eHealth Infrastructure
2.3.0 - release

eHealth Infrastructure - Local Development build (v2.3.0). See the Directory of published versions

Resource Profile: ehealth-consent

Official URL: http://ehealth.sundhed.dk/fhir/StructureDefinition/ehealth-consent Version: 2.3.0
Active as of 2022-09-27 Computable Name: ehealth-consent

Introduction

A Consent resource is a record of a healthcare consumer’s policy choices, which permits or denies identified actors(s) or identified role(s) to perform one or more actions within a given policy context, for specific purpose(s) and period of time.

Scope and Usage

In the eHealth infrastructure a Consent resource is used

  1. as a record of the fact that a Patient has given a Consent and
  2. to enforce data policies that require Consent to be given and recorded for a Patient.

When a Patient gives a consent, this consent must be recorded as a Consent resource. This resource can be created by the Patient herself or by a Practitioner as a result of conversations or correspondence with the Patient.

eHealth operates with two categories of consents:

  1. Category PITEOC: Consent given by a Patient to be enrolled into a telemedical EpisodeOfCare. This Consent is interpretated to also apply to all CarePlan instances related to the consented EpisodeOfCare.

  2. Category SSLPCI: Consent given by a Patient to have his/her contact information (physical address and telecommunication endpoints) being disclosed to a specified actor supplying device(s) and service(s) to the Patient as part of an EpisodeOfCare and related CarePlan(s).

Consents of category PITEOC are expressed by creating a Consent resource with:

  • Consent.category.coding.system = "http://ehealth.sundhed.dk/cs/consent-category"
  • Consent.category.coding.code = "PITEOC".

Consents of category SSLPCI are expressed by creating a Consent resource with:

  • Consent.category.coding.system = "http://ehealth.sundhed.dk/cs/consent-category"
  • Consent.category.coding.code = "SSLPCI".

Business rules are built into eHealth infrastructure to ensure that data can only be processed or forwarded to other systems and actors when the proper Consent is given.

This means, that:

  1. An EpisodeOfCare can only change status to active if a Consent with category PITEOC has been given.
  2. An SSL Order can only change status to submitted if a Consent with category SSLPCI has been given.

In addition to the Consent.category element, the following elements must be set on a Consent resource for the policy enforcing business logic to take effect:

  • Consent.patient - the patient who is the subject of this consent (must coincide with the EpisodeOfCare.patient referenced by Consent.data.reference)
  • Consent.data.reference - the EpisodeOfCare for which this Consent is in force.
  • Consent.actor - the actor (Organization, CareTeam, Practitioner) whose behaviour is controlled by this consent.
  • Consent.status - the status of this consent (only active consents are considered to be in force)
  • Consent.period - the (possibly open-ended) period for which this consent is in force.

For more information see the element descriptions in the snapshot table on this page and also see the example Consent resources on the Examples tab.

Remarks on operations

Update

The update operation on Consent only accepts changes to the patient, category, data.reference, actor, status, and period contents.

Usage:

  • Refer to this Resource Profile:

Formal Views of Profile Content

Description of Profiles, Differentials, Snapshots and how the different presentations work.

This structure is derived from Consent

NameFlagsCard.TypeDescription & Constraintsdoco
.. Consent 0..*ConsentA healthcare consumer's choices to permit or deny recipients or roles to perform actions for specific purposes and periods of time
... category 1..*CodeableConceptClassification of the consent statement - for indexing/retrieval
Binding: Consent Category (required)
... patient 1..1Reference(ehealth-patient) {r}Who the consent applies to
... organization 0..*Reference(ehealth-organization) {r}Custodian of the consent

doco Documentation for this format
NameFlagsCard.TypeDescription & Constraintsdoco
.. Consent C0..*ConsentA healthcare consumer's choices to permit or deny recipients or roles to perform actions for specific purposes and periods of time
... id Σ0..1idLogical id of this artifact
... meta Σ0..1MetaMetadata about the resource
... implicitRules ?!Σ0..1uriA set of rules under which this content was created
... text 0..1NarrativeText summary of the resource, for human interpretation
... contained 0..*ResourceContained, inline Resources
... extension 0..*ExtensionAdditional content defined by implementations
... modifierExtension ?!0..*ExtensionExtensions that cannot be ignored
... identifier Σ0..*IdentifierIdentifier for this record (external references)

Example General: {"system":"urn:ietf:rfc:3986","value":"Local eCMS identifier"}
... status ?!Σ1..1codedraft | proposed | active | rejected | inactive | entered-in-error
Binding: ConsentState (required): Indicates the state of the consent.

