Background & Scope

The FHIR specification contains a security meta tag which can be used to inform systems of the sensitivity of resources. The tag can be used by access control mechanisms to ensure content isn’t exposed inappropriately. However, the security meta tag can only indicate sensitivity at the resource level, and provides relatively little context about the restriction.

We anticipate that the operational policies and legal agreements of NDH will offer clarity regarding the data stakeholders can access. These policies, if needed, will mandate stakeholders to preserve the privacy and confidentiality of any sensitive data within local downstream environments. In order to ensure this, we have integrated this ‘Restriction’ profile, which is based on the ‘Consent’ resource. The purpose of this profile is to communicate any limitations associated with an entire specific resource instance, or certain elements of a specific resource instance for the purpose of resource instance collection or acquisition. The restriction resource is always encompassed within the resource instance that requires restriction. For instance:

The entirety of a particular women’s shelter HealthcareService resource instance can be restricted. See the example below: HealthcareService/HealthcareServiceWomenShelterAll

The location and phone number of a specific women’s shelter HealthcareService resource instance can be restricted. See the example below: HealthcareService/HealthcareServiceWomenShelter

• Differential Table
• Key Elements Table
• Snapshot Table
• Statistics/References
• All

This structure is derived from Consent

Name	Flags	Card.	Type	Description & Constraints
Consent		0..*	Consent	A healthcare consumer's choices to permit or deny recipients or roles to perform actions for specific purposes and periods of time
Slices for extension		0..*	Extension	Extension Slice: Unordered, Open by value:url
restrictFhirPath		0..*	Expression	NDH usage restriction fhir path URL: http://hl7.org/fhir/us/ndh/StructureDefinition/base-ext-restrictFhirPath
identifier		0..0
status	S	1..1	code	Indicates the current state of this restriction
scope	S	1..1	CodeableConcept	Which of the four areas this resource covers (extensible) Binding: NDH Consent Scope Value Set (extensible)
category	S	1..*	CodeableConcept	describes the type of restriction (e.g. the data may be further disclosed by the downstream workflow environment per the terms of a Data Use Agreement) Binding: NDH Consent Category Value Set (extensible)
patient		0..0
dateTime	S	0..1	dateTime	indicates when the restriction was last updated
performer		0..0
organization		0..0
source[x]		0..0
policy	S	0..*	BackboneElement	Policies covered by this consent
authority		0..0
uri	S	0..1	uri	Specific policy covered by this restriction
policyRule	S	0..1	CodeableConcept	Regulation that this consents to Binding: Consent Policy Rules Value Set (extensible)
verification		0..0
provision	S	0..1	BackboneElement	defines access rights for restricted content
type	S	0..1	code	deny | permit
period		0..0
actor	S	1..*	BackboneElement	Who|what controlled by this rule (or group, by role)
role	S	1..1	CodeableConcept	How the actor is involved
reference	S	1..1	Reference(NDH Base CareTeam Profile | NDH Base Organization Profile | NDH Base Practitioner Profile | NDH Base PractitionerRole)	definedUserOrGroup
action	S	0..1	CodeableConcept	reasonType Binding: ConsentActionCodes (extensible)
securityLabel	S	0..*	Coding	userType
purpose	S	0..*	Coding	reasonName
class		0..0
code		0..0
dataPeriod		0..0
data	S	0..0
provision		0..0
Documentation for this format

Terminology Bindings (Differential)

Path	Conformance	ValueSet
Consent.scope	extensible	ConsentScopeNdhVS (a valid code from NDH ConsentScopeCodes Code System)
Consent.category	extensible	ConsentCategoryNdhVS (a valid code from National Healthcare Directory Consent Category Code System)
Consent.policyRule	extensible	ConsentPolicyRulesVS (a valid code from National Healthcare Directory ConsentPolicyRules Code System)
Consent.provision.action	extensible	ConsentActionCodes

