Release 4

This page is part of the FHIR Specification (v4.0.1: R4 - Mixed Normative and STU) in it's permanent home (it will always be available at this URL). The current version which supercedes this version is 5.0.0. For a full list of available versions, see the Directory of published versions . Page versions: R5 R4B R4 R3 R2

6.2 Resource Consent - Content

Community Based Collaborative Care

Work Group

Maturity Level: 2

Trial Use

Security Category: Patient

Compartments: Patient

A record of a healthcare consumer’s choices, which permits or denies identified recipient(s) or recipient role(s) to perform one or more actions within a given policy context, for specific purposes and periods of time.

6.2.1 Scope and Usage

The purpose of this Resource is to be used to express a Consent regarding Healthcare. There are four anticipated uses for the Consent Resource, all of which are written or verbal agreements by a healthcare consumer [grantor] or a personal representative, made to an authorized entity [grantee] concerning authorized or restricted actions with any limitations on purpose of use, and handling instructions to which the authorized entity must comply:

Privacy Consent Directive: Agreement to collect, access, use or disclose (share) information.
Medical Treatment Consent Directive: Consent to undergo a specific treatment (or record of refusal to consent).
Research Consent Directive: Consent to participate in research protocol and information sharing required.
Advance Care Directives: Consent to instructions for potentially needed medical treatment (e.g. DNR).

This resource is scoped to cover all four uses, but at this time, only the privacy use case is modeled. The scope of the resource may change when the other possible scopes are investigated, tested, or profiled.

A FHIR Consent Directive instance is considered the encoded legally binding Consent Directive if it meets requirements of a policy domain requirements for an enforceable contract. In some domains, electronic signatures of one or both of the parties to the content of an encoded representation of a Consent Form is deemed to constitute a legally binding Consent Directive. Some domains accept a notary’s electronic signature over the wet or electronic signature of a party to the Consent Directive as the additional identity proofing required to make an encoded Consent Directive legally binding. Other domains may only accept a wet signature or might not require the parties’ signatures at all.

Whatever the criteria are for making an encoded FHIR Consent Directive legally binding, anything less than a legally binding representation of a Consent Directive must be identified as such, i.e., as a derivative of the legally binding Consent Directive, which has specific usage in Consent Directive workflow management.

Definitions:

Consent

The record of a healthcare consumer’s policy choices, which permits or denies identified recipient(s) or recipient role(s) to perform one or more actions within a given policy context, for specific purposes and periods of time

Consent Directive

The legal record of a healthcare consumer's agreement with a party responsible for enforcing the consumer’s choices, which permits or denies identified actors or roles to perform actions affecting the consumer within a given context for specific purposes and periods of time

Consent Form

Human readable consent content describing one or more actions impacting the grantor for which the grantee would be authorized or prohibited from performing. It includes the terms, rules, and conditions pertaining to the authorization or restrictions, such as effective time, applicability or scope, purposes of use, obligations and prohibitions to which the grantee must comply. Once a Consent Form is “executed” by means required by policy, such as verbal agreement, wet signature, or electronic/digital signature, it becomes a legally binding Consent Directive.

Consent Directive Derivative

Consent Content that conveys the minimal set of information needed to manage Consent Directive workflow, including providing Consent Directive content sufficient to:

Represent a Consent Directive
Register or index a Consent Directive
Query and respond about a Consent Directive
Retrieve a Consent Directive
Notify authorized entities about Consent Directive status changes
Determine entities authorized to collect, access, use or disclose information about the Consent Directive or about the information governed by the Consent Directive.

Derived Consent content includes the Security Labels encoding the applicable privacy and security policies. Consent Security Labels inform recipients about specific access control measures required for compliance.

Consent Statement

A Consent Directive derivative has less than full fidelity to the legally binding Consent Directive from which it was "transcribed". It provides recipients with the full content representation they may require for compliance purposes, and typically include a reference to or an attached unstructured representation for recipients needing an exact copy of the legal agreement.

Consent Registration

The legal record of a healthcare consumer's agreement with a party responsible for enforcing the consumer’s choices, which permits or denies identified actors or roles to perform actions affecting the consumer within a given context for specific purposes and periods of timeA Consent Directive derivative that conveys the minimal set of information needed to register an active and revoked Consent Directive, or to update Consent status as it changes during its lifecycle.

Consent Query/Response Types

The FHIR Consent Resource specifies multiple Consent Search parameters, which support many types of queries for Consent Resource content. There are several Query/Response patterns that are typically used for obtaining information about consent directive content for the following use cases:

Find Active Consent Directive: A query that includes sufficient consent directive content to determine whether a specific party is authorized to share information governed by a consent directive with another specific party. The Response is either:
- “Yes” meaning that both parties are authorized to share the information with one another.
- “No” meaning that the authorized querier is not permitted to share with another specific party
- “No information found” meaning that there is no active Consent Directive in which the querier is authorized to share the governed information.
Find Consent Directive Authorized Entities: A query that includes sufficient consent directive content to return a list of entities with which the querier is authorized to share governed information. The response to an authorized querier is the list of any authorized entities with which the querier is permitted to share governed information. The response to an unauthorized querier is that “no information is found”.
Find Consent Directive(s): A query that includes sufficient consent directive content to return a list of Consent Directive metadata for an authorized querier to determine what Consent Directives are available, and to locate and retrieve one or more of those Consent Directives as needed.

Policy context

Any organizational or jurisdictional policies, which may limit the consumer’s policy choices, and which includes the named range of actions allowed

Healthcare Consumer

The individual establishing his/her personal consent (i.e. Consenter). In FHIR, this is referred to as the 'Patient' though this word is not used across all contexts of care

6.2.1.1 Privacy Consent Directive (PCD)

Privacy policies define how Individually Identifiable Health Information (IIHI) is to be collected, accessed, used and disclosed. A Privacy Consent Directive as a legal record of a patient's (e.g. a healthcare consumer) agreement with a party responsible for enforcing the patient's choices, which permits or denies identified actors or roles to perform actions affecting the patient within a given context for specific purposes and periods of time. All consent directives have a policy context, which is any set of organizational or jurisdictional policies which may limit the consumer’s policy choices, and which include a named range of actions allowed. In addition, Privacy Consent Directives provide the ability for a healthcare consumer to delegate authority to a Substitute Decision Maker who may act on behalf of that individual. Alternatively, a consumer may author/publish their privacy preferences as a self-declared Privacy Consent Directive.

