StructureDefinition: ehealth-consent

Introduction

A Consent resource is a record of a healthcare consumer’s policy choices, which permits or denies identified actors(s) or identified role(s) to perform one or more actions within a given policy context, for specific purpose(s) and period of time.

Scope and Usage

In the eHealth infrastructure a Consent resource is used

as a record of the fact that a Patient has given a Consent and
to enforce data policies that require Consent to be given and recorded for a Patient.

When a Patient gives a consent, this consent must be recorded as a Consent resource. This resource can be created by the Patient herself or by a Practitioner as a result of conversations or correspondence with the Patient.

eHealth operates with two categories of consents:

Category PITEOC: Consent given by a Patient to be enrolled into a telemedical EpisodeOfCare. This Consent is interpretated to also apply to all CarePlan instances related to the consented EpisodeOfCare.
Category SSLPCI: Consent given by a Patient to have his/her contact information (physical address and telecommunication endpoints) being disclosed to a specified actor supplying device(s) and service(s) to the Patient as part of an EpisodeOfCare and related CarePlan(s).

Consents of category PITEOC are expressed by creating a Consent resource with:

Consent.category.coding.system = "http://ehealth.sundhed.dk/cs/consent-category"
Consent.category.coding.code = "PITEOC".

Consents of category SSLPCI are expressed by creating a Consent resource with:

Consent.category.coding.system = "http://ehealth.sundhed.dk/cs/consent-category"
Consent.category.coding.code = "SSLPCI".

Business rules are built into eHealth infrastructure to ensure that data can only be processed or forwarded to other systems and actors when the proper Consent is given.

This means, that:

An EpisodeOfCare can only change status to active if a Consent with category PITEOC has been given.
An SSL Order can only change status to submitted if a Consent with category SSLPCI has been given.

In addition to the Consent.category element, the following elements must be set on a Consent resource for the policy enforcing business logic to take effect:

Consent.patient - the patient who is the subject of this consent (must coincide with the EpisodeOfCare.patient referenced by Consent.data.reference)
Consent.data.reference - the EpisodeOfCare for which this Consent is in force.
Consent.actor - the actor (Organization, CareTeam, Practitioner) whose behaviour is controlled by this consent.
Consent.status - the status of this consent (only active consents are considered to be in force)
Consent.period - the (possibly open-ended) period for which this consent is in force.

For more information see the element descriptions in the snapshot table on this page and also see the example Consent resources on the Examples tab.

Remarks on operations

Update

The update operation on Consent only accepts changes to the patient, category, data.reference, actor, status, and period contents.

Formal Views of Profile Content

The official URL for this profile is:

http://ehealth.sundhed.dk/fhir/StructureDefinition/ehealth-consent

This profile builds on Consent.

This profile was published on Thu Jan 07 13:26:31 UTC 2021 as a draft by ehealth.sundhed.dk.

Description of Profiles, Differentials, Snapshots, and how the XML and JSON presentations work.

Text Summary
Differential Table
Snapshot Table
All

This structure is derived from Consent

Summary

Mandatory: 6 elements

Structures

This structure refers to these other structures:

This structure is derived from Consent

Name	Card.	Type	Description & Constraints
Consent	0..*	Consent	Used to express a Consent regarding Healthcare.
category	1..*	CodeableConcept	Type of the consent statement Binding: Consent Category (required)
coding	0..*	Coding	Code defined by a terminology system Binding: Consent Category (required): Value set of kinds of consents.
patient	1..1	Reference(eHealth Patient) {r }	Who the consent applies to
period	1..1	Period	Period that this consent applies
start	1..1	dateTime	Starting time with inclusive boundary
consentingParty	1..*	Reference(eHealth Organization \| eHealth Patient \| eHealth Practitioner \| eHealth RelatedPerson) {r }	Who is agreeing to the policy and exceptions
actor	1..*	BackboneElement	Who\|what controlled by this consent (or group, by role)
reference	1..1	Reference(eHealth Device \| Group \| eHealth CareTeam \| eHealth Organization \| eHealth Patient \| eHealth Practitioner \| eHealth RelatedPerson) {r }	Resource for the actor (or group, by role)
organization	0..*	Reference(eHealth Organization) {r }	Custodian of the consent
source[x]	0..1		Source from which this consent is taken
sourceAttachment		Attachment
sourceIdentifier		Identifier
sourceReference		Reference(eHealth Consent \| ehealth-documentreference \| Contract \| eHealth QuestionnaireResponse)
data	1..*	BackboneElement	Data controlled by this consent
reference	1..1	Reference(eHealth EpisodeOfCare) {r }	The actual data reference
except
actor
reference	1..1	Reference(eHealth Device \| Group \| eHealth CareTeam \| eHealth Organization \| eHealth Patient \| eHealth Practitioner \| eHealth RelatedPerson) {r }	Resource for the actor (or group, by role)
data
reference	1..1	Reference(Resource) {r }	The actual data reference
Documentation for this format

