Onyx Consent Authorization SAFHIR Implementation and Operations Guide - Local Development build (v0.0.2). See the Directory of published versions
Resource Profile: SafhirMemberConsent
| Defining URL: | http://ig.fhir.safhir.io/ig/safhir-ocasio/StructureDefinition/SafhirMemberConsent |
| Version: | 0.0.2 |
| Name: | SafhirMemberConsent |
| Status: | Draft as of 2021-11-29T21:14:01+00:00 |
| Definition: | FHIR Consent resource generated from Data Subject authorizing a third-party app to access their data. |
| Publisher: | Onyx Technology, LLC |
| Source Resource: | XML / JSON / Turtle |
The official URL for this profile is:
http://ig.fhir.safhir.io/ig/safhir-ocasio/StructureDefinition/SafhirMemberConsent
Formal Views of Profile Content
Description of Profiles, Differentials, Snapshots and how the different presentations work.
This structure is derived from Consent
Summary
Mandatory: 1 element (1 nested mandatory element)
Must-Support: 11 elements
Structures
This structure refers to these other structures:
- US Core Patient Profile (http://hl7.org/fhir/us/core/StructureDefinition/us-core-patient)
- US Core Organization Profile (http://hl7.org/fhir/us/core/StructureDefinition/us-core-organization)
- US Core Practitioner Profile (http://hl7.org/fhir/us/core/StructureDefinition/us-core-practitioner)
- ApiContract (http://ig.fhir.safhir.io/ig/safhir-ocasio/StructureDefinition/ApiContract)
- SafhirDevice (http://ig.fhir.safhir.io/ig/safhir-ocasio/StructureDefinition/SafhirDevice)
This structure is derived from Consent
| Name | Flags | Card. | Type | Description & Constraints |
|---|---|---|---|---|
  Consent | 0..* | Consent | A healthcare consumer's choices to permit or deny recipients or roles to perform actions for specific purposes and periods of time | |
  status | S | 1..1 | code | draft | proposed | active | rejected | inactive | entered-in-error |
| scope | S | 1..1 | CodeableConcept | set scope to patient-privacy or research Binding: Scopes for Patient Sharing (required) |
| category | S | 1..1 | CodeableConcept | Classification of the consent statement - for indexing/retrieval |
 patient | S | 1..1 | Reference(US Core Patient Profile) | Who the consent applies to |
| dateTime | S | 0..1 | dateTime | When this Consent was created or indexed |
| performer | S | 0..* | Reference(US Core Patient Profile | US Core Organization Profile | US Core Practitioner Profile) | Who is agreeing to the policy and rules |
| organization | 0..* | Reference(US Core Organization Profile) | Custodian of the consent | |
| sourceReference | 0..1 | Reference(Consent | Contract | ApiContract) | Source from which this consent is taken | |
| policyRule | S | 0..1 | CodeableConcept | Regulation that this consents to |
 provision | S | 0..1 | BackboneElement | Constraints to the base Consent.policyRule |
 type | S | 0..1 | code | deny | permit |
| period | S | 1..1 | Period | Start and End date/time of authorization grant |
| actor | 0..* | BackboneElement | Who|what controlled by this rule (or group, by role) | |
| role | S | 1..1 | CodeableConcept | How the actor is involved |
 reference | 1..1 | Reference(SafhirDevice | US Core Organization Profile) | Resource for the actor (or group, by role) | |
| Documentation for this format | ||||
| Name | Flags | Card. | Type | Description & Constraints |
|---|---|---|---|---|
| Consent | I | 0..* | Consent | A healthcare consumer's choices to permit or deny recipients or roles to perform actions for specific purposes and periods of time |
 id | Σ | 0..1 | string | Logical id of this artifact |
 meta | Σ | 0..1 | Meta | Metadata about the resource |
| implicitRules | ?!Σ | 0..1 | uri | A set of rules under which this content was created |
| language | 0..1 | code | Language of the resource content Binding: CommonLanguages (preferred) Max Binding: AllLanguages: A human language. | |
| text | 0..1 | Narrative | Text summary of the resource, for human interpretation | |
| contained | 0..* | Resource | Contained, inline Resources | |
 extension | 0..* | Extension | Additional content defined by implementations | |
 modifierExtension | ?! | 0..* | Extension | Extensions that cannot be ignored |
| identifier | Σ | 0..* | Identifier | Identifier for this record (external references) Example General: {"system":"urn:ietf:rfc:3986","value":"Local eCMS identifier"} |
