Release 5 Ballot

This page is part of the FHIR Specification (v5.0.0-ballot: FHIR R5 Ballot Preview). The current version which supercedes this version is 5.0.0. For a full list of available versions, see the Directory of published versions

6.5 Resource Permission - Content

Security Work GroupMaturity Level: 0 Trial UseSecurity Category: Not Classified Compartments: Not linked to any defined compartments

Permission resource holds access rules for a given data and context.

A declarative attribute-based access control policy statement to express policies, refrains, and obligations. The Permission resource may be used to record the access control constraints under which data were collected or shared.

Note to Implementers: This resource is under-development, consult the FHIR Permission Confluence page for development details, plans, and use-case analysis.

The Permission resource may in the future be used as a provision within a Consent resource.

The Permission resource is intended to be used where Consent resource does not apply or where exposure of the full Consent details are not needed or desired. The Permission resource may be used to express transactional access control rules that may be derived from a Consent. The Permission resource is intended to be used when access control policy rules need to be expressed in an interoperable way other than Consent. Examples are use-cases that are not involving a patient subject. The Permission resource should not be used in a conflicting way with security labels in the .meta.security element.

No references for this Resource.

Structure

NameFlagsCard.TypeDescription & Constraintsdoco
.. Permission TUDomainResourceAccess Rules

Elements defined in Ancestors: id, meta, implicitRules, language, text, contained, extension, modifierExtension
... status Σ1..1codeactive | entered-in-error | draft | rejected
PermissionStatus (Required)
... asserter Σ0..1Reference(Practitioner | PractitionerRole | Organization | CareTeam | Patient | RelatedPerson | HealthcareService)The person or entity that asserts the permission
... date Σ0..*dateTimeThe date that permission was asserted

... justification Σ0..1BackboneElementThe asserted justification for using the data
.... basis Σ0..*CodeableConceptThe regulatory grounds upon which this Permission builds
Consent PolicyRule Codes (Example)

.... evidence Σ0..*Reference(Any)Justifing rational

... combining ?!Σ1..1codedeny-overrides | permit-overrides | ordered-deny-overrides | ordered-permit-overrides | deny-unless-permit | permit-unless-deny
PermissionRuleCombining (Required)
... rule Σ0..*BackboneElementConstraints to the Permission
This repeating element order: The order of the rules processing is defined in rule-combining
.... type ?!Σ0..1codedeny | permit
ConsentProvisionType (Required)
.... data Σ0..*BackboneElementThe selection criteria to identify data that is within scope of this provision

..... resource Σ0..*BackboneElementExplicit FHIR Resource references

...... meaning Σ1..1codeinstance | related | dependents | authoredby
ConsentDataMeaning (Required)
...... reference Σ1..1Reference(Any)The actual data reference
..... security Σ0..*CodingSecurity tag code on .meta.security

..... period Σ0..*PeriodTimeframe encompasing data create/update

..... expression Σ0..1ExpressionExpression identifying the data
.... activity Σ0..*BackboneElementA description or definition of which activities are allowed to be done on the data

..... actor Σ0..*Reference(Device | Group | CareTeam | Organization | Patient | Practitioner | RelatedPerson | PractitionerRole)Authorized actor(s)

..... action Σ0..*CodeableConceptActions controlled by this rule
Consent Action Codes (Example)

..... purpose Σ0..*CodeableConceptThe purpose for which the permission is given
PurposeOfUse (Preferred)

.... limit Σ0..*CodeableConceptWhat limits apply to the use of the data
Example set of Event / Bundle used Security Labels (Example)


doco Documentation for this format

See the Extensions for this resource

UML Diagram (Legend)

