Introduction

A Consent resource is a record of a healthcare consumer’s policy choices, which permits or denies identified actors(s) or identified role(s) to perform one or more actions within a given policy context, for specific purpose(s) and period of time.

Scope and Usage

In the eHealth infrastructure a Consent resource is used

1. as a record of the fact that a Patient has given a Consent and
2. to enforce data policies that require Consent to be given and recorded for a Patient.

Registration of Consent

When a Patient gives a consent, this consent must be recorded as a Consent resource. This resource can be created by the Patient herself or by a Practitioner as a result of conversations or correspondence with the Patient.

eHealth operates with two categories of consents:

1. Category PITEOC: Consent given by a Patient to be enrolled into a telemedical EpisodeOfCare. This Consent is interpretated to also apply to all CarePlan instances related to the consented EpisodeOfCare.

2. Category SSLPCI: Consent given by a Patient to have his/her contact information (physical address and telecommunication endpoints) being disclosed to a specified actor supplying device(s) and service(s) to the Patient as part of an EpisodeOfCare and related CarePlan(s).

Consents of category PITEOC are expressed by creating a Consent resource with:

• Consent.category.coding.system = "http://ehealth.sundhed.dk/cs/consent-category"
• Consent.category.coding.code = "PITEOC".

Consents of category SSLPCI are expressed by creating a Consent resource with:

• Consent.category.coding.system = "http://ehealth.sundhed.dk/cs/consent-category"
• Consent.category.coding.code = "SSLPCI".

Enforcement of Consent

Business rules are built into eHealth infrastructure to ensure that data can only be processed or forwarded to other systems and actors when the proper Consent is given.

This means, that:

1. An EpisodeOfCare can only change status to active if a Consent with category PITEOC has been given.
2. An SSL Order can only change status to submitted if a Consent with category SSLPCI has been given.

In addition to the Consent.category element, the following elements must be set on a Consent resource for the policy enforcing business logic to take effect:

• Consent.patient - the patient who is the subject of this consent (must coincide with the EpisodeOfCare.patient referenced by Consent.data.reference)
• Consent.data.reference - the EpisodeOfCare for which this Consent is in force.
• Consent.actor - the actor (Organization, CareTeam, Practitioner) whose behaviour is controlled by this consent.
• Consent.status - the status of this consent (only active consents are considered to be in force)
• Consent.period - the (possibly open-ended) period for which this consent is in force.

For more information see the element descriptions in the snapshot table on this page and also see the example Consent resources on the Examples tab.

Remarks on operations

Update

The update operation on Consent only accepts changes to the patient, category, data.reference, actor, status, and period contents.

• Differential Table
• Key Elements Table
• Snapshot Table
• Statistics/References
• All

This structure is derived from Consent

Name	Flags	Card.	Type	Description & Constraints
Consent		0..*	Consent	A healthcare consumer's choices to permit or deny recipients or roles to perform actions for specific purposes and periods of time
category		1..*	CodeableConcept	Classification of the consent statement - for indexing/retrieval Binding: Consent Category (required)
patient		1..1	Reference(ehealth-patient) {r}	Who the consent applies to
organization		0..*	Reference(ehealth-organization) {r}	Custodian of the consent
Slices for source[x]		0..1	Attachment, Reference(Consent | DocumentReference | Contract | QuestionnaireResponse)	Source from which this consent is taken Slice: Unordered, Open by type:$this
source[x]:sourceReference		0..1	Reference(ehealth-consent | ehealth-documentreference | Contract | ehealth-questionnaireresponse)	Source from which this consent is taken
Documentation for this format

Terminology Bindings (Differential)

Path	Conformance	ValueSet	URI
Consent.category	required	ConsentCategory (a valid code from Consent Category) http://ehealth.sundhed.dk/vs/consent-category from this IG

