eHealth Infrastructure (v2020.8)

StructureDefinition: ehealth-consent

Introduction

A Consent resource is a record of a healthcare consumer’s policy choices, which permits or denies identified actors(s) or identified role(s) to perform one or more actions within a given policy context, for specific purpose(s) and period of time.

Scope and Usage

In the eHealth infrastructure a Consent resource is used

  1. as a record of the fact that a Patient has given a Consent and
  2. to enforce data policies that require Consent to be given and recorded for a Patient.

When a Patient gives a consent, this consent must be recorded as a Consent resource. This resource can be created by the Patient herself or by a Practitioner as a result of conversations or correspondence with the Patient.

eHealth operates with two categories of consents:

  1. Category PITEOC: Consent given by a Patient to be enrolled into a telemedical EpisodeOfCare. This Consent is interpretated to also apply to all CarePlan instances related to the consented EpisodeOfCare.

  2. Category SSLPCI: Consent given by a Patient to have his/her contact information (physical address and telecommunication endpoints) being disclosed to a specified actor supplying device(s) and service(s) to the Patient as part of an EpisodeOfCare and related CarePlan(s).

Consents of category PITEOC are expressed by creating a Consent resource with:

  • Consent.category.coding.system = "http://ehealth.sundhed.dk/cs/consent-category"
  • Consent.category.coding.code = "PITEOC".

Consents of category SSLPCI are expressed by creating a Consent resource with:

  • Consent.category.coding.system = "http://ehealth.sundhed.dk/cs/consent-category"
  • Consent.category.coding.code = "SSLPCI".

Business rules are built into eHealth infrastructure to ensure that data can only be processed or forwarded to other systems and actors when the proper Consent is given.

This means, that:

  1. An EpisodeOfCare can only change status to active if a Consent with category PITEOC has been given.
  2. An SSL Order can only change status to submitted if a Consent with category SSLPCI has been given.

In addition to the Consent.category element, the following elements must be set on a Consent resource for the policy enforcing business logic to take effect:

  • Consent.patient - the patient who is the subject of this consent (must coincide with the EpisodeOfCare.patient referenced by Consent.data.reference)
  • Consent.data.reference - the EpisodeOfCare for which this Consent is in force.
  • Consent.actor - the actor (Organization, CareTeam, Practitioner) whose behaviour is controlled by this consent.
  • Consent.status - the status of this consent (only active consents are considered to be in force)
  • Consent.period - the (possibly open-ended) period for which this consent is in force.

For more information see the element descriptions in the snapshot table on this page and also see the example Consent resources on the Examples tab.

Remarks on operations

Update

The update operation on Consent only accepts changes to the patient, category, data.reference, actor, status, and period contents.

Formal Views of Profile Content

The official URL for this profile is:

http://ehealth.sundhed.dk/fhir/StructureDefinition/ehealth-consent

This profile builds on Consent.

This profile was published on Thu Jan 07 13:26:31 UTC 2021 as a draft by ehealth.sundhed.dk.

Description of Profiles, Differentials, Snapshots, and how the XML and JSON presentations work.

This structure is derived from Consent

NameFlagsCard.TypeDescription & Constraintsdoco
.. Consent 0..*ConsentUsed to express a Consent regarding Healthcare.
... category 1..*CodeableConceptType of the consent statement
Binding: Consent Category (required)
.... coding 0..*CodingCode defined by a terminology system
Binding: Consent Category (required): Value set of kinds of consents.

