R6 Ballot (2nd Draft)

Publish-box (todo)

Security icon Work GroupMaturity Level: 1 Trial UseSecurity Category: Not Classified Compartments: No defined compartments

Detailed Descriptions for the elements in the Permission resource.

Permission
Element Id Permission
Definition

Permission resource holds access rules for a given data and context.

Short Display Access Rules
Cardinality 0..*
Type DomainResource
Summary false
Permission.identifier
Element Id Permission.identifier
Definition

A unique identifier assigned to this permisssion.

Short Display Business Identifier for permission
Note This is a business identifier, not a resource identifier (see discussion)
Cardinality 0..*
Type Identifier
Requirements

Allows permission to be distinguished and referenced.

Summary true
Permission.status
Element Id Permission.status
Definition

Status.

Short Display active | entered-in-error | draft | rejected
Cardinality 1..1
Terminology Binding Permission Status (Required)
Type code
Summary true
Permission.asserter
Element Id Permission.asserter
Definition

The person or entity that asserts the permission.

Short Display The person or entity that asserts the permission
Cardinality 0..1
Type Reference(Practitioner | PractitionerRole | Organization | CareTeam | Patient | RelatedPerson | HealthcareService)
Summary true
Permission.date
Element Id Permission.date
Definition

The date that permission was asserted.

Short Display The date that permission was asserted
Cardinality 0..*
Type dateTime
Alternate Names class
Summary true
Permission.validity
Element Id Permission.validity
Definition

The period in which the permission is active.

Short Display The period in which the permission is active
Cardinality 0..1
Type Period
Alternate Names type
Summary true
Permission.justification
Element Id Permission.justification
Definition

The asserted justification for using the data.

Short Display The asserted justification for using the data
Cardinality 0..1
Summary true
Permission.justification.basis
Element Id Permission.justification.basis
Definition

This would be a codeableconcept, or a coding, which can be constrained to , for example, the 6 grounds for processing in GDPR.

Short Display The regulatory grounds upon which this Permission builds
Cardinality 0..*
Terminology Binding Consent PolicyRule Codes (Example)
Type CodeableConcept
Summary true
Permission.justification.evidence
Element Id Permission.justification.evidence
Definition

Justifing rational.

Short Display Justifing rational
Cardinality 0..*
Type Reference(Any)
Summary true
Comments

While any resource may be used, DocumentReference, Consent, PlanDefinition, and Contract would be most frequent

Permission.combining
Element Id Permission.combining
Definition

Defines a procedure for arriving at an access decision given the set of rules.

Short Display deny-overrides | permit-overrides | ordered-deny-overrides | ordered-permit-overrides | deny-unless-permit | permit-unless-deny
Cardinality 1..1
Terminology Binding Permission Rule Combining (Required)
Type code
Is Modifier true (Reason: Defines how the rules are to be combined.)
Summary true
Comments

see XACML Combining Rules icon

Permission.rule
Element Id Permission.rule
Definition

A set of rules.

Short Display Constraints to the Permission
Cardinality 0..*
Element Order Meaning The order of the rules processing is defined in rule combining selected in .combining element.
Summary true
Comments

Each .rule is evaulated within the combining rule identified in the .combining element.

Permission.rule.type
Element Id Permission.rule.type
Definition

deny | permit.

Short Display deny | permit
Cardinality 0..1
Terminology Binding Consent Provision Type (Required)
Type code
Is Modifier true (Reason: Sets the context for the meaning of the rules.)
Summary true
Permission.rule.data
Element Id Permission.rule.data
Definition

A description or definition of which activities are allowed to be done on the data.

Short Display The selection criteria to identify data that is within scope of this provision
Cardinality 0..*
Summary true
Comments

Within a .rule any repititions of the .data element are in an OR relationship. That is to say that the data identified by the rule is all the data identified by all repititions of .data. Thus to identify one rule that applies to data tagged with STD and data that is tagged with HIV, one would repeat this at the .data level. Within the .data element, all elements and all repetitions of elements, are in an AND relationship. Thus to select data that has both STD and HIV one puts both into one .rule. To have different rules for STD from HIV, one would need to have two .rule elements. To have a rule that applies to both, those that have just STD and just HIV, this repitition may also be done at the data level as described above.