This structure is derived from Consent

Name	Flags	Card.	Type	Description & Constraints
Consent	I	0..*	Consent	Used to express a Consent regarding Healthcare.
id	Σ	0..1	id	Logical id of this artifact
meta	Σ	0..1	Meta	Metadata about the resource
implicitRules	?!Σ	0..1	uri	A set of rules under which this content was created
language		0..1	code	Language of the resource content Binding: Common Languages (extensible) Max Binding: All Languages: A human language.
text		0..1	Narrative	Text summary of the resource, for human interpretation
contained		0..*	Resource	Contained, inline Resources
extension		0..*	Extension	Additional Content defined by implementations
modifierExtension	?!	0..*	Extension	Extensions that cannot be ignored
identifier	Σ	0..1	Identifier	Identifier for this record (external references) Example General: {"system":"urn:ietf:rfc:3986","value":"Local eCMS identifier"}
status	?!Σ	1..1	code	draft \| proposed \| active \| rejected \| inactive \| entered-in-error Binding: ConsentState (required): Indicates the state of the consent
category	Σ	1..*	CodeableConcept	Type of the consent statement Binding: Consent Category (required)
id		0..1	string	xml:id (or equivalent in JSON)
extension		0..*	Extension	Additional Content defined by implementations Slice: Unordered, Open by value:url
coding	Σ	0..*	Coding	Code defined by a terminology system Binding: Consent Category (required): Value set of kinds of consents.
text	Σ	0..1	string	Plain text representation of the concept
patient	Σ	1..1	Reference(eHealth Patient) {r }	Who the consent applies to
period	Σ	1..1	Period	Period that this consent applies
id		0..1	string	xml:id (or equivalent in JSON)
extension		0..*	Extension	Additional Content defined by implementations Slice: Unordered, Open by value:url
start	ΣI	1..1	dateTime	Starting time with inclusive boundary
end	ΣI	0..1	dateTime	End time with inclusive boundary, if not ongoing
dateTime	Σ	0..1	dateTime	When this Consent was created or indexed
consentingParty	Σ	1..*	Reference(eHealth Organization \| eHealth Patient \| eHealth Practitioner \| eHealth RelatedPerson) {r }	Who is agreeing to the policy and exceptions
actor	Σ	1..*	BackboneElement	Who\|what controlled by this consent (or group, by role)
id		0..1	string	xml:id (or equivalent in JSON)
extension		0..*	Extension	Additional Content defined by implementations
modifierExtension	?!Σ	0..*	Extension	Extensions that cannot be ignored
role		1..1	CodeableConcept	How the actor is involved Binding: SecurityRoleType (extensible): How an actor is involved in the consent considerations
reference		1..1	Reference(eHealth Device \| Group \| eHealth CareTeam \| eHealth Organization \| eHealth Patient \| eHealth Practitioner \| eHealth RelatedPerson) {r }	Resource for the actor (or group, by role)
action	Σ	0..*	CodeableConcept	Actions controlled by this consent Binding: Consent Action Codes (example): Detailed codes for the consent action.
organization	Σ	0..*	Reference(eHealth Organization) {r }	Custodian of the consent
source[x]	Σ	0..1		Source from which this consent is taken
sourceAttachment			Attachment
sourceIdentifier			Identifier
sourceReference			Reference(eHealth Consent \| ehealth-documentreference \| Contract \| eHealth QuestionnaireResponse)
policy		0..*	BackboneElement	Policies covered by this consent
id		0..1	string	xml:id (or equivalent in JSON)
extension		0..*	Extension	Additional Content defined by implementations
modifierExtension	?!Σ	0..*	Extension	Extensions that cannot be ignored
authority	I	0..1	uri	Enforcement source for policy
uri	I	0..1	uri	Specific policy covered by this consent
policyRule	ΣI	0..1	uri	Policy that this consents to
securityLabel	Σ	0..*	Coding	Security Labels that define affected resources Binding: All Security Labels (extensible): Security Labels from the Healthcare Privacy and Security Classification System.
purpose	Σ	0..*	Coding	Context of activities for which the agreement is made Binding: PurposeOfUse (extensible): What purposes of use are controlled by this exception. If more than one label is specified, operations must have all the specified labels
dataPeriod	Σ	0..1	Period	Timeframe for data controlled by this consent
data	Σ	1..*	BackboneElement	Data controlled by this consent
id		0..1	string	xml:id (or equivalent in JSON)