| status | ?!SΣ | 1..1 | code | draft | proposed | active | rejected | inactive | entered-in-error Binding: ConsentState (required): Indicates the state of the consent. |
| scope | ?!SΣ | 1..1 | CodeableConcept | set scope to patient-privacy or research Binding: Scopes for Patient Sharing (required) |
| category | SΣ | 1..1 | CodeableConcept | Classification of the consent statement - for indexing/retrieval Binding: ConsentCategoryCodes (extensible): A classification of the type of consents found in a consent statement. |
| patient | SΣ | 1..1 | Reference(US Core Patient Profile) | Who the consent applies to |
| dateTime | SΣ | 0..1 | dateTime | When this Consent was created or indexed |
| performer | SΣ | 0..* | Reference(US Core Patient Profile | US Core Organization Profile | US Core Practitioner Profile) | Who is agreeing to the policy and rules |
| organization | Σ | 0..* | Reference(US Core Organization Profile) | Custodian of the consent |
  Slices for source[x] | Σ | 0..1 | Reference() | Source from which this consent is taken Slice: Unordered, Closed by type:$this |
   source[x]:sourceReference | Σ | 0..1 | Reference(Consent | Contract | ApiContract) | Source from which this consent is taken |
| policy | 0..* | BackboneElement | Policies covered by this consent | |
| id | 0..1 | string | Unique id for inter-element referencing | |
| extension | 0..* | Extension | Additional content defined by implementations | |
| modifierExtension | ?!Σ | 0..* | Extension | Extensions that cannot be ignored even if unrecognized |
| authority | I | 0..1 | uri | Enforcement source for policy |
| uri | I | 0..1 | uri | Specific policy covered by this consent |
| policyRule | SΣI | 0..1 | CodeableConcept | Regulation that this consents to Binding: ConsentPolicyRuleCodes (extensible): Regulatory policy examples. |
| verification | Σ | 0..* | BackboneElement | Consent Verified by patient or family |
| id | 0..1 | string | Unique id for inter-element referencing | |
| extension | 0..* | Extension | Additional content defined by implementations | |
| modifierExtension | ?!Σ | 0..* | Extension | Extensions that cannot be ignored even if unrecognized |
| verified | Σ | 1..1 | boolean | Has been verified |
| verifiedWith | 0..1 | Reference(Patient | RelatedPerson) | Person who verified | |
| verificationDate | 0..1 | dateTime | When consent verified | |
| provision | SΣ | 0..1 | BackboneElement | Constraints to the base Consent.policyRule |
| id | 0..1 | string | Unique id for inter-element referencing | |
| extension | 0..* | Extension | Additional content defined by implementations | |
| modifierExtension | ?!Σ | 0..* | Extension | Extensions that cannot be ignored even if unrecognized |
| type | SΣ | 0..1 | code | deny | permit Binding: ConsentProvisionType (required): How a rule statement is applied, such as adding additional consent or removing consent. |
| period | SΣ | 1..1 | Period | Start and End date/time of authorization grant |
| actor | 0..* | BackboneElement | Who|what controlled by this rule (or group, by role) | |
| id | 0..1 | string | Unique id for inter-element referencing | |
| extension | 0..* | Extension | Additional content defined by implementations | |
| modifierExtension | ?!Σ | 0..* | Extension | Extensions that cannot be ignored even if unrecognized |
| role | S | 1..1 | CodeableConcept | How the actor is involved Binding: SecurityRoleType (extensible): How an actor is involved in the consent considerations. |
| reference | 1..1 | Reference(SafhirDevice | US Core Organization Profile) | Resource for the actor (or group, by role) | |
| action | Σ | 0..* | CodeableConcept | Actions controlled by this rule Binding: ConsentActionCodes (example): Detailed codes for the consent action. |
| securityLabel | Σ | 0..* | Coding | Security Labels that define affected resources Binding: All Security Labels (extensible): Security Labels from the Healthcare Privacy and Security Classification System. |
| purpose | Σ | 0..* | Coding | Context of activities covered by this rule Binding: PurposeOfUse (extensible): What purposes of use are controlled by this exception. If more than one label is specified, operations must have all the specified labels. |