Permission (DomainResource)Statusstatus : code [1..1] « null (Strength=Required)PermissionStatus! »The person or entity that asserts the permissionasserter : Reference [0..1] « Practitioner|PractitionerRole| Organization|CareTeam|Patient|RelatedPerson|HealthcareService »The date that permission was asserteddate : dateTime [0..*]The period in which the permission is activevalidity : Period [0..1]Defines a procedure for arriving at an access decision given the set of rules (this element modifies the meaning of other elements)combining : code [1..1] « null (Strength=Required)PermissionRuleCombining! »JustificationThis would be a codeableconcept, or a coding, which can be constrained to , for example, the 6 grounds for processing in GDPRbasis : CodeableConcept [0..*] « null (Strength=Example)ConsentPolicyRuleCodes?? »Justifing rationalevidence : Reference [0..*] « Any »ruledeny | permit (this element modifies the meaning of other elements)type : code [0..1] « null (Strength=Required)ConsentProvisionType! »What limits apply to the use of the datalimit : CodeableConcept [0..*] « null (Strength=Example)SecurityLabelEventExamples?? »DataThe data in scope are those with the given codes present in that data .meta.security elementsecurity : Coding [0..*]Clinical or Operational Relevant period of time that bounds the data controlled by this ruleperiod : Period [0..*]Used when other data selection elements are insufficientexpression : Expression [0..1]ResourceHow the resource reference is interpreted when testing consent restrictionsmeaning : code [1..1] « null (Strength=Required)ConsentDataMeaning! »A reference to a specific resource that defines which resources are covered by this consentreference : Reference [1..1] « Any »ActivityThe actor(s) authorized for the defined activityactor : Reference [0..*] « Device|Group|CareTeam|Organization| Patient|Practitioner|RelatedPerson|PractitionerRole »Actions controlled by this Ruleaction : CodeableConcept [0..*] « null (Strength=Example)ConsentActionCodes?? »The purpose for which the permission is givenpurpose : CodeableConcept [0..*] « null (Strength=Preferred)PurposeOfUse? »The asserted justification for using the datajustification[0..1]Explicit FHIR Resource referencesresource[0..*]A description or definition of which activities are allowed to be done on the datadata[0..*]A description or definition of which activities are allowed to be done on the dataactivity[0..*]A set of rulesrule[0..*]

XML Template

<Permission xmlns="http://hl7.org/fhir"> doco
 <!-- from Resource: id, meta, implicitRules, and language -->
 <!-- from DomainResource: text, contained, extension, and modifierExtension -->
 <status value="[code]"/><!-- 1..1 active | entered-in-error | draft | rejected -->
 <asserter><!-- 0..1 Reference(CareTeam|HealthcareService|Organization|Patient|
   Practitioner|PractitionerRole|RelatedPerson) The person or entity that asserts the permission --></asserter>
 <date value="[dateTime]"/><!-- 0..* The date that permission was asserted -->
 <validity><!-- 0..1 Period The period in which the permission is active --></validity>
 <justification>  <!-- 0..1 The asserted justification for using the data -->
  <basis><!-- 0..* CodeableConcept The regulatory grounds upon which this Permission builds --></basis>
  <evidence><!-- 0..* Reference(Any) Justifing rational --></evidence>
 </justification>
 <combining value="[code]"/><!-- 1..1 deny-overrides | permit-overrides | ordered-deny-overrides | ordered-permit-overrides | deny-unless-permit | permit-unless-deny -->
 <rule>  <!-- 0..* Constraints to the Permission -->
  <type value="[code]"/><!-- 0..1 deny | permit -->
  <data>  <!-- 0..* The selection criteria to identify data that is within scope of this provision -->
   <resource>  <!-- 0..* Explicit FHIR Resource references -->
    <meaning value="[code]"/><!-- 1..1 instance | related | dependents | authoredby -->
    <reference><!-- 1..1 Reference(Any) The actual data reference --></reference>
   </resource>
   <security><!-- 0..* Coding Security tag code on .meta.security --></security>
   <period><!-- 0..* Period Timeframe encompasing data create/update --></period>
   <expression><!-- 0..1 Expression Expression identifying the data --></expression>
  </data>
  <activity>  <!-- 0..* A description or definition of which activities are allowed to be done on the data -->
   <actor><!-- 0..* Reference(CareTeam|Device|Group|Organization|Patient|
     Practitioner|PractitionerRole|RelatedPerson) Authorized actor(s) --></actor>
   <action><!-- 0..* CodeableConcept Actions controlled by this rule --></action>
   <purpose><!-- 0..* CodeableConcept The purpose for which the permission is given  --></purpose>
  </activity>
  <limit><!-- 0..* CodeableConcept What limits apply to the use of the data --></limit>
 </rule>
</Permission>