... scope ?!Σ1..1CodeableConceptWhich of the four areas this resource covers (extensible)
Binding: ConsentScopeCodes (extensible): The four anticipated uses for the Consent Resource.

... category Σ1..*CodeableConceptClassification of the consent statement - for indexing/retrieval
Binding: Consent Category (required)
... patient Σ1..1Reference(ehealth-patient) {r}Who the consent applies to
... dateTime Σ0..1dateTimeWhen this Consent was created or indexed
... performer Σ0..*Reference(Organization | Patient | Practitioner | RelatedPerson | PractitionerRole)Who is agreeing to the policy and rules
... organization Σ0..*Reference(ehealth-organization) {r}Custodian of the consent
... Slices for source[x] Σ0..1Source from which this consent is taken
Slice: Unordered, Open by type:$this
.... sourceAttachmentAttachment
.... sourceReferenceReference(Consent | DocumentReference | Contract | QuestionnaireResponse)
.... source[x]:sourceReference Σ0..1Reference(ehealth-consent | ehealth-documentreference | Contract | ehealth-questionnaireresponse)Source from which this consent is taken
... policy 0..*BackboneElementPolicies covered by this consent
.... id 0..1stringUnique id for inter-element referencing
.... extension 0..*ExtensionAdditional content defined by implementations
.... modifierExtension ?!Σ0..*ExtensionExtensions that cannot be ignored even if unrecognized
.... authority C0..1uriEnforcement source for policy
.... uri C0..1uriSpecific policy covered by this consent
... policyRule ΣC0..1CodeableConceptRegulation that this consents to
Binding: ConsentPolicyRuleCodes (extensible): Regulatory policy examples.

... verification Σ0..*BackboneElementConsent Verified by patient or family
.... id 0..1stringUnique id for inter-element referencing
.... extension 0..*ExtensionAdditional content defined by implementations
.... modifierExtension ?!Σ0..*ExtensionExtensions that cannot be ignored even if unrecognized
.... verified Σ1..1booleanHas been verified
.... verifiedWith 0..1Reference(Patient | RelatedPerson)Person who verified
.... verificationDate 0..1dateTimeWhen consent verified
... provision Σ0..1BackboneElementConstraints to the base Consent.policyRule
.... id 0..1stringUnique id for inter-element referencing
.... extension 0..*ExtensionAdditional content defined by implementations
.... modifierExtension ?!Σ0..*ExtensionExtensions that cannot be ignored even if unrecognized
.... type Σ0..1codedeny | permit
Binding: ConsentProvisionType (required): How a rule statement is applied, such as adding additional consent or removing consent.

.... period Σ0..1PeriodTimeframe for this rule
.... actor 0..*BackboneElementWho|what controlled by this rule (or group, by role)
..... id 0..1stringUnique id for inter-element referencing
..... extension 0..*ExtensionAdditional content defined by implementations
..... modifierExtension ?!Σ0..*ExtensionExtensions that cannot be ignored even if unrecognized
..... role 1..1CodeableConceptHow the actor is involved
Binding: SecurityRoleType (extensible): How an actor is involved in the consent considerations.

..... reference 1..1Reference(Device | Group | CareTeam | Organization | Patient | Practitioner | RelatedPerson | PractitionerRole)Resource for the actor (or group, by role)
.... action Σ0..*CodeableConceptActions controlled by this rule
Binding: ConsentActionCodes (example): Detailed codes for the consent action.


.... securityLabel Σ0..*CodingSecurity Labels that define affected resources
Binding: All Security Labels (extensible): Security Labels from the Healthcare Privacy and Security Classification System.


.... purpose Σ0..*CodingContext of activities covered by this rule
Binding: PurposeOfUse (extensible): What purposes of use are controlled by this exception. If more than one label is specified, operations must have all the specified labels.