| class | Σ | 0..* | Coding | e.g. Resource Type, Profile, CDA, etc. Binding: ConsentContentClass (extensible): The class (type) of information a consent rule covers. |
| code | Σ | 0..* | CodeableConcept | e.g. LOINC or SNOMED CT code, etc. in the content Binding: ConsentContentCodes (example): If this code is found in an instance, then the exception applies. |
| dataPeriod | Σ | 0..1 | Period | Timeframe for data controlled by this rule |
| data | Σ | 0..* | BackboneElement | Data controlled by this rule |
| id | 0..1 | string | Unique id for inter-element referencing | |
| extension | 0..* | Extension | Additional content defined by implementations | |
| modifierExtension | ?!Σ | 0..* | Extension | Extensions that cannot be ignored even if unrecognized |
| meaning | Σ | 1..1 | code | instance | related | dependents | authoredby Binding: ConsentDataMeaning (required): How a resource reference is interpreted when testing consent restrictions. |
| reference | Σ | 1..1 | Reference(Resource) | The actual data reference |
| provision | 0..* | See provision (Consent) | Nested Exception Rules | |
| Documentation for this format | ||||
| Name | Flags | Card. | Type | Description & Constraints |
|---|---|---|---|---|
| Consent | I | 0..* | Consent | A healthcare consumer's choices to permit or deny recipients or roles to perform actions for specific purposes and periods of time |
| status | ?!Σ | 1..1 | code | draft | proposed | active | rejected | inactive | entered-in-error Binding: ConsentState (required): Indicates the state of the consent. |
| scope | ?!Σ | 1..1 | CodeableConcept | set scope to patient-privacy or research Binding: Scopes for Patient Sharing (required) |
| category | Σ | 1..1 | CodeableConcept | Classification of the consent statement - for indexing/retrieval Binding: ConsentCategoryCodes (extensible): A classification of the type of consents found in a consent statement. |
| patient | Σ | 1..1 | Reference(US Core Patient Profile) | Who the consent applies to |
| dateTime | Σ | 0..1 | dateTime | When this Consent was created or indexed |
| performer | Σ | 0..* | Reference(US Core Patient Profile | US Core Organization Profile | US Core Practitioner Profile) | Who is agreeing to the policy and rules |
| policyRule | ΣI | 0..1 | CodeableConcept | Regulation that this consents to Binding: ConsentPolicyRuleCodes (extensible): Regulatory policy examples. |
| provision | Σ | 0..1 | BackboneElement | Constraints to the base Consent.policyRule |
| type | Σ | 0..1 | code | deny | permit Binding: ConsentProvisionType (required): How a rule statement is applied, such as adding additional consent or removing consent. |
| period | Σ | 1..1 | Period | Start and End date/time of authorization grant |
| actor | 0..* | BackboneElement | Who|what controlled by this rule (or group, by role) | |
| role | 1..1 | CodeableConcept | How the actor is involved Binding: SecurityRoleType (extensible): How an actor is involved in the consent considerations. | |
| Documentation for this format | ||||
This structure is derived from Consent
Summary
Mandatory: 1 element (1 nested mandatory element)
Must-Support: 11 elements
Structures
This structure refers to these other structures:
- US Core Patient Profile (http://hl7.org/fhir/us/core/StructureDefinition/us-core-patient)
- US Core Organization Profile (http://hl7.org/fhir/us/core/StructureDefinition/us-core-organization)
- US Core Practitioner Profile (http://hl7.org/fhir/us/core/StructureDefinition/us-core-practitioner)
- ApiContract (http://ig.fhir.safhir.io/ig/safhir-ocasio/StructureDefinition/ApiContract)
- SafhirDevice (http://ig.fhir.safhir.io/ig/safhir-ocasio/StructureDefinition/SafhirDevice)
Differential View
This structure is derived from Consent
| Name | Flags | Card. | Type | Description & Constraints |
|---|---|---|---|---|
| Consent | 0..* | Consent | A healthcare consumer's choices to permit or deny recipients or roles to perform actions for specific purposes and periods of time | |
| status | S | 1..1 | code | draft | proposed | active | rejected | inactive | entered-in-error |
| scope | S | 1..1 | CodeableConcept | set scope to patient-privacy or research Binding: Scopes for Patient Sharing (required) |
| category | S | 1..1 | CodeableConcept | Classification of the consent statement - for indexing/retrieval |