... patient 1..1Reference(eHealth Patient) {r}Who the consent applies to
... period 1..1PeriodPeriod that this consent applies
.... start 1..1dateTimeStarting time with inclusive boundary
... consentingParty 1..*Reference(eHealth Organization | eHealth Patient | eHealth Practitioner | eHealth RelatedPerson) {r}Who is agreeing to the policy and exceptions
... actor 1..*BackboneElementWho|what controlled by this consent (or group, by role)
.... reference 1..1Reference(eHealth Device | Group | eHealth CareTeam | eHealth Organization | eHealth Patient | eHealth Practitioner | eHealth RelatedPerson) {r}Resource for the actor (or group, by role)
... organization 0..*Reference(eHealth Organization) {r}Custodian of the consent
... source[x] 0..1Source from which this consent is taken
.... sourceAttachmentAttachment
.... sourceIdentifierIdentifier
.... sourceReferenceReference(eHealth Consent | ehealth-documentreference | Contract | eHealth QuestionnaireResponse)
... data 1..*BackboneElementData controlled by this consent
.... reference 1..1Reference(eHealth EpisodeOfCare) {r}The actual data reference
... except
.... actor
..... reference 1..1Reference(eHealth Device | Group | eHealth CareTeam | eHealth Organization | eHealth Patient | eHealth Practitioner | eHealth RelatedPerson) {r}Resource for the actor (or group, by role)
.... data
..... reference 1..1Reference(Resource) {r}The actual data reference

doco Documentation for this format

This structure is derived from Consent

NameFlagsCard.TypeDescription & Constraintsdoco
.. Consent I0..*ConsentUsed to express a Consent regarding Healthcare.
... id Σ0..1idLogical id of this artifact
... meta Σ0..1MetaMetadata about the resource
... implicitRules ?!Σ0..1uriA set of rules under which this content was created
... language 0..1codeLanguage of the resource content
Binding: Common Languages (extensible)
Max Binding: All Languages: A human language.

... text 0..1NarrativeText summary of the resource, for human interpretation
... contained 0..*ResourceContained, inline Resources
... extension 0..*ExtensionAdditional Content defined by implementations
... modifierExtension ?!0..*ExtensionExtensions that cannot be ignored
... identifier Σ0..1IdentifierIdentifier for this record (external references)
Example General: {"system":"urn:ietf:rfc:3986","value":"Local eCMS identifier"}
... status ?!Σ1..1codedraft | proposed | active | rejected | inactive | entered-in-error
Binding: ConsentState (required): Indicates the state of the consent

... category Σ1..*CodeableConceptType of the consent statement
Binding: Consent Category (required)
.... id 0..1stringxml:id (or equivalent in JSON)
.... extension 0..*ExtensionAdditional Content defined by implementations
Slice: Unordered, Open by value:url
.... coding Σ0..*CodingCode defined by a terminology system
Binding: Consent Category (required): Value set of kinds of consents.


.... text Σ0..1stringPlain text representation of the concept
... patient Σ1..1Reference(eHealth Patient) {r}Who the consent applies to
... period Σ1..1PeriodPeriod that this consent applies
.... id 0..1stringxml:id (or equivalent in JSON)
.... extension 0..*ExtensionAdditional Content defined by implementations
Slice: Unordered, Open by value:url
.... start ΣI1..1dateTimeStarting time with inclusive boundary
.... end ΣI0..1dateTimeEnd time with inclusive boundary, if not ongoing
... dateTime Σ0..1dateTimeWhen this Consent was created or indexed
... consentingParty Σ1..*Reference(eHealth Organization | eHealth Patient | eHealth Practitioner | eHealth RelatedPerson) {r}Who is agreeing to the policy and exceptions
... actor Σ1..*BackboneElementWho|what controlled by this consent (or group, by role)
.... id 0..1stringxml:id (or equivalent in JSON)
.... extension 0..*ExtensionAdditional Content defined by implementations
.... modifierExtension ?!Σ0..*ExtensionExtensions that cannot be ignored
.... role 1..1CodeableConceptHow the actor is involved
Binding: SecurityRoleType (extensible): How an actor is involved in the consent considerations

.... reference 1..1Reference(eHealth Device | Group | eHealth CareTeam | eHealth Organization | eHealth Patient | eHealth Practitioner | eHealth RelatedPerson) {r}Resource for the actor (or group, by role)
... action Σ0..*CodeableConceptActions controlled by this consent
Binding: Consent Action Codes (example): Detailed codes for the consent action.