Name	Flags	Card.	Type	Description & Constraints
Consent	C	0..*	Consent	A healthcare consumer's choices to permit or deny recipients or roles to perform actions for specific purposes and periods of time
implicitRules	?!Σ	0..1	uri	A set of rules under which this content was created
modifierExtension	?!	0..*	Extension	Extensions that cannot be ignored
status	?!Σ	1..1	code	draft | proposed | active | rejected | inactive | entered-in-error Binding: ConsentState (required): Indicates the state of the consent.
scope	?!Σ	1..1	CodeableConcept	Which of the four areas this resource covers (extensible) Binding: ConsentScopeCodes (extensible): The four anticipated uses for the Consent Resource.
category	Σ	1..*	CodeableConcept	Classification of the consent statement - for indexing/retrieval Binding: Consent Category (required)
patient	Σ	1..1	Reference(ehealth-patient) {r}	Who the consent applies to
organization	Σ	0..*	Reference(ehealth-organization) {r}	Custodian of the consent
Slices for source[x]	Σ	0..1		Source from which this consent is taken Slice: Unordered, Open by type:$this
sourceAttachment			Attachment
sourceReference			Reference(Consent | DocumentReference | Contract | QuestionnaireResponse)
source[x]:sourceReference	Σ	0..1	Reference(ehealth-consent | ehealth-documentreference | Contract | ehealth-questionnaireresponse)	Source from which this consent is taken
Documentation for this format

Terminology Bindings

Path	Conformance	ValueSet	URI
Consent.status	required	ConsentState http://hl7.org/fhir/ValueSet/consent-state-codes|4.0.1 from the FHIR Standard
Consent.scope	extensible	ConsentScopeCodes http://hl7.org/fhir/ValueSet/consent-scope from the FHIR Standard
Consent.category	required	ConsentCategory (a valid code from Consent Category) http://ehealth.sundhed.dk/vs/consent-category from this IG

