This page is part of the FHIR Specification (v5.0.0-ballot: R5 Ballot - see ballot notes). The current version which supercedes this version is 5.0.0. For a full list of available versions, see the Directory of published versions
Security Work Group | Maturity Level: 0 | Trial Use | Security Category: Not Classified | Compartments: Not linked to any defined compartments |
Permission resource holds access rules for a given data and context.
A declarative attribute-based access control policy statement to express policies, refrains, and obligations. The Permission resource may be used to record the access control constraints under which data were collected or shared.
Note to Implementers: This resource is under-development, consult the FHIR Permission Confluence page for development details, plans, and use-case analysis.
The Permission resource may in the future be used as a provision within a Consent resource.
The Permission resource is intended to be used where Consent resource does not apply or where exposure of the full Consent details are not needed or desired. The Permission resource may be used to express transactional access control rules that may be derived from a Consent. The Permission resource is intended to be used when access control policy rules need to be expressed in an interoperable way other than Consent. Examples are use-cases that are not involving a patient subject. The Permission resource should not be used in a conflicting way with security labels in the .meta.security element.
No references for this Resource.
Structure
Name | Flags | Card. | Type | Description & Constraints |
---|---|---|---|---|
Permission | TU | DomainResource | Access Rules Elements defined in Ancestors: id, meta, implicitRules, language, text, contained, extension, modifierExtension | |
status | Σ | 1..1 | code | active | entered-in-error | draft | rejected PermissionStatus (Required) |
asserter | Σ | 0..1 | Reference(Practitioner | PractitionerRole | Organization | CareTeam | Patient | RelatedPerson | HealthcareService) | The person or entity that asserts the permission |
date | Σ | 0..* | dateTime | The date that permission was asserted |
validity | Σ | 0..1 | Period | The period in which the permission is active |
justification | Σ | 0..1 | BackboneElement | The asserted justification for using the data |
basis | Σ | 0..* | CodeableConcept | The regulatory grounds upon which this Permission builds Consent PolicyRule Codes (Example) |
evidence | Σ | 0..* | Reference(Any) | Justifing rational |
combining | ?!Σ | 1..1 | code | deny-overrides | permit-overrides | ordered-deny-overrides | ordered-permit-overrides | deny-unless-permit | permit-unless-deny PermissionRuleCombining (Required) |
rule | Σ | 0..* | BackboneElement | Constraints to the Permission This repeating element order: The order of the rules processing is defined in rule-combining |
type | ?!Σ | 0..1 | code | deny | permit ConsentProvisionType (Required) |
data | Σ | 0..* | BackboneElement | The selection criteria to identify data that is within scope of this provision |
resource | Σ | 0..* | BackboneElement | Explicit FHIR Resource references |
meaning | Σ | 1..1 | code | instance | related | dependents | authoredby ConsentDataMeaning (Required) |
reference | Σ | 1..1 | Reference(Any) | The actual data reference |
security | Σ | 0..* | Coding | Security tag code on .meta.security |
period | Σ | 0..* | Period | Timeframe encompasing data create/update |
expression | Σ | 0..1 | Expression | Expression identifying the data |
activity | Σ | 0..* | BackboneElement | A description or definition of which activities are allowed to be done on the data |
actor | Σ | 0..* | Reference(Device | Group | CareTeam | Organization | Patient | Practitioner | RelatedPerson | PractitionerRole) | Authorized actor(s) |
action | Σ | 0..* | CodeableConcept | Actions controlled by this rule Consent Action Codes (Example) |
purpose | Σ | 0..* | CodeableConcept | The purpose for which the permission is given PurposeOfUse (Preferred) |
limit | Σ | 0..* | CodeableConcept | What limits apply to the use of the data Example set of Event / Bundle used Security Labels (Example) |
Documentation for this format |
See the Extensions for this resource
UML Diagram (Legend)
XML Template