Name	Flags	Card.	Type	Description & Constraints
Consent	C	0..*	Consent	A healthcare consumer's choices to permit or deny recipients or roles to perform actions for specific purposes and periods of time
implicitRules	?!Σ	0..1	uri	A set of rules under which this content was created
Slices for extension		0..*	Extension	Extension Slice: Unordered, Open by value:url
restrictFhirPath		0..*	Expression	NDH usage restriction fhir path URL: http://hl7.org/fhir/us/ndh/StructureDefinition/base-ext-restrictFhirPath
modifierExtension	?!	0..*	Extension	Extensions that cannot be ignored
status	?!SΣ	1..1	code	Indicates the current state of this restriction Binding: ConsentState (required): Indicates the state of the consent.
scope	?!SΣ	1..1	CodeableConcept	Which of the four areas this resource covers (extensible) Binding: NDH Consent Scope Value Set (extensible)
category	SΣ	1..*	CodeableConcept	describes the type of restriction (e.g. the data may be further disclosed by the downstream workflow environment per the terms of a Data Use Agreement) Binding: NDH Consent Category Value Set (extensible)
dateTime	SΣ	0..1	dateTime	indicates when the restriction was last updated
policy	S	0..*	BackboneElement	Policies covered by this consent
modifierExtension	?!Σ	0..*	Extension	Extensions that cannot be ignored even if unrecognized
uri	SC	0..1	uri	Specific policy covered by this restriction
policyRule	SΣC	0..1	CodeableConcept	Regulation that this consents to Binding: Consent Policy Rules Value Set (extensible)
provision	SΣ	0..1	BackboneElement	defines access rights for restricted content
modifierExtension	?!Σ	0..*	Extension	Extensions that cannot be ignored even if unrecognized
type	SΣ	0..1	code	deny | permit Binding: ConsentProvisionType (required): How a rule statement is applied, such as adding additional consent or removing consent.
actor	S	1..*	BackboneElement	Who|what controlled by this rule (or group, by role)
modifierExtension	?!Σ	0..*	Extension	Extensions that cannot be ignored even if unrecognized
role	S	1..1	CodeableConcept	How the actor is involved Binding: SecurityRoleType (extensible): How an actor is involved in the consent considerations.
reference	S	1..1	Reference(NDH Base CareTeam Profile | NDH Base Organization Profile | NDH Base Practitioner Profile | NDH Base PractitionerRole)	definedUserOrGroup
action	SΣ	0..1	CodeableConcept	reasonType Binding: ConsentActionCodes (extensible)
securityLabel	SΣ	0..*	Coding	userType Binding: All Security Labels (extensible): Security Labels from the Healthcare Privacy and Security Classification System.
purpose	SΣ	0..*	Coding	reasonName Binding: PurposeOfUse (extensible): What purposes of use are controlled by this exception. If more than one label is specified, operations must have all the specified labels.
Documentation for this format

Terminology Bindings

Path	Conformance	ValueSet
Consent.status	required	ConsentState
Consent.scope	extensible	ConsentScopeNdhVS (a valid code from NDH ConsentScopeCodes Code System)
Consent.category	extensible	ConsentCategoryNdhVS (a valid code from National Healthcare Directory Consent Category Code System)
Consent.policyRule	extensible	ConsentPolicyRulesVS (a valid code from National Healthcare Directory ConsentPolicyRules Code System)
Consent.provision.type	required	ConsentProvisionType
Consent.provision.actor.role	extensible	SecurityRoleType
Consent.provision.action	extensible	ConsentActionCodes
Consent.provision.securityLabel	extensible	All Security Labels
Consent.provision.purpose	extensible	PurposeOfUse
Consent.provision.data.meaning	required	ConsentDataMeaning

