This page is part of the FHIR Specification (v5.0.0-ballot: R5 Ballot - see ballot notes). The current version which supercedes this version is 5.0.0. For a full list of available versions, see the Directory of published versions
Security Work Group | Maturity Level: 0 | Trial Use | Security Category: Not Classified | Compartments: Not linked to any defined compartments |
Detailed Descriptions for the elements in the Permission resource.
Permission | |
Element Id | Permission |
Definition | Permission resource holds access rules for a given data and context. |
Short Display | Access Rules |
Cardinality | 0..* |
Type | DomainResource |
Summary | false |
Permission.status | |
Element Id | Permission.status |
Definition | Status. |
Short Display | active | entered-in-error | draft | rejected |
Cardinality | 1..1 |
Terminology Binding | PermissionStatus (Required) |
Type | code |
Summary | true |
Permission.asserter | |
Element Id | Permission.asserter |
Definition | The person or entity that asserts the permission. |
Short Display | The person or entity that asserts the permission |
Cardinality | 0..1 |
Type | Reference(Practitioner | PractitionerRole | Organization | CareTeam | Patient | RelatedPerson | HealthcareService) |
Summary | true |
Permission.date | |
Element Id | Permission.date |
Definition | The date that permission was asserted. |
Short Display | The date that permission was asserted |
Cardinality | 0..* |
Type | dateTime |
Alternate Names | class |
Summary | true |
Permission.validity | |
Element Id | Permission.validity |
Definition | The period in which the permission is active. |
Short Display | The period in which the permission is active |
Cardinality | 0..1 |
Type | Period |
Alternate Names | type |
Summary | true |
Permission.justification | |
Element Id | Permission.justification |
Definition | The asserted justification for using the data. |
Short Display | The asserted justification for using the data |
Cardinality | 0..1 |
Summary | true |
Permission.justification.basis | |
Element Id | Permission.justification.basis |
Definition | This would be a codeableconcept, or a coding, which can be constrained to , for example, the 6 grounds for processing in GDPR. |
Short Display | The regulatory grounds upon which this Permission builds |
Cardinality | 0..* |
Terminology Binding | Consent PolicyRule Codes (Example) |
Type | CodeableConcept |
Summary | true |
Permission.justification.evidence | |
Element Id | Permission.justification.evidence |
Definition | Justifing rational. |
Short Display | Justifing rational |
Cardinality | 0..* |
Type | Reference(Any) |
Summary | true |
Comments | While any resource may be used, DocumentReference, Consent, PlanDefinition, and Contract would be most frequent |
Permission.combining | |
Element Id | Permission.combining |
Definition | Defines a procedure for arriving at an access decision given the set of rules. |
Short Display | deny-overrides | permit-overrides | ordered-deny-overrides | ordered-permit-overrides | deny-unless-permit | permit-unless-deny |
Cardinality | 1..1 |
Terminology Binding | PermissionRuleCombining (Required) |
Type | code |
Is Modifier | true (Reason: Defines how the rules are to be combined.) |
Summary | true |
Comments | |
Permission.rule | |
Element Id | Permission.rule |
Definition | A set of rules. |
Short Display | Constraints to the Permission |
Cardinality | 0..* |
Element Order Meaning | The order of the rules processing is defined in rule-combining |
Summary | true |
Permission.rule.type | |
Element Id | Permission.rule.type |
Definition | deny | permit. |
Short Display | deny | permit |
Cardinality | 0..1 |
Terminology Binding | ConsentProvisionType (Required) |
Type | code |
Is Modifier | true (Reason: Sets the context for the meaning of the rules.) |
Summary | true |
Permission.rule.data | |
Element Id | Permission.rule.data |
Definition | A description or definition of which activities are allowed to be done on the data. |
Short Display | The selection criteria to identify data that is within scope of this provision |
Cardinality | 0..* |
Summary | true |
Permission.rule.data.resource | |
Element Id | Permission.rule.data.resource |
Definition | Explicit FHIR Resource references. |
Short Display | Explicit FHIR Resource references |
Cardinality | 0..* |
Summary | true |
Permission.rule.data.resource.meaning | |
Element Id | Permission.rule.data.resource.meaning |
Definition | How the resource reference is interpreted when testing consent restrictions. |
Short Display | instance | related | dependents | authoredby |
Cardinality | 1..1 |
Terminology Binding | ConsentDataMeaning (Required) |
Type | code |
Summary | true |
Permission.rule.data.resource.reference | |
Element Id | Permission.rule.data.resource.reference |
Definition | A reference to a specific resource that defines which resources are covered by this consent. |
Short Display | The actual data reference |
Cardinality | 1..1 |
Type | Reference(Any) |
Summary | true |
Permission.rule.data.security | |
Element Id | Permission.rule.data.security |
Definition | The data in scope are those with the given codes present in that data .meta.security element. |
Short Display | Security tag code on .meta.security |
Cardinality | 0..* |
Type | Coding |
Summary | true |
Comments | Note the ConfidentialityCode vocabulary indicates the highest value, thus a security label of "R" then it applies to all resources that are labeled "R" or lower. E.g. for Confidentiality, it's a high water mark. For other kinds of security labels, subsumption logic applies. When the purpose of use tag is on the data, access request purpose of use shall not conflict. |
Permission.rule.data.period | |
Element Id | Permission.rule.data.period |
Definition | Clinical or Operational Relevant period of time that bounds the data controlled by this rule. |
Short Display | Timeframe encompasing data create/update |
Cardinality | 0..* |
Type | Period |
Summary | true |
Comments | This has a different sense to the .validity. |
Permission.rule.data.expression | |
Element Id | Permission.rule.data.expression |
Definition | Used when other data selection elements are insufficient. |
Short Display | Expression identifying the data |
Cardinality | 0..1 |
Type | Expression |
Summary | true |
Permission.rule.activity | |
Element Id | Permission.rule.activity |
Definition | A description or definition of which activities are allowed to be done on the data. |
Short Display | A description or definition of which activities are allowed to be done on the data |
Cardinality | 0..* |
Summary | true |
Permission.rule.activity.actor | |
Element Id | Permission.rule.activity.actor |
Definition | The actor(s) authorized for the defined activity. |
Short Display | Authorized actor(s) |
Cardinality | 0..* |
Type | Reference(Device | Group | CareTeam | Organization | Patient | Practitioner | RelatedPerson | PractitionerRole) |
Summary | true |
Permission.rule.activity.action | |
Element Id | Permission.rule.activity.action |
Definition | Actions controlled by this Rule. |
Short Display | Actions controlled by this rule |
Cardinality | 0..* |
Terminology Binding | Consent Action Codes (Example) |
Type | CodeableConcept |
Summary | true |
Comments | Note that this is the direct action (not the grounds for the action covered in the purpose element). At present, the only action in the understood and tested scope of this resource is 'read'. |
Permission.rule.activity.purpose | |
Element Id | Permission.rule.activity.purpose |
Definition | The purpose for which the permission is given. |
Short Display | The purpose for which the permission is given |
Cardinality | 0..* |
Terminology Binding | PurposeOfUse (Preferred) |
Type | CodeableConcept |
Summary | true |
Permission.rule.limit | |
Element Id | Permission.rule.limit |
Definition | What limits apply to the use of the data. |
Short Display | What limits apply to the use of the data |
Cardinality | 0..* |
Terminology Binding | Example set of Event / Bundle used Security Labels (Example) |
Type | CodeableConcept |
Summary | true |