The Consent resource on FHIR provides support for alternative representations for expressing interoperable health information privacy consent directives in a standard form for the exchange and enforcement by sending, intermediating, or receiving systems of privacy policies that can be enforced by consuming systems (e.g., scanned documents, of computable structured entries elements, FHIR structures with optional attached, or referenced unstructured representations.) It may be used to represent the Privacy Consent Directive itself, a Consent Statement, which electronically represents a Consent Directive, or Consent Metadata, which is the minimum necessary consent content derived from a Consent Directive for use in workflow management.

6.2.2 Boundaries and Relationships

Consent management - particularly privacy consent - is complicated by the fact that consent to share is often itself necessary to protect. The need to protect the privacy of the privacy statement itself competes with the execution of the consent statement. For this reason, it is common to deal with 'consent statements' that are only partial representations of the full consent statement that the patient provided.

For this reason, the consent resource contains two elements that refer back to the source: a master identifier, and a direct reference to content from which this Consent Statement was derived. That reference can be one of several things:

A reference to another consent resource from which this limited statement was derived
A reference to a document format for the original source (e.g. PDF or CDA - see the HL7 CDAR2 ConsentDirective Implementation Guide , which incorporated the IHE Basic Patient Privacy Consents (BPPC) ), either directly, or in a reference
The source can be included in the consent as an attachment

The consent statements represent a chain that refers back to the original source consent directive. Applications may be able to follow the chain back to the source but should not generally assume that they are authorized to do this.

Consent Directives are executed by verbal acknowledge or by being signed - either on paper, or digitally. Consent Signatures will be found in the Provenance resource (example consent and signature). Implementation Guides will generally make rules about what signatures are required, and how they are to be shared and used.

6.2.3 Background and Context

Change to "The Consent resource is structured with a base policy (represented as Consent.policy/Consent.policyRule) which is either opt-in or opt-out, followed by a listing of exceptions to that policy (represented as Consent.provision(s)). The exceptions can be additional positive or negative exceptions upon the base policy. The set of exceptions include a list of data objects, list of authors, list of recipients, list of Organizations, list of purposeOfUse, and Date Range.

The enforcement of the Privacy Consent Directive is not included but is expected that enforcement can be done using a mix of the various Access Control enforcement methodologies (e.g. OAuth, UMA, XACML). This enforcement includes the details of the enforcement meaning of the elements of the Privacy Consent Directive, such as the rules in place when there is an opt-in consent would be specific about which organizational roles have access to what kinds of resources (e.g. RBAC, ABAC). The specification of these details is not in scope for the Consent resource.

This resource is referenced by itself and ResearchSubject

Structure

Name	Flags	Card.	Type	Description & Constraints
Consent	I TU		DomainResource	A healthcare consumer's choices to permit or deny recipients or roles to perform actions for specific purposes and periods of time + Rule: Either a Policy or PolicyRule + Rule: IF Scope=privacy, there must be a patient + Rule: IF Scope=research, there must be a patient + Rule: IF Scope=adr, there must be a patient + Rule: IF Scope=treatment, there must be a patient Elements defined in Ancestors: id, meta, implicitRules, language, text, contained, extension, modifierExtension
identifier	Σ	0..*	Identifier	Identifier for this record (external references)
status	?!Σ	1..1	code	draft \| proposed \| active \| rejected \| inactive \| entered-in-error ConsentState (Required)
scope	?!Σ	1..1	CodeableConcept	Which of the four areas this resource covers (extensible) Consent Scope Codes (Extensible)
category	Σ	1..*	CodeableConcept	Classification of the consent statement - for indexing/retrieval Consent Category Codes (Extensible)
patient	Σ	0..1	Reference(Patient)	Who the consent applies to
dateTime	Σ	0..1	dateTime	When this Consent was created or indexed
performer	Σ	0..*	Reference(Organization \| Patient \| Practitioner \| RelatedPerson \| PractitionerRole)	Who is agreeing to the policy and rules
organization	Σ	0..*	Reference(Organization)	Custodian of the consent
source[x]	Σ	0..1		Source from which this consent is taken
sourceAttachment			Attachment
sourceReference			Reference(Consent \| DocumentReference \| Contract \| QuestionnaireResponse)
policy		0..*	BackboneElement	Policies covered by this consent
authority	I	0..1	uri	Enforcement source for policy
uri	I	0..1	uri	Specific policy covered by this consent
policyRule	Σ I	0..1	CodeableConcept	Regulation that this consents to Consent PolicyRule Codes (Extensible)
verification	Σ	0..*	BackboneElement	Consent Verified by patient or family
verified	Σ	1..1	boolean	Has been verified
verifiedWith		0..1	Reference(Patient \| RelatedPerson)	Person who verified
verificationDate		0..1	dateTime	When consent verified
provision	Σ	0..1	BackboneElement	Constraints to the base Consent.policyRule
type	Σ	0..1	code	deny \| permit ConsentProvisionType (Required)
period	Σ	0..1	Period	Timeframe for this rule
actor		0..*	BackboneElement	Who\|what controlled by this rule (or group, by role)
role		1..1	CodeableConcept	How the actor is involved SecurityRoleType (Extensible)
reference		1..1	Reference(Device \| Group \| CareTeam \| Organization \| Patient \| Practitioner \| RelatedPerson \| PractitionerRole)	Resource for the actor (or group, by role)
action	Σ	0..*	CodeableConcept	Actions controlled by this rule Consent Action Codes (Example)
securityLabel	Σ	0..*	Coding	Security Labels that define affected resources SecurityLabels (Extensible)
purpose	Σ	0..*	Coding	Context of activities covered by this rule V3 Value SetPurposeOfUse (Extensible)
class	Σ	0..*	Coding	e.g. Resource Type, Profile, CDA, etc. Consent Content Class (Extensible)
code	Σ	0..*	CodeableConcept	e.g. LOINC or SNOMED CT code, etc. in the content Consent Content Codes (Example)
dataPeriod	Σ	0..1	Period	Timeframe for data controlled by this rule
data	Σ	0..*	BackboneElement	Data controlled by this rule
meaning	Σ	1..1	code	instance \| related \| dependents \| authoredby ConsentDataMeaning (Required)
reference	Σ	1..1	Reference(Any)	The actual data reference
provision		0..*	see provision	Nested Exception Rules
Documentation for this format

