Onyx Consent Authorization SAFHIR Implementation and Operations Guide
0.0.2 - ci-build

Onyx Consent Authorization SAFHIR Implementation and Operations Guide - Local Development build (v0.0.2). See the Directory of published versions

Resource Profile: Consent for Member Data Exchange

Defining URL:http://ig.fhir.safhir.io/ig/safhir-ocasio/StructureDefinition/MemberExchangeConsent
Version:0.0.2
Name:MemberExchangeConsent
Title:Consent for Member Data Exchange
Status:Draft as of 2021-11-29T21:14:01+00:00
Definition:

Consent resource generated by a Health Plan after capturing the consent from a member to retrieve their health information from a prior health plan. The consent resource will capture the following information:

  • The member
  • The payer organization the member authorizes to retrieve their data
  • The payer organization from which the member data is to be retrieved
  • The scope of the data to be retrieved, whether all data or specific sensitive data categories are to be excluded
  • The duration of the sharing either one-time or for a period
  • An optional digital signature.
Publisher:Onyx Technology, LLC
Source Resource:XML / JSON / Turtle

The official URL for this profile is: 

http://ig.fhir.safhir.io/ig/safhir-ocasio/StructureDefinition/MemberExchangeConsent

Formal Views of Profile Content

Description of Profiles, Differentials, Snapshots and how the different presentations work.

This structure is derived from Consent

NameFlagsCard.TypeDescription & Constraintsdoco
.. Consent 0..*ConsentA healthcare consumer's choices to permit or deny recipients or roles to perform actions for specific purposes and periods of time
... status S1..1codedraft | proposed | active | rejected | inactive | entered-in-error
... scope S1..1CodeableConceptset scope to patient-privacy or research
Binding: Scopes for Patient Sharing (required)
... category S1..1CodeableConceptFixed Value: 64292-6 Release of information consent
.... coding 0..*CodingCode defined by a terminology system
Required Pattern: At least the following
..... system1..1uriIdentity of the terminology system
Fixed Value: http://loinc.org
..... code1..1codeSymbol in syntax defined by the system
Fixed Value: 64292-6
.... text 0..1stringPlain text representation of the concept
Required Pattern: Release of information consent
... dateTime S0..1dateTimeWhen this Consent was created or indexed
... performer S0..*Reference(US Core Patient Profile | US Core Organization Profile | RelatedPerson | US Core Practitioner Profile)Who is agreeing to the policy and rules
... organization 0..*Reference(US Core Organization Profile)Custodian of the consent
... verification S0..*BackboneElementConsent Verified by patient or family
.... verifiedWith 0..1Reference(US Core Patient Profile | RelatedPerson)Person who verified
... provision S0..1BackboneElementConstraints to the base Consent.policyRule
.... type S0..1codedeny | permit
.... period S1..1PeriodStart and End date/time of authorization grant
.... actor
..... role S1..1CodeableConceptHow the actor is involved
...... coding 0..*CodingCode defined by a terminology system
Required Pattern: At least the following
....... system1..1uriIdentity of the terminology system
Fixed Value: http://terminology.hl7.org/CodeSystem/v3-ParticipationType
....... code1..1codeSymbol in syntax defined by the system
Fixed Value: IRCP
..... reference S1..1Reference(US Core Organization Profile)Resource for the actor (or group, by role)
.... action S0..*CodeableConceptActions controlled by this rule
.... securityLabel S0..*CodingSecurity Labels that define affected resources
.... data S0..1BackboneElementData controlled by this rule
..... meaning S1..1codeFixed Value
Required Pattern: related
..... reference S1..1Reference(US Core Patient Profile)The actual data reference

doco Documentation for this format
NameFlagsCard.TypeDescription & Constraintsdoco
.. Consent I0..*ConsentA healthcare consumer's choices to permit or deny recipients or roles to perform actions for specific purposes and periods of time
... id Σ0..1stringLogical id of this artifact
... meta Σ0..1MetaMetadata about the resource
... implicitRules ?!Σ0..1uriA set of rules under which this content was created
... text 0..1NarrativeText summary of the resource, for human interpretation
... contained 0..*ResourceContained, inline Resources
... extension 0..*ExtensionAdditional content defined by implementations
... modifierExtension ?!0..*ExtensionExtensions that cannot be ignored
... identifier Σ0..*IdentifierIdentifier for this record (external references)

