VhDir

This page is part of the Validated Healthcare Directory FHIR IG (v0.2.0: STU 1 Ballot 2) based on FHIR v3.5.0. . For a full list of available versions, see the Directory of published versions

StructureDefinition-vhdir-restriction

This profile sets minimum expectations for searching for and fetching information associated with a restriction. It identifies which core elements, extensions, vocabularies and value sets SHALL be present in the Consent resource when using this profile.

Background and Context

The FHIR specification contains a security meta tag which can be used to inform systems of the sensitivity of resources. The tag can be used by access control mechanisms to ensure content isn’t exposed inappropriately. However, the security meta tag can only indicate sensitivity at the resource level, and provides relatively little context about the restriction.

This implementation guide profiles the Consent resource to provide additional details about the nature of restrictions on content passed from the validated healthcare directory to downstream workflow environments.

Typically, the “restriction” resource will function as a contained resource.

The restriction profile consists of the following elements:

consent.status indicates whether the restriction is active
consent.category describes the type of restriction (e.g. the data may be further disclosed by the downstream workflow environment per the terms of a Data Use Agreement)
consent.dateTime indicates when the restriction was last updated
consent.policy references a policy or policies defining the restriction
consent.provision defines access rights for restricted content

Examples:

The following are example uses for the vhdir-restriction profile:

Mandatory Data Elements

The following data-elements are mandatory (i.e data MUST be present). These are presented below in a simple human-readable explanation. The Formal Profile Definition below provides the formal summary, definitions, and terminology requirements.

Each Consent resource must have:

A coded value representing the status of the restriction in consent.status
At least one coded and/or text value describing the type of restriction in consent.category
At least one actor when describing access rights via consent.provision. Each actor must include a reference to a practitioner, organization, care team, or group. The role of each actor is fixed to code “IRCP” (information recipient) from the code system defined at http://hl7.org/fhir/v3/ParticipationType

Profile specific implementation guidance:

Terminology

TBD

Formal Views of Profile Content

Description of Profiles, Differentials, and Snapshots.

The official URL for this profile is: http://hl7.org/fhir/uv/vhdir/StructureDefinition/vhdir-restriction

Published on Fri Dec 15 00:01:31 AEST 2017 as a active by .

This profile builds on Consent

Text Summary
Differential Table
Snapshot Table
All

Summary of the Mandatory Requirements and Key properties

A coded value representing the status of the restriction in consent.status
At least one coded and/or text value describing the type of restriction in consent.category
At least one actor when describing access rights via consent.provision. Each actor must include a reference to a practitioner, organization, care team, or group. The role of each actor is fixed to code “IRCP” (information recipient) from the code system defined at http://hl7.org/fhir/v3/ParticipationType

Name	Flags	Card.	Type	Description & Constraints
Consent		0..*		A policy may permit or deny recipients or roles to perform actions for specific purposes and periods of time
identifier		0..0
status	S	1..1	code	Indicates the current state of this restriction
scope	S	1..1	CodeableConcept	Fixed Value: privacy
category	S	1..*	CodeableConcept	Type of restriction
patient		0..0
dateTime	S	0..1	dateTime	date/time of last update for this restriction
performer		0..0
organization		0..0
source[x]		0..0
policy	S	0..*	BackboneElement
authority		0..0
uri	S	0..1	uri	Specific policy covered by this restriction
policyRule		0..0
verification		0..0
provision	S	0..1	BackboneElement	Access rights
type	S	0..1	code	Fixed Value: permit
period		0..0
actor	S	1..*	BackboneElement
role	S	1..1	CodeableConcept	Fixed Value: {"system":"http://terminology.hl7.org/CodeSystem/v3-ParticipationType","code":"IRCP"} (information recipient)
reference	S	1..1	Reference(Organization \| CareTeam \| Practitioner \| Group)	definedUserOrGroup
action	S	0..1	CodeableConcept	reasonType
securityLabel	S	0..*	Coding	userType
purpose	S	0..*	Coding	reasonName
class		0..0
code		0..0
dataPeriod		0..0
data		0..0
provision		0..0
Documentation for this format