<Permission xmlns="http://hl7.org/fhir"> <!-- from Resource: id, meta, implicitRules, and language --> <!-- from DomainResource: text, contained, extension, and modifierExtension --> <status value="[code]"/><!-- 1..1 active | entered-in-error | draft | rejected --> <asserter><!-- 0..1 Reference(CareTeam|HealthcareService|Organization|Patient| Practitioner|PractitionerRole|RelatedPerson) The person or entity that asserts the permission --></asserter> <date value="[dateTime]"/><!-- 0..* The date that permission was asserted --> <validity><!-- 0..1 Period The period in which the permission is active --></validity> <justification> <!-- 0..1 The asserted justification for using the data --> <basis><!-- 0..* CodeableConcept The regulatory grounds upon which this Permission builds --></basis> <evidence><!-- 0..* Reference(Any) Justifing rational --></evidence> </justification> <combining value="[code]"/><!-- 1..1 deny-overrides | permit-overrides | ordered-deny-overrides | ordered-permit-overrides | deny-unless-permit | permit-unless-deny --> <rule> <!-- 0..* Constraints to the Permission --> <type value="[code]"/><!-- 0..1 deny | permit --> <data> <!-- 0..* The selection criteria to identify data that is within scope of this provision --> <resource> <!-- 0..* Explicit FHIR Resource references --> <meaning value="[code]"/><!-- 1..1 instance | related | dependents | authoredby --> <reference><!-- 1..1 Reference(Any) The actual data reference --></reference> </resource> <security><!-- 0..* Coding Security tag code on .meta.security --></security> <period><!-- 0..* Period Timeframe encompasing data create/update --></period> <expression><!-- 0..1 Expression Expression identifying the data --></expression> </data> <activity> <!-- 0..* A description or definition of which activities are allowed to be done on the data --> <actor><!-- 0..* Reference(CareTeam|Device|Group|Organization|Patient| Practitioner|PractitionerRole|RelatedPerson) Authorized actor(s) --></actor> <action><!-- 0..* CodeableConcept Actions controlled by this rule --></action> <purpose><!-- 0..* CodeableConcept The purpose for which the permission is given --></purpose> </activity> <limit><!-- 0..* CodeableConcept What limits apply to the use of the data --></limit> </rule> </Permission>
JSON Template
{ "resourceType" : "Permission", // from Resource: id, meta, implicitRules, and language // from DomainResource: text, contained, extension, and modifierExtension "status" : "<code>", // R! active | entered-in-error | draft | rejected "asserter" : { Reference(CareTeam|HealthcareService|Organization|Patient| Practitioner|PractitionerRole|RelatedPerson) }, // The person or entity that asserts the permission "date" : ["<dateTime>"], // The date that permission was asserted "validity" : { Period }, // The period in which the permission is active "justification" : { // The asserted justification for using the data "basis" : [{ CodeableConcept }], // The regulatory grounds upon which this Permission builds "evidence" : [{ Reference(Any) }] // Justifing rational }, "combining" : "<code>", // R! deny-overrides | permit-overrides | ordered-deny-overrides | ordered-permit-overrides | deny-unless-permit | permit-unless-deny "rule" : [{ // Constraints to the Permission "type" : "<code>", // deny | permit "data" : [{ // The selection criteria to identify data that is within scope of this provision "resource" : [{ // Explicit FHIR Resource references "meaning" : "<code>", // R! instance | related | dependents | authoredby "reference" : { Reference(Any) } // R! The actual data reference }], "security" : [{ Coding }], // Security tag code on .meta.security "period" : [{ Period }], // Timeframe encompasing data create/update "expression" : { Expression } // Expression identifying the data }], "activity" : [{ // A description or definition of which activities are allowed to be done on the data "actor" : [{ Reference(CareTeam|Device|Group|Organization|Patient| Practitioner|PractitionerRole|RelatedPerson) }], // Authorized actor(s) "action" : [{ CodeableConcept }], // Actions controlled by this rule "purpose" : [{ CodeableConcept }] // The purpose for which the permission is given }], "limit" : [{ CodeableConcept }] // What limits apply to the use of the data }] }
Turtle Template
