Patient Generated Health Data Implementation Guide - Local Development build (v0.1.0) built by the FHIR (HL7® FHIR® Standard) Build Tools. See the Directory of published versions
Resource Profile: Consent_Patient
| Official URL: https://pghd.na.icar.cnr.it/StructureDefinition/consent-patient | Version: 0.1.0 | |||
| Active as of 2026-03-19 | Computable Name: Consent_Patient | |||
Representation of the Consent profile for informed consent to the processing of health data.
Usages:
- Examples for this Profile: Consent/Consent-Local-Care
You can also check for usages in the FHIR IG Statistics
Formal Views of Profile Content
Description of Profiles, Differentials, Snapshots and how the different presentations work.
| Name | Flags | Card. | Type | Description & Constraints Filter:   |
|---|---|---|---|---|
  Consent |
C | 0..* | Consent | A healthcare consumer's choices to permit or deny recipients or roles to perform actions for specific purposes and periods of time Constraints: ppc-1, ppc-2, ppc-3, ppc-4, ppc-5 |
  implicitRules |
?!Σ | 0..1 | uri | A set of rules under which this content was created |
 modifierExtension |
?! | 0..* | Extension | Extensions that cannot be ignored |
| status |
?!SΣ | 1..1 | code | draft | proposed | active | rejected | inactive | entered-in-error Binding: ConsentState (required): Indicates the state of the consent. |
  scope |
?!SΣ | 1..1 | CodeableConcept | Purpose of consent (e.g., patient privacy) Binding: ConsentScopeCodes (extensible): The four anticipated uses for the Consent Resource. Required Pattern: At least the following |
 id |
0..1 | string | Unique id for inter-element referencing | |
| extension |
0..* | Extension | Additional content defined by implementations | |
 coding |
1..* | Coding | Code defined by a terminology system Fixed Value: (Complex) | |
| id |
0..1 | string | Unique id for inter-element referencing | |
| extension |
0..* | Extension | Additional content defined by implementations | |
| system |
1..1 | uri | Identity of the terminology system Fixed Value: http://terminology.hl7.org/CodeSystem/consentscope | |
| version |
0..1 | string | Version of the system - if relevant | |
| code |
1..1 | code | Symbol in syntax defined by the system Fixed Value: patient-privacy | |
| display |
0..1 | string | Representation defined by the system | |
 userSelected |
0..1 | boolean | If this coding was chosen directly by the user | |
| text |
0..1 | string | Plain text representation of the concept | |
| category |
SΣ | 1..* | CodeableConcept | Specific category of consent (e.g., patient consent, privacy policy) Binding: ConsentCategoryCodes (extensible) |
 patient |
SΣ | 1..1 | Reference(PGHD_Patient) | Patient to whom the consent refers |
| dateTime |
Σ | 0..1 | dateTime | Date and time when the consent was recorded |
 Slices for source[x] |
Σ | 0..1 | Source from which this consent is taken Slice: Unordered, Open by type:$this | |
 sourceAttachment |
Attachment | |||
| sourceReference |
Reference(Consent | DocumentReference | Contract | QuestionnaireResponse) | |||
  source[x]:sourceAttachment |
SΣ | 0..1 | Attachment | Attachment containing a copy of the signed or informational document |
| policy |
S | 1..* | BackboneElement | Reference to the applicable legislation or internal policy (e.g., GDPR,other policy) |
| modifierExtension |
?!Σ | 0..* | Extension | Extensions that cannot be ignored even if unrecognized |
 provision |
SΣ | 0..1 | BackboneElement | Details of the consent provision, including actors, purposes, and validity |
 modifierExtension |
?!Σ | 0..* | Extension | Extensions that cannot be ignored even if unrecognized |
| type |
Σ | 0..1 | code | deny | permit Binding: ConsentProvisionType (required): How a rule statement is applied, such as adding additional consent or removing consent. Required Pattern: permit |
| period |
SΣ | 0..1 | Period | Period of validity of consent |
| actor |
S | 1..* | BackboneElement | Actors to whom the provision applies (e.g., doctor, patient, organization) |
| modifierExtension |
?!Σ | 0..* | Extension | Extensions that cannot be ignored even if unrecognized |
| role |
1..1 | CodeableConcept | How the actor is involved Binding: ParticipationType (extensible) | |
| reference |
1..1 | Reference(Practitioner | Organization) | Organization authorized to access patient data | |
| action |
Σ | 0..* | CodeableConcept | Actions controlled by this rule Binding: Consent Action Codes (required) |
| purpose |
SΣ | 1..* | Coding | Purposes for which data processing is authorized (e.g., treatment, research) Binding: PurposeOfUse (extensible) |
| code |
SΣ | 0..* | CodeableConcept | Categories of information subject to consent Binding: ConsentContentCodes (example): If this code is found in an instance, then the exception applies. |
| Documentation for this format | ||||
Terminology Bindings
| Path | Status | Usage | ValueSet | Version | Source |
| Consent.status | Base | required | ConsentState | 📍4.0.1 | FHIR Std. |
| Consent.scope | Base | extensible | Consent Scope Codes | 📍4.0.1 | FHIR Std. |
| Consent.category | Base | extensible | Consent Category Codes | 📦4.0.1 | FHIR Std. |
| Consent.provision.type | Base | required | ConsentProvisionType | 📍4.0.1 | FHIR Std. |
| Consent.provision.actor.role | Base | extensible | ParticipationType | 📦3.0.0 | THO v7.1 |
| Consent.provision.action | Base | required | Consent Action Codes | 📦1.0.1 | THO v7.1 |
| Consent.provision.purpose | Base | extensible | PurposeOfUse | 📦3.1.0 | THO v7.1 |
| Consent.provision.code | Base | example | Consent Content Codes | 📍4.0.1 | FHIR Std. |
Constraints
| Id | Grade | Path(s) | Description | Expression |
| dom-2 | error | Consent | If the resource is contained in another resource, it SHALL NOT contain nested Resources |