Name	Flags	Card.	Type	Description & Constraints
Consent	I	0..*		A policy may permit or deny recipients or roles to perform actions for specific purposes and periods of time
id	Î£	0..1	id	Logical id of this artifact
meta	Î£	0..1	Meta	Metadata about the resource
implicitRules	?!Î£	0..1	uri	A set of rules under which this content was created
language		0..1	code	Language of the resource content Binding: Common Languages (preferred)
text		0..1	Narrative	Text summary of the resource, for human interpretation
contained		0..*	Resource	Contained, inline Resources
extension		0..*	Extension	Additional Content defined by implementations
modifierExtension	?!	0..*	Extension	Extensions that cannot be ignored
status	?!SÎ£	1..1	code	Indicates the current state of this restriction Binding: EventStatus (required)
scope	?!SÎ£	1..1	CodeableConcept	Which of the four areas this resource covers (extensible) Binding: ConsentScopeCodes (extensible) Fixed Value: privacy
category	SÎ£	1..*	CodeableConcept	Type of restriction Binding: ConsentCategoryCodes (extensible)
dateTime	SÎ£	0..1	dateTime	date/time of last update for this restriction
policy	SI	0..*	BackboneElement	Policies covered by this consent
id		0..1	string	xml:id (or equivalent in JSON)
extension		0..*	Extension	Additional content defined by implementations
modifierExtension	?!Î£	0..*	Extension	Extensions that cannot be ignored if unrecognized
uri	SI	0..1	uri	Specific policy covered by this restriction
provision	SÎ£I	0..1	BackboneElement	Access rights
id		0..1	string	xml:id (or equivalent in JSON)
extension		0..*	Extension	Additional content defined by implementations
modifierExtension	?!Î£	0..*	Extension	Extensions that cannot be ignored if unrecognized
type	SÎ£	0..1	code	deny \| permit Binding: ConsentProvisionType (required) Fixed Value: permit
actor	SI	1..*	BackboneElement	Who\|what controlled by this rule (or group, by role)
id		0..1	string	xml:id (or equivalent in JSON)
extension		0..*	Extension	Additional content defined by implementations
modifierExtension	?!Î£	0..*	Extension	Extensions that cannot be ignored if unrecognized
role	S	1..1	CodeableConcept	How the actor is involved Binding: SecurityRoleType (extensible) Fixed Value: {"system":"http://terminology.hl7.org/CodeSystem/v3-ParticipationType","code":"IRCP"} (information recipient)
reference	S	1..1	Reference(Organization \| CareTeam \| Practitioner \| Group)	definedUserOrGroup
action	SÎ£	0..1	CodeableConcept	reasonType Binding: ConsentActionCodes (example)
securityLabel	SÎ£	0..*	Coding	userType Binding: All Security Labels (extensible)
purpose	SÎ£	0..*	Coding	reasonName Binding: http://terminology.hl7.org/ValueSet/v3-PurposeOfUse (extensible)
Documentation for this format

Summary

Mandatory: 0 element (1 nested mandatory element)
Must-Support: 14 elements
Fixed Value: 3 elements
Prohibited: 14 elements