UML Diagram (Legend)

XML Template

<Consent xmlns="http://hl7.org/fhir"> 
 <!-- from Resource: id, meta, implicitRules, and language -->
 <!-- from DomainResource: text, contained, extension, and modifierExtension -->
 <identifier><!-- 0..* Identifier Identifier for this record (external references) --></identifier>
 <status value="[code]"/><!-- 1..1 draft | proposed | active | rejected | inactive | entered-in-error -->
 <scope><!-- 1..1 CodeableConcept Which of the four areas this resource covers (extensible) --></scope>
 <category><!-- 1..* CodeableConcept Classification of the consent statement - for indexing/retrieval --></category>
 <patient><!-- 0..1 Reference(Patient) Who the consent applies to --></patient>
 <dateTime value="[dateTime]"/><!-- 0..1 When this Consent was created or indexed -->
 <performer><!-- 0..* Reference(Organization|Patient|Practitioner|RelatedPerson|
   PractitionerRole) Who is agreeing to the policy and rules --></performer>
 <organization><!-- 0..* Reference(Organization) Custodian of the consent --></organization>
 <source[x]><!-- 0..1 Attachment|Reference(Consent|DocumentReference|Contract|
   QuestionnaireResponse) Source from which this consent is taken --></source[x]>
 <policy>  <!-- 0..* Policies covered by this consent -->
  <authority value="[uri]"/><!--  0..1 Enforcement source for policy -->
  <uri value="[uri]"/><!--  0..1 Specific policy covered by this consent -->
 </policy>
 <policyRule><!--  0..1 CodeableConcept Regulation that this consents to --></policyRule>
 <verification>  <!-- 0..* Consent Verified by patient or family -->
  <verified value="[boolean]"/><!-- 1..1 Has been verified -->
  <verifiedWith><!-- 0..1 Reference(Patient|RelatedPerson) Person who verified --></verifiedWith>
  <verificationDate value="[dateTime]"/><!-- 0..1 When consent verified -->
 </verification>
 <provision>  <!-- 0..1 Constraints to the base Consent.policyRule -->
  <type value="[code]"/><!-- 0..1 deny | permit -->
  <period><!-- 0..1 Period Timeframe for this rule --></period>
  <actor>  <!-- 0..* Who|what controlled by this rule (or group, by role) -->
   <role><!-- 1..1 CodeableConcept How the actor is involved --></role>
   <reference><!-- 1..1 Reference(Device|Group|CareTeam|Organization|Patient|
     Practitioner|RelatedPerson|PractitionerRole) Resource for the actor (or group, by role) --></reference>
  </actor>
  <action><!-- 0..* CodeableConcept Actions controlled by this rule --></action>
  <securityLabel><!-- 0..* Coding Security Labels that define affected resources --></securityLabel>
  <purpose><!-- 0..* Coding Context of activities covered by this rule --></purpose>
  <class><!-- 0..* Coding e.g. Resource Type, Profile, CDA, etc. --></class>
  <code><!-- 0..* CodeableConcept e.g. LOINC or SNOMED CT code, etc. in the content --></code>
  <dataPeriod><!-- 0..1 Period Timeframe for data controlled by this rule --></dataPeriod>
  <data>  <!-- 0..* Data controlled by this rule -->
   <meaning value="[code]"/><!-- 1..1 instance | related | dependents | authoredby -->
   <reference><!-- 1..1 Reference(Any) The actual data reference --></reference>
  </data>
  <provision><!-- 0..* Content as for Consent.provision Nested Exception Rules --></provision>
 </provision>
</Consent>

JSON Template

{
  "resourceType" : "Consent",
  // from Resource: id, meta, implicitRules, and language
  // from DomainResource: text, contained, extension, and modifierExtension
  "identifier" : [{ Identifier }], // Identifier for this record (external references)
  "status" : "<code>", // R!  draft | proposed | active | rejected | inactive | entered-in-error
  "scope" : { CodeableConcept }, // R!  Which of the four areas this resource covers (extensible)
  "category" : [{ CodeableConcept }], // R!  Classification of the consent statement - for indexing/retrieval
  "patient" : { Reference(Patient) }, // Who the consent applies to
  "dateTime" : "<dateTime>", // When this Consent was created or indexed
  "performer" : [{ Reference(Organization|Patient|Practitioner|RelatedPerson|
   PractitionerRole) }], // Who is agreeing to the policy and rules
  "organization" : [{ Reference(Organization) }], // Custodian of the consent
  // source[x]: Source from which this consent is taken. One of these 2:
  "sourceAttachment" : { Attachment },
  "sourceReference" : { Reference(Consent|DocumentReference|Contract|
   QuestionnaireResponse) },
  "policy" : [{ // Policies covered by this consent
    "authority" : "<uri>", // C? Enforcement source for policy
    "uri" : "<uri>" // C? Specific policy covered by this consent
  }],
  "policyRule" : { CodeableConcept }, // C? Regulation that this consents to
  "verification" : [{ // Consent Verified by patient or family
    "verified" : <boolean>, // R!  Has been verified
    "verifiedWith" : { Reference(Patient|RelatedPerson) }, // Person who verified
    "verificationDate" : "<dateTime>" // When consent verified
  }],
  "provision" : { // Constraints to the base Consent.policyRule
    "type" : "<code>", // deny | permit
    "period" : { Period }, // Timeframe for this rule
    "actor" : [{ // Who|what controlled by this rule (or group, by role)
      "role" : { CodeableConcept }, // R!  How the actor is involved
      "reference" : { Reference(Device|Group|CareTeam|Organization|Patient|
     Practitioner|RelatedPerson|PractitionerRole) } // R!  Resource for the actor (or group, by role)
    }],
    "action" : [{ CodeableConcept }], // Actions controlled by this rule
    "securityLabel" : [{ Coding }], // Security Labels that define affected resources
    "purpose" : [{ Coding }], // Context of activities covered by this rule
    "class" : [{ Coding }], // e.g. Resource Type, Profile, CDA, etc.
    "code" : [{ CodeableConcept }], // e.g. LOINC or SNOMED CT code, etc. in the content
    "dataPeriod" : { Period }, // Timeframe for data controlled by this rule
    "data" : [{ // Data controlled by this rule
      "meaning" : "<code>", // R!  instance | related | dependents | authoredby
      "reference" : { Reference(Any) } // R!  The actual data reference
    }],
    "provision" : [{ Content as for Consent.provision }] // Nested Exception Rules
  }
}

Turtle Template

@prefix fhir: <http://hl7.org/fhir/> .