contained.contained.empty()
|
| dom-3 | error | Consent | If the resource is contained in another resource, it SHALL be referred to from elsewhere in the resource or SHALL refer to the containing resource |
contained.where((('#'+id in (%resource.descendants().reference | %resource.descendants().as(canonical) | %resource.descendants().as(uri) | %resource.descendants().as(url))) or descendants().where(reference = '#').exists() or descendants().where(as(canonical) = '#').exists() or descendants().where(as(canonical) = '#').exists()).not()).trace('unmatched', id).empty()
|
| dom-4 | error | Consent | If a resource is contained in another resource, it SHALL NOT have a meta.versionId or a meta.lastUpdated |
contained.meta.versionId.empty() and contained.meta.lastUpdated.empty()
|
| dom-5 | error | Consent | If a resource is contained in another resource, it SHALL NOT have a security label |
contained.meta.security.empty()
|
| dom-6 | best practice | Consent | A resource should have narrative for robust management |
text.`div`.exists()
|
| ele-1 | error | **ALL** elements | All FHIR elements must have a @value or children |
hasValue() or (children().count() > id.count())
|
| ext-1 | error | **ALL** extensions | Must have either extensions or value[x], not both |
extension.exists() != value.exists()
|
| ppc-1 | error | Consent | Either a Policy or PolicyRule |
policy.exists() or policyRule.exists()
|
| ppc-2 | error | Consent | IF Scope=privacy, there must be a patient |
patient.exists() or scope.coding.where(system='something' and code='patient-privacy').exists().not()
|
| ppc-3 | error | Consent | IF Scope=research, there must be a patient |
patient.exists() or scope.coding.where(system='something' and code='research').exists().not()
|
| ppc-4 | error | Consent | IF Scope=adr, there must be a patient |
patient.exists() or scope.coding.where(system='something' and code='adr').exists().not()
|
| ppc-5 | error | Consent | IF Scope=treatment, there must be a patient |
patient.exists() or scope.coding.where(system='something' and code='treatment').exists().not()
|
This structure is derived from Consent
| Name | Flags | Card. | Type | Description & Constraints Filter: |
|---|---|---|---|---|
| Consent |
0..* | Consent | A healthcare consumer's choices to permit or deny recipients or roles to perform actions for specific purposes and periods of time | |
 status |
S | 1..1 | code | draft | proposed | active | rejected | inactive | entered-in-error |
| scope |
S | 1..1 | CodeableConcept | Purpose of consent (e.g., patient privacy) Required Pattern: At least the following |
| coding |
1..* | Coding | Code defined by a terminology system Fixed Value: (Complex) | |
| system |
1..1 | uri | Identity of the terminology system Fixed Value: http://terminology.hl7.org/CodeSystem/consentscope | |
| code |
1..1 | code | Symbol in syntax defined by the system Fixed Value: patient-privacy | |
| category |
S | 1..* | CodeableConcept | Specific category of consent (e.g., patient consent, privacy policy) Binding: ConsentCategoryCodes (extensible) |
| patient |
S | 1..1 | Reference(PGHD_Patient) | Patient to whom the consent refers |
| dateTime |
0..1 | dateTime | Date and time when the consent was recorded | |
| Slices for source[x] |
0..1 | Attachment, Reference(Consent | DocumentReference | Contract | QuestionnaireResponse) | Source from which this consent is taken Slice: Unordered, Open by type:$this | |
| source[x]:sourceAttachment |
S | 0..1 | Attachment | Attachment containing a copy of the signed or informational document |
| policy |
S | 1..* | BackboneElement | Reference to the applicable legislation or internal policy (e.g., GDPR,other policy) |
| provision |
S | 0..1 | BackboneElement | Details of the consent provision, including actors, purposes, and validity |
| type |
0..1 | code | deny | permit Required Pattern: permit | |
| period |
S | 0..1 | Period | Period of validity of consent |
| actor |
S | 1..* | BackboneElement | Actors to whom the provision applies (e.g., doctor, patient, organization) |
| role |
1..1 | CodeableConcept | How the actor is involved Binding: ParticipationType (extensible) | |
| reference |
1..1 | Reference(Practitioner | Organization) | Organization authorized to access patient data | |
| action |
0..* | CodeableConcept | Actions controlled by this rule Binding: Consent Action Codes (required) | |
| purpose |
S | 1..* | Coding | Purposes for which data processing is authorized (e.g., treatment, research) Binding: PurposeOfUse (extensible) |
| code |
S | 0..* | CodeableConcept | Categories of information subject to consent |
| Documentation for this format | ||||
Terminology Bindings (Differential)
| Path | Status | Usage | ValueSet | Version | Source |
| Consent.category | Base | extensible | Consent Category Codes | 📦4.0.1 | FHIR Std. |
| Consent.provision.actor.role | Base | extensible | ParticipationType | 📦3.0.0 | THO v7.1 |
| Consent.provision.action | Base | required | Consent Action Codes | 📦1.0.1 | THO v7.1 |
| Consent.provision.purpose | Base | extensible | PurposeOfUse | 📦3.1.0 | THO v7.1 |
| Name | Flags | Card. | Type | Description & Constraints Filter: | ||||
|---|---|---|---|---|---|---|---|---|
| Consent |
C | 0..* | Consent | A healthcare consumer's choices to permit or deny recipients or roles to perform actions for specific purposes and periods of time Constraints: ppc-1, ppc-2, ppc-3, ppc-4, ppc-5 | ||||
| id |
Σ | 0..1 | id | Logical id of this artifact | ||||
| meta |
Σ | 0..1 | Meta | Metadata about the resource | ||||
| implicitRules |
?!Σ | 0..1 | uri | A set of rules under which this content was created | ||||
| language |
0..1 | code | Language of the resource content Binding: CommonLanguages (preferred): A human language.