Name	Flags	Card.	Type	Description & Constraints
Consent	C	0..*	Consent	A healthcare consumer's choices to permit or deny recipients or roles to perform actions for specific purposes and periods of time
id	Σ	0..1	id	Logical id of this artifact
meta	Σ	0..1	Meta	Metadata about the resource
implicitRules	?!Σ	0..1	uri	A set of rules under which this content was created
language		0..1	code	Language of the resource content Binding: CommonLanguages (preferred): A human language. Additional Bindings Purpose AllLanguages Max Binding
text		0..1	Narrative	Text summary of the resource, for human interpretation
contained		0..*	Resource	Contained, inline Resources
extension		0..*	Extension	Additional content defined by implementations
modifierExtension	?!	0..*	Extension	Extensions that cannot be ignored
identifier	Σ	0..*	Identifier	Identifier for this record (external references) Example General: {"system":"http://acme.org/identifier/local/eCMS","value":"Local eCMS identifier"}
status	?!Σ	1..1	code	draft | proposed | active | rejected | inactive | entered-in-error Binding: ConsentState (required): Indicates the state of the consent.
scope	?!Σ	1..1	CodeableConcept	Which of the four areas this resource covers (extensible) Binding: ConsentScopeCodes (extensible): The four anticipated uses for the Consent Resource.
category	Σ	1..*	CodeableConcept	Classification of the consent statement - for indexing/retrieval Binding: Consent Category (required)
patient	Σ	1..1	Reference(ehealth-patient) {r}	Who the consent applies to
dateTime	Σ	0..1	dateTime	When this Consent was created or indexed
performer	Σ	0..*	Reference(Organization | Patient | Practitioner | RelatedPerson | PractitionerRole)	Who is agreeing to the policy and rules
organization	Σ	0..*	Reference(ehealth-organization) {r}	Custodian of the consent
Slices for source[x]	Σ	0..1		Source from which this consent is taken Slice: Unordered, Open by type:$this
sourceAttachment			Attachment
sourceReference			Reference(Consent | DocumentReference | Contract | QuestionnaireResponse)
source[x]:sourceReference	Σ	0..1	Reference(ehealth-consent | ehealth-documentreference | Contract | ehealth-questionnaireresponse)	Source from which this consent is taken
policy		0..*	BackboneElement	Policies covered by this consent
id		0..1	string	Unique id for inter-element referencing
extension		0..*	Extension	Additional content defined by implementations
modifierExtension	?!Σ	0..*	Extension	Extensions that cannot be ignored even if unrecognized
authority	C	0..1	uri	Enforcement source for policy
uri	C	0..1	uri	Specific policy covered by this consent
policyRule	ΣC	0..1	CodeableConcept	Regulation that this consents to Binding: ConsentPolicyRuleCodes (extensible): Regulatory policy examples.
verification	Σ	0..*	BackboneElement	Consent Verified by patient or family
id		0..1	string	Unique id for inter-element referencing
extension		0..*	Extension	Additional content defined by implementations
modifierExtension	?!Σ	0..*	Extension	Extensions that cannot be ignored even if unrecognized
verified	Σ	1..1	boolean	Has been verified
verifiedWith		0..1	Reference(Patient | RelatedPerson)	Person who verified
verificationDate		0..1	dateTime	When consent verified
provision	Σ	0..1	BackboneElement	Constraints to the base Consent.policyRule
id		0..1	string	Unique id for inter-element referencing
extension		0..*	Extension	Additional content defined by implementations
modifierExtension	?!Σ	0..*	Extension	Extensions that cannot be ignored even if unrecognized
type	Σ	0..1	code	deny | permit Binding: ConsentProvisionType (required): How a rule statement is applied, such as adding additional consent or removing consent.
period	Σ	0..1	Period	Timeframe for this rule
actor		0..*	BackboneElement	Who|what controlled by this rule (or group, by role)
id		0..1	string	Unique id for inter-element referencing
extension		0..*	Extension	Additional content defined by implementations
modifierExtension	?!Σ	0..*	Extension	Extensions that cannot be ignored even if unrecognized
role		1..1	CodeableConcept	How the actor is involved Binding: SecurityRoleType (extensible): How an actor is involved in the consent considerations.
reference		1..1	Reference(Device | Group | CareTeam | Organization | Patient | Practitioner | RelatedPerson | PractitionerRole)	Resource for the actor (or group, by role)
action	Σ	0..*	CodeableConcept	Actions controlled by this rule Binding: ConsentActionCodes (example): Detailed codes for the consent action.
securityLabel	Σ	0..*	Coding	Security Labels that define affected resources Binding: All Security Labels (extensible): Security Labels from the Healthcare Privacy and Security Classification System.
purpose	Σ	0..*	Coding	Context of activities covered by this rule Binding: PurposeOfUse (extensible): What purposes of use are controlled by this exception. If more than one label is specified, operations must have all the specified labels.
class	Σ	0..*	Coding	e.g. Resource Type, Profile, CDA, etc. Binding: ConsentContentClass (extensible): The class (type) of information a consent rule covers.
code	Σ	0..*	CodeableConcept	e.g. LOINC or SNOMED CT code, etc. in the content Binding: ConsentContentCodes (example): If this code is found in an instance, then the exception applies.
dataPeriod	Σ	0..1	Period	Timeframe for data controlled by this rule
data	Σ	0..*	BackboneElement	Data controlled by this rule
id		0..1	string	Unique id for inter-element referencing
extension		0..*	Extension	Additional content defined by implementations
modifierExtension	?!Σ	0..*	Extension	Extensions that cannot be ignored even if unrecognized
meaning	Σ	1..1	code	instance | related | dependents | authoredby Binding: ConsentDataMeaning (required): How a resource reference is interpreted when testing consent restrictions.
reference	Σ	1..1	Reference(Resource)	The actual data reference
provision		0..*	See provision (Consent)	Nested Exception Rules
Documentation for this format

Terminology Bindings

Path	Conformance	ValueSet	URI
Consent.language	preferred	CommonLanguages Additional Bindings Purpose AllLanguages Max Binding http://hl7.org/fhir/ValueSet/languages from the FHIR Standard
Consent.status	required	ConsentState http://hl7.org/fhir/ValueSet/consent-state-codes|4.0.1 from the FHIR Standard
Consent.scope	extensible	ConsentScopeCodes http://hl7.org/fhir/ValueSet/consent-scope from the FHIR Standard
Consent.category	required	ConsentCategory (a valid code from Consent Category) http://ehealth.sundhed.dk/vs/consent-category from this IG
Consent.policyRule	extensible	ConsentPolicyRuleCodes http://hl7.org/fhir/ValueSet/consent-policy from the FHIR Standard
Consent.provision.type	required	ConsentProvisionType http://hl7.org/fhir/ValueSet/consent-provision-type|4.0.1 from the FHIR Standard
Consent.provision.actor.role	extensible	SecurityRoleType http://hl7.org/fhir/ValueSet/security-role-type from the FHIR Standard
Consent.provision.action	example	ConsentActionCodes http://hl7.org/fhir/ValueSet/consent-action from the FHIR Standard
Consent.provision.securityLabel	extensible	All Security Labels http://hl7.org/fhir/ValueSet/security-labels from the FHIR Standard
Consent.provision.purpose	extensible	PurposeOfUse http://terminology.hl7.org/ValueSet/v3-PurposeOfUse
Consent.provision.class	extensible	ConsentContentClass http://hl7.org/fhir/ValueSet/consent-content-class from the FHIR Standard
Consent.provision.code	example	ConsentContentCodes (a valid code from LOINC) http://hl7.org/fhir/ValueSet/consent-content-code from the FHIR Standard
Consent.provision.data.meaning	required	ConsentDataMeaning http://hl7.org/fhir/ValueSet/consent-data-meaning|4.0.1 from the FHIR Standard