[ a fhir:Consent;
  fhir:nodeRole fhir:treeRoot; # if this is the parser root

  # from Resource: .id, .meta, .implicitRules, and .language
  # from DomainResource: .text, .contained, .extension, and .modifierExtension
  fhir:Consent.identifier [ Identifier ], ... ; # 0..* Identifier for this record (external references)
  fhir:Consent.status [ code ]; # 1..1 draft | proposed | active | rejected | inactive | entered-in-error
  fhir:Consent.scope [ CodeableConcept ]; # 1..1 Which of the four areas this resource covers (extensible)
  fhir:Consent.category [ CodeableConcept ], ... ; # 1..* Classification of the consent statement - for indexing/retrieval
  fhir:Consent.patient [ Reference(Patient) ]; # 0..1 Who the consent applies to
  fhir:Consent.dateTime [ dateTime ]; # 0..1 When this Consent was created or indexed
  fhir:Consent.performer [ Reference(Organization|Patient|Practitioner|RelatedPerson|PractitionerRole) ], ... ; # 0..* Who is agreeing to the policy and rules
  fhir:Consent.organization [ Reference(Organization) ], ... ; # 0..* Custodian of the consent
  # Consent.source[x] : 0..1 Source from which this consent is taken. One of these 2
    fhir:Consent.sourceAttachment [ Attachment ]
    fhir:Consent.sourceReference [ Reference(Consent|DocumentReference|Contract|QuestionnaireResponse) ]
  fhir:Consent.policy [ # 0..* Policies covered by this consent
    fhir:Consent.policy.authority [ uri ]; # 0..1 Enforcement source for policy
    fhir:Consent.policy.uri [ uri ]; # 0..1 Specific policy covered by this consent
  ], ...;
  fhir:Consent.policyRule [ CodeableConcept ]; # 0..1 Regulation that this consents to
  fhir:Consent.verification [ # 0..* Consent Verified by patient or family
    fhir:Consent.verification.verified [ boolean ]; # 1..1 Has been verified
    fhir:Consent.verification.verifiedWith [ Reference(Patient|RelatedPerson) ]; # 0..1 Person who verified
    fhir:Consent.verification.verificationDate [ dateTime ]; # 0..1 When consent verified
  ], ...;
  fhir:Consent.provision [ # 0..1 Constraints to the base Consent.policyRule
    fhir:Consent.provision.type [ code ]; # 0..1 deny | permit
    fhir:Consent.provision.period [ Period ]; # 0..1 Timeframe for this rule
    fhir:Consent.provision.actor [ # 0..* Who|what controlled by this rule (or group, by role)
      fhir:Consent.provision.actor.role [ CodeableConcept ]; # 1..1 How the actor is involved
      fhir:Consent.provision.actor.reference [ Reference(Device|Group|CareTeam|Organization|Patient|Practitioner|RelatedPerson|
  PractitionerRole) ]; # 1..1 Resource for the actor (or group, by role)
    ], ...;
    fhir:Consent.provision.action [ CodeableConcept ], ... ; # 0..* Actions controlled by this rule
    fhir:Consent.provision.securityLabel [ Coding ], ... ; # 0..* Security Labels that define affected resources
    fhir:Consent.provision.purpose [ Coding ], ... ; # 0..* Context of activities covered by this rule
    fhir:Consent.provision.class [ Coding ], ... ; # 0..* e.g. Resource Type, Profile, CDA, etc.
    fhir:Consent.provision.code [ CodeableConcept ], ... ; # 0..* e.g. LOINC or SNOMED CT code, etc. in the content
    fhir:Consent.provision.dataPeriod [ Period ]; # 0..1 Timeframe for data controlled by this rule
    fhir:Consent.provision.data [ # 0..* Data controlled by this rule
      fhir:Consent.provision.data.meaning [ code ]; # 1..1 instance | related | dependents | authoredby
      fhir:Consent.provision.data.reference [ Reference(Any) ]; # 1..1 The actual data reference
    ], ...;
    fhir:Consent.provision.provision [ See Consent.provision ], ... ; # 0..* Nested Exception Rules
  ];
]

Changes since R3

Consent

Consent.identifier

Max Cardinality changed from 1 to *

Consent.status

Change value set from http://hl7.org/fhir/ValueSet/consent-state-codes to http://hl7.org/fhir/ValueSet/consent-state-codes|4.0.1

Consent.scope

Added Mandatory Element

Consent.category

Min Cardinality changed from 0 to 1
Add Binding http://hl7.org/fhir/ValueSet/consent-category (extensible)

Consent.patient

Min Cardinality changed from 1 to 0

Consent.performer

Added Element

Consent.source[x]

Remove Type Identifier

Consent.policyRule

Type changed from uri to CodeableConcept
Add Binding http://hl7.org/fhir/ValueSet/consent-policy (extensible)

Consent.verification

Added Element

Consent.verification.verified

Added Mandatory Element

Consent.verification.verifiedWith

Added Element

Consent.verification.verificationDate

Added Element

Consent.provision

Added Element

Consent.provision.type

Added Element

Consent.provision.period

Added Element

Consent.provision.actor

Added Element

Consent.provision.actor.role

Added Mandatory Element

Consent.provision.actor.reference

Added Mandatory Element

Consent.provision.action

Added Element

Consent.provision.securityLabel

Added Element

Consent.provision.purpose

Added Element

Consent.provision.class

Added Element

Consent.provision.code

Added Element

Consent.provision.dataPeriod

Added Element

Consent.provision.data

Added Element

Consent.provision.data.meaning

Added Mandatory Element

Consent.provision.data.reference

Added Mandatory Element

Consent.provision.provision

Added Element

Consent.period

deleted

Consent.consentingParty

deleted

Consent.actor

deleted

Consent.action

deleted

Consent.securityLabel

deleted

Consent.purpose

deleted

Consent.dataPeriod

deleted

Consent.data

deleted

Consent.except

deleted

See the Full Difference for further information

This analysis is available as XML or JSON.

