Validated Healthcare Directory

Validated Healthcare Directory IG STU1 Draft for Comment

This page is part of the Validated Healthcare Directory FHIR IG (v0.1.0: STU 1 Draft) based on FHIR v3.2.0. . For a full list of available versions, see the Directory of published versions

1.0 - StructureDefinition: vhdir-restriction - Content

Background and Context

The FHIR specification contains a security meta tag which can be used to inform systems of the sensitivity of resources. The tag can be used by access control mechanisms to ensure content isn’t exposed inappropriately. However, the security meta tag can only indicate sensitivity at the resource level, and provides relatively little context about the restriction. We propose a new mechanism, usage-restriction, that extends the concept of restriction further into an individual resource, while providing additional information about the restriction itself.

Useage-restriction can be applied to a resource, element, or combination thereof. If applied to a resource/element, the restriction is understood to apply to all of the properties of that resource/element, unless otherwise specified (e.g. if applied to an identifier on a practitioner, then all of the properties of that identifier are restricted)

It consists of:

usage-restriction.target - indicates the resource(s), element(s), or combination thereof that the restriction applies to
usage-restriction.type - indicates the type of restriction (e.g. based on an item in a data use agreement)
usage-restriction.policy - indicates the policy defining the restriction
usage-restriction.status - indicates the status of the restriction (i.e. whether it is active)
usage-restriction.lastUpdated - indicates when the restriction was last updated
usage-restriction.retrospective - indicates whether the restriction is retrospective
usage-restriction.reason - indicates why the target is restricted
- usage-restriction.reason.name - indicates the name of the restriction condition
- usage-restriction.conditionalSource - Indicates whether information from another source is necessary to determine if something is restricted
- usage-restriction.reasonType - indicates the type of restriction
usage-restriction.accessRights - defines a group/class of individuals/orgs to which the target is not restricted

Usage-restriction is expected to be used as a modifier extension.

Expected Implementations

1.2 - Formal Views of Profile Content

The official URL for this profile is:

http://hl7.org/fhir/ig/vhdir/StructureDefinition/vhdir-restriction

Restriction on use/release of exchanged information

This profile builds on Consent.

This profile was published on Fri Dec 15 01:01:31 AEDT 2017 as a draft by null.

Description of Profiles, Differentials, Snapshots, and how the XML and JSON presentations work.

Text Summary
Differential Table
Snapshot Table
All

Summary of the Mandatory Requirements and Key properties

At least one target in restriction.target
If indicating the reason for restriction:
One name of the restriction in restriction.reason.name
One conditional source in restriction.reason.conditionalSource
At least one type of reason in restriction.reason.reasonType

Name	Flags	Card.	Type	Description & Constraints
Consent		0..*		A policy may permit or deny recipients or roles to perform actions for specific purposes and periods of time
identifier		0..0
status	S	1..1	code	Indicates the current state of this restriction
scope	S	1..1	code	Fixed Value: privacy
category	S	1..*	CodeableConcept	Type of restriction
patient		1..1	Reference(Patient)	As the consent is not applicable in the Restriction, this should have a null flavour applied to it
reference		0..0
identifier		0..0
dateTime	S	0..1	dateTime	date/time of last update for this restriction
consentingParty		0..0
organization		0..0
source[x]		0..0
policy	S	0..*	BackboneElement
authority		0..0
uri	S	0..1	uri	Specific policy covered by this restriction
policyRule		0..0
verification		0..0
provision	S	1..1	BackboneElement	Access rights
type	S	0..1	code	Fixed Value: permit
period		0..0
actor	S	1..*	BackboneElement
role	S	1..1	CodeableConcept	Fixed Value: {"system":"http://hl7.org/fhir/v3/ParticipationType","code":"IRCP"} (information recipient)
reference	S	1..1	Reference(Organization), Reference(CareTeam), Reference(Practitioner), Reference(Group)	definedUserOrGroup
action	S	0..1	CodeableConcept	reasonType
securityLabel	S	0..*	Coding	userType
purpose	S	0..*	Coding	reasonName
class		0..0
code		0..0
dataPeriod		0..0
data		0..0
provision		0..0
Documentation for this format