| |||||
| text |
0..1 | Narrative | Text summary of the resource, for human interpretation This profile does not constrain the narrative in regard to content, language, or traceability to data elements | |||||
| contained |
0..* | Resource | Contained, inline Resources | |||||
 extension |
0..* | Extension | Additional content defined by implementations | |||||
| modifierExtension |
?! | 0..* | Extension | Extensions that cannot be ignored | ||||
| identifier |
Σ | 0..* | Identifier | Identifier for this record (external references) Example General: {"system":"http://acme.org/identifier/local/eCMS","value":"Local eCMS identifier"} | ||||
| status |
?!SΣ | 1..1 | code | draft | proposed | active | rejected | inactive | entered-in-error Binding: ConsentState (required): Indicates the state of the consent. | ||||
| scope |
?!SΣ | 1..1 | CodeableConcept | Purpose of consent (e.g., patient privacy) Binding: ConsentScopeCodes (extensible): The four anticipated uses for the Consent Resource. Required Pattern: At least the following | ||||
| id |
0..1 | string | Unique id for inter-element referencing | |||||
| extension |
0..* | Extension | Additional content defined by implementations | |||||
| coding |
1..* | Coding | Code defined by a terminology system Fixed Value: (Complex) | |||||
| id |
0..1 | string | Unique id for inter-element referencing | |||||
| extension |
0..* | Extension | Additional content defined by implementations | |||||
| system |
1..1 | uri | Identity of the terminology system Fixed Value: http://terminology.hl7.org/CodeSystem/consentscope | |||||
| version |
0..1 | string | Version of the system - if relevant | |||||
| code |
1..1 | code | Symbol in syntax defined by the system Fixed Value: patient-privacy | |||||
| display |
0..1 | string | Representation defined by the system | |||||
| userSelected |
0..1 | boolean | If this coding was chosen directly by the user | |||||
| text |
0..1 | string | Plain text representation of the concept | |||||
| category |
SΣ | 1..* | CodeableConcept | Specific category of consent (e.g., patient consent, privacy policy) Binding: ConsentCategoryCodes (extensible) | ||||
| patient |
SΣ | 1..1 | Reference(PGHD_Patient) | Patient to whom the consent refers | ||||
| dateTime |
Σ | 0..1 | dateTime | Date and time when the consent was recorded | ||||
| performer |
Σ | 0..* | Reference(Organization | Patient | Practitioner | RelatedPerson | PractitionerRole) | Who is agreeing to the policy and rules | ||||
| organization |
Σ | 0..* | Reference(Organization) | Custodian of the consent | ||||
| Slices for source[x] |
Σ | 0..1 | Source from which this consent is taken Slice: Unordered, Open by type:$this | |||||
| sourceAttachment |
Attachment | |||||||
| sourceReference |
Reference(Consent | DocumentReference | Contract | QuestionnaireResponse) | |||||||
| source[x]:sourceAttachment |
SΣ | 0..1 | Attachment | Attachment containing a copy of the signed or informational document | ||||
| policy |
S | 1..* | BackboneElement | Reference to the applicable legislation or internal policy (e.g., GDPR,other policy) | ||||
| id |
0..1 | string | Unique id for inter-element referencing | |||||
| extension |
0..* | Extension | Additional content defined by implementations | |||||
| modifierExtension |
?!Σ | 0..* | Extension | Extensions that cannot be ignored even if unrecognized | ||||
| authority |
C | 0..1 | uri | Enforcement source for policy | ||||
| uri |
C | 0..1 | uri | Specific policy covered by this consent | ||||
| policyRule |
ΣC | 0..1 | CodeableConcept | Regulation that this consents to Binding: ConsentPolicyRuleCodes (extensible): Regulatory policy examples. | ||||
| verification |
Σ | 0..* | BackboneElement | Consent Verified by patient or family | ||||
| id |
0..1 | string | Unique id for inter-element referencing | |||||
| extension |
0..* | Extension | Additional content defined by implementations | |||||
| modifierExtension |
?!Σ | 0..* | Extension | Extensions that cannot be ignored even if unrecognized | ||||
| verified |
Σ | 1..1 | boolean | Has been verified | ||||
| verifiedWith |
0..1 | Reference(Patient | RelatedPerson) | Person who verified | |||||
| verificationDate |
0..1 | dateTime | When consent verified | |||||
| provision |
SΣ | 0..1 | BackboneElement | Details of the consent provision, including actors, purposes, and validity | ||||
| id |
0..1 | string | Unique id for inter-element referencing | |||||
| extension |
0..* | Extension | Additional content defined by implementations | |||||
| modifierExtension |
?!Σ | 0..* | Extension | Extensions that cannot be ignored even if unrecognized | ||||
| type |
Σ | 0..1 | code | deny | permit Binding: ConsentProvisionType (required): How a rule statement is applied, such as adding additional consent or removing consent. Required Pattern: permit | ||||
| period |
SΣ | 0..1 | Period | Period of validity of consent | ||||
| actor |
S | 1..* | BackboneElement | Actors to whom the provision applies (e.g., doctor, patient, organization) | ||||
| id |
0..1 | string | Unique id for inter-element referencing | |||||
| extension |
0..* | Extension | Additional content defined by implementations | |||||
| modifierExtension |
?!Σ | 0..* | Extension | Extensions that cannot be ignored even if unrecognized | ||||
| role |
1..1 | CodeableConcept | How the actor is involved Binding: ParticipationType (extensible) | |||||
