(s), if none specified, get all). Policy will decide how to deal with multiple per patient and how to iterate through (e.g., select most recent).
Locally inspect Consent.provision for base policy acceptance/denial with Consent.policyRule
If policyRule not understandable, refer to Privacy Office
Locally inspect Consent.provision for contexts (e.g., provision.purpose, provision.actor, etc.) as above
Inspect Consent.provision.provision (et.al) for exceptions

6.2.11 Search Parameters

Search parameters for this resource. The common parameters also apply. See Searching for more information about searching in REST, messaging, and services.

Name	Type	Description	Expression	In Common
action	token	Actions controlled by this rule	Consent.provision.action
actor	reference	Resource for the actor (or group, by role)	Consent.provision.actor.reference (Practitioner, Group, Organization, CareTeam, Device, Patient, PractitionerRole, RelatedPerson)
category	token	Classification of the consent statement - for indexing/retrieval	Consent.category
controller	reference	Consent Enforcer	Consent.controller (Practitioner, Organization, Patient, HealthcareService)
data	reference	The actual data reference	Consent.provision.data.reference (Any)
date N	date	When consent was agreed to	Consent.dateTime
grantee	reference	Who is agreeing to the policy and rules	Consent.grantee (Practitioner, Organization, CareTeam, Patient, HealthcareService, PractitionerRole, RelatedPerson)
identifier	token	Identifier for this record (external references)	Consent.identifier
manager	reference	Consent workflow management	Consent.manager (Practitioner, Organization, Patient, HealthcareService)
patient	reference	Who the consent applies to	Consent.subject.where(resolve() is Patient) (Patient)
period	date	Timeframe for this rule	Consent.provision.period
purpose	token	Context of activities covered by this rule	Consent.provision.purpose
security-label	token	Security Labels that define affected resources	Consent.provision.securityLabel
source-reference	reference	Search by reference to a Consent, DocumentReference, Contract or QuestionnaireResponse	Consent.sourceReference (Consent, Contract, QuestionnaireResponse, DocumentReference)
status N	token	draft \| active \| inactive \| entered-in-error \| unknown	Consent.status
subject	reference	Who the consent applies to	Consent.subject (Practitioner, Group, Patient)
verified N	token	Has been verified	Consent.verification.verified
verified-date N	date	When consent verified	Consent.verification.verificationDate