Name	Flags	Card.	Type	Description & Constraints
Consent	I	0..*		A policy may permit or deny recipients or roles to perform actions for specific purposes and periods of time
id	Î£	0..1	id	Logical id of this artifact
meta	Î£	0..1	Meta	Metadata about the resource
implicitRules	?!Î£	0..1	uri	A set of rules under which this content was created
language		0..1	code	Language of the resource content Binding: Common Languages (extensible)
text	I	0..1	Narrative	Text summary of the resource, for human interpretation
contained		0..*	Resource	Contained, inline Resources
extension		0..*	Extension	Additional Content defined by implementations
modifierExtension	?!	0..*	Extension	Extensions that cannot be ignored
status	?!SÎ£	1..1	code	Indicates the current state of this restriction Binding: ConsentState (required)
scope	?!SÎ£	1..1	code	Which of the four areas this resource covers Binding: Consent Scope Codes (required) Fixed Value: privacy
category	SÎ£	1..*	CodeableConcept	Type of restriction Binding: Consent Category Codes (example)
patient	Î£	1..1	Reference(Patient)	As the consent is not applicable in the Restriction, this should have a null flavour applied to it
id		0..1	string	xml:id (or equivalent in JSON)
display	Î£	0..1	string	Text alternative for the resource
dateTime	SÎ£	0..1	dateTime	date/time of last update for this restriction
policy	SI	0..*	BackboneElement	Policies covered by this consent
id		0..1	string	xml:id (or equivalent in JSON)
extension		0..*	Extension	Additional Content defined by implementations
modifierExtension	?!Î£	0..*	Extension	Extensions that cannot be ignored
uri	SI	0..1	uri	Specific policy covered by this restriction
provision	SÎ£I	1..1	BackboneElement	Access rights
id		0..1	string	xml:id (or equivalent in JSON)
extension		0..*	Extension	Additional Content defined by implementations
modifierExtension	?!Î£	0..*	Extension	Extensions that cannot be ignored
type	SÎ£	0..1	code	deny \| permit Binding: ConsentProvisionType (required) Fixed Value: permit
actor	SI	1..*	BackboneElement	Who\|what controlled by this rule (or group, by role)
id		0..1	string	xml:id (or equivalent in JSON)
extension		0..*	Extension	Additional Content defined by implementations
modifierExtension	?!Î£	0..*	Extension	Extensions that cannot be ignored
role	S	1..1	CodeableConcept	How the actor is involved Binding: SecurityRoleType (extensible) Fixed Value: {"system":"http://hl7.org/fhir/v3/ParticipationType","code":"IRCP"} (information recipient)
reference	S	1..1	Reference(Organization), Reference(CareTeam), Reference(Practitioner), Reference(Group)	definedUserOrGroup
action	SÎ£	0..1	CodeableConcept	reasonType Binding: Consent Action Codes (example)
securityLabel	SÎ£	0..*	Coding	userType Binding: All Security Labels (extensible)
purpose	SÎ£	0..*	Coding	reasonName Binding: PurposeOfUse (extensible)
Documentation for this format

Summary of the Mandatory Requirements and Key properties

At least one target in restriction.target
If indicating the reason for restriction:
One name of the restriction in restriction.reason.name
One conditional source in restriction.reason.conditionalSource
At least one type of reason in restriction.reason.reasonType

Differential View

Name	Flags	Card.	Type	Description & Constraints
Consent		0..*		A policy may permit or deny recipients or roles to perform actions for specific purposes and periods of time
identifier		0..0
status	S	1..1	code	Indicates the current state of this restriction
scope	S	1..1	code	Fixed Value: privacy
category	S	1..*	CodeableConcept	Type of restriction
patient		1..1	Reference(Patient)	As the consent is not applicable in the Restriction, this should have a null flavour applied to it
reference		0..0
identifier		0..0
dateTime	S	0..1	dateTime	date/time of last update for this restriction
consentingParty		0..0
organization		0..0
source[x]		0..0
policy	S	0..*	BackboneElement
authority		0..0
uri	S	0..1	uri	Specific policy covered by this restriction
policyRule		0..0
verification		0..0
provision	S	1..1	BackboneElement	Access rights
type	S	0..1	code	Fixed Value: permit
period		0..0
actor	S	1..*	BackboneElement
role	S	1..1	CodeableConcept	Fixed Value: {"system":"http://hl7.org/fhir/v3/ParticipationType","code":"IRCP"} (information recipient)
reference	S	1..1	Reference(Organization), Reference(CareTeam), Reference(Practitioner), Reference(Group)	definedUserOrGroup
action	S	0..1	CodeableConcept	reasonType
securityLabel	S	0..*	Coding	userType
purpose	S	0..*	Coding	reasonName
class		0..0
code		0..0
dataPeriod		0..0
data		0..0
provision		0..0
Documentation for this format