Differential View

This structure is derived from Consent

Name	Flags	Card.	Type	Description & Constraints
Consent		0..*	Consent	A healthcare consumer's choices to permit or deny recipients or roles to perform actions for specific purposes and periods of time
category		1..*	CodeableConcept	Classification of the consent statement - for indexing/retrieval Binding: Consent Category (required)
patient		1..1	Reference(ehealth-patient) {r}	Who the consent applies to
organization		0..*	Reference(ehealth-organization) {r}	Custodian of the consent
Slices for source[x]		0..1	Attachment, Reference(Consent | DocumentReference | Contract | QuestionnaireResponse)	Source from which this consent is taken Slice: Unordered, Open by type:$this
source[x]:sourceReference		0..1	Reference(ehealth-consent | ehealth-documentreference | Contract | ehealth-questionnaireresponse)	Source from which this consent is taken
Documentation for this format

Terminology Bindings (Differential)

Path	Conformance	ValueSet	URI
Consent.category	required	ConsentCategory (a valid code from Consent Category) http://ehealth.sundhed.dk/vs/consent-category from this IG

Key Elements View

Name	Flags	Card.	Type	Description & Constraints
Consent	C	0..*	Consent	A healthcare consumer's choices to permit or deny recipients or roles to perform actions for specific purposes and periods of time
implicitRules	?!Σ	0..1	uri	A set of rules under which this content was created
modifierExtension	?!	0..*	Extension	Extensions that cannot be ignored
status	?!Σ	1..1	code	draft | proposed | active | rejected | inactive | entered-in-error Binding: ConsentState (required): Indicates the state of the consent.
scope	?!Σ	1..1	CodeableConcept	Which of the four areas this resource covers (extensible) Binding: ConsentScopeCodes (extensible): The four anticipated uses for the Consent Resource.
category	Σ	1..*	CodeableConcept	Classification of the consent statement - for indexing/retrieval Binding: Consent Category (required)
patient	Σ	1..1	Reference(ehealth-patient) {r}	Who the consent applies to
organization	Σ	0..*	Reference(ehealth-organization) {r}	Custodian of the consent
Slices for source[x]	Σ	0..1		Source from which this consent is taken Slice: Unordered, Open by type:$this
sourceAttachment			Attachment
sourceReference			Reference(Consent | DocumentReference | Contract | QuestionnaireResponse)
source[x]:sourceReference	Σ	0..1	Reference(ehealth-consent | ehealth-documentreference | Contract | ehealth-questionnaireresponse)	Source from which this consent is taken
Documentation for this format

Terminology Bindings

Path	Conformance	ValueSet	URI
Consent.status	required	ConsentState http://hl7.org/fhir/ValueSet/consent-state-codes|4.0.1 from the FHIR Standard
Consent.scope	extensible	ConsentScopeCodes http://hl7.org/fhir/ValueSet/consent-scope from the FHIR Standard
Consent.category	required	ConsentCategory (a valid code from Consent Category) http://ehealth.sundhed.dk/vs/consent-category from this IG