Example General: {"system":"urn:ietf:rfc:3986","value":"Local eCMS identifier"}
... status ?!SΣ1..1codedraft | proposed | active | rejected | inactive | entered-in-error
Binding: ConsentState (required): Indicates the state of the consent.

... scope ?!SΣ1..1CodeableConceptset scope to patient-privacy or research
Binding: Scopes for Patient Sharing (required)
... category SΣ1..1CodeableConceptFixed Value: 64292-6 Release of information consent
Binding: ConsentCategoryCodes (extensible): A classification of the type of consents found in a consent statement.


.... id 0..1stringUnique id for inter-element referencing
.... Slices for extension 0..*ExtensionAdditional content defined by implementations
Slice: Unordered, Open by value:url
.... coding Σ0..*CodingCode defined by a terminology system

Required Pattern: At least the following
..... id0..1stringUnique id for inter-element referencing
..... extension0..*ExtensionAdditional content defined by implementations
..... system1..1uriIdentity of the terminology system
Fixed Value: http://loinc.org
..... version0..1stringVersion of the system - if relevant
..... code1..1codeSymbol in syntax defined by the system
Fixed Value: 64292-6
..... display0..1stringRepresentation defined by the system
..... userSelected0..1booleanIf this coding was chosen directly by the user
.... text Σ0..1stringPlain text representation of the concept
Required Pattern: Release of information consent
... patient Σ0..1Reference(US Core Patient Profile)Who the consent applies to
... dateTime SΣ0..1dateTimeWhen this Consent was created or indexed
... performer SΣ0..*Reference(US Core Patient Profile | US Core Organization Profile | RelatedPerson | US Core Practitioner Profile)Who is agreeing to the policy and rules
... organization Σ0..*Reference(US Core Organization Profile)Custodian of the consent
... source[x] Σ0..1Source from which this consent is taken
.... sourceAttachmentAttachment
.... sourceReferenceReference(Consent | DocumentReference | Contract | QuestionnaireResponse)
... policy 0..*BackboneElementPolicies covered by this consent
.... id 0..1stringUnique id for inter-element referencing
.... extension 0..*ExtensionAdditional content defined by implementations
.... modifierExtension ?!Σ0..*ExtensionExtensions that cannot be ignored even if unrecognized
.... authority I0..1uriEnforcement source for policy
.... uri I0..1uriSpecific policy covered by this consent
... policyRule ΣI0..1CodeableConceptRegulation that this consents to
Binding: ConsentPolicyRuleCodes (extensible): Regulatory policy examples.

... verification SΣ0..*BackboneElementConsent Verified by patient or family
.... id 0..1stringUnique id for inter-element referencing
.... extension 0..*ExtensionAdditional content defined by implementations
.... modifierExtension ?!Σ0..*ExtensionExtensions that cannot be ignored even if unrecognized
.... verified Σ1..1booleanHas been verified
.... verifiedWith 0..1Reference(US Core Patient Profile | RelatedPerson)Person who verified
.... verificationDate 0..1dateTimeWhen consent verified
... provision SΣ0..1BackboneElementConstraints to the base Consent.policyRule
.... id 0..1stringUnique id for inter-element referencing
.... extension 0..*ExtensionAdditional content defined by implementations
.... modifierExtension ?!Σ0..*ExtensionExtensions that cannot be ignored even if unrecognized
.... type SΣ0..1codedeny | permit
Binding: ConsentProvisionType (required): How a rule statement is applied, such as adding additional consent or removing consent.