JSON Template

{doco
  "resourceType" : "Permission",
  // from Resource: id, meta, implicitRules, and language
  // from DomainResource: text, contained, extension, and modifierExtension
  "status" : "<code>", // R!  active | entered-in-error | draft | rejected
  "asserter" : { Reference(CareTeam|HealthcareService|Organization|Patient|
   Practitioner|PractitionerRole|RelatedPerson) }, // The person or entity that asserts the permission
  "date" : ["<dateTime>"], // The date that permission was asserted
  "validity" : { Period }, // The period in which the permission is active
  "justification" : { // The asserted justification for using the data
    "basis" : [{ CodeableConcept }], // The regulatory grounds upon which this Permission builds
    "evidence" : [{ Reference(Any) }] // Justifing rational
  },
  "combining" : "<code>", // R!  deny-overrides | permit-overrides | ordered-deny-overrides | ordered-permit-overrides | deny-unless-permit | permit-unless-deny
  "rule" : [{ // Constraints to the Permission
    "type" : "<code>", // deny | permit
    "data" : [{ // The selection criteria to identify data that is within scope of this provision
      "resource" : [{ // Explicit FHIR Resource references
        "meaning" : "<code>", // R!  instance | related | dependents | authoredby
        "reference" : { Reference(Any) } // R!  The actual data reference
      }],
      "security" : [{ Coding }], // Security tag code on .meta.security
      "period" : [{ Period }], // Timeframe encompasing data create/update
      "expression" : { Expression } // Expression identifying the data
    }],
    "activity" : [{ // A description or definition of which activities are allowed to be done on the data
      "actor" : [{ Reference(CareTeam|Device|Group|Organization|Patient|
     Practitioner|PractitionerRole|RelatedPerson) }], // Authorized actor(s)
      "action" : [{ CodeableConcept }], // Actions controlled by this rule
      "purpose" : [{ CodeableConcept }] // The purpose for which the permission is given 
    }],
    "limit" : [{ CodeableConcept }] // What limits apply to the use of the data
  }]
}