Snapshot View

Name	Flags	Card.	Type	Description & Constraints
Consent	I	0..*		A policy may permit or deny recipients or roles to perform actions for specific purposes and periods of time
id	Î£	0..1	id	Logical id of this artifact
meta	Î£	0..1	Meta	Metadata about the resource
implicitRules	?!Î£	0..1	uri	A set of rules under which this content was created
language		0..1	code	Language of the resource content Binding: Common Languages (extensible)
text	I	0..1	Narrative	Text summary of the resource, for human interpretation
contained		0..*	Resource	Contained, inline Resources
extension		0..*	Extension	Additional Content defined by implementations
modifierExtension	?!	0..*	Extension	Extensions that cannot be ignored
status	?!SÎ£	1..1	code	Indicates the current state of this restriction Binding: ConsentState (required)
scope	?!SÎ£	1..1	code	Which of the four areas this resource covers Binding: Consent Scope Codes (required) Fixed Value: privacy
category	SÎ£	1..*	CodeableConcept	Type of restriction Binding: Consent Category Codes (example)
patient	Î£	1..1	Reference(Patient)	As the consent is not applicable in the Restriction, this should have a null flavour applied to it
id		0..1	string	xml:id (or equivalent in JSON)
display	Î£	0..1	string	Text alternative for the resource
dateTime	SÎ£	0..1	dateTime	date/time of last update for this restriction
policy	SI	0..*	BackboneElement	Policies covered by this consent
id		0..1	string	xml:id (or equivalent in JSON)
extension		0..*	Extension	Additional Content defined by implementations
modifierExtension	?!Î£	0..*	Extension	Extensions that cannot be ignored
uri	SI	0..1	uri	Specific policy covered by this restriction
provision	SÎ£I	1..1	BackboneElement	Access rights
id		0..1	string	xml:id (or equivalent in JSON)
extension		0..*	Extension	Additional Content defined by implementations
modifierExtension	?!Î£	0..*	Extension	Extensions that cannot be ignored
type	SÎ£	0..1	code	deny \| permit Binding: ConsentProvisionType (required) Fixed Value: permit
actor	SI	1..*	BackboneElement	Who\|what controlled by this rule (or group, by role)
id		0..1	string	xml:id (or equivalent in JSON)
extension		0..*	Extension	Additional Content defined by implementations
modifierExtension	?!Î£	0..*	Extension	Extensions that cannot be ignored
role	S	1..1	CodeableConcept	How the actor is involved Binding: SecurityRoleType (extensible) Fixed Value: {"system":"http://hl7.org/fhir/v3/ParticipationType","code":"IRCP"} (information recipient)
reference	S	1..1	Reference(Organization), Reference(CareTeam), Reference(Practitioner), Reference(Group)	definedUserOrGroup
action	SÎ£	0..1	CodeableConcept	reasonType Binding: Consent Action Codes (example)
securityLabel	SÎ£	0..*	Coding	userType Binding: All Security Labels (extensible)
purpose	SÎ£	0..*	Coding	reasonName Binding: PurposeOfUse (extensible)
Documentation for this format

Downloads: StructureDefinition: (XML, JSON, CSV), Schema: XML Schematron

1.3 - Quick Start

Below is an overview of the required search and read operations for this profile. See the Conformance requirements for the US Core Server for a complete list of supported RESTful operations and search parameters for this IG.

Validated Healthcare Directory Version: 0.1.0 ®© FHIR Version: 3.2.0 (IG Publisher v3.2.0-12882) generated on Wed, Dec 20, 2017 12:44+1100. |