.... class Σ0..*Codinge.g. Resource Type, Profile, CDA, etc.
Binding: ConsentContentClass (extensible): The class (type) of information a consent rule covers.


.... code Σ0..*CodeableConcepte.g. LOINC or SNOMED CT code, etc. in the content
Binding: ConsentContentCodes (example): If this code is found in an instance, then the exception applies.


.... dataPeriod Σ0..1PeriodTimeframe for data controlled by this rule
.... data Σ0..*BackboneElementData controlled by this rule
..... id 0..1stringUnique id for inter-element referencing
..... extension 0..*ExtensionAdditional content defined by implementations
..... modifierExtension ?!Σ0..*ExtensionExtensions that cannot be ignored even if unrecognized
..... meaning Σ1..1codeinstance | related | dependents | authoredby
Binding: ConsentDataMeaning (required): How a resource reference is interpreted when testing consent restrictions.

..... reference Σ1..1Reference(Resource)The actual data reference
.... provision 0..*See provision (Consent)Nested Exception Rules

doco Documentation for this format
NameFlagsCard.TypeDescription & Constraintsdoco
.. Consent C0..*ConsentA healthcare consumer's choices to permit or deny recipients or roles to perform actions for specific purposes and periods of time

doco Documentation for this format

Differential View

This structure is derived from Consent

NameFlagsCard.TypeDescription & Constraintsdoco
.. Consent 0..*ConsentA healthcare consumer's choices to permit or deny recipients or roles to perform actions for specific purposes and periods of time
... category 1..*CodeableConceptClassification of the consent statement - for indexing/retrieval
Binding: Consent Category (required)
... patient 1..1Reference(ehealth-patient) {r}Who the consent applies to
... organization 0..*Reference(ehealth-organization) {r}Custodian of the consent

doco Documentation for this format

Snapshot View

NameFlagsCard.TypeDescription & Constraintsdoco
.. Consent C0..*ConsentA healthcare consumer's choices to permit or deny recipients or roles to perform actions for specific purposes and periods of time
... id Σ0..1idLogical id of this artifact
... meta Σ0..1MetaMetadata about the resource
... implicitRules ?!Σ0..1uriA set of rules under which this content was created
... text 0..1NarrativeText summary of the resource, for human interpretation
... contained 0..*ResourceContained, inline Resources
... extension 0..*ExtensionAdditional content defined by implementations
... modifierExtension ?!0..*ExtensionExtensions that cannot be ignored
... identifier Σ0..*IdentifierIdentifier for this record (external references)

Example General: {"system":"urn:ietf:rfc:3986","value":"Local eCMS identifier"}
... status ?!Σ1..1codedraft | proposed | active | rejected | inactive | entered-in-error
Binding: ConsentState (required): Indicates the state of the consent.

... scope ?!Σ1..1CodeableConceptWhich of the four areas this resource covers (extensible)
Binding: ConsentScopeCodes (extensible): The four anticipated uses for the Consent Resource.

... category Σ1..*CodeableConceptClassification of the consent statement - for indexing/retrieval
Binding: Consent Category (required)
... patient Σ1..1Reference(ehealth-patient) {r}Who the consent applies to
... dateTime Σ0..1dateTimeWhen this Consent was created or indexed
... performer Σ0..*Reference(Organization | Patient | Practitioner | RelatedPerson | PractitionerRole)Who is agreeing to the policy and rules
... organization Σ0..*Reference(ehealth-organization) {r}Custodian of the consent
... Slices for source[x] Σ0..1Source from which this consent is taken
Slice: Unordered, Open by type:$this
.... sourceAttachmentAttachment
.... sourceReferenceReference(Consent | DocumentReference | Contract | QuestionnaireResponse)
.... source[x]:sourceReference Σ0..1Reference(ehealth-consent | ehealth-documentreference | Contract | ehealth-questionnaireresponse)Source from which this consent is taken
... policy 0..*BackboneElementPolicies covered by this consent
.... id 0..1stringUnique id for inter-element referencing
.... extension 0..*ExtensionAdditional content defined by implementations
.... modifierExtension ?!Σ0..*ExtensionExtensions that cannot be ignored even if unrecognized
.... authority C0..1uriEnforcement source for policy
.... uri C0..1uriSpecific policy covered by this consent
... policyRule ΣC0..1CodeableConceptRegulation that this consents to
Binding: ConsentPolicyRuleCodes (extensible): Regulatory policy examples.