Turtle Template

@prefix fhir: <http://hl7.org/fhir/> .doco


[ a fhir:Permission;
  fhir:nodeRole fhir:treeRoot; # if this is the parser root

  # from Resource: .id, .meta, .implicitRules, and .language
  # from DomainResource: .text, .contained, .extension, and .modifierExtension
  fhir:Permission.status [ code ]; # 1..1 active | entered-in-error | draft | rejected
  fhir:Permission.asserter [ Reference(CareTeam|HealthcareService|Organization|Patient|Practitioner|PractitionerRole|
  RelatedPerson) ]; # 0..1 The person or entity that asserts the permission
  fhir:Permission.date [ dateTime ], ... ; # 0..* The date that permission was asserted
  fhir:Permission.validity [ Period ]; # 0..1 The period in which the permission is active
  fhir:Permission.justification [ # 0..1 The asserted justification for using the data
    fhir:Permission.justification.basis [ CodeableConcept ], ... ; # 0..* The regulatory grounds upon which this Permission builds
    fhir:Permission.justification.evidence [ Reference(Any) ], ... ; # 0..* Justifing rational
  ];
  fhir:Permission.combining [ code ]; # 1..1 deny-overrides | permit-overrides | ordered-deny-overrides | ordered-permit-overrides | deny-unless-permit | permit-unless-deny
  fhir:Permission.rule [ # 0..* Constraints to the Permission
    fhir:Permission.rule.type [ code ]; # 0..1 deny | permit
    fhir:Permission.rule.data [ # 0..* The selection criteria to identify data that is within scope of this provision
      fhir:Permission.rule.data.resource [ # 0..* Explicit FHIR Resource references
        fhir:Permission.rule.data.resource.meaning [ code ]; # 1..1 instance | related | dependents | authoredby
        fhir:Permission.rule.data.resource.reference [ Reference(Any) ]; # 1..1 The actual data reference
      ], ...;
      fhir:Permission.rule.data.security [ Coding ], ... ; # 0..* Security tag code on .meta.security
      fhir:Permission.rule.data.period [ Period ], ... ; # 0..* Timeframe encompasing data create/update
      fhir:Permission.rule.data.expression [ Expression ]; # 0..1 Expression identifying the data
    ], ...;
    fhir:Permission.rule.activity [ # 0..* A description or definition of which activities are allowed to be done on the data
      fhir:Permission.rule.activity.actor [ Reference(CareTeam|Device|Group|Organization|Patient|Practitioner|PractitionerRole|
  RelatedPerson) ], ... ; # 0..* Authorized actor(s)
      fhir:Permission.rule.activity.action [ CodeableConcept ], ... ; # 0..* Actions controlled by this rule
      fhir:Permission.rule.activity.purpose [ CodeableConcept ], ... ; # 0..* The purpose for which the permission is given
    ], ...;
    fhir:Permission.rule.limit [ CodeableConcept ], ... ; # 0..* What limits apply to the use of the data
  ], ...;
]

Changes since R4

This resource did not exist in Release 3

This analysis is available as XML or JSON.

Structure

NameFlagsCard.TypeDescription & Constraintsdoco
.. Permission TUDomainResourceAccess Rules

Elements defined in Ancestors: id, meta, implicitRules, language, text, contained, extension, modifierExtension
... status Σ1..1codeactive | entered-in-error | draft | rejected
PermissionStatus (Required)
... asserter Σ0..1Reference(Practitioner | PractitionerRole | Organization | CareTeam | Patient | RelatedPerson | HealthcareService)The person or entity that asserts the permission
... date Σ0..*dateTimeThe date that permission was asserted

... justification Σ0..1BackboneElementThe asserted justification for using the data
.... basis Σ0..*CodeableConceptThe regulatory grounds upon which this Permission builds
Consent PolicyRule Codes (Example)

.... evidence Σ0..*Reference(Any)Justifing rational

... combining ?!Σ1..1codedeny-overrides | permit-overrides | ordered-deny-overrides | ordered-permit-overrides | deny-unless-permit | permit-unless-deny
PermissionRuleCombining (Required)
... rule Σ0..*BackboneElementConstraints to the Permission
This repeating element order: The order of the rules processing is defined in rule-combining
.... type ?!Σ0..1codedeny | permit
ConsentProvisionType (Required)
.... data Σ0..*BackboneElementThe selection criteria to identify data that is within scope of this provision

..... resource Σ0..*BackboneElementExplicit FHIR Resource references

...... meaning Σ1..1codeinstance | related | dependents | authoredby
ConsentDataMeaning (Required)
...... reference Σ1..1Reference(Any)The actual data reference
..... security Σ0..*CodingSecurity tag code on .meta.security

..... period Σ0..*PeriodTimeframe encompasing data create/update

..... expression Σ0..1ExpressionExpression identifying the data
.... activity Σ0..*BackboneElementA description or definition of which activities are allowed to be done on the data

..... actor Σ0..*Reference(Device | Group | CareTeam | Organization | Patient | Practitioner | RelatedPerson | PractitionerRole)Authorized actor(s)

..... action Σ0..*CodeableConceptActions controlled by this rule
Consent Action Codes (Example)