See R3 <--> R4 Conversion Maps (status = 12 tests that all execute ok. All tests pass round-trip testing and 12 r3 resources are invalid (0 errors).)

Structure

Name	Flags	Card.	Type	Description & Constraints
Consent	I TU		DomainResource	A healthcare consumer's choices to permit or deny recipients or roles to perform actions for specific purposes and periods of time + Rule: Either a Policy or PolicyRule + Rule: IF Scope=privacy, there must be a patient + Rule: IF Scope=research, there must be a patient + Rule: IF Scope=adr, there must be a patient + Rule: IF Scope=treatment, there must be a patient Elements defined in Ancestors: id, meta, implicitRules, language, text, contained, extension, modifierExtension
identifier	Σ	0..*	Identifier	Identifier for this record (external references)
status	?!Σ	1..1	code	draft \| proposed \| active \| rejected \| inactive \| entered-in-error ConsentState (Required)
scope	?!Σ	1..1	CodeableConcept	Which of the four areas this resource covers (extensible) Consent Scope Codes (Extensible)
category	Σ	1..*	CodeableConcept	Classification of the consent statement - for indexing/retrieval Consent Category Codes (Extensible)
patient	Σ	0..1	Reference(Patient)	Who the consent applies to
dateTime	Σ	0..1	dateTime	When this Consent was created or indexed
performer	Σ	0..*	Reference(Organization \| Patient \| Practitioner \| RelatedPerson \| PractitionerRole)	Who is agreeing to the policy and rules
organization	Σ	0..*	Reference(Organization)	Custodian of the consent
source[x]	Σ	0..1		Source from which this consent is taken
sourceAttachment			Attachment
sourceReference			Reference(Consent \| DocumentReference \| Contract \| QuestionnaireResponse)
policy		0..*	BackboneElement	Policies covered by this consent
authority	I	0..1	uri	Enforcement source for policy
uri	I	0..1	uri	Specific policy covered by this consent
policyRule	Σ I	0..1	CodeableConcept	Regulation that this consents to Consent PolicyRule Codes (Extensible)
verification	Σ	0..*	BackboneElement	Consent Verified by patient or family
verified	Σ	1..1	boolean	Has been verified
verifiedWith		0..1	Reference(Patient \| RelatedPerson)	Person who verified
verificationDate		0..1	dateTime	When consent verified
provision	Σ	0..1	BackboneElement	Constraints to the base Consent.policyRule
type	Σ	0..1	code	deny \| permit ConsentProvisionType (Required)
period	Σ	0..1	Period	Timeframe for this rule
actor		0..*	BackboneElement	Who\|what controlled by this rule (or group, by role)
role		1..1	CodeableConcept	How the actor is involved SecurityRoleType (Extensible)
reference		1..1	Reference(Device \| Group \| CareTeam \| Organization \| Patient \| Practitioner \| RelatedPerson \| PractitionerRole)	Resource for the actor (or group, by role)
action	Σ	0..*	CodeableConcept	Actions controlled by this rule Consent Action Codes (Example)
securityLabel	Σ	0..*	Coding	Security Labels that define affected resources SecurityLabels (Extensible)
purpose	Σ	0..*	Coding	Context of activities covered by this rule V3 Value SetPurposeOfUse (Extensible)
class	Σ	0..*	Coding	e.g. Resource Type, Profile, CDA, etc. Consent Content Class (Extensible)
code	Σ	0..*	CodeableConcept	e.g. LOINC or SNOMED CT code, etc. in the content Consent Content Codes (Example)
dataPeriod	Σ	0..1	Period	Timeframe for data controlled by this rule
data	Σ	0..*	BackboneElement	Data controlled by this rule
meaning	Σ	1..1	code	instance \| related \| dependents \| authoredby ConsentDataMeaning (Required)
reference	Σ	1..1	Reference(Any)	The actual data reference
provision		0..*	see provision	Nested Exception Rules
Documentation for this format

UML Diagram (Legend)

XML Template

<Consent xmlns="http://hl7.org/fhir"> 
 <!-- from Resource: id, meta, implicitRules, and language -->
 <!-- from DomainResource: text, contained, extension, and modifierExtension -->
 <identifier><!-- 0..* Identifier Identifier for this record (external references) --></identifier>
 <status value="[code]"/><!-- 1..1 draft | proposed | active | rejected | inactive | entered-in-error -->
 <scope><!-- 1..1 CodeableConcept Which of the four areas this resource covers (extensible) --></scope>
 <category><!-- 1..* CodeableConcept Classification of the consent statement - for indexing/retrieval --></category>
 <patient><!-- 0..1 Reference(Patient) Who the consent applies to --></patient>
 <dateTime value="[dateTime]"/><!-- 0..1 When this Consent was created or indexed -->
 <performer><!-- 0..* Reference(Organization|Patient|Practitioner|RelatedPerson|
   PractitionerRole) Who is agreeing to the policy and rules --></performer>
 <organization><!-- 0..* Reference(Organization) Custodian of the consent --></organization>
 <source[x]><!-- 0..1 Attachment|Reference(Consent|DocumentReference|Contract|
   QuestionnaireResponse) Source from which this consent is taken --></source[x]>
 <policy>  <!-- 0..* Policies covered by this consent -->
  <authority value="[uri]"/><!--  0..1 Enforcement source for policy -->
  <uri value="[uri]"/><!--  0..1 Specific policy covered by this consent -->
 </policy>
 <policyRule><!--  0..1 CodeableConcept Regulation that this consents to --></policyRule>
 <verification>  <!-- 0..* Consent Verified by patient or family -->
  <verified value="[boolean]"/><!-- 1..1 Has been verified -->
  <verifiedWith><!-- 0..1 Reference(Patient|RelatedPerson) Person who verified --></verifiedWith>
  <verificationDate value="[dateTime]"/><!-- 0..1 When consent verified -->
 </verification>
 <provision>  <!-- 0..1 Constraints to the base Consent.policyRule -->
  <type value="[code]"/><!-- 0..1 deny | permit -->
  <period><!-- 0..1 Period Timeframe for this rule --></period>
  <actor>  <!-- 0..* Who|what controlled by this rule (or group, by role) -->
   <role><!-- 1..1 CodeableConcept How the actor is involved --></role>
   <reference><!-- 1..1 Reference(Device|Group|CareTeam|Organization|Patient|
     Practitioner|RelatedPerson|PractitionerRole) Resource for the actor (or group, by role) --></reference>
  </actor>
  <action><!-- 0..* CodeableConcept Actions controlled by this rule --></action>
  <securityLabel><!-- 0..* Coding Security Labels that define affected resources --></securityLabel>
  <purpose><!-- 0..* Coding Context of activities covered by this rule --></purpose>
  <class><!-- 0..* Coding e.g. Resource Type, Profile, CDA, etc. --></class>
  <code><!-- 0..* CodeableConcept e.g. LOINC or SNOMED CT code, etc. in the content --></code>
  <dataPeriod><!-- 0..1 Period Timeframe for data controlled by this rule --></dataPeriod>
  <data>  <!-- 0..* Data controlled by this rule -->
   <meaning value="[code]"/><!-- 1..1 instance | related | dependents | authoredby -->
   <reference><!-- 1..1 Reference(Any) The actual data reference --></reference>
  </data>
  <provision><!-- 0..* Content as for Consent.provision Nested Exception Rules --></provision>
 </provision>
</Consent>