... organization Σ0..*Reference(eHealth Organization) {r}Custodian of the consent
... source[x] Σ0..1Source from which this consent is taken
.... sourceAttachmentAttachment
.... sourceIdentifierIdentifier
.... sourceReferenceReference(eHealth Consent | ehealth-documentreference | Contract | eHealth QuestionnaireResponse)
... policy 0..*BackboneElementPolicies covered by this consent
.... id 0..1stringxml:id (or equivalent in JSON)
.... extension 0..*ExtensionAdditional Content defined by implementations
.... modifierExtension ?!Σ0..*ExtensionExtensions that cannot be ignored
.... authority I0..1uriEnforcement source for policy
.... uri I0..1uriSpecific policy covered by this consent
... policyRule ΣI0..1uriPolicy that this consents to
... securityLabel Σ0..*CodingSecurity Labels that define affected resources
Binding: All Security Labels (extensible): Security Labels from the Healthcare Privacy and Security Classification System.


... purpose Σ0..*CodingContext of activities for which the agreement is made
Binding: PurposeOfUse (extensible): What purposes of use are controlled by this exception. If more than one label is specified, operations must have all the specified labels


... dataPeriod Σ0..1PeriodTimeframe for data controlled by this consent
... data Σ1..*BackboneElementData controlled by this consent
.... id 0..1stringxml:id (or equivalent in JSON)
.... extension 0..*ExtensionAdditional Content defined by implementations
.... modifierExtension ?!Σ0..*ExtensionExtensions that cannot be ignored
.... meaning Σ1..1codeinstance | related | dependents | authoredby
Binding: ConsentDataMeaning (required): How a resource reference is interpreted when testing consent restrictions

.... reference Σ1..1Reference(eHealth EpisodeOfCare) {r}The actual data reference
... except Σ0..*BackboneElementAdditional rule - addition or removal of permissions
.... id 0..1stringxml:id (or equivalent in JSON)
.... extension 0..*ExtensionAdditional Content defined by implementations
.... modifierExtension ?!Σ0..*ExtensionExtensions that cannot be ignored
.... type Σ1..1codedeny | permit
Binding: ConsentExceptType (required): How an exception statement is applied, such as adding additional consent or removing consent

.... period Σ0..1PeriodTimeframe for this exception
.... actor Σ0..*BackboneElementWho|what controlled by this exception (or group, by role)
..... id 0..1stringxml:id (or equivalent in JSON)
..... extension 0..*ExtensionAdditional Content defined by implementations
..... modifierExtension ?!Σ0..*ExtensionExtensions that cannot be ignored
..... role 1..1CodeableConceptHow the actor is involved
Binding: SecurityRoleType (extensible): How an actor is involved in the consent considerations

..... reference 1..1Reference(eHealth Device | Group | eHealth CareTeam | eHealth Organization | eHealth Patient | eHealth Practitioner | eHealth RelatedPerson) {r}Resource for the actor (or group, by role)
.... action Σ0..*CodeableConceptActions controlled by this exception
Binding: Consent Action Codes (example): Detailed codes for the consent action.


.... securityLabel Σ0..*CodingSecurity Labels that define affected resources
Binding: All Security Labels (extensible): Security Labels from the Healthcare Privacy and Security Classification System.


.... purpose Σ0..*CodingContext of activities covered by this exception
Binding: PurposeOfUse (extensible): What purposes of use are controlled by this exception. If more than one label is specified, operations must have all the specified labels


.... class Σ0..*Codinge.g. Resource Type, Profile, or CDA etc
Binding: Consent Content Class (extensible): The class (type) of information a consent rule covers


.... code Σ0..*Codinge.g. LOINC or SNOMED CT code, etc in the content
Binding: Consent Content Codes (example): If this code is found in an instance, then the exception applies


.... dataPeriod Σ0..1PeriodTimeframe for data controlled by this exception
.... data Σ0..*BackboneElementData controlled by this exception
..... id 0..1stringxml:id (or equivalent in JSON)
..... extension 0..*ExtensionAdditional Content defined by implementations
..... modifierExtension ?!Σ0..*ExtensionExtensions that cannot be ignored
..... meaning Σ1..1codeinstance | related | dependents | authoredby
Binding: ConsentDataMeaning (required): How a resource reference is interpreted when testing consent restrictions