| reference |
1..1 | Reference(Practitioner | Organization) | Organization authorized to access patient data | |||||
| action |
Σ | 0..* | CodeableConcept | Actions controlled by this rule Binding: Consent Action Codes (required) | ||||
| securityLabel |
Σ | 0..* | Coding | Security Labels that define affected resources Binding: All Security Labels (extensible): Security Labels from the Healthcare Privacy and Security Classification System. | ||||
| purpose |
SΣ | 1..* | Coding | Purposes for which data processing is authorized (e.g., treatment, research) Binding: PurposeOfUse (extensible) | ||||
| class |
Σ | 0..* | Coding | e.g. Resource Type, Profile, CDA, etc. Binding: ConsentContentClass (extensible): The class (type) of information a consent rule covers. | ||||
| code |
SΣ | 0..* | CodeableConcept | Categories of information subject to consent Binding: ConsentContentCodes (example): If this code is found in an instance, then the exception applies. | ||||
| dataPeriod |
Σ | 0..1 | Period | Timeframe for data controlled by this rule | ||||
| data |
Σ | 0..* | BackboneElement | Data controlled by this rule | ||||
| id |
0..1 | string | Unique id for inter-element referencing | |||||
| extension |
0..* | Extension | Additional content defined by implementations | |||||
| modifierExtension |
?!Σ | 0..* | Extension | Extensions that cannot be ignored even if unrecognized | ||||
| meaning |
Σ | 1..1 | code | instance | related | dependents | authoredby Binding: ConsentDataMeaning (required): How a resource reference is interpreted when testing consent restrictions. | ||||
| reference |
Σ | 1..1 | Reference(Resource) | The actual data reference | ||||
| provision |
0..* | See provision (Consent) | Nested Exception Rules | |||||
| Documentation for this format | ||||||||
Terminology Bindings
| Path | Status | Usage | ValueSet | Version | Source |
| Consent.language | Base | preferred | Common Languages | 📍4.0.1 | FHIR Std. |
| Consent.status | Base | required | ConsentState | 📍4.0.1 | FHIR Std. |
| Consent.scope | Base | extensible | Consent Scope Codes | 📍4.0.1 | FHIR Std. |
| Consent.category | Base | extensible | Consent Category Codes | 📦4.0.1 | FHIR Std. |
| Consent.policyRule | Base | extensible | Consent PolicyRule Codes | 📍4.0.1 | FHIR Std. |
| Consent.provision.type | Base | required | ConsentProvisionType | 📍4.0.1 | FHIR Std. |
| Consent.provision.actor.role | Base | extensible | ParticipationType | 📦3.0.0 | THO v7.1 |
| Consent.provision.action | Base | required | Consent Action Codes | 📦1.0.1 | THO v7.1 |
| Consent.provision.securityLabel | Base | extensible | SecurityLabels | 📍4.0.1 | FHIR Std. |
| Consent.provision.purpose | Base | extensible | PurposeOfUse | 📦3.1.0 | THO v7.1 |
| Consent.provision.class | Base | extensible | Consent Content Class | 📍4.0.1 | FHIR Std. |
| Consent.provision.code | Base | example | Consent Content Codes | 📍4.0.1 | FHIR Std. |
| Consent.provision.data.meaning | Base | required | ConsentDataMeaning | 📍4.0.1 | FHIR Std. |
Constraints
| Id | Grade | Path(s) | Description | Expression |
| dom-2 | error | Consent | If the resource is contained in another resource, it SHALL NOT contain nested Resources |
contained.contained.empty()
|
| dom-3 | error | Consent | If the resource is contained in another resource, it SHALL be referred to from elsewhere in the resource or SHALL refer to the containing resource |
contained.where((('#'+id in (%resource.descendants().reference | %resource.descendants().as(canonical) | %resource.descendants().as(uri) | %resource.descendants().as(url))) or descendants().where(reference = '#').exists() or descendants().where(as(canonical) = '#').exists() or descendants().where(as(canonical) = '#').exists()).not()).trace('unmatched', id).empty()
|
| dom-4 | error | Consent | If a resource is contained in another resource, it SHALL NOT have a meta.versionId or a meta.lastUpdated |
contained.meta.versionId.empty() and contained.meta.lastUpdated.empty()
|
| dom-5 | error | Consent | If a resource is contained in another resource, it SHALL NOT have a security label |
contained.meta.security.empty()
|
| dom-6 | best practice | Consent | A resource should have narrative for robust management |
text.`div`.exists()
|
| ele-1 | error | **ALL** elements | All FHIR elements must have a @value or children |
hasValue() or (children().count() > id.count())
|
| ext-1 | error | **ALL** extensions | Must have either extensions or value[x], not both |
extension.exists() != value.exists()
|
| ppc-1 | error | Consent | Either a Policy or PolicyRule |
policy.exists() or policyRule.exists()
|
| ppc-2 | error | Consent | IF Scope=privacy, there must be a patient |
patient.exists() or scope.coding.where(system='something' and code='patient-privacy').exists().not()
|
| ppc-3 | error | Consent | IF Scope=research, there must be a patient |
patient.exists() or scope.coding.where(system='something' and code='research').exists().not()
|
| ppc-4 | error | Consent | IF Scope=adr, there must be a patient |
patient.exists() or scope.coding.where(system='something' and code='adr').exists().not()
|
| ppc-5 | error | Consent | IF Scope=treatment, there must be a patient |
patient.exists() or scope.coding.where(system='something' and code='treatment').exists().not()
|
Key Elements View
| Name | Flags | Card. | Type | Description & Constraints Filter: |