... verification Σ0..*BackboneElementConsent Verified by patient or family
.... id 0..1stringUnique id for inter-element referencing
.... extension 0..*ExtensionAdditional content defined by implementations
.... modifierExtension ?!Σ0..*ExtensionExtensions that cannot be ignored even if unrecognized
.... verified Σ1..1booleanHas been verified
.... verifiedWith 0..1Reference(Patient | RelatedPerson)Person who verified
.... verificationDate 0..1dateTimeWhen consent verified
... provision Σ0..1BackboneElementConstraints to the base Consent.policyRule
.... id 0..1stringUnique id for inter-element referencing
.... extension 0..*ExtensionAdditional content defined by implementations
.... modifierExtension ?!Σ0..*ExtensionExtensions that cannot be ignored even if unrecognized
.... type Σ0..1codedeny | permit
Binding: ConsentProvisionType (required): How a rule statement is applied, such as adding additional consent or removing consent.

.... period Σ0..1PeriodTimeframe for this rule
.... actor 0..*BackboneElementWho|what controlled by this rule (or group, by role)
..... id 0..1stringUnique id for inter-element referencing
..... extension 0..*ExtensionAdditional content defined by implementations
..... modifierExtension ?!Σ0..*ExtensionExtensions that cannot be ignored even if unrecognized
..... role 1..1CodeableConceptHow the actor is involved
Binding: SecurityRoleType (extensible): How an actor is involved in the consent considerations.

..... reference 1..1Reference(Device | Group | CareTeam | Organization | Patient | Practitioner | RelatedPerson | PractitionerRole)Resource for the actor (or group, by role)
.... action Σ0..*CodeableConceptActions controlled by this rule
Binding: ConsentActionCodes (example): Detailed codes for the consent action.


.... securityLabel Σ0..*CodingSecurity Labels that define affected resources
Binding: All Security Labels (extensible): Security Labels from the Healthcare Privacy and Security Classification System.


.... purpose Σ0..*CodingContext of activities covered by this rule
Binding: PurposeOfUse (extensible): What purposes of use are controlled by this exception. If more than one label is specified, operations must have all the specified labels.


.... class Σ0..*Codinge.g. Resource Type, Profile, CDA, etc.
Binding: ConsentContentClass (extensible): The class (type) of information a consent rule covers.


.... code Σ0..*CodeableConcepte.g. LOINC or SNOMED CT code, etc. in the content
Binding: ConsentContentCodes (example): If this code is found in an instance, then the exception applies.


.... dataPeriod Σ0..1PeriodTimeframe for data controlled by this rule
.... data Σ0..*BackboneElementData controlled by this rule
..... id 0..1stringUnique id for inter-element referencing
..... extension 0..*ExtensionAdditional content defined by implementations
..... modifierExtension ?!Σ0..*ExtensionExtensions that cannot be ignored even if unrecognized
..... meaning Σ1..1codeinstance | related | dependents | authoredby
Binding: ConsentDataMeaning (required): How a resource reference is interpreted when testing consent restrictions.

..... reference Σ1..1Reference(Resource)The actual data reference
.... provision 0..*See provision (Consent)Nested Exception Rules

doco Documentation for this format

 

Other representations of profile: CSV, Excel, Schematron

Terminology Bindings

PathConformanceValueSet
Consent.languagepreferredCommonLanguages
Max Binding: AllLanguages
Consent.statusrequiredConsentState
Consent.scopeextensibleConsentScopeCodes
Consent.categoryrequiredConsentCategory
Consent.policyRuleextensibleConsentPolicyRuleCodes
Consent.provision.typerequiredConsentProvisionType
Consent.provision.actor.roleextensibleSecurityRoleType
Consent.provision.actionexampleConsentActionCodes
Consent.provision.securityLabelextensibleAll Security Labels
Consent.provision.purposeextensiblePurposeOfUse
Consent.provision.classextensibleConsentContentClass
Consent.provision.codeexampleConsentContentCodes
Consent.provision.data.meaningrequiredConsentDataMeaning