Differential View

Name	Flags	Card.	Type	Description & Constraints
Consent		0..*		A policy may permit or deny recipients or roles to perform actions for specific purposes and periods of time
identifier		0..0
status	S	1..1	code	Indicates the current state of this restriction
scope	S	1..1	CodeableConcept	Fixed Value: privacy
category	S	1..*	CodeableConcept	Type of restriction
patient		0..0
dateTime	S	0..1	dateTime	date/time of last update for this restriction
performer		0..0
organization		0..0
source[x]		0..0
policy	S	0..*	BackboneElement
authority		0..0
uri	S	0..1	uri	Specific policy covered by this restriction
policyRule		0..0
verification		0..0
provision	S	0..1	BackboneElement	Access rights
type	S	0..1	code	Fixed Value: permit
period		0..0
actor	S	1..*	BackboneElement
role	S	1..1	CodeableConcept	Fixed Value: {"system":"http://terminology.hl7.org/CodeSystem/v3-ParticipationType","code":"IRCP"} (information recipient)
reference	S	1..1	Reference(Organization \| CareTeam \| Practitioner \| Group)	definedUserOrGroup
action	S	0..1	CodeableConcept	reasonType
securityLabel	S	0..*	Coding	userType
purpose	S	0..*	Coding	reasonName
class		0..0
code		0..0
dataPeriod		0..0
data		0..0
provision		0..0
Documentation for this format

Snapshot View

Name	Flags	Card.	Type	Description & Constraints
Consent	I	0..*		A policy may permit or deny recipients or roles to perform actions for specific purposes and periods of time
id	Î£	0..1	id	Logical id of this artifact
meta	Î£	0..1	Meta	Metadata about the resource
implicitRules	?!Î£	0..1	uri	A set of rules under which this content was created
language		0..1	code	Language of the resource content Binding: Common Languages (preferred)
text		0..1	Narrative	Text summary of the resource, for human interpretation
contained		0..*	Resource	Contained, inline Resources
extension		0..*	Extension	Additional Content defined by implementations
modifierExtension	?!	0..*	Extension	Extensions that cannot be ignored
status	?!SÎ£	1..1	code	Indicates the current state of this restriction Binding: EventStatus (required)
scope	?!SÎ£	1..1	CodeableConcept	Which of the four areas this resource covers (extensible) Binding: ConsentScopeCodes (extensible) Fixed Value: privacy
category	SÎ£	1..*	CodeableConcept	Type of restriction Binding: ConsentCategoryCodes (extensible)
dateTime	SÎ£	0..1	dateTime	date/time of last update for this restriction
policy	SI	0..*	BackboneElement	Policies covered by this consent
id		0..1	string	xml:id (or equivalent in JSON)
extension		0..*	Extension	Additional content defined by implementations
modifierExtension	?!Î£	0..*	Extension	Extensions that cannot be ignored if unrecognized
uri	SI	0..1	uri	Specific policy covered by this restriction
provision	SÎ£I	0..1	BackboneElement	Access rights
id		0..1	string	xml:id (or equivalent in JSON)
extension		0..*	Extension	Additional content defined by implementations
modifierExtension	?!Î£	0..*	Extension	Extensions that cannot be ignored if unrecognized
type	SÎ£	0..1	code	deny \| permit Binding: ConsentProvisionType (required) Fixed Value: permit
actor	SI	1..*	BackboneElement	Who\|what controlled by this rule (or group, by role)
id		0..1	string	xml:id (or equivalent in JSON)
extension		0..*	Extension	Additional content defined by implementations
modifierExtension	?!Î£	0..*	Extension	Extensions that cannot be ignored if unrecognized
role	S	1..1	CodeableConcept	How the actor is involved Binding: SecurityRoleType (extensible) Fixed Value: {"system":"http://terminology.hl7.org/CodeSystem/v3-ParticipationType","code":"IRCP"} (information recipient)
reference	S	1..1	Reference(Organization \| CareTeam \| Practitioner \| Group)	definedUserOrGroup
action	SÎ£	0..1	CodeableConcept	reasonType Binding: ConsentActionCodes (example)
securityLabel	SÎ£	0..*	Coding	userType Binding: All Security Labels (extensible)
purpose	SÎ£	0..*	Coding	reasonName Binding: http://terminology.hl7.org/ValueSet/v3-PurposeOfUse (extensible)
Documentation for this format

Downloads: StructureDefinition: (XML, JSON), Schema: XML Schematron

Quick Start

Below is an overview of the required set of RESTful FHIR interactions - for example, search and read operations - for this profile. See the Conformance requirements for a complete list of supported RESTful interactions for this IG.