JSON Template

{
  "resourceType" : "Consent",
  // from Resource: id, meta, implicitRules, and language
  // from DomainResource: text, contained, extension, and modifierExtension
  "identifier" : [{ Identifier }], // Identifier for this record (external references)
  "status" : "<code>", // R!  draft | proposed | active | rejected | inactive | entered-in-error
  "scope" : { CodeableConcept }, // R!  Which of the four areas this resource covers (extensible)
  "category" : [{ CodeableConcept }], // R!  Classification of the consent statement - for indexing/retrieval
  "patient" : { Reference(Patient) }, // Who the consent applies to
  "dateTime" : "<dateTime>", // When this Consent was created or indexed
  "performer" : [{ Reference(Organization|Patient|Practitioner|RelatedPerson|
   PractitionerRole) }], // Who is agreeing to the policy and rules
  "organization" : [{ Reference(Organization) }], // Custodian of the consent
  // source[x]: Source from which this consent is taken. One of these 2:
  "sourceAttachment" : { Attachment },
  "sourceReference" : { Reference(Consent|DocumentReference|Contract|
   QuestionnaireResponse) },
  "policy" : [{ // Policies covered by this consent
    "authority" : "<uri>", // C? Enforcement source for policy
    "uri" : "<uri>" // C? Specific policy covered by this consent
  }],
  "policyRule" : { CodeableConcept }, // C? Regulation that this consents to
  "verification" : [{ // Consent Verified by patient or family
    "verified" : <boolean>, // R!  Has been verified
    "verifiedWith" : { Reference(Patient|RelatedPerson) }, // Person who verified
    "verificationDate" : "<dateTime>" // When consent verified
  }],
  "provision" : { // Constraints to the base Consent.policyRule
    "type" : "<code>", // deny | permit
    "period" : { Period }, // Timeframe for this rule
    "actor" : [{ // Who|what controlled by this rule (or group, by role)
      "role" : { CodeableConcept }, // R!  How the actor is involved
      "reference" : { Reference(Device|Group|CareTeam|Organization|Patient|
     Practitioner|RelatedPerson|PractitionerRole) } // R!  Resource for the actor (or group, by role)
    }],
    "action" : [{ CodeableConcept }], // Actions controlled by this rule
    "securityLabel" : [{ Coding }], // Security Labels that define affected resources
    "purpose" : [{ Coding }], // Context of activities covered by this rule
    "class" : [{ Coding }], // e.g. Resource Type, Profile, CDA, etc.
    "code" : [{ CodeableConcept }], // e.g. LOINC or SNOMED CT code, etc. in the content
    "dataPeriod" : { Period }, // Timeframe for data controlled by this rule
    "data" : [{ // Data controlled by this rule
      "meaning" : "<code>", // R!  instance | related | dependents | authoredby
      "reference" : { Reference(Any) } // R!  The actual data reference
    }],
    "provision" : [{ Content as for Consent.provision }] // Nested Exception Rules
  }
}

Turtle Template

@prefix fhir: <http://hl7.org/fhir/> .


[ a fhir:Consent;
  fhir:nodeRole fhir:treeRoot; # if this is the parser root

  # from Resource: .id, .meta, .implicitRules, and .language
  # from DomainResource: .text, .contained, .extension, and .modifierExtension
  fhir:Consent.identifier [ Identifier ], ... ; # 0..* Identifier for this record (external references)
  fhir:Consent.status [ code ]; # 1..1 draft | proposed | active | rejected | inactive | entered-in-error
  fhir:Consent.scope [ CodeableConcept ]; # 1..1 Which of the four areas this resource covers (extensible)
  fhir:Consent.category [ CodeableConcept ], ... ; # 1..* Classification of the consent statement - for indexing/retrieval
  fhir:Consent.patient [ Reference(Patient) ]; # 0..1 Who the consent applies to
  fhir:Consent.dateTime [ dateTime ]; # 0..1 When this Consent was created or indexed
  fhir:Consent.performer [ Reference(Organization|Patient|Practitioner|RelatedPerson|PractitionerRole) ], ... ; # 0..* Who is agreeing to the policy and rules
  fhir:Consent.organization [ Reference(Organization) ], ... ; # 0..* Custodian of the consent
  # Consent.source[x] : 0..1 Source from which this consent is taken. One of these 2
    fhir:Consent.sourceAttachment [ Attachment ]
    fhir:Consent.sourceReference [ Reference(Consent|DocumentReference|Contract|QuestionnaireResponse) ]
  fhir:Consent.policy [ # 0..* Policies covered by this consent
    fhir:Consent.policy.authority [ uri ]; # 0..1 Enforcement source for policy
    fhir:Consent.policy.uri [ uri ]; # 0..1 Specific policy covered by this consent
  ], ...;
  fhir:Consent.policyRule [ CodeableConcept ]; # 0..1 Regulation that this consents to
  fhir:Consent.verification [ # 0..* Consent Verified by patient or family
    fhir:Consent.verification.verified [ boolean ]; # 1..1 Has been verified
    fhir:Consent.verification.verifiedWith [ Reference(Patient|RelatedPerson) ]; # 0..1 Person who verified
    fhir:Consent.verification.verificationDate [ dateTime ]; # 0..1 When consent verified
  ], ...;
  fhir:Consent.provision [ # 0..1 Constraints to the base Consent.policyRule
    fhir:Consent.provision.type [ code ]; # 0..1 deny | permit
    fhir:Consent.provision.period [ Period ]; # 0..1 Timeframe for this rule
    fhir:Consent.provision.actor [ # 0..* Who|what controlled by this rule (or group, by role)
      fhir:Consent.provision.actor.role [ CodeableConcept ]; # 1..1 How the actor is involved
      fhir:Consent.provision.actor.reference [ Reference(Device|Group|CareTeam|Organization|Patient|Practitioner|RelatedPerson|
  PractitionerRole) ]; # 1..1 Resource for the actor (or group, by role)
    ], ...;
    fhir:Consent.provision.action [ CodeableConcept ], ... ; # 0..* Actions controlled by this rule
    fhir:Consent.provision.securityLabel [ Coding ], ... ; # 0..* Security Labels that define affected resources
    fhir:Consent.provision.purpose [ Coding ], ... ; # 0..* Context of activities covered by this rule
    fhir:Consent.provision.class [ Coding ], ... ; # 0..* e.g. Resource Type, Profile, CDA, etc.
    fhir:Consent.provision.code [ CodeableConcept ], ... ; # 0..* e.g. LOINC or SNOMED CT code, etc. in the content
    fhir:Consent.provision.dataPeriod [ Period ]; # 0..1 Timeframe for data controlled by this rule
    fhir:Consent.provision.data [ # 0..* Data controlled by this rule
      fhir:Consent.provision.data.meaning [ code ]; # 1..1 instance | related | dependents | authoredby
      fhir:Consent.provision.data.reference [ Reference(Any) ]; # 1..1 The actual data reference
    ], ...;
    fhir:Consent.provision.provision [ See Consent.provision ], ... ; # 0..* Nested Exception Rules
  ];
]