Snapshot View

Name	Flags	Card.	Type	Description & Constraints
Consent	C	0..*	Consent	A healthcare consumer's choices to permit or deny recipients or roles to perform actions for specific purposes and periods of time
id	Σ	0..1	id	Logical id of this artifact
meta	Σ	0..1	Meta	Metadata about the resource
implicitRules	?!Σ	0..1	uri	A set of rules under which this content was created
language		0..1	code	Language of the resource content Binding: CommonLanguages (preferred): A human language. Additional Bindings Purpose AllLanguages Max Binding
text		0..1	Narrative	Text summary of the resource, for human interpretation
contained		0..*	Resource	Contained, inline Resources
extension		0..*	Extension	Additional content defined by implementations
modifierExtension	?!	0..*	Extension	Extensions that cannot be ignored
identifier	Σ	0..*	Identifier	Identifier for this record (external references) Example General: {"system":"http://acme.org/identifier/local/eCMS","value":"Local eCMS identifier"}
status	?!Σ	1..1	code	draft | proposed | active | rejected | inactive | entered-in-error Binding: ConsentState (required): Indicates the state of the consent.
scope	?!Σ	1..1	CodeableConcept	Which of the four areas this resource covers (extensible) Binding: ConsentScopeCodes (extensible): The four anticipated uses for the Consent Resource.
category	Σ	1..*	CodeableConcept	Classification of the consent statement - for indexing/retrieval Binding: Consent Category (required)
patient	Σ	1..1	Reference(ehealth-patient) {r}	Who the consent applies to
dateTime	Σ	0..1	dateTime	When this Consent was created or indexed
performer	Σ	0..*	Reference(Organization | Patient | Practitioner | RelatedPerson | PractitionerRole)	Who is agreeing to the policy and rules
organization	Σ	0..*	Reference(ehealth-organization) {r}	Custodian of the consent
Slices for source[x]	Σ	0..1		Source from which this consent is taken Slice: Unordered, Open by type:$this
sourceAttachment			Attachment
sourceReference			Reference(Consent | DocumentReference | Contract | QuestionnaireResponse)
source[x]:sourceReference	Σ	0..1	Reference(ehealth-consent | ehealth-documentreference | Contract | ehealth-questionnaireresponse)	Source from which this consent is taken
policy		0..*	BackboneElement	Policies covered by this consent
id		0..1	string	Unique id for inter-element referencing
extension		0..*	Extension	Additional content defined by implementations
modifierExtension	?!Σ	0..*	Extension	Extensions that cannot be ignored even if unrecognized
authority	C	0..1	uri	Enforcement source for policy
uri	C	0..1	uri	Specific policy covered by this consent
policyRule	ΣC	0..1	CodeableConcept	Regulation that this consents to Binding: ConsentPolicyRuleCodes (extensible): Regulatory policy examples.
verification	Σ	0..*	BackboneElement	Consent Verified by patient or family
id		0..1	string	Unique id for inter-element referencing
extension		0..*	Extension	Additional content defined by implementations
modifierExtension	?!Σ	0..*	Extension	Extensions that cannot be ignored even if unrecognized
verified	Σ	1..1	boolean	Has been verified
verifiedWith		0..1	Reference(Patient | RelatedPerson)	Person who verified
verificationDate		0..1	dateTime	When consent verified
provision	Σ	0..1	BackboneElement	Constraints to the base Consent.policyRule
id		0..1	string	Unique id for inter-element referencing
extension		0..*	Extension	Additional content defined by implementations
modifierExtension	?!Σ	0..*	Extension	Extensions that cannot be ignored even if unrecognized
type	Σ	0..1	code	deny | permit Binding: ConsentProvisionType (required): How a rule statement is applied, such as adding additional consent or removing consent.
period	Σ	0..1	Period	Timeframe for this rule
actor		0..*	BackboneElement	Who|what controlled by this rule (or group, by role)
id		0..1	string	Unique id for inter-element referencing
extension		0..*	Extension	Additional content defined by implementations
modifierExtension	?!Σ	0..*	Extension	Extensions that cannot be ignored even if unrecognized
role		1..1	CodeableConcept	How the actor is involved Binding: SecurityRoleType (extensible): How an actor is involved in the consent considerations.
reference		1..1	Reference(Device | Group | CareTeam | Organization | Patient | Practitioner | RelatedPerson | PractitionerRole)	Resource for the actor (or group, by role)
action	Σ	0..*	CodeableConcept	Actions controlled by this rule Binding: ConsentActionCodes (example): Detailed codes for the consent action.
securityLabel	Σ	0..*	Coding	Security Labels that define affected resources Binding: All Security Labels (extensible): Security Labels from the Healthcare Privacy and Security Classification System.
purpose	Σ	0..*	Coding	Context of activities covered by this rule Binding: PurposeOfUse (extensible): What purposes of use are controlled by this exception. If more than one label is specified, operations must have all the specified labels.
class	Σ	0..*	Coding	e.g. Resource Type, Profile, CDA, etc. Binding: ConsentContentClass (extensible): The class (type) of information a consent rule covers.
code	Σ	0..*	CodeableConcept	e.g. LOINC or SNOMED CT code, etc. in the content Binding: ConsentContentCodes (example): If this code is found in an instance, then the exception applies.
dataPeriod	Σ	0..1	Period	Timeframe for data controlled by this rule
data	Σ	0..*	BackboneElement	Data controlled by this rule
id		0..1	string	Unique id for inter-element referencing
extension		0..*	Extension	Additional content defined by implementations
modifierExtension	?!Σ	0..*	Extension	Extensions that cannot be ignored even if unrecognized
meaning	Σ	1..1	code	instance | related | dependents | authoredby Binding: ConsentDataMeaning (required): How a resource reference is interpreted when testing consent restrictions.
reference	Σ	1..1	Reference(Resource)	The actual data reference
provision		0..*	See provision (Consent)	Nested Exception Rules
Documentation for this format