Name	Flags	Card.	Type	Description & Constraints
Consent	C	0..*	Consent	A healthcare consumer's choices to permit or deny recipients or roles to perform actions for specific purposes and periods of time
id	Σ	0..1	id	Logical id of this artifact
meta	Σ	0..1	Meta	Metadata about the resource
implicitRules	?!Σ	0..1	uri	A set of rules under which this content was created
language		0..1	code	Language of the resource content Binding: CommonLanguages (preferred): A human language. Additional Bindings Purpose AllLanguages Max Binding
text		0..1	Narrative	Text summary of the resource, for human interpretation
contained		0..*	Resource	Contained, inline Resources
Slices for extension		0..*	Extension	Extension Slice: Unordered, Open by value:url
restrictFhirPath		0..*	Expression	NDH usage restriction fhir path URL: http://hl7.org/fhir/us/ndh/StructureDefinition/base-ext-restrictFhirPath
modifierExtension	?!	0..*	Extension	Extensions that cannot be ignored
status	?!SΣ	1..1	code	Indicates the current state of this restriction Binding: ConsentState (required): Indicates the state of the consent.
scope	?!SΣ	1..1	CodeableConcept	Which of the four areas this resource covers (extensible) Binding: NDH Consent Scope Value Set (extensible)
category	SΣ	1..*	CodeableConcept	describes the type of restriction (e.g. the data may be further disclosed by the downstream workflow environment per the terms of a Data Use Agreement) Binding: NDH Consent Category Value Set (extensible)
dateTime	SΣ	0..1	dateTime	indicates when the restriction was last updated
policy	S	0..*	BackboneElement	Policies covered by this consent
id		0..1	string	Unique id for inter-element referencing
extension		0..*	Extension	Additional content defined by implementations
modifierExtension	?!Σ	0..*	Extension	Extensions that cannot be ignored even if unrecognized
uri	SC	0..1	uri	Specific policy covered by this restriction
policyRule	SΣC	0..1	CodeableConcept	Regulation that this consents to Binding: Consent Policy Rules Value Set (extensible)
provision	SΣ	0..1	BackboneElement	defines access rights for restricted content
id		0..1	string	Unique id for inter-element referencing
extension		0..*	Extension	Additional content defined by implementations
modifierExtension	?!Σ	0..*	Extension	Extensions that cannot be ignored even if unrecognized
type	SΣ	0..1	code	deny | permit Binding: ConsentProvisionType (required): How a rule statement is applied, such as adding additional consent or removing consent.
actor	S	1..*	BackboneElement	Who|what controlled by this rule (or group, by role)
id		0..1	string	Unique id for inter-element referencing
extension		0..*	Extension	Additional content defined by implementations
modifierExtension	?!Σ	0..*	Extension	Extensions that cannot be ignored even if unrecognized
role	S	1..1	CodeableConcept	How the actor is involved Binding: SecurityRoleType (extensible): How an actor is involved in the consent considerations.
reference	S	1..1	Reference(NDH Base CareTeam Profile | NDH Base Organization Profile | NDH Base Practitioner Profile | NDH Base PractitionerRole)	definedUserOrGroup
action	SΣ	0..1	CodeableConcept	reasonType Binding: ConsentActionCodes (extensible)
securityLabel	SΣ	0..*	Coding	userType Binding: All Security Labels (extensible): Security Labels from the Healthcare Privacy and Security Classification System.
purpose	SΣ	0..*	Coding	reasonName Binding: PurposeOfUse (extensible): What purposes of use are controlled by this exception. If more than one label is specified, operations must have all the specified labels.
Documentation for this format

Terminology Bindings

Path	Conformance	ValueSet
Consent.language	preferred	CommonLanguages Additional Bindings Purpose AllLanguages Max Binding
Consent.status	required	ConsentState
Consent.scope	extensible	ConsentScopeNdhVS (a valid code from NDH ConsentScopeCodes Code System)
Consent.category	extensible	ConsentCategoryNdhVS (a valid code from National Healthcare Directory Consent Category Code System)
Consent.policyRule	extensible	ConsentPolicyRulesVS (a valid code from National Healthcare Directory ConsentPolicyRules Code System)
Consent.provision.type	required	ConsentProvisionType
Consent.provision.actor.role	extensible	SecurityRoleType
Consent.provision.action	extensible	ConsentActionCodes
Consent.provision.securityLabel	extensible	All Security Labels
Consent.provision.purpose	extensible	PurposeOfUse
Consent.provision.data.meaning	required	ConsentDataMeaning