@prefix fhir: <http://hl7.org/fhir/> . [ a fhir:Permission; fhir:nodeRole fhir:treeRoot; # if this is the parser root # from Resource: .id, .meta, .implicitRules, and .language # from DomainResource: .text, .contained, .extension, and .modifierExtension fhir:Permission.status [ code ]; # 1..1 active | entered-in-error | draft | rejected fhir:Permission.asserter [ Reference(CareTeam|HealthcareService|Organization|Patient|Practitioner|PractitionerRole| RelatedPerson) ]; # 0..1 The person or entity that asserts the permission fhir:Permission.date [ dateTime ], ... ; # 0..* The date that permission was asserted fhir:Permission.validity [ Period ]; # 0..1 The period in which the permission is active fhir:Permission.justification [ # 0..1 The asserted justification for using the data fhir:Permission.justification.basis [ CodeableConcept ], ... ; # 0..* The regulatory grounds upon which this Permission builds fhir:Permission.justification.evidence [ Reference(Any) ], ... ; # 0..* Justifing rational ]; fhir:Permission.combining [ code ]; # 1..1 deny-overrides | permit-overrides | ordered-deny-overrides | ordered-permit-overrides | deny-unless-permit | permit-unless-deny fhir:Permission.rule [ # 0..* Constraints to the Permission fhir:Permission.rule.type [ code ]; # 0..1 deny | permit fhir:Permission.rule.data [ # 0..* The selection criteria to identify data that is within scope of this provision fhir:Permission.rule.data.resource [ # 0..* Explicit FHIR Resource references fhir:Permission.rule.data.resource.meaning [ code ]; # 1..1 instance | related | dependents | authoredby fhir:Permission.rule.data.resource.reference [ Reference(Any) ]; # 1..1 The actual data reference ], ...; fhir:Permission.rule.data.security [ Coding ], ... ; # 0..* Security tag code on .meta.security fhir:Permission.rule.data.period [ Period ], ... ; # 0..* Timeframe encompasing data create/update fhir:Permission.rule.data.expression [ Expression ]; # 0..1 Expression identifying the data ], ...; fhir:Permission.rule.activity [ # 0..* A description or definition of which activities are allowed to be done on the data fhir:Permission.rule.activity.actor [ Reference(CareTeam|Device|Group|Organization|Patient|Practitioner|PractitionerRole| RelatedPerson) ], ... ; # 0..* Authorized actor(s) fhir:Permission.rule.activity.action [ CodeableConcept ], ... ; # 0..* Actions controlled by this rule fhir:Permission.rule.activity.purpose [ CodeableConcept ], ... ; # 0..* The purpose for which the permission is given ], ...; fhir:Permission.rule.limit [ CodeableConcept ], ... ; # 0..* What limits apply to the use of the data ], ...; ]
Structure
Name | Flags | Card. | Type | Description & Constraints |
---|---|---|---|---|
Permission | TU | DomainResource | Access Rules Elements defined in Ancestors: id, meta, implicitRules, language, text, contained, extension, modifierExtension | |
status | Σ | 1..1 | code | active | entered-in-error | draft | rejected PermissionStatus (Required) |
asserter | Σ | 0..1 | Reference(Practitioner | PractitionerRole | Organization | CareTeam | Patient | RelatedPerson | HealthcareService) | The person or entity that asserts the permission |
date | Σ | 0..* | dateTime | The date that permission was asserted |
validity | Σ | 0..1 | Period | The period in which the permission is active |
justification | Σ | 0..1 | BackboneElement | The asserted justification for using the data |
basis | Σ | 0..* | CodeableConcept | The regulatory grounds upon which this Permission builds Consent PolicyRule Codes (Example) |
evidence | Σ | 0..* | Reference(Any) | Justifing rational |
combining | ?!Σ | 1..1 | code | deny-overrides | permit-overrides | ordered-deny-overrides | ordered-permit-overrides | deny-unless-permit | permit-unless-deny PermissionRuleCombining (Required) |
rule | Σ | 0..* | BackboneElement | Constraints to the Permission This repeating element order: The order of the rules processing is defined in rule-combining |
type | ?!Σ | 0..1 | code | deny | permit ConsentProvisionType (Required) |
data | Σ | 0..* | BackboneElement | The selection criteria to identify data that is within scope of this provision |
resource | Σ | 0..* | BackboneElement | Explicit FHIR Resource references |
meaning | Σ | 1..1 | code | instance | related | dependents | authoredby ConsentDataMeaning (Required) |
reference | Σ | 1..1 | Reference(Any) | The actual data reference |
security | Σ | 0..* | Coding | Security tag code on .meta.security |
period | Σ | 0..* | Period | Timeframe encompasing data create/update |
expression | Σ | 0..1 | Expression | Expression identifying the data |
activity | Σ | 0..* | BackboneElement | A description or definition of which activities are allowed to be done on the data |
actor | Σ | 0..* | Reference(Device | Group | CareTeam | Organization | Patient | Practitioner | RelatedPerson | PractitionerRole) | Authorized actor(s) |
action | Σ | 0..* | CodeableConcept | Actions controlled by this rule Consent Action Codes (Example) |