..... reference Σ1..1Reference(Resource) {r}The actual data reference

doco Documentation for this format

Differential View

This structure is derived from Consent

NameFlagsCard.TypeDescription & Constraintsdoco
.. Consent 0..*ConsentUsed to express a Consent regarding Healthcare.
... category 1..*CodeableConceptType of the consent statement
Binding: Consent Category (required)
.... coding 0..*CodingCode defined by a terminology system
Binding: Consent Category (required): Value set of kinds of consents.

... patient 1..1Reference(eHealth Patient) {r}Who the consent applies to
... period 1..1PeriodPeriod that this consent applies
.... start 1..1dateTimeStarting time with inclusive boundary
... consentingParty 1..*Reference(eHealth Organization | eHealth Patient | eHealth Practitioner | eHealth RelatedPerson) {r}Who is agreeing to the policy and exceptions
... actor 1..*BackboneElementWho|what controlled by this consent (or group, by role)
.... reference 1..1Reference(eHealth Device | Group | eHealth CareTeam | eHealth Organization | eHealth Patient | eHealth Practitioner | eHealth RelatedPerson) {r}Resource for the actor (or group, by role)
... organization 0..*Reference(eHealth Organization) {r}Custodian of the consent
... source[x] 0..1Source from which this consent is taken
.... sourceAttachmentAttachment
.... sourceIdentifierIdentifier
.... sourceReferenceReference(eHealth Consent | ehealth-documentreference | Contract | eHealth QuestionnaireResponse)
... data 1..*BackboneElementData controlled by this consent
.... reference 1..1Reference(eHealth EpisodeOfCare) {r}The actual data reference
... except
.... actor
..... reference 1..1Reference(eHealth Device | Group | eHealth CareTeam | eHealth Organization | eHealth Patient | eHealth Practitioner | eHealth RelatedPerson) {r}Resource for the actor (or group, by role)
.... data
..... reference 1..1Reference(Resource) {r}The actual data reference

doco Documentation for this format

Snapshot View

NameFlagsCard.TypeDescription & Constraintsdoco
.. Consent I0..*ConsentUsed to express a Consent regarding Healthcare.
... id Σ0..1idLogical id of this artifact
... meta Σ0..1MetaMetadata about the resource
... implicitRules ?!Σ0..1uriA set of rules under which this content was created
... language 0..1codeLanguage of the resource content
Binding: Common Languages (extensible)
Max Binding: All Languages: A human language.

... text 0..1NarrativeText summary of the resource, for human interpretation
... contained 0..*ResourceContained, inline Resources
... extension 0..*ExtensionAdditional Content defined by implementations
... modifierExtension ?!0..*ExtensionExtensions that cannot be ignored
... identifier Σ0..1IdentifierIdentifier for this record (external references)
Example General: {"system":"urn:ietf:rfc:3986","value":"Local eCMS identifier"}
... status ?!Σ1..1codedraft | proposed | active | rejected | inactive | entered-in-error
Binding: ConsentState (required): Indicates the state of the consent

... category Σ1..*CodeableConceptType of the consent statement
Binding: Consent Category (required)
.... id 0..1stringxml:id (or equivalent in JSON)
.... extension 0..*ExtensionAdditional Content defined by implementations
Slice: Unordered, Open by value:url
.... coding Σ0..*CodingCode defined by a terminology system
Binding: Consent Category (required): Value set of kinds of consents.