Differential View

This structure is derived from Consent

Name	Flags	Card.	Type	Description & Constraints
Consent		0..*	Consent	A healthcare consumer's choices to permit or deny recipients or roles to perform actions for specific purposes and periods of time
Slices for extension		0..*	Extension	Extension Slice: Unordered, Open by value:url
restrictFhirPath		0..*	Expression	NDH usage restriction fhir path URL: http://hl7.org/fhir/us/ndh/StructureDefinition/base-ext-restrictFhirPath
identifier		0..0
status	S	1..1	code	Indicates the current state of this restriction
scope	S	1..1	CodeableConcept	Which of the four areas this resource covers (extensible) Binding: NDH Consent Scope Value Set (extensible)
category	S	1..*	CodeableConcept	describes the type of restriction (e.g. the data may be further disclosed by the downstream workflow environment per the terms of a Data Use Agreement) Binding: NDH Consent Category Value Set (extensible)
patient		0..0
dateTime	S	0..1	dateTime	indicates when the restriction was last updated
performer		0..0
organization		0..0
source[x]		0..0
policy	S	0..*	BackboneElement	Policies covered by this consent
authority		0..0
uri	S	0..1	uri	Specific policy covered by this restriction
policyRule	S	0..1	CodeableConcept	Regulation that this consents to Binding: Consent Policy Rules Value Set (extensible)
verification		0..0
provision	S	0..1	BackboneElement	defines access rights for restricted content
type	S	0..1	code	deny | permit
period		0..0
actor	S	1..*	BackboneElement	Who|what controlled by this rule (or group, by role)
role	S	1..1	CodeableConcept	How the actor is involved
reference	S	1..1	Reference(NDH Base CareTeam Profile | NDH Base Organization Profile | NDH Base Practitioner Profile | NDH Base PractitionerRole)	definedUserOrGroup
action	S	0..1	CodeableConcept	reasonType Binding: ConsentActionCodes (extensible)
securityLabel	S	0..*	Coding	userType
purpose	S	0..*	Coding	reasonName
class		0..0
code		0..0
dataPeriod		0..0
data	S	0..0
provision		0..0
Documentation for this format

Terminology Bindings (Differential)

Path	Conformance	ValueSet
Consent.scope	extensible	ConsentScopeNdhVS (a valid code from NDH ConsentScopeCodes Code System)
Consent.category	extensible	ConsentCategoryNdhVS (a valid code from National Healthcare Directory Consent Category Code System)
Consent.policyRule	extensible	ConsentPolicyRulesVS (a valid code from National Healthcare Directory ConsentPolicyRules Code System)
Consent.provision.action	extensible	ConsentActionCodes

