National Directory of Healthcare Providers & Services (NDH) Implementation Guide
1.0.0-ballot - ballot United States of America flag

This page is part of the National Directory of Healthcare Providers and Services (NDH) Implementation Guide (v1.0.0-ballot: STU1 Ballot 1) based on FHIR (HL7® FHIR® Standard) R4. No current official version has been published yet. For a full list of available versions, see the Directory of published versions

Resource Profile: NDH Base Restriction

Official URL: Version: 1.0.0-ballot
Active as of 2023-01-22 Computable Name: NdhRestriction

Copyright/Legal: HL7 International

his profile sets minimum expectations for searching for and fetching information associated with a restriction. It identifies which elements, extensions, vocabularies and value sets SHALL be restricted in the Consent resource when using this profile.

Background & Scope

The FHIR specification contains a security meta tag which can be used to inform systems of the sensitivity of resources. The tag can be used by access control mechanisms to ensure content isn’t exposed inappropriately. However, the security meta tag can only indicate sensitivity at the resource level, and provides relatively little context about the restriction.

We anticipate that the operational policies and legal agreements of NDH will offer clarity regarding the data stakeholders can access. These policies, if needed, will mandate stakeholders to preserve the privacy and confidentiality of any sensitive data within local downstream environments. In order to ensure this, we have integrated this ‘Restriction’ profile, which is based on the ‘Consent’ resource. The purpose of this profile is to communicate any limitations associated with an entire specific resource instance, or certain elements of a specific resource instance for the purpose of resource instance collection or acquisition. The restriction resource is always encompassed within the resource instance that requires restriction. For instance:

The entirety of a particular women’s shelter HealthcareService resource instance can be restricted. See the example below: HealthcareService/HealthcareServiceWomenShelterAll

The location and phone number of a specific women’s shelter HealthcareService resource instance can be restricted. See the example below: HealthcareService/HealthcareServiceWomenShelter


Formal Views of Profile Content

Description of Profiles, Differentials, Snapshots and how the different presentations work.

This structure is derived from Consent

NameFlagsCard.TypeDescription & Constraintsdoco
.. Consent 0..*ConsentA healthcare consumer's choices to permit or deny recipients or roles to perform actions for specific purposes and periods of time
... Slices for extension 0..*ExtensionExtension
Slice: Unordered, Open by value:url
... restrictFhirPath 0..*ExpressionNDH usage restriction fhir path
... identifier 0..0
... scope S1..1CodeableConceptWhich of the four areas this resource covers (extensible)
Binding: NDH Consent Scope Value Set (extensible)
... category S1..*CodeableConceptdescribes the type of restriction (e.g. the data may be further disclosed by the downstream workflow environment per the terms of a Data Use Agreement)
Binding: NDH Consent Category Value Set (extensible)
... patient 0..0
... dateTime S0..1dateTimeindicates when the restriction was last updated
... performer 0..0
... organization 0..0
... source[x] 0..0
... policy S0..*BackboneElementPolicies covered by this consent
.... authority 0..0
.... uri S0..1uriSpecific policy covered by this restriction
... policyRule S0..1CodeableConceptRegulation that this consents to
Binding: Consent Policy Rules Value Set (extensible)
... verification 0..0
... provision S0..1BackboneElementdefines access rights for restricted content
.... type S0..1codedeny | permit
.... period 0..0
.... actor S1..*BackboneElementWho|what controlled by this rule (or group, by role)
..... role S1..1CodeableConceptHow the actor is involved
..... reference S1..1Reference(NDH Base CareTeam Profile | NDH Base Organization Profile | NDH Base Practitioner Profile | NDH Base PractitionerRole)definedUserOrGroup
.... action S0..1CodeableConceptreasonType
Binding: ConsentActionCodes (extensible)
.... securityLabel S0..*CodinguserType
.... purpose S0..*CodingreasonName
.... class 0..0
.... code 0..0
.... dataPeriod 0..0
.... data S0..0
.... provision 0..0

doco Documentation for this format

Terminology Bindings (Differential)