.... period SΣ1..1PeriodStart and End date/time of authorization grant
.... actor 0..*BackboneElementWho|what controlled by this rule (or group, by role)
..... id 0..1stringUnique id for inter-element referencing
..... extension 0..*ExtensionAdditional content defined by implementations
..... modifierExtension ?!Σ0..*ExtensionExtensions that cannot be ignored even if unrecognized
..... role S1..1CodeableConceptHow the actor is involved
Binding: SecurityRoleType (extensible): How an actor is involved in the consent considerations.

...... id 0..1stringUnique id for inter-element referencing
...... Slices for extension 0..*ExtensionAdditional content defined by implementations
Slice: Unordered, Open by value:url
...... coding Σ0..*CodingCode defined by a terminology system

Required Pattern: At least the following
....... id0..1stringUnique id for inter-element referencing
....... extension0..*ExtensionAdditional content defined by implementations
....... system1..1uriIdentity of the terminology system
Fixed Value: http://terminology.hl7.org/CodeSystem/v3-ParticipationType
....... version0..1stringVersion of the system - if relevant
....... code1..1codeSymbol in syntax defined by the system
Fixed Value: IRCP
....... display0..1stringRepresentation defined by the system
....... userSelected0..1booleanIf this coding was chosen directly by the user
...... text Σ0..1stringPlain text representation of the concept
..... reference S1..1Reference(US Core Organization Profile)Resource for the actor (or group, by role)
.... action SΣ0..*CodeableConceptActions controlled by this rule
Binding: ConsentActionCodes (example): Detailed codes for the consent action.


.... securityLabel SΣ0..*CodingSecurity Labels that define affected resources
Binding: All Security Labels (extensible): Security Labels from the Healthcare Privacy and Security Classification System.


.... purpose Σ0..*CodingContext of activities covered by this rule
Binding: PurposeOfUse (extensible): What purposes of use are controlled by this exception. If more than one label is specified, operations must have all the specified labels.


.... class Σ0..*Codinge.g. Resource Type, Profile, CDA, etc.
Binding: ConsentContentClass (extensible): The class (type) of information a consent rule covers.


.... code Σ0..*CodeableConcepte.g. LOINC or SNOMED CT code, etc. in the content
Binding: ConsentContentCodes (example): If this code is found in an instance, then the exception applies.


.... dataPeriod Σ0..1PeriodTimeframe for data controlled by this rule
.... data SΣ0..1BackboneElementData controlled by this rule
..... id 0..1stringUnique id for inter-element referencing
..... extension 0..*ExtensionAdditional content defined by implementations
..... modifierExtension ?!Σ0..*ExtensionExtensions that cannot be ignored even if unrecognized
..... meaning SΣ1..1codeFixed Value
Binding: ConsentDataMeaning (required): How a resource reference is interpreted when testing consent restrictions.


Required Pattern: related
..... reference SΣ1..1Reference(US Core Patient Profile)The actual data reference
.... provision 0..*See provision (Consent)Nested Exception Rules

doco Documentation for this format
NameFlagsCard.TypeDescription & Constraintsdoco
.. Consent I0..*ConsentA healthcare consumer's choices to permit or deny recipients or roles to perform actions for specific purposes and periods of time
... status ?!Σ1..1codedraft | proposed | active | rejected | inactive | entered-in-error
Binding: ConsentState (required): Indicates the state of the consent.

... scope ?!Σ1..1CodeableConceptset scope to patient-privacy or research
Binding: Scopes for Patient Sharing (required)
... category Σ1..1CodeableConceptFixed Value: 64292-6 Release of information consent
Binding: ConsentCategoryCodes (extensible): A classification of the type of consents found in a consent statement.