Key Elements View

Name	Flags	Card.	Type	Description & Constraints
Consent	C	0..*	Consent	A healthcare consumer's choices to permit or deny recipients or roles to perform actions for specific purposes and periods of time
implicitRules	?!Σ	0..1	uri	A set of rules under which this content was created
Slices for extension		0..*	Extension	Extension Slice: Unordered, Open by value:url
restrictFhirPath		0..*	Expression	NDH usage restriction fhir path URL: http://hl7.org/fhir/us/ndh/StructureDefinition/base-ext-restrictFhirPath
modifierExtension	?!	0..*	Extension	Extensions that cannot be ignored
status	?!SΣ	1..1	code	Indicates the current state of this restriction Binding: ConsentState (required): Indicates the state of the consent.
scope	?!SΣ	1..1	CodeableConcept	Which of the four areas this resource covers (extensible) Binding: NDH Consent Scope Value Set (extensible)
category	SΣ	1..*	CodeableConcept	describes the type of restriction (e.g. the data may be further disclosed by the downstream workflow environment per the terms of a Data Use Agreement) Binding: NDH Consent Category Value Set (extensible)
dateTime	SΣ	0..1	dateTime	indicates when the restriction was last updated
policy	S	0..*	BackboneElement	Policies covered by this consent
modifierExtension	?!Σ	0..*	Extension	Extensions that cannot be ignored even if unrecognized
uri	SC	0..1	uri	Specific policy covered by this restriction
policyRule	SΣC	0..1	CodeableConcept	Regulation that this consents to Binding: Consent Policy Rules Value Set (extensible)
provision	SΣ	0..1	BackboneElement	defines access rights for restricted content
modifierExtension	?!Σ	0..*	Extension	Extensions that cannot be ignored even if unrecognized
type	SΣ	0..1	code	deny | permit Binding: ConsentProvisionType (required): How a rule statement is applied, such as adding additional consent or removing consent.
actor	S	1..*	BackboneElement	Who|what controlled by this rule (or group, by role)
modifierExtension	?!Σ	0..*	Extension	Extensions that cannot be ignored even if unrecognized
role	S	1..1	CodeableConcept	How the actor is involved Binding: SecurityRoleType (extensible): How an actor is involved in the consent considerations.
reference	S	1..1	Reference(NDH Base CareTeam Profile | NDH Base Organization Profile | NDH Base Practitioner Profile | NDH Base PractitionerRole)	definedUserOrGroup
action	SΣ	0..1	CodeableConcept	reasonType Binding: ConsentActionCodes (extensible)
securityLabel	SΣ	0..*	Coding	userType Binding: All Security Labels (extensible): Security Labels from the Healthcare Privacy and Security Classification System.
purpose	SΣ	0..*	Coding	reasonName Binding: PurposeOfUse (extensible): What purposes of use are controlled by this exception. If more than one label is specified, operations must have all the specified labels.
Documentation for this format

Terminology Bindings

Path	Conformance	ValueSet
Consent.status	required	ConsentState
Consent.scope	extensible	ConsentScopeNdhVS (a valid code from NDH ConsentScopeCodes Code System)
Consent.category	extensible	ConsentCategoryNdhVS (a valid code from National Healthcare Directory Consent Category Code System)
Consent.policyRule	extensible	ConsentPolicyRulesVS (a valid code from National Healthcare Directory ConsentPolicyRules Code System)
Consent.provision.type	required	ConsentProvisionType
Consent.provision.actor.role	extensible	SecurityRoleType
Consent.provision.action	extensible	ConsentActionCodes
Consent.provision.securityLabel	extensible	All Security Labels
Consent.provision.purpose	extensible	PurposeOfUse
Consent.provision.data.meaning	required	ConsentDataMeaning