Consent.scopeextensibleConsentScopeNdhVS (a valid code from NDH ConsentScopeCodes Code System)
Consent.categoryextensibleConsentCategoryNdhVS (a valid code from National Healthcare Directory Consent Category Code System)
Consent.policyRuleextensibleConsentPolicyRulesVS (a valid code from National Healthcare Directory ConsentPolicyRules Code System)
NameFlagsCard.TypeDescription & Constraintsdoco
.. Consent C0..*ConsentA healthcare consumer's choices to permit or deny recipients or roles to perform actions for specific purposes and periods of time
... implicitRules ?!Σ0..1uriA set of rules under which this content was created
... Slices for extension 0..*ExtensionExtension
Slice: Unordered, Open by value:url
... restrictFhirPath 0..*ExpressionNDH usage restriction fhir path
... status ?!SΣ1..1codeIndicates the current state of this restriction
Binding: ConsentState (required): Indicates the state of the consent.

... scope ?!SΣ1..1CodeableConceptWhich of the four areas this resource covers (extensible)
Binding: NDH Consent Scope Value Set (extensible)
... category SΣ1..*CodeableConceptdescribes the type of restriction (e.g. the data may be further disclosed by the downstream workflow environment per the terms of a Data Use Agreement)
Binding: NDH Consent Category Value Set (extensible)
... dateTime SΣ0..1dateTimeindicates when the restriction was last updated
... policy S0..*BackboneElementPolicies covered by this consent
.... modifierExtension ?!Σ0..*ExtensionExtensions that cannot be ignored even if unrecognized
.... uri SC0..1uriSpecific policy covered by this restriction
... policyRule SΣC0..1CodeableConceptRegulation that this consents to
Binding: Consent Policy Rules Value Set (extensible)
... provision SΣ0..1BackboneElementdefines access rights for restricted content
.... modifierExtension ?!Σ0..*ExtensionExtensions that cannot be ignored even if unrecognized
.... type SΣ0..1codedeny | permit
Binding: ConsentProvisionType (required): How a rule statement is applied, such as adding additional consent or removing consent.

.... actor S1..*BackboneElementWho|what controlled by this rule (or group, by role)
..... modifierExtension ?!Σ0..*ExtensionExtensions that cannot be ignored even if unrecognized
..... role S1..1CodeableConceptHow the actor is involved
Binding: SecurityRoleType (extensible): How an actor is involved in the consent considerations.

..... reference S1..1Reference(NDH Base CareTeam Profile | NDH Base Organization Profile | NDH Base Practitioner Profile | NDH Base PractitionerRole)definedUserOrGroup
.... action SΣ0..1CodeableConceptreasonType
Binding: ConsentActionCodes (extensible)
.... securityLabel SΣ0..*CodinguserType
Binding: All Security Labels (extensible): Security Labels from the Healthcare Privacy and Security Classification System.

.... purpose SΣ0..*CodingreasonName
Binding: PurposeOfUse (extensible): What purposes of use are controlled by this exception. If more than one label is specified, operations must have all the specified labels.

doco Documentation for this format

Terminology Bindings

Consent.scopeextensibleConsentScopeNdhVS (a valid code from NDH ConsentScopeCodes Code System)
Consent.categoryextensibleConsentCategoryNdhVS (a valid code from National Healthcare Directory Consent Category Code System)
Consent.policyRuleextensibleConsentPolicyRulesVS (a valid code from National Healthcare Directory ConsentPolicyRules Code System)
Consent.provision.securityLabelextensibleAll Security Labels
NameFlagsCard.TypeDescription & Constraintsdoco
.. Consent C0..*ConsentA healthcare consumer's choices to permit or deny recipients or roles to perform actions for specific purposes and periods of time
... id Σ0..1idLogical id of this artifact
... meta Σ0..1MetaMetadata about the resource
... implicitRules ?!Σ0..1uriA set of rules under which this content was created
... text 0..1NarrativeText summary of the resource, for human interpretation
... contained 0..*ResourceContained, inline Resources
... Slices for extension 0..*ExtensionExtension
Slice: Unordered, Open by value:url
... restrictFhirPath 0..*ExpressionNDH usage restriction fhir path
... modifierExtension ?!0..*ExtensionExtensions that cannot be ignored
... status ?!SΣ1..1codeIndicates the current state of this restriction
Binding: ConsentState (required): Indicates the state of the consent.