|---|---|---|---|---|
| Consent |
C | 0..* | Consent | A healthcare consumer's choices to permit or deny recipients or roles to perform actions for specific purposes and periods of time Constraints: ppc-1, ppc-2, ppc-3, ppc-4, ppc-5 |
| implicitRules |
?!Σ | 0..1 | uri | A set of rules under which this content was created |
| modifierExtension |
?! | 0..* | Extension | Extensions that cannot be ignored |
| status |
?!SΣ | 1..1 | code | draft | proposed | active | rejected | inactive | entered-in-error Binding: ConsentState (required): Indicates the state of the consent. |
| scope |
?!SΣ | 1..1 | CodeableConcept | Purpose of consent (e.g., patient privacy) Binding: ConsentScopeCodes (extensible): The four anticipated uses for the Consent Resource. Required Pattern: At least the following |
| id |
0..1 | string | Unique id for inter-element referencing | |
| extension |
0..* | Extension | Additional content defined by implementations | |
| coding |
1..* | Coding | Code defined by a terminology system Fixed Value: (Complex) | |
| id |
0..1 | string | Unique id for inter-element referencing | |
| extension |
0..* | Extension | Additional content defined by implementations | |
| system |
1..1 | uri | Identity of the terminology system Fixed Value: http://terminology.hl7.org/CodeSystem/consentscope | |
| version |
0..1 | string | Version of the system - if relevant | |
| code |
1..1 | code | Symbol in syntax defined by the system Fixed Value: patient-privacy | |
| display |
0..1 | string | Representation defined by the system | |
| userSelected |
0..1 | boolean | If this coding was chosen directly by the user | |
| text |
0..1 | string | Plain text representation of the concept | |
| category |
SΣ | 1..* | CodeableConcept | Specific category of consent (e.g., patient consent, privacy policy) Binding: ConsentCategoryCodes (extensible) |
| patient |
SΣ | 1..1 | Reference(PGHD_Patient) | Patient to whom the consent refers |
| dateTime |
Σ | 0..1 | dateTime | Date and time when the consent was recorded |
| Slices for source[x] |
Σ | 0..1 | Source from which this consent is taken Slice: Unordered, Open by type:$this | |
| sourceAttachment |
Attachment | |||
| sourceReference |
Reference(Consent | DocumentReference | Contract | QuestionnaireResponse) | |||
| source[x]:sourceAttachment |
SΣ | 0..1 | Attachment | Attachment containing a copy of the signed or informational document |
| policy |
S | 1..* | BackboneElement | Reference to the applicable legislation or internal policy (e.g., GDPR,other policy) |
| modifierExtension |
?!Σ | 0..* | Extension | Extensions that cannot be ignored even if unrecognized |
| provision |
SΣ | 0..1 | BackboneElement | Details of the consent provision, including actors, purposes, and validity |
| modifierExtension |
?!Σ | 0..* | Extension | Extensions that cannot be ignored even if unrecognized |
| type |
Σ | 0..1 | code | deny | permit Binding: ConsentProvisionType (required): How a rule statement is applied, such as adding additional consent or removing consent. Required Pattern: permit |
| period |
SΣ | 0..1 | Period | Period of validity of consent |
| actor |
S | 1..* | BackboneElement | Actors to whom the provision applies (e.g., doctor, patient, organization) |
| modifierExtension |
?!Σ | 0..* | Extension | Extensions that cannot be ignored even if unrecognized |
| role |
1..1 | CodeableConcept | How the actor is involved Binding: ParticipationType (extensible) | |
| reference |
1..1 | Reference(Practitioner | Organization) | Organization authorized to access patient data | |
| action |
Σ | 0..* | CodeableConcept | Actions controlled by this rule Binding: Consent Action Codes (required) |
| purpose |
SΣ | 1..* | Coding | Purposes for which data processing is authorized (e.g., treatment, research) Binding: PurposeOfUse (extensible) |
| code |
SΣ | 0..* | CodeableConcept | Categories of information subject to consent Binding: ConsentContentCodes (example): If this code is found in an instance, then the exception applies. |
| Documentation for this format | ||||
Terminology Bindings
| Path | Status | Usage | ValueSet | Version | Source |
| Consent.status | Base | required | ConsentState | 📍4.0.1 | FHIR Std. |
| Consent.scope | Base | extensible | Consent Scope Codes | 📍4.0.1 | FHIR Std. |
| Consent.category | Base | extensible | Consent Category Codes | 📦4.0.1 | FHIR Std. |
| Consent.provision.type | Base | required | ConsentProvisionType | 📍4.0.1 | FHIR Std. |
| Consent.provision.actor.role | Base | extensible | ParticipationType | 📦3.0.0 | THO v7.1 |
| Consent.provision.action | Base | required | Consent Action Codes | 📦1.0.1 | THO v7.1 |
| Consent.provision.purpose | Base | extensible | PurposeOfUse | 📦3.1.0 | THO v7.1 |
| Consent.provision.code | Base | example | Consent Content Codes | 📍4.0.1 | FHIR Std. |
Constraints
| Id | Grade | Path(s) | Description | Expression |
| dom-2 | error | Consent | If the resource is contained in another resource, it SHALL NOT contain nested Resources |
contained.contained.empty()
|
| dom-3 | error | Consent | If the resource is contained in another resource, it SHALL be referred to from elsewhere in the resource or SHALL refer to the containing resource |
contained.where((('#'+id in (%resource.descendants().reference | %resource.descendants().as(canonical) | %resource.descendants().as(uri) | %resource.descendants().as(url))) or descendants().where(reference = '#').exists() or descendants().where(as(canonical) = '#').exists() or descendants().where(as(canonical) = '#').exists()).not()).trace('unmatched', id).empty()