purpose | Σ | 0..* | CodeableConcept | The purpose for which the permission is given PurposeOfUse (Preferred) |
limit | Σ | 0..* | CodeableConcept | What limits apply to the use of the data Example set of Event / Bundle used Security Labels (Example) |
Documentation for this format |
See the Extensions for this resource
XML Template
<Permission xmlns="http://hl7.org/fhir"> <!-- from Resource: id, meta, implicitRules, and language --> <!-- from DomainResource: text, contained, extension, and modifierExtension --> <status value="[code]"/><!-- 1..1 active | entered-in-error | draft | rejected --> <asserter><!-- 0..1 Reference(CareTeam|HealthcareService|Organization|Patient| Practitioner|PractitionerRole|RelatedPerson) The person or entity that asserts the permission --></asserter> <date value="[dateTime]"/><!-- 0..* The date that permission was asserted --> <validity><!-- 0..1 Period The period in which the permission is active --></validity> <justification> <!-- 0..1 The asserted justification for using the data --> <basis><!-- 0..* CodeableConcept The regulatory grounds upon which this Permission builds --></basis> <evidence><!-- 0..* Reference(Any) Justifing rational --></evidence> </justification> <combining value="[code]"/><!-- 1..1 deny-overrides | permit-overrides | ordered-deny-overrides | ordered-permit-overrides | deny-unless-permit | permit-unless-deny --> <rule> <!-- 0..* Constraints to the Permission --> <type value="[code]"/><!-- 0..1 deny | permit --> <data> <!-- 0..* The selection criteria to identify data that is within scope of this provision --> <resource> <!-- 0..* Explicit FHIR Resource references --> <meaning value="[code]"/><!-- 1..1 instance | related | dependents | authoredby --> <reference><!-- 1..1 Reference(Any) The actual data reference --></reference> </resource> <security><!-- 0..* Coding Security tag code on .meta.security --></security> <period><!-- 0..* Period Timeframe encompasing data create/update --></period> <expression><!-- 0..1 Expression Expression identifying the data --></expression> </data> <activity> <!-- 0..* A description or definition of which activities are allowed to be done on the data --> <actor><!-- 0..* Reference(CareTeam|Device|Group|Organization|Patient| Practitioner|PractitionerRole|RelatedPerson) Authorized actor(s) --></actor> <action><!-- 0..* CodeableConcept Actions controlled by this rule --></action> <purpose><!-- 0..* CodeableConcept The purpose for which the permission is given --></purpose> </activity> <limit><!-- 0..* CodeableConcept What limits apply to the use of the data --></limit> </rule> </Permission>
JSON Template
{ "resourceType" : "Permission", // from Resource: id, meta, implicitRules, and language // from DomainResource: text, contained, extension, and modifierExtension "status" : "<code>", // R! active | entered-in-error | draft | rejected "asserter" : { Reference(CareTeam|HealthcareService|Organization|Patient| Practitioner|PractitionerRole|RelatedPerson) }, // The person or entity that asserts the permission "date" : ["<dateTime>"], // The date that permission was asserted "validity" : { Period }, // The period in which the permission is active "justification" : { // The asserted justification for using the data "basis" : [{ CodeableConcept }], // The regulatory grounds upon which this Permission builds "evidence" : [{ Reference(Any) }] // Justifing rational }, "combining" : "<code>", // R! deny-overrides | permit-overrides | ordered-deny-overrides | ordered-permit-overrides | deny-unless-permit | permit-unless-deny "rule" : [{ // Constraints to the Permission "type" : "<code>", // deny | permit "data" : [{ // The selection criteria to identify data that is within scope of this provision "resource" : [{ // Explicit FHIR Resource references "meaning" : "<code>", // R! instance | related | dependents | authoredby "reference" : { Reference(Any) } // R! The actual data reference }], "security" : [{ Coding }], // Security tag code on .meta.security "period" : [{ Period }], // Timeframe encompasing data create/update "expression" : { Expression } // Expression identifying the data }], "activity" : [{ // A description or definition of which activities are allowed to be done on the data "actor" : [{ Reference(CareTeam|Device|Group|Organization|Patient| Practitioner|PractitionerRole|RelatedPerson) }], // Authorized actor(s) "action" : [{ CodeableConcept }], // Actions controlled by this rule "purpose" : [{ CodeableConcept }] // The purpose for which the permission is given }], "limit" : [{ CodeableConcept }] // What limits apply to the use of the data }] }