... scope ?!SΣ1..1CodeableConceptWhich of the four areas this resource covers (extensible)
Binding: NDH Consent Scope Value Set (extensible)
... category SΣ1..*CodeableConceptdescribes the type of restriction (e.g. the data may be further disclosed by the downstream workflow environment per the terms of a Data Use Agreement)
Binding: NDH Consent Category Value Set (extensible)
... dateTime SΣ0..1dateTimeindicates when the restriction was last updated
... policy S0..*BackboneElementPolicies covered by this consent
.... id 0..1stringUnique id for inter-element referencing
.... extension 0..*ExtensionAdditional content defined by implementations
.... modifierExtension ?!Σ0..*ExtensionExtensions that cannot be ignored even if unrecognized
.... uri SC0..1uriSpecific policy covered by this restriction
... policyRule SΣC0..1CodeableConceptRegulation that this consents to
Binding: Consent Policy Rules Value Set (extensible)
... provision SΣ0..1BackboneElementdefines access rights for restricted content
.... id 0..1stringUnique id for inter-element referencing
.... extension 0..*ExtensionAdditional content defined by implementations
.... modifierExtension ?!Σ0..*ExtensionExtensions that cannot be ignored even if unrecognized
.... type SΣ0..1codedeny | permit
Binding: ConsentProvisionType (required): How a rule statement is applied, such as adding additional consent or removing consent.

.... actor S1..*BackboneElementWho|what controlled by this rule (or group, by role)
..... id 0..1stringUnique id for inter-element referencing
..... extension 0..*ExtensionAdditional content defined by implementations
..... modifierExtension ?!Σ0..*ExtensionExtensions that cannot be ignored even if unrecognized
..... role S1..1CodeableConceptHow the actor is involved
Binding: SecurityRoleType (extensible): How an actor is involved in the consent considerations.

..... reference S1..1Reference(NDH Base CareTeam Profile | NDH Base Organization Profile | NDH Base Practitioner Profile | NDH Base PractitionerRole)definedUserOrGroup
.... action SΣ0..1CodeableConceptreasonType
Binding: ConsentActionCodes (extensible)
.... securityLabel SΣ0..*CodinguserType
Binding: All Security Labels (extensible): Security Labels from the Healthcare Privacy and Security Classification System.

.... purpose SΣ0..*CodingreasonName
Binding: PurposeOfUse (extensible): What purposes of use are controlled by this exception. If more than one label is specified, operations must have all the specified labels.

doco Documentation for this format

Terminology Bindings

Additional Bindings Purpose
AllLanguages Max Binding
Consent.scopeextensibleConsentScopeNdhVS (a valid code from NDH ConsentScopeCodes Code System)
Consent.categoryextensibleConsentCategoryNdhVS (a valid code from National Healthcare Directory Consent Category Code System)
Consent.policyRuleextensibleConsentPolicyRulesVS (a valid code from National Healthcare Directory ConsentPolicyRules Code System)
Consent.provision.securityLabelextensibleAll Security Labels

Differential View

This structure is derived from Consent

NameFlagsCard.TypeDescription & Constraintsdoco
.. Consent 0..*ConsentA healthcare consumer's choices to permit or deny recipients or roles to perform actions for specific purposes and periods of time
... Slices for extension 0..*ExtensionExtension
Slice: Unordered, Open by value:url
... restrictFhirPath 0..*ExpressionNDH usage restriction fhir path
... identifier 0..0
... scope S1..1CodeableConceptWhich of the four areas this resource covers (extensible)
Binding: NDH Consent Scope Value Set (extensible)
... category S1..*CodeableConceptdescribes the type of restriction (e.g. the data may be further disclosed by the downstream workflow environment per the terms of a Data Use Agreement)
Binding: NDH Consent Category Value Set (extensible)
... patient 0..0
... dateTime S0..1dateTimeindicates when the restriction was last updated
... performer 0..0
... organization 0..0
... source[x] 0..0
... policy S0..*BackboneElementPolicies covered by this consent
.... authority 0..0
.... uri S0..1uriSpecific policy covered by this restriction
... policyRule S0..1CodeableConceptRegulation that this consents to
Binding: Consent Policy Rules Value Set (extensible)
... verification 0..0
... provision S0..1BackboneElementdefines access rights for restricted content
.... type S0..1codedeny | permit
.... period 0..0
.... actor S1..*BackboneElementWho|what controlled by this rule (or group, by role)
..... role S1..1CodeableConceptHow the actor is involved
..... reference S1..1Reference(NDH Base CareTeam Profile | NDH Base Organization Profile | NDH Base Practitioner Profile | NDH Base PractitionerRole)definedUserOrGroup
.... action S0..1CodeableConceptreasonType
Binding: ConsentActionCodes (extensible)
.... securityLabel S0..*CodinguserType
.... purpose S0..*CodingreasonName
.... class 0..0
.... code 0..0
.... dataPeriod 0..0
.... data S0..0
.... provision 0..0