| patient | S | 1..1 | Reference(US Core Patient Profile) | Who the consent applies to |
| dateTime | S | 0..1 | dateTime | When this Consent was created or indexed |
| performer | S | 0..* | Reference(US Core Patient Profile | US Core Organization Profile | US Core Practitioner Profile) | Who is agreeing to the policy and rules |
| organization | 0..* | Reference(US Core Organization Profile) | Custodian of the consent | |
| sourceReference | 0..1 | Reference(Consent | Contract | ApiContract) | Source from which this consent is taken | |
| policyRule | S | 0..1 | CodeableConcept | Regulation that this consents to |
| provision | S | 0..1 | BackboneElement | Constraints to the base Consent.policyRule |
| type | S | 0..1 | code | deny | permit |
| period | S | 1..1 | Period | Start and End date/time of authorization grant |
| actor | 0..* | BackboneElement | Who|what controlled by this rule (or group, by role) | |
| role | S | 1..1 | CodeableConcept | How the actor is involved |
| reference | 1..1 | Reference(SafhirDevice | US Core Organization Profile) | Resource for the actor (or group, by role) | |
| Documentation for this format | ||||
Snapshot View
| Name | Flags | Card. | Type | Description & Constraints |
|---|---|---|---|---|
| Consent | I | 0..* | Consent | A healthcare consumer's choices to permit or deny recipients or roles to perform actions for specific purposes and periods of time |
| id | Σ | 0..1 | string | Logical id of this artifact |
| meta | Σ | 0..1 | Meta | Metadata about the resource |
| implicitRules | ?!Σ | 0..1 | uri | A set of rules under which this content was created |
| language | 0..1 | code | Language of the resource content Binding: CommonLanguages (preferred) Max Binding: AllLanguages: A human language. | |
| text | 0..1 | Narrative | Text summary of the resource, for human interpretation | |
| contained | 0..* | Resource | Contained, inline Resources | |
| extension | 0..* | Extension | Additional content defined by implementations | |
| modifierExtension | ?! | 0..* | Extension | Extensions that cannot be ignored |
| identifier | Σ | 0..* | Identifier | Identifier for this record (external references) Example General: {"system":"urn:ietf:rfc:3986","value":"Local eCMS identifier"} |
| status | ?!SΣ | 1..1 | code | draft | proposed | active | rejected | inactive | entered-in-error Binding: ConsentState (required): Indicates the state of the consent. |
| scope | ?!SΣ | 1..1 | CodeableConcept | set scope to patient-privacy or research Binding: Scopes for Patient Sharing (required) |
| category | SΣ | 1..1 | CodeableConcept | Classification of the consent statement - for indexing/retrieval Binding: ConsentCategoryCodes (extensible): A classification of the type of consents found in a consent statement. |
| patient | SΣ | 1..1 | Reference(US Core Patient Profile) | Who the consent applies to |
| dateTime | SΣ | 0..1 | dateTime | When this Consent was created or indexed |
| performer | SΣ | 0..* | Reference(US Core Patient Profile | US Core Organization Profile | US Core Practitioner Profile) | Who is agreeing to the policy and rules |
| organization | Σ | 0..* | Reference(US Core Organization Profile) | Custodian of the consent |
| Slices for source[x] | Σ | 0..1 | Reference() | Source from which this consent is taken Slice: Unordered, Closed by type:$this |
| source[x]:sourceReference | Σ | 0..1 | Reference(Consent | Contract | ApiContract) | Source from which this consent is taken |
| policy | 0..* | BackboneElement | Policies covered by this consent | |
| id | 0..1 | string | Unique id for inter-element referencing | |
| extension | 0..* | Extension | Additional content defined by implementations | |
| modifierExtension | ?!Σ | 0..* | Extension | Extensions that cannot be ignored even if unrecognized |
| authority | I | 0..1 | uri | Enforcement source for policy |
| uri | I | 0..1 | uri | Specific policy covered by this consent |
| policyRule | SΣI | 0..1 | CodeableConcept | Regulation that this consents to Binding: ConsentPolicyRuleCodes (extensible): Regulatory policy examples. |
| verification | Σ | 0..* | BackboneElement | Consent Verified by patient or family |
| id | 0..1 | string | Unique id for inter-element referencing | |