... performer Σ0..*Reference(US Core Patient Profile | US Core Organization Profile | RelatedPerson | US Core Practitioner Profile)Who is agreeing to the policy and rules
... verification Σ0..*BackboneElementConsent Verified by patient or family
... provision Σ0..1BackboneElementConstraints to the base Consent.policyRule
.... type Σ0..1codedeny | permit
Binding: ConsentProvisionType (required): How a rule statement is applied, such as adding additional consent or removing consent.

.... period Σ1..1PeriodStart and End date/time of authorization grant
.... actor 0..*BackboneElementWho|what controlled by this rule (or group, by role)
..... role 1..1CodeableConceptHow the actor is involved
Binding: SecurityRoleType (extensible): How an actor is involved in the consent considerations.

..... reference 1..1Reference(US Core Organization Profile)Resource for the actor (or group, by role)
.... action Σ0..*CodeableConceptActions controlled by this rule
Binding: ConsentActionCodes (example): Detailed codes for the consent action.


.... securityLabel Σ0..*CodingSecurity Labels that define affected resources
Binding: All Security Labels (extensible): Security Labels from the Healthcare Privacy and Security Classification System.


.... data Σ0..1BackboneElementData controlled by this rule
..... meaning Σ1..1codeFixed Value
Binding: ConsentDataMeaning (required): How a resource reference is interpreted when testing consent restrictions.


Required Pattern: related
..... reference Σ1..1Reference(US Core Patient Profile)The actual data reference

doco Documentation for this format

Differential View

This structure is derived from Consent

NameFlagsCard.TypeDescription & Constraintsdoco
.. Consent 0..*ConsentA healthcare consumer's choices to permit or deny recipients or roles to perform actions for specific purposes and periods of time
... status S1..1codedraft | proposed | active | rejected | inactive | entered-in-error
... scope S1..1CodeableConceptset scope to patient-privacy or research
Binding: Scopes for Patient Sharing (required)
... category S1..1CodeableConceptFixed Value: 64292-6 Release of information consent
.... coding 0..*CodingCode defined by a terminology system
Required Pattern: At least the following
..... system1..1uriIdentity of the terminology system
Fixed Value: http://loinc.org
..... code1..1codeSymbol in syntax defined by the system
Fixed Value: 64292-6
.... text 0..1stringPlain text representation of the concept
Required Pattern: Release of information consent
... dateTime S0..1dateTimeWhen this Consent was created or indexed
... performer S0..*Reference(US Core Patient Profile | US Core Organization Profile | RelatedPerson | US Core Practitioner Profile)Who is agreeing to the policy and rules
... organization 0..*Reference(US Core Organization Profile)Custodian of the consent
... verification S0..*BackboneElementConsent Verified by patient or family
.... verifiedWith 0..1Reference(US Core Patient Profile | RelatedPerson)Person who verified
... provision S0..1BackboneElementConstraints to the base Consent.policyRule
.... type S0..1codedeny | permit
.... period S1..1PeriodStart and End date/time of authorization grant
.... actor
..... role S1..1CodeableConceptHow the actor is involved
...... coding 0..*CodingCode defined by a terminology system
Required Pattern: At least the following
....... system1..1uriIdentity of the terminology system
Fixed Value: http://terminology.hl7.org/CodeSystem/v3-ParticipationType
....... code1..1codeSymbol in syntax defined by the system
Fixed Value: IRCP
..... reference S1..1Reference(US Core Organization Profile)Resource for the actor (or group, by role)
.... action S0..*CodeableConceptActions controlled by this rule
.... securityLabel S0..*CodingSecurity Labels that define affected resources
.... data S0..1BackboneElementData controlled by this rule
..... meaning S1..1codeFixed Value
Required Pattern: related
..... reference S1..1Reference(US Core Patient Profile)The actual data reference

doco Documentation for this format

Snapshot View

NameFlagsCard.TypeDescription & Constraintsdoco
.. Consent I0..*ConsentA healthcare consumer's choices to permit or deny recipients or roles to perform actions for specific purposes and periods of time
... id Σ0..1stringLogical id of this artifact
... meta Σ0..1MetaMetadata about the resource
... implicitRules ?!Σ0..1uriA set of rules under which this content was created
... text 0..1NarrativeText summary of the resource, for human interpretation
... contained 0..*ResourceContained, inline Resources
... extension 0..*ExtensionAdditional content defined by implementations
... modifierExtension ?!0..*ExtensionExtensions that cannot be ignored
... identifier Σ0..*IdentifierIdentifier for this record (external references)