Changes since Release 3

Consent

Consent.identifier

Max Cardinality changed from 1 to *

Consent.status

Change value set from http://hl7.org/fhir/ValueSet/consent-state-codes to http://hl7.org/fhir/ValueSet/consent-state-codes|4.0.1

Consent.scope

Added Mandatory Element

Consent.category

Min Cardinality changed from 0 to 1
Add Binding http://hl7.org/fhir/ValueSet/consent-category (extensible)

Consent.patient

Min Cardinality changed from 1 to 0

Consent.performer

Added Element

Consent.source[x]

Remove Type Identifier

Consent.policyRule

Type changed from uri to CodeableConcept
Add Binding http://hl7.org/fhir/ValueSet/consent-policy (extensible)

Consent.verification

Added Element

Consent.verification.verified

Added Mandatory Element

Consent.verification.verifiedWith

Added Element

Consent.verification.verificationDate

Added Element

Consent.provision

Added Element

Consent.provision.type

Added Element

Consent.provision.period

Added Element

Consent.provision.actor

Added Element

Consent.provision.actor.role

Added Mandatory Element

Consent.provision.actor.reference

Added Mandatory Element

Consent.provision.action

Added Element

Consent.provision.securityLabel

Added Element

Consent.provision.purpose

Added Element

Consent.provision.class

Added Element

Consent.provision.code

Added Element

Consent.provision.dataPeriod

Added Element

Consent.provision.data

Added Element

Consent.provision.data.meaning

Added Mandatory Element

Consent.provision.data.reference

Added Mandatory Element

Consent.provision.provision

Added Element

Consent.period

deleted

Consent.consentingParty

deleted

Consent.actor

deleted

Consent.action

deleted

Consent.securityLabel

deleted

Consent.purpose

deleted

Consent.dataPeriod

deleted

Consent.data

deleted

Consent.except

deleted

See the Full Difference for further information

This analysis is available as XML or JSON.

See R3 <--> R4 Conversion Maps (status = 12 tests that all execute ok. All tests pass round-trip testing and 12 r3 resources are invalid (0 errors).)

See the Profiles & Extensions and the alternate definitions: Master Definition XML + JSON, XML Schema/Schematron + JSON Schema, ShEx (for Turtle) + see the extensions & the dependency analysis

6.2.4.1 Terminology Bindings

Path	Definition	Type	Reference
Consent.status	Indicates the state of the consent.	Required	ConsentState
Consent.scope	The four anticipated uses for the Consent Resource.	Extensible	ConsentScopeCodes
Consent.category	A classification of the type of consents found in a consent statement.	Extensible	ConsentCategoryCodes
Consent.policyRule	Regulatory policy examples.	Extensible	ConsentPolicyRuleCodes
Consent.provision.type	How a rule statement is applied, such as adding additional consent or removing consent.	Required	ConsentProvisionType
Consent.provision.actor.role	How an actor is involved in the consent considerations.	Extensible	SecurityRoleType
Consent.provision.action	Detailed codes for the consent action.	Example	ConsentActionCodes
Consent.provision.securityLabel	Security Labels from the Healthcare Privacy and Security Classification System.	Extensible	All Security Labels
Consent.provision.purpose	What purposes of use are controlled by this exception. If more than one label is specified, operations must have all the specified labels.	Extensible	v3.PurposeOfUse
Consent.provision.class	The class (type) of information a consent rule covers.	Extensible	ConsentContentClass
Consent.provision.code	If this code is found in an instance, then the exception applies.	Example	ConsentContentCodes
Consent.provision.data.meaning	How a resource reference is interpreted when testing consent restrictions.	Required	ConsentDataMeaning

Path

Definition

Type

Reference

Consent.status

Indicates the state of the consent.

Required

ConsentState

Consent.scope

The four anticipated uses for the Consent Resource.

Extensible

ConsentScopeCodes

Consent.category

A classification of the type of consents found in a consent statement.

Extensible

ConsentCategoryCodes

Consent.policyRule

Regulatory policy examples.

Extensible

ConsentPolicyRuleCodes

Consent.provision.type

How a rule statement is applied, such as adding additional consent or removing consent.

Required

ConsentProvisionType

Consent.provision.actor.role

How an actor is involved in the consent considerations.

Extensible

SecurityRoleType

Consent.provision.action

Detailed codes for the consent action.

Example

ConsentActionCodes

Consent.provision.securityLabel

Security Labels from the Healthcare Privacy and Security Classification System.