..... purpose Σ0..*CodeableConceptThe purpose for which the permission is given
PurposeOfUse (Preferred)

.... limit Σ0..*CodeableConceptWhat limits apply to the use of the data
Example set of Event / Bundle used Security Labels (Example)


doco Documentation for this format

See the Extensions for this resource

UML Diagram (Legend)

Permission (DomainResource)Statusstatus : code [1..1] « null (Strength=Required)PermissionStatus! »The person or entity that asserts the permissionasserter : Reference [0..1] « Practitioner|PractitionerRole| Organization|CareTeam|Patient|RelatedPerson|HealthcareService »The date that permission was asserteddate : dateTime [0..*]The period in which the permission is activevalidity : Period [0..1]Defines a procedure for arriving at an access decision given the set of rules (this element modifies the meaning of other elements)combining : code [1..1] « null (Strength=Required)PermissionRuleCombining! »JustificationThis would be a codeableconcept, or a coding, which can be constrained to , for example, the 6 grounds for processing in GDPRbasis : CodeableConcept [0..*] « null (Strength=Example)ConsentPolicyRuleCodes?? »Justifing rationalevidence : Reference [0..*] « Any »ruledeny | permit (this element modifies the meaning of other elements)type : code [0..1] « null (Strength=Required)ConsentProvisionType! »What limits apply to the use of the datalimit : CodeableConcept [0..*] « null (Strength=Example)SecurityLabelEventExamples?? »DataThe data in scope are those with the given codes present in that data .meta.security elementsecurity : Coding [0..*]Clinical or Operational Relevant period of time that bounds the data controlled by this ruleperiod : Period [0..*]Used when other data selection elements are insufficientexpression : Expression [0..1]ResourceHow the resource reference is interpreted when testing consent restrictionsmeaning : code [1..1] « null (Strength=Required)ConsentDataMeaning! »A reference to a specific resource that defines which resources are covered by this consentreference : Reference [1..1] « Any »ActivityThe actor(s) authorized for the defined activityactor : Reference [0..*] « Device|Group|CareTeam|Organization| Patient|Practitioner|RelatedPerson|PractitionerRole »Actions controlled by this Ruleaction : CodeableConcept [0..*] « null (Strength=Example)ConsentActionCodes?? »The purpose for which the permission is givenpurpose : CodeableConcept [0..*] « null (Strength=Preferred)PurposeOfUse? »The asserted justification for using the datajustification[0..1]Explicit FHIR Resource referencesresource[0..*]A description or definition of which activities are allowed to be done on the datadata[0..*]A description or definition of which activities are allowed to be done on the dataactivity[0..*]A set of rulesrule[0..*]