.... text Σ0..1stringPlain text representation of the concept
... patient Σ1..1Reference(eHealth Patient) {r}Who the consent applies to
... period Σ1..1PeriodPeriod that this consent applies
.... id 0..1stringxml:id (or equivalent in JSON)
.... extension 0..*ExtensionAdditional Content defined by implementations
Slice: Unordered, Open by value:url
.... start ΣI1..1dateTimeStarting time with inclusive boundary
.... end ΣI0..1dateTimeEnd time with inclusive boundary, if not ongoing
... dateTime Σ0..1dateTimeWhen this Consent was created or indexed
... consentingParty Σ1..*Reference(eHealth Organization | eHealth Patient | eHealth Practitioner | eHealth RelatedPerson) {r}Who is agreeing to the policy and exceptions
... actor Σ1..*BackboneElementWho|what controlled by this consent (or group, by role)
.... id 0..1stringxml:id (or equivalent in JSON)
.... extension 0..*ExtensionAdditional Content defined by implementations
.... modifierExtension ?!Σ0..*ExtensionExtensions that cannot be ignored
.... role 1..1CodeableConceptHow the actor is involved
Binding: SecurityRoleType (extensible): How an actor is involved in the consent considerations

.... reference 1..1Reference(eHealth Device | Group | eHealth CareTeam | eHealth Organization | eHealth Patient | eHealth Practitioner | eHealth RelatedPerson) {r}Resource for the actor (or group, by role)
... action Σ0..*CodeableConceptActions controlled by this consent
Binding: Consent Action Codes (example): Detailed codes for the consent action.


... organization Σ0..*Reference(eHealth Organization) {r}Custodian of the consent
... source[x] Σ0..1Source from which this consent is taken
.... sourceAttachmentAttachment
.... sourceIdentifierIdentifier
.... sourceReferenceReference(eHealth Consent | ehealth-documentreference | Contract | eHealth QuestionnaireResponse)
... policy 0..*BackboneElementPolicies covered by this consent
.... id 0..1stringxml:id (or equivalent in JSON)
.... extension 0..*ExtensionAdditional Content defined by implementations
.... modifierExtension ?!Σ0..*ExtensionExtensions that cannot be ignored
.... authority I0..1uriEnforcement source for policy
.... uri I0..1uriSpecific policy covered by this consent
... policyRule ΣI0..1uriPolicy that this consents to
... securityLabel Σ0..*CodingSecurity Labels that define affected resources
Binding: All Security Labels (extensible): Security Labels from the Healthcare Privacy and Security Classification System.


... purpose Σ0..*CodingContext of activities for which the agreement is made
Binding: PurposeOfUse (extensible): What purposes of use are controlled by this exception. If more than one label is specified, operations must have all the specified labels


... dataPeriod Σ0..1PeriodTimeframe for data controlled by this consent
... data Σ1..*BackboneElementData controlled by this consent
.... id 0..1stringxml:id (or equivalent in JSON)
.... extension 0..*ExtensionAdditional Content defined by implementations
.... modifierExtension ?!Σ0..*ExtensionExtensions that cannot be ignored
.... meaning Σ1..1codeinstance | related | dependents | authoredby
Binding: ConsentDataMeaning (required): How a resource reference is interpreted when testing consent restrictions

.... reference Σ1..1Reference(eHealth EpisodeOfCare) {r}The actual data reference
... except Σ0..*BackboneElementAdditional rule - addition or removal of permissions
.... id 0..1stringxml:id (or equivalent in JSON)
.... extension 0..*ExtensionAdditional Content defined by implementations
.... modifierExtension ?!Σ0..*ExtensionExtensions that cannot be ignored
.... type Σ1..1codedeny | permit
Binding: ConsentExceptType (required): How an exception statement is applied, such as adding additional consent or removing consent

.... period Σ0..1PeriodTimeframe for this exception
.... actor Σ0..*BackboneElementWho|what controlled by this exception (or group, by role)
..... id 0..1stringxml:id (or equivalent in JSON)
..... extension 0..*ExtensionAdditional Content defined by implementations
..... modifierExtension ?!Σ0..*ExtensionExtensions that cannot be ignored
..... role 1..1CodeableConceptHow the actor is involved
Binding: SecurityRoleType (extensible): How an actor is involved in the consent considerations

..... reference 1..1Reference(eHealth Device | Group | eHealth CareTeam | eHealth Organization | eHealth Patient | eHealth Practitioner | eHealth RelatedPerson) {r}Resource for the actor (or group, by role)
.... action Σ0..*CodeableConceptActions controlled by this exception
Binding: Consent Action Codes (example): Detailed codes for the consent action.