|
| dom-4 | error | Consent | If a resource is contained in another resource, it SHALL NOT have a meta.versionId or a meta.lastUpdated |
contained.meta.versionId.empty() and contained.meta.lastUpdated.empty()
|
| dom-5 | error | Consent | If a resource is contained in another resource, it SHALL NOT have a security label |
contained.meta.security.empty()
|
| dom-6 | best practice | Consent | A resource should have narrative for robust management |
text.`div`.exists()
|
| ele-1 | error | **ALL** elements | All FHIR elements must have a @value or children |
hasValue() or (children().count() > id.count())
|
| ext-1 | error | **ALL** extensions | Must have either extensions or value[x], not both |
extension.exists() != value.exists()
|
| ppc-1 | error | Consent | Either a Policy or PolicyRule |
policy.exists() or policyRule.exists()
|
| ppc-2 | error | Consent | IF Scope=privacy, there must be a patient |
patient.exists() or scope.coding.where(system='something' and code='patient-privacy').exists().not()
|
| ppc-3 | error | Consent | IF Scope=research, there must be a patient |
patient.exists() or scope.coding.where(system='something' and code='research').exists().not()
|
| ppc-4 | error | Consent | IF Scope=adr, there must be a patient |
patient.exists() or scope.coding.where(system='something' and code='adr').exists().not()
|
| ppc-5 | error | Consent | IF Scope=treatment, there must be a patient |
patient.exists() or scope.coding.where(system='something' and code='treatment').exists().not()
|
Differential View
This structure is derived from Consent
| Name | Flags | Card. | Type | Description & Constraints Filter: |
|---|---|---|---|---|
| Consent |
0..* | Consent | A healthcare consumer's choices to permit or deny recipients or roles to perform actions for specific purposes and periods of time | |
| status |
S | 1..1 | code | draft | proposed | active | rejected | inactive | entered-in-error |
| scope |
S | 1..1 | CodeableConcept | Purpose of consent (e.g., patient privacy) Required Pattern: At least the following |
| coding |
1..* | Coding | Code defined by a terminology system Fixed Value: (Complex) | |
| system |
1..1 | uri | Identity of the terminology system Fixed Value: http://terminology.hl7.org/CodeSystem/consentscope | |
| code |
1..1 | code | Symbol in syntax defined by the system Fixed Value: patient-privacy | |
| category |
S | 1..* | CodeableConcept | Specific category of consent (e.g., patient consent, privacy policy) Binding: ConsentCategoryCodes (extensible) |
| patient |
S | 1..1 | Reference(PGHD_Patient) | Patient to whom the consent refers |
| dateTime |
0..1 | dateTime | Date and time when the consent was recorded | |
| Slices for source[x] |
0..1 | Attachment, Reference(Consent | DocumentReference | Contract | QuestionnaireResponse) | Source from which this consent is taken Slice: Unordered, Open by type:$this | |
| source[x]:sourceAttachment |
S | 0..1 | Attachment | Attachment containing a copy of the signed or informational document |
| policy |
S | 1..* | BackboneElement | Reference to the applicable legislation or internal policy (e.g., GDPR,other policy) |
| provision |
S | 0..1 | BackboneElement | Details of the consent provision, including actors, purposes, and validity |
| type |
0..1 | code | deny | permit Required Pattern: permit | |
| period |
S | 0..1 | Period | Period of validity of consent |
| actor |
S | 1..* | BackboneElement | Actors to whom the provision applies (e.g., doctor, patient, organization) |
| role |
1..1 | CodeableConcept | How the actor is involved Binding: ParticipationType (extensible) | |
| reference |
1..1 | Reference(Practitioner | Organization) | Organization authorized to access patient data | |
| action |
0..* | CodeableConcept | Actions controlled by this rule Binding: Consent Action Codes (required) | |
| purpose |
S | 1..* | Coding | Purposes for which data processing is authorized (e.g., treatment, research) Binding: PurposeOfUse (extensible) |
| code |
S | 0..* | CodeableConcept | Categories of information subject to consent |
| Documentation for this format | ||||
Terminology Bindings (Differential)
| Path | Status | Usage | ValueSet | Version | Source |
| Consent.category | Base | extensible | Consent Category Codes | 📦4.0.1 | FHIR Std. |
| Consent.provision.actor.role | Base | extensible | ParticipationType | 📦3.0.0 | THO v7.1 |
| Consent.provision.action | Base | required | Consent Action Codes | 📦1.0.1 | THO v7.1 |
| Consent.provision.purpose | Base | extensible | PurposeOfUse | 📦3.1.0 | THO v7.1 |
Snapshot View
| Name | Flags | Card. | Type | Description & Constraints Filter: | ||||
|---|---|---|---|---|---|---|---|---|
| Consent |
C | 0..* | Consent | A healthcare consumer's choices to permit or deny recipients or roles to perform actions for specific purposes and periods of time Constraints: ppc-1, ppc-2, ppc-3, ppc-4, ppc-5 | ||||
| id |
Σ | 0..1 | id | Logical id of this artifact | ||||
| meta |
Σ | 0..1 | Meta | Metadata about the resource | ||||
| implicitRules |
?!Σ | 0..1 | uri | A set of rules under which this content was created | ||||
| language |
0..1 | code | Language of the resource content Binding: CommonLanguages (preferred): A human language.