doco Documentation for this format

Terminology Bindings (Differential)

Consent.scopeextensibleConsentScopeNdhVS (a valid code from NDH ConsentScopeCodes Code System)
Consent.categoryextensibleConsentCategoryNdhVS (a valid code from National Healthcare Directory Consent Category Code System)
Consent.policyRuleextensibleConsentPolicyRulesVS (a valid code from National Healthcare Directory ConsentPolicyRules Code System)

Key Elements View

NameFlagsCard.TypeDescription & Constraintsdoco
.. Consent C0..*ConsentA healthcare consumer's choices to permit or deny recipients or roles to perform actions for specific purposes and periods of time
... implicitRules ?!Σ0..1uriA set of rules under which this content was created
... Slices for extension 0..*ExtensionExtension
Slice: Unordered, Open by value:url
... restrictFhirPath 0..*ExpressionNDH usage restriction fhir path
... status ?!SΣ1..1codeIndicates the current state of this restriction
Binding: ConsentState (required): Indicates the state of the consent.

... scope ?!SΣ1..1CodeableConceptWhich of the four areas this resource covers (extensible)
Binding: NDH Consent Scope Value Set (extensible)
... category SΣ1..*CodeableConceptdescribes the type of restriction (e.g. the data may be further disclosed by the downstream workflow environment per the terms of a Data Use Agreement)
Binding: NDH Consent Category Value Set (extensible)
... dateTime SΣ0..1dateTimeindicates when the restriction was last updated
... policy S0..*BackboneElementPolicies covered by this consent
.... modifierExtension ?!Σ0..*ExtensionExtensions that cannot be ignored even if unrecognized
.... uri SC0..1uriSpecific policy covered by this restriction
... policyRule SΣC0..1CodeableConceptRegulation that this consents to
Binding: Consent Policy Rules Value Set (extensible)
... provision SΣ0..1BackboneElementdefines access rights for restricted content
.... modifierExtension ?!Σ0..*ExtensionExtensions that cannot be ignored even if unrecognized
.... type SΣ0..1codedeny | permit
Binding: ConsentProvisionType (required): How a rule statement is applied, such as adding additional consent or removing consent.

.... actor S1..*BackboneElementWho|what controlled by this rule (or group, by role)
..... modifierExtension ?!Σ0..*ExtensionExtensions that cannot be ignored even if unrecognized
..... role S1..1CodeableConceptHow the actor is involved
Binding: SecurityRoleType (extensible): How an actor is involved in the consent considerations.

..... reference S1..1Reference(NDH Base CareTeam Profile | NDH Base Organization Profile | NDH Base Practitioner Profile | NDH Base PractitionerRole)definedUserOrGroup
.... action SΣ0..1CodeableConceptreasonType
Binding: ConsentActionCodes (extensible)
.... securityLabel SΣ0..*CodinguserType
Binding: All Security Labels (extensible): Security Labels from the Healthcare Privacy and Security Classification System.