XML Template

<Permission xmlns="http://hl7.org/fhir"> doco
 <!-- from Resource: id, meta, implicitRules, and language -->
 <!-- from DomainResource: text, contained, extension, and modifierExtension -->
 <status value="[code]"/><!-- 1..1 active | entered-in-error | draft | rejected -->
 <asserter><!-- 0..1 Reference(CareTeam|HealthcareService|Organization|Patient|
   Practitioner|PractitionerRole|RelatedPerson) The person or entity that asserts the permission --></asserter>
 <date value="[dateTime]"/><!-- 0..* The date that permission was asserted -->
 <validity><!-- 0..1 Period The period in which the permission is active --></validity>
 <justification>  <!-- 0..1 The asserted justification for using the data -->
  <basis><!-- 0..* CodeableConcept The regulatory grounds upon which this Permission builds --></basis>
  <evidence><!-- 0..* Reference(Any) Justifing rational --></evidence>
 </justification>
 <combining value="[code]"/><!-- 1..1 deny-overrides | permit-overrides | ordered-deny-overrides | ordered-permit-overrides | deny-unless-permit | permit-unless-deny -->
 <rule>  <!-- 0..* Constraints to the Permission -->
  <type value="[code]"/><!-- 0..1 deny | permit -->
  <data>  <!-- 0..* The selection criteria to identify data that is within scope of this provision -->
   <resource>  <!-- 0..* Explicit FHIR Resource references -->
    <meaning value="[code]"/><!-- 1..1 instance | related | dependents | authoredby -->
    <reference><!-- 1..1 Reference(Any) The actual data reference --></reference>
   </resource>
   <security><!-- 0..* Coding Security tag code on .meta.security --></security>
   <period><!-- 0..* Period Timeframe encompasing data create/update --></period>
   <expression><!-- 0..1 Expression Expression identifying the data --></expression>
  </data>
  <activity>  <!-- 0..* A description or definition of which activities are allowed to be done on the data -->
   <actor><!-- 0..* Reference(CareTeam|Device|Group|Organization|Patient|
     Practitioner|PractitionerRole|RelatedPerson) Authorized actor(s) --></actor>
   <action><!-- 0..* CodeableConcept Actions controlled by this rule --></action>
   <purpose><!-- 0..* CodeableConcept The purpose for which the permission is given  --></purpose>
  </activity>
  <limit><!-- 0..* CodeableConcept What limits apply to the use of the data --></limit>
 </rule>
</Permission>

JSON Template

{doco
  "resourceType" : "Permission",
  // from Resource: id, meta, implicitRules, and language
  // from DomainResource: text, contained, extension, and modifierExtension
  "status" : "<code>", // R!  active | entered-in-error | draft | rejected
  "asserter" : { Reference(CareTeam|HealthcareService|Organization|Patient|
   Practitioner|PractitionerRole|RelatedPerson) }, // The person or entity that asserts the permission
  "date" : ["<dateTime>"], // The date that permission was asserted
  "validity" : { Period }, // The period in which the permission is active
  "justification" : { // The asserted justification for using the data
    "basis" : [{ CodeableConcept }], // The regulatory grounds upon which this Permission builds
    "evidence" : [{ Reference(Any) }] // Justifing rational
  },
  "combining" : "<code>", // R!  deny-overrides | permit-overrides | ordered-deny-overrides | ordered-permit-overrides | deny-unless-permit | permit-unless-deny
  "rule" : [{ // Constraints to the Permission
    "type" : "<code>", // deny | permit
    "data" : [{ // The selection criteria to identify data that is within scope of this provision
      "resource" : [{ // Explicit FHIR Resource references
        "meaning" : "<code>", // R!  instance | related | dependents | authoredby
        "reference" : { Reference(Any) } // R!  The actual data reference
      }],
      "security" : [{ Coding }], // Security tag code on .meta.security
      "period" : [{ Period }], // Timeframe encompasing data create/update
      "expression" : { Expression } // Expression identifying the data
    }],
    "activity" : [{ // A description or definition of which activities are allowed to be done on the data
      "actor" : [{ Reference(CareTeam|Device|Group|Organization|Patient|
     Practitioner|PractitionerRole|RelatedPerson) }], // Authorized actor(s)
      "action" : [{ CodeableConcept }], // Actions controlled by this rule
      "purpose" : [{ CodeableConcept }] // The purpose for which the permission is given 
    }],
    "limit" : [{ CodeableConcept }] // What limits apply to the use of the data
  }]
}