Example General: {"system":"urn:ietf:rfc:3986","value":"Local eCMS identifier"}
... status ?!SΣ1..1codedraft | proposed | active | rejected | inactive | entered-in-error
Binding: ConsentState (required): Indicates the state of the consent.

... scope ?!SΣ1..1CodeableConceptset scope to patient-privacy or research
Binding: Scopes for Patient Sharing (required)
... category SΣ1..1CodeableConceptFixed Value: 64292-6 Release of information consent
Binding: ConsentCategoryCodes (extensible): A classification of the type of consents found in a consent statement.


.... id 0..1stringUnique id for inter-element referencing
.... Slices for extension 0..*ExtensionAdditional content defined by implementations
Slice: Unordered, Open by value:url
.... coding Σ0..*CodingCode defined by a terminology system

Required Pattern: At least the following
..... id0..1stringUnique id for inter-element referencing
..... extension0..*ExtensionAdditional content defined by implementations
..... system1..1uriIdentity of the terminology system
Fixed Value: http://loinc.org
..... version0..1stringVersion of the system - if relevant
..... code1..1codeSymbol in syntax defined by the system
Fixed Value: 64292-6
..... display0..1stringRepresentation defined by the system
..... userSelected0..1booleanIf this coding was chosen directly by the user
.... text Σ0..1stringPlain text representation of the concept
Required Pattern: Release of information consent
... patient Σ0..1Reference(US Core Patient Profile)Who the consent applies to
... dateTime SΣ0..1dateTimeWhen this Consent was created or indexed
... performer SΣ0..*Reference(US Core Patient Profile | US Core Organization Profile | RelatedPerson | US Core Practitioner Profile)Who is agreeing to the policy and rules
... organization Σ0..*Reference(US Core Organization Profile)Custodian of the consent
... source[x] Σ0..1Source from which this consent is taken
.... sourceAttachmentAttachment
.... sourceReferenceReference(Consent | DocumentReference | Contract | QuestionnaireResponse)
... policy 0..*BackboneElementPolicies covered by this consent
.... id 0..1stringUnique id for inter-element referencing
.... extension 0..*ExtensionAdditional content defined by implementations
.... modifierExtension ?!Σ0..*ExtensionExtensions that cannot be ignored even if unrecognized
.... authority I0..1uriEnforcement source for policy
.... uri I0..1uriSpecific policy covered by this consent
... policyRule ΣI0..1CodeableConceptRegulation that this consents to
Binding: ConsentPolicyRuleCodes (extensible): Regulatory policy examples.

... verification SΣ0..*BackboneElementConsent Verified by patient or family
.... id 0..1stringUnique id for inter-element referencing
.... extension 0..*ExtensionAdditional content defined by implementations
.... modifierExtension ?!Σ0..*ExtensionExtensions that cannot be ignored even if unrecognized
.... verified Σ1..1booleanHas been verified
.... verifiedWith 0..1Reference(US Core Patient Profile | RelatedPerson)Person who verified
.... verificationDate 0..1dateTimeWhen consent verified
... provision SΣ0..1BackboneElementConstraints to the base Consent.policyRule
.... id 0..1stringUnique id for inter-element referencing
.... extension 0..*ExtensionAdditional content defined by implementations
.... modifierExtension ?!Σ0..*ExtensionExtensions that cannot be ignored even if unrecognized
.... type SΣ0..1codedeny | permit
Binding: ConsentProvisionType (required): How a rule statement is applied, such as adding additional consent or removing consent.