Turtle Template
@prefix fhir: <http://hl7.org/fhir/> . [ a fhir:Permission; fhir:nodeRole fhir:treeRoot; # if this is the parser root # from Resource: .id, .meta, .implicitRules, and .language # from DomainResource: .text, .contained, .extension, and .modifierExtension fhir:Permission.status [ code ]; # 1..1 active | entered-in-error | draft | rejected fhir:Permission.asserter [ Reference(CareTeam|HealthcareService|Organization|Patient|Practitioner|PractitionerRole| RelatedPerson) ]; # 0..1 The person or entity that asserts the permission fhir:Permission.date [ dateTime ], ... ; # 0..* The date that permission was asserted fhir:Permission.validity [ Period ]; # 0..1 The period in which the permission is active fhir:Permission.justification [ # 0..1 The asserted justification for using the data fhir:Permission.justification.basis [ CodeableConcept ], ... ; # 0..* The regulatory grounds upon which this Permission builds fhir:Permission.justification.evidence [ Reference(Any) ], ... ; # 0..* Justifing rational ]; fhir:Permission.combining [ code ]; # 1..1 deny-overrides | permit-overrides | ordered-deny-overrides | ordered-permit-overrides | deny-unless-permit | permit-unless-deny fhir:Permission.rule [ # 0..* Constraints to the Permission fhir:Permission.rule.type [ code ]; # 0..1 deny | permit fhir:Permission.rule.data [ # 0..* The selection criteria to identify data that is within scope of this provision fhir:Permission.rule.data.resource [ # 0..* Explicit FHIR Resource references fhir:Permission.rule.data.resource.meaning [ code ]; # 1..1 instance | related | dependents | authoredby fhir:Permission.rule.data.resource.reference [ Reference(Any) ]; # 1..1 The actual data reference ], ...; fhir:Permission.rule.data.security [ Coding ], ... ; # 0..* Security tag code on .meta.security fhir:Permission.rule.data.period [ Period ], ... ; # 0..* Timeframe encompasing data create/update fhir:Permission.rule.data.expression [ Expression ]; # 0..1 Expression identifying the data ], ...; fhir:Permission.rule.activity [ # 0..* A description or definition of which activities are allowed to be done on the data fhir:Permission.rule.activity.actor [ Reference(CareTeam|Device|Group|Organization|Patient|Practitioner|PractitionerRole| RelatedPerson) ], ... ; # 0..* Authorized actor(s) fhir:Permission.rule.activity.action [ CodeableConcept ], ... ; # 0..* Actions controlled by this rule fhir:Permission.rule.activity.purpose [ CodeableConcept ], ... ; # 0..* The purpose for which the permission is given ], ...; fhir:Permission.rule.limit [ CodeableConcept ], ... ; # 0..* What limits apply to the use of the data ], ...; ]
Additional definitions: Master Definition XML + JSON, XML Schema/Schematron + JSON Schema, ShEx (for Turtle) + see the extensions, the spreadsheet version & the dependency analysis
Path | Definition | Type | Reference |
---|---|---|---|
Permission.status | Codes identifying the lifecycle stage of a product. | Required | PermissionStatus |
Permission.justification.basis | This value set includes sample Regulatory consent policy types from the US and other regions. | Example | ConsentPolicyRuleCodes |
Permission.combining | Codes identifying rule combining algorithm. | Required | PermissionRuleCombining |
Permission.rule.type | How a rule statement is applied, such as adding additional consent or removing consent. | Required | ConsentProvisionType |
Permission.rule.data.resource.meaning | How a resource reference is interpreted when testing consent restrictions. | Required | ConsentDataMeaning |
Permission.rule.activity.action | This value set includes sample Consent Action codes. | Example | ConsentActionCodes |
Permission.rule.activity.purpose | Supports communication of purpose of use at a general level. | Preferred | PurposeOfUse |
Permission.rule.limit | A sample of security labels from Healthcare Privacy and Security Classification System that are used on events and requests/responses (aka user context or organization context) made up of PurposeOfUse and maybe a refrain/obligation. | Example | SecurityLabelEventExamples |
Search parameters for this resource. The common parameters also apply. See Searching for more information about searching in REST, messaging, and services.
Name | Type | Description | Expression | In Common |
status N | token | active | entered-in-error | draft | rejected | Permission.status |