.... purpose SΣ0..*CodingreasonName
Binding: PurposeOfUse (extensible): What purposes of use are controlled by this exception. If more than one label is specified, operations must have all the specified labels.

doco Documentation for this format

Terminology Bindings

Consent.scopeextensibleConsentScopeNdhVS (a valid code from NDH ConsentScopeCodes Code System)
Consent.categoryextensibleConsentCategoryNdhVS (a valid code from National Healthcare Directory Consent Category Code System)
Consent.policyRuleextensibleConsentPolicyRulesVS (a valid code from National Healthcare Directory ConsentPolicyRules Code System)
Consent.provision.securityLabelextensibleAll Security Labels

Snapshot View

NameFlagsCard.TypeDescription & Constraintsdoco
.. Consent C0..*ConsentA healthcare consumer's choices to permit or deny recipients or roles to perform actions for specific purposes and periods of time
... id Σ0..1idLogical id of this artifact
... meta Σ0..1MetaMetadata about the resource
... implicitRules ?!Σ0..1uriA set of rules under which this content was created
... text 0..1NarrativeText summary of the resource, for human interpretation
... contained 0..*ResourceContained, inline Resources
... Slices for extension 0..*ExtensionExtension
Slice: Unordered, Open by value:url
... restrictFhirPath 0..*ExpressionNDH usage restriction fhir path
... modifierExtension ?!0..*ExtensionExtensions that cannot be ignored
... status ?!SΣ1..1codeIndicates the current state of this restriction
Binding: ConsentState (required): Indicates the state of the consent.

... scope ?!SΣ1..1CodeableConceptWhich of the four areas this resource covers (extensible)
Binding: NDH Consent Scope Value Set (extensible)
... category SΣ1..*CodeableConceptdescribes the type of restriction (e.g. the data may be further disclosed by the downstream workflow environment per the terms of a Data Use Agreement)
Binding: NDH Consent Category Value Set (extensible)
... dateTime SΣ0..1dateTimeindicates when the restriction was last updated
... policy S0..*BackboneElementPolicies covered by this consent
.... id 0..1stringUnique id for inter-element referencing
.... extension 0..*ExtensionAdditional content defined by implementations
.... modifierExtension ?!Σ0..*ExtensionExtensions that cannot be ignored even if unrecognized
.... uri SC0..1uriSpecific policy covered by this restriction
... policyRule SΣC0..1CodeableConceptRegulation that this consents to
Binding: Consent Policy Rules Value Set (extensible)
... provision SΣ0..1BackboneElementdefines access rights for restricted content
.... id 0..1stringUnique id for inter-element referencing
.... extension 0..*ExtensionAdditional content defined by implementations
.... modifierExtension ?!Σ0..*ExtensionExtensions that cannot be ignored even if unrecognized
.... type SΣ0..1codedeny | permit
Binding: ConsentProvisionType (required): How a rule statement is applied, such as adding additional consent or removing consent.

.... actor S1..*BackboneElementWho|what controlled by this rule (or group, by role)
..... id 0..1stringUnique id for inter-element referencing
..... extension 0..*ExtensionAdditional content defined by implementations
..... modifierExtension ?!Σ0..*ExtensionExtensions that cannot be ignored even if unrecognized
..... role S1..1CodeableConceptHow the actor is involved
Binding: SecurityRoleType (extensible): How an actor is involved in the consent considerations.

..... reference S1..1Reference(NDH Base CareTeam Profile | NDH Base Organization Profile | NDH Base Practitioner Profile | NDH Base PractitionerRole)definedUserOrGroup
.... action SΣ0..1CodeableConceptreasonType
Binding: ConsentActionCodes (extensible)
.... securityLabel SΣ0..*CodinguserType
Binding: All Security Labels (extensible): Security Labels from the Healthcare Privacy and Security Classification System.

.... purpose SΣ0..*CodingreasonName
Binding: PurposeOfUse (extensible): What purposes of use are controlled by this exception. If more than one label is specified, operations must have all the specified labels.

doco Documentation for this format

Terminology Bindings

Additional Bindings Purpose
AllLanguages Max Binding
Consent.scopeextensibleConsentScopeNdhVS (a valid code from NDH ConsentScopeCodes Code System)
Consent.categoryextensibleConsentCategoryNdhVS (a valid code from National Healthcare Directory Consent Category Code System)
Consent.policyRuleextensibleConsentPolicyRulesVS (a valid code from National Healthcare Directory ConsentPolicyRules Code System)
Consent.provision.securityLabelextensibleAll Security Labels


Other representations of profile: CSV, Excel, Schematron