| |||||
| text |
0..1 | Narrative | Text summary of the resource, for human interpretation This profile does not constrain the narrative in regard to content, language, or traceability to data elements | |||||
| contained |
0..* | Resource | Contained, inline Resources | |||||
| extension |
0..* | Extension | Additional content defined by implementations | |||||
| modifierExtension |
?! | 0..* | Extension | Extensions that cannot be ignored | ||||
| identifier |
Σ | 0..* | Identifier | Identifier for this record (external references) Example General: {"system":"http://acme.org/identifier/local/eCMS","value":"Local eCMS identifier"} | ||||
| status |
?!SΣ | 1..1 | code | draft | proposed | active | rejected | inactive | entered-in-error Binding: ConsentState (required): Indicates the state of the consent. | ||||
| scope |
?!SΣ | 1..1 | CodeableConcept | Purpose of consent (e.g., patient privacy) Binding: ConsentScopeCodes (extensible): The four anticipated uses for the Consent Resource. Required Pattern: At least the following | ||||
| id |
0..1 | string | Unique id for inter-element referencing | |||||
| extension |
0..* | Extension | Additional content defined by implementations | |||||
| coding |
1..* | Coding | Code defined by a terminology system Fixed Value: (Complex) | |||||
| id |
0..1 | string | Unique id for inter-element referencing | |||||
| extension |
0..* | Extension | Additional content defined by implementations | |||||
| system |
1..1 | uri | Identity of the terminology system Fixed Value: http://terminology.hl7.org/CodeSystem/consentscope | |||||
| version |
0..1 | string | Version of the system - if relevant | |||||
| code |
1..1 | code | Symbol in syntax defined by the system Fixed Value: patient-privacy | |||||
| display |
0..1 | string | Representation defined by the system | |||||
| userSelected |
0..1 | boolean | If this coding was chosen directly by the user | |||||
| text |
0..1 | string | Plain text representation of the concept | |||||
| category |
SΣ | 1..* | CodeableConcept | Specific category of consent (e.g., patient consent, privacy policy) Binding: ConsentCategoryCodes (extensible) | ||||
| patient |
SΣ | 1..1 | Reference(PGHD_Patient) | Patient to whom the consent refers | ||||
| dateTime |
Σ | 0..1 | dateTime | Date and time when the consent was recorded | ||||
| performer |
Σ | 0..* | Reference(Organization | Patient | Practitioner | RelatedPerson | PractitionerRole) | Who is agreeing to the policy and rules | ||||
| organization |
Σ | 0..* | Reference(Organization) | Custodian of the consent | ||||
| Slices for source[x] |
Σ | 0..1 | Source from which this consent is taken Slice: Unordered, Open by type:$this | |||||
| sourceAttachment |
Attachment | |||||||
| sourceReference |
Reference(Consent | DocumentReference | Contract | QuestionnaireResponse) | |||||||
| source[x]:sourceAttachment |
SΣ | 0..1 | Attachment | Attachment containing a copy of the signed or informational document | ||||
| policy |
S | 1..* | BackboneElement | Reference to the applicable legislation or internal policy (e.g., GDPR,other policy) | ||||
| id |
0..1 | string | Unique id for inter-element referencing | |||||
| extension |
0..* | Extension | Additional content defined by implementations | |||||
| modifierExtension |
?!Σ | 0..* | Extension | Extensions that cannot be ignored even if unrecognized | ||||
| authority |
C | 0..1 | uri | Enforcement source for policy | ||||
| uri |
C | 0..1 | uri | Specific policy covered by this consent | ||||
| policyRule |
ΣC | 0..1 | CodeableConcept | Regulation that this consents to Binding: ConsentPolicyRuleCodes (extensible): Regulatory policy examples. | ||||
| verification |
Σ | 0..* | BackboneElement | Consent Verified by patient or family | ||||
| id |
0..1 | string | Unique id for inter-element referencing | |||||
| extension |
0..* | Extension | Additional content defined by implementations | |||||
| modifierExtension |
?!Σ | 0..* | Extension | Extensions that cannot be ignored even if unrecognized | ||||
| verified |
Σ | 1..1 | boolean | Has been verified | ||||
| verifiedWith |
0..1 | Reference(Patient | RelatedPerson) | Person who verified | |||||
| verificationDate |
0..1 | dateTime | When consent verified | |||||
| provision |
SΣ | 0..1 | BackboneElement | Details of the consent provision, including actors, purposes, and validity | ||||
| id |
0..1 | string | Unique id for inter-element referencing | |||||
| extension |
0..* | Extension | Additional content defined by implementations | |||||
| modifierExtension |
?!Σ | 0..* | Extension | Extensions that cannot be ignored even if unrecognized | ||||
| type |
Σ | 0..1 | code | deny | permit Binding: ConsentProvisionType (required): How a rule statement is applied, such as adding additional consent or removing consent. Required Pattern: permit | ||||
| period |
SΣ | 0..1 | Period | Period of validity of consent | ||||
| actor |
S | 1..* | BackboneElement | Actors to whom the provision applies (e.g., doctor, patient, organization) | ||||
| id |
0..1 | string | Unique id for inter-element referencing | |||||
| extension |
0..* | Extension | Additional content defined by implementations | |||||
| modifierExtension |
?!Σ | 0..* | Extension | Extensions that cannot be ignored even if unrecognized | ||||
| role |
1..1 | CodeableConcept | How the actor is involved Binding: ParticipationType (extensible) | |||||