.... securityLabel Σ0..*CodingSecurity Labels that define affected resources
Binding: All Security Labels (extensible): Security Labels from the Healthcare Privacy and Security Classification System.


.... purpose Σ0..*CodingContext of activities covered by this exception
Binding: PurposeOfUse (extensible): What purposes of use are controlled by this exception. If more than one label is specified, operations must have all the specified labels


.... class Σ0..*Codinge.g. Resource Type, Profile, or CDA etc
Binding: Consent Content Class (extensible): The class (type) of information a consent rule covers


.... code Σ0..*Codinge.g. LOINC or SNOMED CT code, etc in the content
Binding: Consent Content Codes (example): If this code is found in an instance, then the exception applies


.... dataPeriod Σ0..1PeriodTimeframe for data controlled by this exception
.... data Σ0..*BackboneElementData controlled by this exception
..... id 0..1stringxml:id (or equivalent in JSON)
..... extension 0..*ExtensionAdditional Content defined by implementations
..... modifierExtension ?!Σ0..*ExtensionExtensions that cannot be ignored
..... meaning Σ1..1codeinstance | related | dependents | authoredby
Binding: ConsentDataMeaning (required): How a resource reference is interpreted when testing consent restrictions

..... reference Σ1..1Reference(Resource) {r}The actual data reference

doco Documentation for this format

 

Terminology Bindings

PathConformanceValueSet
Consent.languageextensibleCommon Languages
Max Binding: All Languages
Consent.statusrequiredConsentState
Consent.categoryrequiredConsentCategory
Consent.category.codingrequiredConsentCategory
Consent.actor.roleextensibleSecurityRoleType
Consent.actionexampleConsent Action Codes
Consent.securityLabelextensibleAll Security Labels
Consent.purposeextensiblePurposeOfUse
Consent.data.meaningrequiredConsentDataMeaning
Consent.except.typerequiredConsentExceptType
Consent.except.actor.roleextensibleSecurityRoleType
Consent.except.actionexampleConsent Action Codes
Consent.except.securityLabelextensibleAll Security Labels
Consent.except.purposeextensiblePurposeOfUse
Consent.except.classextensibleConsent Content Class
Consent.except.codeexampleConsent Content Codes
Consent.except.data.meaningrequiredConsentDataMeaning

Constraints

IdPathDetailsRequirements
dom-2ConsentIf the resource is contained in another resource, it SHALL NOT contain nested Resources
: contained.contained.empty()
dom-1ConsentIf the resource is contained in another resource, it SHALL NOT contain any narrative
: contained.text.empty()
dom-4ConsentIf a resource is contained in another resource, it SHALL NOT have a meta.versionId or a meta.lastUpdated
: contained.meta.versionId.empty() and contained.meta.lastUpdated.empty()
dom-3ConsentIf the resource is contained in another resource, it SHALL be referred to from elsewhere in the resource
: contained.where(('#'+id in %resource.descendants().reference).not()).empty()
ppc-1ConsentEither a Policy or PolicyRule
: policy.exists() or policyRule.exists()
ele-1Consent.actorAll FHIR elements must have a @value or children
: hasValue() | (children().count() > id.count())
ele-1Consent.policyAll FHIR elements must have a @value or children
: hasValue() | (children().count() > id.count())
ele-1Consent.dataAll FHIR elements must have a @value or children
: hasValue() | (children().count() > id.count())
ele-1Consent.exceptAll FHIR elements must have a @value or children
: hasValue() | (children().count() > id.count())
ele-1Consent.except.actorAll FHIR elements must have a @value or children
: hasValue() | (children().count() > id.count())
ele-1Consent.except.dataAll FHIR elements must have a @value or children
: hasValue() | (children().count() > id.count())
.