Terminology Bindings

Path	Conformance	ValueSet	URI
Consent.language	preferred	CommonLanguages Additional Bindings Purpose AllLanguages Max Binding http://hl7.org/fhir/ValueSet/languages from the FHIR Standard
Consent.status	required	ConsentState http://hl7.org/fhir/ValueSet/consent-state-codes|4.0.1 from the FHIR Standard
Consent.scope	extensible	ConsentScopeCodes http://hl7.org/fhir/ValueSet/consent-scope from the FHIR Standard
Consent.category	required	ConsentCategory (a valid code from Consent Category) http://ehealth.sundhed.dk/vs/consent-category from this IG
Consent.policyRule	extensible	ConsentPolicyRuleCodes http://hl7.org/fhir/ValueSet/consent-policy from the FHIR Standard
Consent.provision.type	required	ConsentProvisionType http://hl7.org/fhir/ValueSet/consent-provision-type|4.0.1 from the FHIR Standard
Consent.provision.actor.role	extensible	SecurityRoleType http://hl7.org/fhir/ValueSet/security-role-type from the FHIR Standard
Consent.provision.action	example	ConsentActionCodes http://hl7.org/fhir/ValueSet/consent-action from the FHIR Standard
Consent.provision.securityLabel	extensible	All Security Labels http://hl7.org/fhir/ValueSet/security-labels from the FHIR Standard
Consent.provision.purpose	extensible	PurposeOfUse http://terminology.hl7.org/ValueSet/v3-PurposeOfUse
Consent.provision.class	extensible	ConsentContentClass http://hl7.org/fhir/ValueSet/consent-content-class from the FHIR Standard
Consent.provision.code	example	ConsentContentCodes (a valid code from LOINC) http://hl7.org/fhir/ValueSet/consent-content-code from the FHIR Standard
Consent.provision.data.meaning	required	ConsentDataMeaning http://hl7.org/fhir/ValueSet/consent-data-meaning|4.0.1 from the FHIR Standard

This structure is derived from Consent

Summary

Mandatory: 1 element

Structures

This structure refers to these other structures:

• ehealth-patient (http://ehealth.sundhed.dk/fhir/StructureDefinition/ehealth-patient)
• ehealth-organization (http://ehealth.sundhed.dk/fhir/StructureDefinition/ehealth-organization)
• ehealth-consent (http://ehealth.sundhed.dk/fhir/StructureDefinition/ehealth-consent)
• ehealth-documentreference (http://ehealth.sundhed.dk/fhir/StructureDefinition/ehealth-documentreference)
• ehealth-questionnaireresponse (http://ehealth.sundhed.dk/fhir/StructureDefinition/ehealth-questionnaireresponse)

Slices

This structure defines the following Slices:

• The element Consent.source[x] is sliced based on the value of type:$this