Turtle Template

@prefix fhir: <http://hl7.org/fhir/> .doco


[ a fhir:Permission;
  fhir:nodeRole fhir:treeRoot; # if this is the parser root

  # from Resource: .id, .meta, .implicitRules, and .language
  # from DomainResource: .text, .contained, .extension, and .modifierExtension
  fhir:Permission.status [ code ]; # 1..1 active | entered-in-error | draft | rejected
  fhir:Permission.asserter [ Reference(CareTeam|HealthcareService|Organization|Patient|Practitioner|PractitionerRole|
  RelatedPerson) ]; # 0..1 The person or entity that asserts the permission
  fhir:Permission.date [ dateTime ], ... ; # 0..* The date that permission was asserted
  fhir:Permission.validity [ Period ]; # 0..1 The period in which the permission is active
  fhir:Permission.justification [ # 0..1 The asserted justification for using the data
    fhir:Permission.justification.basis [ CodeableConcept ], ... ; # 0..* The regulatory grounds upon which this Permission builds
    fhir:Permission.justification.evidence [ Reference(Any) ], ... ; # 0..* Justifing rational
  ];
  fhir:Permission.combining [ code ]; # 1..1 deny-overrides | permit-overrides | ordered-deny-overrides | ordered-permit-overrides | deny-unless-permit | permit-unless-deny
  fhir:Permission.rule [ # 0..* Constraints to the Permission
    fhir:Permission.rule.type [ code ]; # 0..1 deny | permit
    fhir:Permission.rule.data [ # 0..* The selection criteria to identify data that is within scope of this provision
      fhir:Permission.rule.data.resource [ # 0..* Explicit FHIR Resource references
        fhir:Permission.rule.data.resource.meaning [ code ]; # 1..1 instance | related | dependents | authoredby
        fhir:Permission.rule.data.resource.reference [ Reference(Any) ]; # 1..1 The actual data reference
      ], ...;
      fhir:Permission.rule.data.security [ Coding ], ... ; # 0..* Security tag code on .meta.security
      fhir:Permission.rule.data.period [ Period ], ... ; # 0..* Timeframe encompasing data create/update
      fhir:Permission.rule.data.expression [ Expression ]; # 0..1 Expression identifying the data
    ], ...;
    fhir:Permission.rule.activity [ # 0..* A description or definition of which activities are allowed to be done on the data
      fhir:Permission.rule.activity.actor [ Reference(CareTeam|Device|Group|Organization|Patient|Practitioner|PractitionerRole|
  RelatedPerson) ], ... ; # 0..* Authorized actor(s)
      fhir:Permission.rule.activity.action [ CodeableConcept ], ... ; # 0..* Actions controlled by this rule
      fhir:Permission.rule.activity.purpose [ CodeableConcept ], ... ; # 0..* The purpose for which the permission is given
    ], ...;
    fhir:Permission.rule.limit [ CodeableConcept ], ... ; # 0..* What limits apply to the use of the data
  ], ...;
]

Changes since Release 4

This resource did not exist in Release 3

This analysis is available as XML or JSON.

 

Additional definitions: Master Definition XML + JSON, XML Schema/Schematron + JSON Schema, ShEx (for Turtle) + see the extensions, the spreadsheet version & the dependency analysis

PathDefinitionTypeReference
Permission.status

Codes identifying the lifecycle stage of a product.

RequiredPermissionStatus
Permission.justification.basis

This value set includes sample Regulatory consent policy types from the US and other regions.

ExampleConsentPolicyRuleCodes
Permission.combining

Codes identifying rule combining algorithm.

RequiredPermissionRuleCombining
Permission.rule.type

How a rule statement is applied, such as adding additional consent or removing consent.

RequiredConsentProvisionType
Permission.rule.data.resource.meaning

How a resource reference is interpreted when testing consent restrictions.

RequiredConsentDataMeaning
Permission.rule.activity.action

This value set includes sample Consent Action codes.

ExampleConsentActionCodes
Permission.rule.activity.purpose

Supports communication of purpose of use at a general level.

PreferredPurposeOfUse
Permission.rule.limit

A sample of security labels from Healthcare Privacy and Security Classification System that are used on events and requests/responses (aka user context or organization context) made up of PurposeOfUse and maybe a refrain/obligation.

ExampleSecurityLabelEventExamples

Search parameters for this resource. The common parameters also apply. See Searching for more information about searching in REST, messaging, and services.

NameTypeDescriptionExpressionIn Common
status Ntokenactive | entered-in-error | draft | rejectedPermission.status