| extension | 0..* | Extension | Additional content defined by implementations | |
| modifierExtension | ?!Σ | 0..* | Extension | Extensions that cannot be ignored even if unrecognized |
| verified | Σ | 1..1 | boolean | Has been verified |
| verifiedWith | 0..1 | Reference(Patient | RelatedPerson) | Person who verified | |
| verificationDate | 0..1 | dateTime | When consent verified | |
| provision | SΣ | 0..1 | BackboneElement | Constraints to the base Consent.policyRule |
| id | 0..1 | string | Unique id for inter-element referencing | |
| extension | 0..* | Extension | Additional content defined by implementations | |
| modifierExtension | ?!Σ | 0..* | Extension | Extensions that cannot be ignored even if unrecognized |
| type | SΣ | 0..1 | code | deny | permit Binding: ConsentProvisionType (required): How a rule statement is applied, such as adding additional consent or removing consent. |
| period | SΣ | 1..1 | Period | Start and End date/time of authorization grant |
| actor | 0..* | BackboneElement | Who|what controlled by this rule (or group, by role) | |
| id | 0..1 | string | Unique id for inter-element referencing | |
| extension | 0..* | Extension | Additional content defined by implementations | |
| modifierExtension | ?!Σ | 0..* | Extension | Extensions that cannot be ignored even if unrecognized |
| role | S | 1..1 | CodeableConcept | How the actor is involved Binding: SecurityRoleType (extensible): How an actor is involved in the consent considerations. |
| reference | 1..1 | Reference(SafhirDevice | US Core Organization Profile) | Resource for the actor (or group, by role) | |
| action | Σ | 0..* | CodeableConcept | Actions controlled by this rule Binding: ConsentActionCodes (example): Detailed codes for the consent action. |
| securityLabel | Σ | 0..* | Coding | Security Labels that define affected resources Binding: All Security Labels (extensible): Security Labels from the Healthcare Privacy and Security Classification System. |
| purpose | Σ | 0..* | Coding | Context of activities covered by this rule Binding: PurposeOfUse (extensible): What purposes of use are controlled by this exception. If more than one label is specified, operations must have all the specified labels. |
| class | Σ | 0..* | Coding | e.g. Resource Type, Profile, CDA, etc. Binding: ConsentContentClass (extensible): The class (type) of information a consent rule covers. |
| code | Σ | 0..* | CodeableConcept | e.g. LOINC or SNOMED CT code, etc. in the content Binding: ConsentContentCodes (example): If this code is found in an instance, then the exception applies. |
| dataPeriod | Σ | 0..1 | Period | Timeframe for data controlled by this rule |
| data | Σ | 0..* | BackboneElement | Data controlled by this rule |
| id | 0..1 | string | Unique id for inter-element referencing | |
| extension | 0..* | Extension | Additional content defined by implementations | |
| modifierExtension | ?!Σ | 0..* | Extension | Extensions that cannot be ignored even if unrecognized |
| meaning | Σ | 1..1 | code | instance | related | dependents | authoredby Binding: ConsentDataMeaning (required): How a resource reference is interpreted when testing consent restrictions. |
| reference | Σ | 1..1 | Reference(Resource) | The actual data reference |
| provision | 0..* | See provision (Consent) | Nested Exception Rules | |
| Documentation for this format | ||||
Other representations of profile: CSV, Excel, Schematron
Terminology Bindings
| Path | Conformance | ValueSet |
| Consent.language | preferred | CommonLanguages Max Binding: AllLanguages |
| Consent.status | required | ConsentState |
| Consent.scope | required | PatientConsentScope |
| Consent.category | extensible | ConsentCategoryCodes |
| Consent.policyRule | extensible | ConsentPolicyRuleCodes |
| Consent.provision.type | required | ConsentProvisionType |
| Consent.provision.actor.role | extensible | SecurityRoleType |
| Consent.provision.action | example | ConsentActionCodes |
| Consent.provision.securityLabel | extensible | All Security Labels |
| Consent.provision.purpose | extensible | PurposeOfUse |
| Consent.provision.class | extensible | ConsentContentClass |
| Consent.provision.code | example | ConsentContentCodes |
| Consent.provision.data.meaning | required | ConsentDataMeaning |