.... period SΣ1..1PeriodStart and End date/time of authorization grant
.... actor 0..*BackboneElementWho|what controlled by this rule (or group, by role)
..... id 0..1stringUnique id for inter-element referencing
..... extension 0..*ExtensionAdditional content defined by implementations
..... modifierExtension ?!Σ0..*ExtensionExtensions that cannot be ignored even if unrecognized
..... role S1..1CodeableConceptHow the actor is involved
Binding: SecurityRoleType (extensible): How an actor is involved in the consent considerations.

...... id 0..1stringUnique id for inter-element referencing
...... Slices for extension 0..*ExtensionAdditional content defined by implementations
Slice: Unordered, Open by value:url
...... coding Σ0..*CodingCode defined by a terminology system

Required Pattern: At least the following
....... id0..1stringUnique id for inter-element referencing
....... extension0..*ExtensionAdditional content defined by implementations
....... system1..1uriIdentity of the terminology system
Fixed Value: http://terminology.hl7.org/CodeSystem/v3-ParticipationType
....... version0..1stringVersion of the system - if relevant
....... code1..1codeSymbol in syntax defined by the system
Fixed Value: IRCP
....... display0..1stringRepresentation defined by the system
....... userSelected0..1booleanIf this coding was chosen directly by the user
...... text Σ0..1stringPlain text representation of the concept
..... reference S1..1Reference(US Core Organization Profile)Resource for the actor (or group, by role)
.... action SΣ0..*CodeableConceptActions controlled by this rule
Binding: ConsentActionCodes (example): Detailed codes for the consent action.


.... securityLabel SΣ0..*CodingSecurity Labels that define affected resources
Binding: All Security Labels (extensible): Security Labels from the Healthcare Privacy and Security Classification System.


.... purpose Σ0..*CodingContext of activities covered by this rule
Binding: PurposeOfUse (extensible): What purposes of use are controlled by this exception. If more than one label is specified, operations must have all the specified labels.


.... class Σ0..*Codinge.g. Resource Type, Profile, CDA, etc.
Binding: ConsentContentClass (extensible): The class (type) of information a consent rule covers.


.... code Σ0..*CodeableConcepte.g. LOINC or SNOMED CT code, etc. in the content
Binding: ConsentContentCodes (example): If this code is found in an instance, then the exception applies.


.... dataPeriod Σ0..1PeriodTimeframe for data controlled by this rule
.... data SΣ0..1BackboneElementData controlled by this rule
..... id 0..1stringUnique id for inter-element referencing
..... extension 0..*ExtensionAdditional content defined by implementations
..... modifierExtension ?!Σ0..*ExtensionExtensions that cannot be ignored even if unrecognized
..... meaning SΣ1..1codeFixed Value
Binding: ConsentDataMeaning (required): How a resource reference is interpreted when testing consent restrictions.


Required Pattern: related
..... reference SΣ1..1Reference(US Core Patient Profile)The actual data reference
.... provision 0..*See provision (Consent)Nested Exception Rules

doco Documentation for this format

 

Other representations of profile: CSV, Excel, Schematron

Terminology Bindings

PathConformanceValueSet / Code
Consent.languagepreferredCommonLanguages
Max Binding: AllLanguages
Consent.statusrequiredConsentState
Consent.scoperequiredPatientConsentScope
Consent.categoryextensibleConsentCategoryCodes
Consent.policyRuleextensibleConsentPolicyRuleCodes
Consent.provision.typerequiredConsentProvisionType
Consent.provision.actor.roleextensibleSecurityRoleType
Consent.provision.actionexampleConsentActionCodes
Consent.provision.securityLabelextensibleAll Security Labels
Consent.provision.purposeextensiblePurposeOfUse
Consent.provision.classextensibleConsentContentClass
Consent.provision.codeexampleConsentContentCodes
Consent.provision.data.meaningrequiredPattern: related