Snapshot View

Name	Flags	Card.	Type	Description & Constraints
Consent	C	0..*	Consent	A healthcare consumer's choices to permit or deny recipients or roles to perform actions for specific purposes and periods of time
id	Σ	0..1	id	Logical id of this artifact
meta	Σ	0..1	Meta	Metadata about the resource
implicitRules	?!Σ	0..1	uri	A set of rules under which this content was created
language		0..1	code	Language of the resource content Binding: CommonLanguages (preferred): A human language. Additional Bindings Purpose AllLanguages Max Binding
text		0..1	Narrative	Text summary of the resource, for human interpretation
contained		0..*	Resource	Contained, inline Resources
Slices for extension		0..*	Extension	Extension Slice: Unordered, Open by value:url
restrictFhirPath		0..*	Expression	NDH usage restriction fhir path URL: http://hl7.org/fhir/us/ndh/StructureDefinition/base-ext-restrictFhirPath
modifierExtension	?!	0..*	Extension	Extensions that cannot be ignored
status	?!SΣ	1..1	code	Indicates the current state of this restriction Binding: ConsentState (required): Indicates the state of the consent.
scope	?!SΣ	1..1	CodeableConcept	Which of the four areas this resource covers (extensible) Binding: NDH Consent Scope Value Set (extensible)
category	SΣ	1..*	CodeableConcept	describes the type of restriction (e.g. the data may be further disclosed by the downstream workflow environment per the terms of a Data Use Agreement) Binding: NDH Consent Category Value Set (extensible)
dateTime	SΣ	0..1	dateTime	indicates when the restriction was last updated
policy	S	0..*	BackboneElement	Policies covered by this consent
id		0..1	string	Unique id for inter-element referencing
extension		0..*	Extension	Additional content defined by implementations
modifierExtension	?!Σ	0..*	Extension	Extensions that cannot be ignored even if unrecognized
uri	SC	0..1	uri	Specific policy covered by this restriction
policyRule	SΣC	0..1	CodeableConcept	Regulation that this consents to Binding: Consent Policy Rules Value Set (extensible)
provision	SΣ	0..1	BackboneElement	defines access rights for restricted content
id		0..1	string	Unique id for inter-element referencing
extension		0..*	Extension	Additional content defined by implementations
modifierExtension	?!Σ	0..*	Extension	Extensions that cannot be ignored even if unrecognized
type	SΣ	0..1	code	deny | permit Binding: ConsentProvisionType (required): How a rule statement is applied, such as adding additional consent or removing consent.
actor	S	1..*	BackboneElement	Who|what controlled by this rule (or group, by role)
id		0..1	string	Unique id for inter-element referencing
extension		0..*	Extension	Additional content defined by implementations
modifierExtension	?!Σ	0..*	Extension	Extensions that cannot be ignored even if unrecognized
role	S	1..1	CodeableConcept	How the actor is involved Binding: SecurityRoleType (extensible): How an actor is involved in the consent considerations.
reference	S	1..1	Reference(NDH Base CareTeam Profile | NDH Base Organization Profile | NDH Base Practitioner Profile | NDH Base PractitionerRole)	definedUserOrGroup
action	SΣ	0..1	CodeableConcept	reasonType Binding: ConsentActionCodes (extensible)
securityLabel	SΣ	0..*	Coding	userType Binding: All Security Labels (extensible): Security Labels from the Healthcare Privacy and Security Classification System.
purpose	SΣ	0..*	Coding	reasonName Binding: PurposeOfUse (extensible): What purposes of use are controlled by this exception. If more than one label is specified, operations must have all the specified labels.
Documentation for this format

Terminology Bindings

Path	Conformance	ValueSet
Consent.language	preferred	CommonLanguages Additional Bindings Purpose AllLanguages Max Binding
Consent.status	required	ConsentState
Consent.scope	extensible	ConsentScopeNdhVS (a valid code from NDH ConsentScopeCodes Code System)
Consent.category	extensible	ConsentCategoryNdhVS (a valid code from National Healthcare Directory Consent Category Code System)
Consent.policyRule	extensible	ConsentPolicyRulesVS (a valid code from National Healthcare Directory ConsentPolicyRules Code System)
Consent.provision.type	required	ConsentProvisionType
Consent.provision.actor.role	extensible	SecurityRoleType
Consent.provision.action	extensible	ConsentActionCodes
Consent.provision.securityLabel	extensible	All Security Labels
Consent.provision.purpose	extensible	PurposeOfUse
Consent.provision.data.meaning	required	ConsentDataMeaning

This structure is derived from Consent

Summary

Mandatory: 0 element (1 nested mandatory element)
Must-Support: 21 elements
Prohibited: 13 elements

Structures

This structure refers to these other structures:

• NDH Base CareTeam Profile (http://hl7.org/fhir/us/ndh/StructureDefinition/ndh-CareTeam)
• NDH Base Organization Profile (http://hl7.org/fhir/us/ndh/StructureDefinition/ndh-Organization)
• NDH Base Practitioner Profile (http://hl7.org/fhir/us/ndh/StructureDefinition/ndh-Practitioner)
• NDH Base PractitionerRole (http://hl7.org/fhir/us/ndh/StructureDefinition/ndh-PractitionerRole)

Extensions

This structure refers to these extensions:

• http://hl7.org/fhir/us/ndh/StructureDefinition/base-ext-restrictFhirPath