| reference |
1..1 | Reference(Practitioner | Organization) | Organization authorized to access patient data | |||||
| action |
Σ | 0..* | CodeableConcept | Actions controlled by this rule Binding: Consent Action Codes (required) | ||||
| securityLabel |
Σ | 0..* | Coding | Security Labels that define affected resources Binding: All Security Labels (extensible): Security Labels from the Healthcare Privacy and Security Classification System. | ||||
| purpose |
SΣ | 1..* | Coding | Purposes for which data processing is authorized (e.g., treatment, research) Binding: PurposeOfUse (extensible) | ||||
| class |
Σ | 0..* | Coding | e.g. Resource Type, Profile, CDA, etc. Binding: ConsentContentClass (extensible): The class (type) of information a consent rule covers. | ||||
| code |
SΣ | 0..* | CodeableConcept | Categories of information subject to consent Binding: ConsentContentCodes (example): If this code is found in an instance, then the exception applies. | ||||
| dataPeriod |
Σ | 0..1 | Period | Timeframe for data controlled by this rule | ||||
| data |
Σ | 0..* | BackboneElement | Data controlled by this rule | ||||
| id |
0..1 | string | Unique id for inter-element referencing | |||||
| extension |
0..* | Extension | Additional content defined by implementations | |||||
| modifierExtension |
?!Σ | 0..* | Extension | Extensions that cannot be ignored even if unrecognized | ||||
| meaning |
Σ | 1..1 | code | instance | related | dependents | authoredby Binding: ConsentDataMeaning (required): How a resource reference is interpreted when testing consent restrictions. | ||||
| reference |
Σ | 1..1 | Reference(Resource) | The actual data reference | ||||
| provision |
0..* | See provision (Consent) | Nested Exception Rules | |||||
| Documentation for this format | ||||||||
Terminology Bindings
| Path | Status | Usage | ValueSet | Version | Source |
| Consent.language | Base | preferred | Common Languages | 📍4.0.1 | FHIR Std. |
| Consent.status | Base | required | ConsentState | 📍4.0.1 | FHIR Std. |
| Consent.scope | Base | extensible | Consent Scope Codes | 📍4.0.1 | FHIR Std. |
| Consent.category | Base | extensible | Consent Category Codes | 📦4.0.1 | FHIR Std. |
| Consent.policyRule | Base | extensible | Consent PolicyRule Codes | 📍4.0.1 | FHIR Std. |
| Consent.provision.type | Base | required | ConsentProvisionType | 📍4.0.1 | FHIR Std. |
| Consent.provision.actor.role | Base | extensible | ParticipationType | 📦3.0.0 | THO v7.1 |
| Consent.provision.action | Base | required | Consent Action Codes | 📦1.0.1 | THO v7.1 |
| Consent.provision.securityLabel | Base | extensible | SecurityLabels | 📍4.0.1 | FHIR Std. |
| Consent.provision.purpose | Base | extensible | PurposeOfUse | 📦3.1.0 | THO v7.1 |
| Consent.provision.class | Base | extensible | Consent Content Class | 📍4.0.1 | FHIR Std. |
| Consent.provision.code | Base | example | Consent Content Codes | 📍4.0.1 | FHIR Std. |
| Consent.provision.data.meaning | Base | required | ConsentDataMeaning | 📍4.0.1 | FHIR Std. |
Constraints
| Id | Grade | Path(s) | Description | Expression |
| dom-2 | error | Consent | If the resource is contained in another resource, it SHALL NOT contain nested Resources |
contained.contained.empty()
|
| dom-3 | error | Consent | If the resource is contained in another resource, it SHALL be referred to from elsewhere in the resource or SHALL refer to the containing resource |
contained.where((('#'+id in (%resource.descendants().reference | %resource.descendants().as(canonical) | %resource.descendants().as(uri) | %resource.descendants().as(url))) or descendants().where(reference = '#').exists() or descendants().where(as(canonical) = '#').exists() or descendants().where(as(canonical) = '#').exists()).not()).trace('unmatched', id).empty()
|
| dom-4 | error | Consent | If a resource is contained in another resource, it SHALL NOT have a meta.versionId or a meta.lastUpdated |
contained.meta.versionId.empty() and contained.meta.lastUpdated.empty()
|
| dom-5 | error | Consent | If a resource is contained in another resource, it SHALL NOT have a security label |
contained.meta.security.empty()
|
| dom-6 | best practice | Consent | A resource should have narrative for robust management |
text.`div`.exists()
|
| ele-1 | error | **ALL** elements | All FHIR elements must have a @value or children |
hasValue() or (children().count() > id.count())
|
| ext-1 | error | **ALL** extensions | Must have either extensions or value[x], not both |
extension.exists() != value.exists()
|
| ppc-1 | error | Consent | Either a Policy or PolicyRule |
policy.exists() or policyRule.exists()
|
| ppc-2 | error | Consent | IF Scope=privacy, there must be a patient |
patient.exists() or scope.coding.where(system='something' and code='patient-privacy').exists().not()
|
| ppc-3 | error | Consent | IF Scope=research, there must be a patient |
patient.exists() or scope.coding.where(system='something' and code='research').exists().not()
|
| ppc-4 | error | Consent | IF Scope=adr, there must be a patient |
patient.exists() or scope.coding.where(system='something' and code='adr').exists().not()
|
| ppc-5 | error | Consent | IF Scope=treatment, there must be a patient |
patient.exists() or scope.coding.where(system='something' and code='treatment').exists().not()
|
Other representations of profile: CSV, Excel, Schematron