Extensible

All Security Labels

Consent.provision.purpose

What purposes of use are controlled by this exception. If more than one label is specified, operations must have all the specified labels.

Extensible

v3.PurposeOfUse

Consent.provision.class

The class (type) of information a consent rule covers.

Extensible

ConsentContentClass

Consent.provision.code

If this code is found in an instance, then the exception applies.

Example

ConsentContentCodes

Consent.provision.data.meaning

How a resource reference is interpreted when testing consent restrictions.

Required

ConsentDataMeaning

6.2.4.2 Constraints

id

Level

Location

Description

Expression

ppc-1

Rule

(base)

Either a Policy or PolicyRule

policy.exists() or policyRule.exists()

ppc-2

Rule

(base)

IF Scope=privacy, there must be a patient

patient.exists() or scope.coding.where(system='something' and code='patient-privacy').exists().not()

ppc-3

Rule

(base)

IF Scope=research, there must be a patient

patient.exists() or scope.coding.where(system='something' and code='research').exists().not()

ppc-4

Rule

(base)

IF Scope=adr, there must be a patient

patient.exists() or scope.coding.where(system='something' and code='adr').exists().not()

ppc-5

Rule

(base)

IF Scope=treatment, there must be a patient

patient.exists() or scope.coding.where(system='something' and code='treatment').exists().not()

6.2.5 Policies

The Consent resource has a reference to a single policyRule. Many organizations will work in a context where multiple different consent regulations and policies apply. In these cases, the single policy rule reference refers to a policy document that resolves and reconciles the various policies and presents a single policy for patient consent. If it is still necessary to track which of the underlying policies an exception is make in regard to, the policy may be used.

6.2.6 General Model

The following is the general model of Privacy Consent Directives.

There are context setting parameters:

Who - The patient
What - The data - specific resources are listed, empty list means all data covered by the consent.
Where - The domain and authority - what is the location boundary and authority boundary of this consent
When - The issued or captured
When - The timeframe for which the Consent applies
How - The actions covered. (such as purposes of use that are covered)
Whom - The recipient are grantees by the consent.

A Privacy Consent may transition through many states including: that no consent has been sought, consent has been proposed, consent has been rejected, and consent approved.

There are set of patterns.

No consent: All settings need a policy for when no consent has been captured. Often this allows treatment only.;
Opt-out: No sharing allowed for the specified domain, location, actions, and purposes;
Opt-out with exceptions: No sharing allowed, with some exceptions where it is allowed. Example: Withhold Authorization for Treatment except for Emergency Treatment;
Opt-in: Sharing for some purpose of use is authorized Sharing allowed for Treatment, Payment, and normal Operations; and
Opt-in with restrictions: Sharing allowed, but the patient may make exceptions (See the Canadian examples).

For each of these patterns (positive or negative pattern), there can be exceptions. These exceptions are explicitly recorded in the except element.

6.2.7 Realm specifics

6.2.7.1 US Realm Sample Use-Cases

Five categories of Privacy Consent Directives are described in the Office of the National Coordinator for Health Information (ONC) Consent Directives Document released March 31, 2010, and include the following US-specific "Core consent options" for electronic exchange:

No consent: Health information of patients is automatically included—patients cannot opt out;
Opt-out: Default is for health information of patients to be included automatically, but the patient can opt out completely;
Opt-out with exceptions: Default is for health information of patients to be included, but the patient can opt out completely or allow only select data to be included;
Opt-in: Default is that no patient health information is included; patients must actively express consent to be included, but if they do so then their information must be all in or all out; and
Opt-in with restrictions: Default is that no patient health information is made available, but the patient may allow a subset of select data to be included.

A common exception is to explicitly exclude or explicitly include a period of time.

6.2.7.2 Canada Realm Sample Use-Cases

The following scenarios are based on existing jurisdictional policy and are realized in existing systems in Canada. The default policy is one of implied consent for the provision of care, so these scenarios all deal with withdrawal or withholding consent for that purpose. In other jurisdictions, where an express consent model is used (Opt-In), these examples would contain the phrase "consent to" rather than "withhold" or "withdraw" consent for.

Withhold or withdraw consent for disclosure of records related to specific domain (e.g. DI, LAB, etc.)
Withhold or withdraw consent for disclosure of a specific record (e.g. Lab Order/Result)
Withhold or withdraw consent for disclosure to a specific provider organization
Withhold or withdraw consent for disclosure to a specific provider agent (an individual within an organization)
Withhold or withdraw consent for disclosure of records that were authored by a specific organization (or service delivery location).
Combinations of the above

6.2.7.3 Non-Treatment Use-Cases

Also shown is an example where a Patient has authorized disclosure to a specific individual for purposes directed by the patient (possibly not a treatment case).

6.2.8 Search Parameters

Search parameters for this resource. The common parameters also apply. See Searching for more information about searching in REST, messaging, and services.

Name	Type	Description	Expression	In Common
action	token	Actions controlled by this rule	Consent.provision.action
actor	reference	Resource for the actor (or group, by role)	Consent.provision.actor.reference (Practitioner, Group, Organization, CareTeam, Device, Patient, PractitionerRole, RelatedPerson)
category	token	Classification of the consent statement - for indexing/retrieval	Consent.category
consentor	reference	Who is agreeing to the policy and rules	Consent.performer (Practitioner, Organization, Patient, PractitionerRole, RelatedPerson)
data	reference	The actual data reference	Consent.provision.data.reference (Any)
date	date	When this Consent was created or indexed	Consent.dateTime	17 Resources
identifier	token	Identifier for this record (external references)	Consent.identifier	30 Resources
organization	reference	Custodian of the consent	Consent.organization (Organization)
patient	reference	Who the consent applies to	Consent.patient (Patient)	33 Resources
period	date	Timeframe for this rule	Consent.provision.period
purpose	token	Context of activities covered by this rule	Consent.provision.purpose
scope	token	Which of the four areas this resource covers (extensible)	Consent.scope
security-label	token	Security Labels that define affected resources	Consent.provision.securityLabel
source-reference	reference	Search by reference to a Consent, DocumentReference, Contract or QuestionnaireResponse	Consent.source (Consent, Contract, QuestionnaireResponse, DocumentReference)
status	token	draft \| proposed \| active \| rejected \| inactive \| entered-in-error	Consent.status