Permission.rule.data.resource
Element Id Permission.rule.data.resource
Definition

Explicit FHIR Resource references.

Short Display Explicit FHIR Resource references
Cardinality 0..*
Summary true
Permission.rule.data.resource.meaning
Element Id Permission.rule.data.resource.meaning
Definition

How the resource reference is interpreted when testing consent restrictions.

Short Display instance | related | dependents | authoredby
Cardinality 1..1
Terminology Binding Consent Data Meaning (Required)
Type code
Summary true
Permission.rule.data.resource.reference
Element Id Permission.rule.data.resource.reference
Definition

A reference to a specific resource that defines which resources are covered by this consent.

Short Display The actual data reference
Cardinality 1..1
Type Reference(Any)
Summary true
Permission.rule.data.security
Element Id Permission.rule.data.security
Definition

The data in scope are those with the given codes present in that data .meta.security element.

Short Display Security tag code on .meta.security
Cardinality 0..*
Type Coding
Summary true
Comments

Note the ConfidentialityCode vocabulary indicates the highest value, thus a security label of "R" then it applies to all resources that are labeled "R" or lower. E.g. for Confidentiality, it's a high water mark. For other kinds of security labels, subsumption logic applies. When the purpose of use tag is on the data, access request purpose of use shall not conflict.

Permission.rule.data.period
Element Id Permission.rule.data.period
Definition

Clinical or Operational Relevant period of time that bounds the data controlled by this rule.

Short Display Timeframe encompasing data create/update
Cardinality 0..1
Type Period
Summary true
Comments

This has a different sense to the .validity.

Permission.rule.data.expression
Element Id Permission.rule.data.expression
Definition

Used when other data selection elements are insufficient.

Short Display Expression identifying the data
Cardinality 0..1
Type Expression
Summary true
Permission.rule.activity
Element Id Permission.rule.activity
Definition

A description or definition of which activities are allowed to be done on the data.

Short Display A description or definition of which activities are allowed to be done on the data
Cardinality 0..*
Summary true
Comments

Within a .rule any repititions of the .activity element are in an OR relationship. That is to say that the rule applies to all the repititions of .activity. Thus to identify one rule that applies to both TREAT and HOPERAT, one would have one rule with repititions at the .activity level. Within the .activity element, all elements and all repetitions of elements, are in an AND relationship. Thus to control an actity that is covering purpose of both TREAT and HOPERAT, one rule with an .activity .purpose holding both TREAT and HOPERAT can define that rule. However this will not cover activities covering only TREAT, for that repeat at the .activity with just a .purpose of TREAT.

Permission.rule.activity.actor
Element Id Permission.rule.activity.actor
Definition

The actor(s) authorized for the defined activity.

Short Display Authorized actor(s)
Cardinality 0..*
Type Reference(Device | Group | CareTeam | Organization | Patient | Practitioner | RelatedPerson | PractitionerRole)
Summary true
Permission.rule.activity.action
Element Id Permission.rule.activity.action
Definition

Actions controlled by this Rule.

Short Display Actions controlled by this rule
Cardinality 0..*
Terminology Binding Consent Action Codes (Example)
Type CodeableConcept
Summary true
Comments

Note that this is the direct action (not the grounds for the action covered in the purpose element). At present, the only action in the understood and tested scope of this resource is 'read'.

Permission.rule.activity.purpose
Element Id Permission.rule.activity.purpose
Definition

The purpose for which the permission is given.

Short Display The purpose for which the permission is given
Cardinality 0..*
Terminology Binding PurposeOfUse icon (Preferred)
Type CodeableConcept
Summary true
Permission.rule.limit
Element Id Permission.rule.limit
Definition

What limits apply to the use of the data.

Short Display What limits apply to the use of the data
Cardinality 0..*
Terminology Binding Example set of Event / Bundle used Security Labels (Example)
Type CodeableConcept
Summary true
Comments

Within a .rule all repititions of the .limit all apply to the rule. That is to say if there are multiple limits, and the rule permits the activity, then all the identified limits are applied to that authorized activity.