extension		0..*	Extension	Additional Content defined by implementations
modifierExtension	?!Σ	0..*	Extension	Extensions that cannot be ignored
meaning	Σ	1..1	code	instance \| related \| dependents \| authoredby Binding: ConsentDataMeaning (required): How a resource reference is interpreted when testing consent restrictions
reference	Σ	1..1	Reference(eHealth EpisodeOfCare) {r }	The actual data reference
except	Σ	0..*	BackboneElement	Additional rule - addition or removal of permissions
id		0..1	string	xml:id (or equivalent in JSON)
extension		0..*	Extension	Additional Content defined by implementations
modifierExtension	?!Σ	0..*	Extension	Extensions that cannot be ignored
type	Σ	1..1	code	deny \| permit Binding: ConsentExceptType (required): How an exception statement is applied, such as adding additional consent or removing consent
period	Σ	0..1	Period	Timeframe for this exception
actor	Σ	0..*	BackboneElement	Who\|what controlled by this exception (or group, by role)
id		0..1	string	xml:id (or equivalent in JSON)
extension		0..*	Extension	Additional Content defined by implementations
modifierExtension	?!Σ	0..*	Extension	Extensions that cannot be ignored
role		1..1	CodeableConcept	How the actor is involved Binding: SecurityRoleType (extensible): How an actor is involved in the consent considerations
reference		1..1	Reference(eHealth Device \| Group \| eHealth CareTeam \| eHealth Organization \| eHealth Patient \| eHealth Practitioner \| eHealth RelatedPerson) {r }	Resource for the actor (or group, by role)
action	Σ	0..*	CodeableConcept	Actions controlled by this exception Binding: Consent Action Codes (example): Detailed codes for the consent action.
securityLabel	Σ	0..*	Coding	Security Labels that define affected resources Binding: All Security Labels (extensible): Security Labels from the Healthcare Privacy and Security Classification System.
purpose	Σ	0..*	Coding	Context of activities covered by this exception Binding: PurposeOfUse (extensible): What purposes of use are controlled by this exception. If more than one label is specified, operations must have all the specified labels
class	Σ	0..*	Coding	e.g. Resource Type, Profile, or CDA etc Binding: Consent Content Class (extensible): The class (type) of information a consent rule covers
code	Σ	0..*	Coding	e.g. LOINC or SNOMED CT code, etc in the content Binding: Consent Content Codes (example): If this code is found in an instance, then the exception applies
dataPeriod	Σ	0..1	Period	Timeframe for data controlled by this exception
data	Σ	0..*	BackboneElement	Data controlled by this exception
id		0..1	string	xml:id (or equivalent in JSON)
extension		0..*	Extension	Additional Content defined by implementations
modifierExtension	?!Σ	0..*	Extension	Extensions that cannot be ignored
meaning	Σ	1..1	code	instance \| related \| dependents \| authoredby Binding: ConsentDataMeaning (required): How a resource reference is interpreted when testing consent restrictions
reference	Σ	1..1	Reference(Resource) {r }	The actual data reference
Documentation for this format

This structure is derived from Consent

Summary

Mandatory: 6 elements

Structures

This structure refers to these other structures:

Differential View

This structure is derived from Consent

Name	Card.	Type	Description & Constraints
Consent	0..*	Consent	Used to express a Consent regarding Healthcare.
category	1..*	CodeableConcept	Type of the consent statement Binding: Consent Category (required)
coding	0..*	Coding	Code defined by a terminology system Binding: Consent Category (required): Value set of kinds of consents.
patient	1..1	Reference(eHealth Patient) {r }	Who the consent applies to
period	1..1	Period	Period that this consent applies
start	1..1	dateTime	Starting time with inclusive boundary
consentingParty	1..*	Reference(eHealth Organization \| eHealth Patient \| eHealth Practitioner \| eHealth RelatedPerson) {r }	Who is agreeing to the policy and exceptions
actor	1..*	BackboneElement	Who\|what controlled by this consent (or group, by role)
reference	1..1	Reference(eHealth Device \| Group \| eHealth CareTeam \| eHealth Organization \| eHealth Patient \| eHealth Practitioner \| eHealth RelatedPerson) {r }	Resource for the actor (or group, by role)
organization	0..*	Reference(eHealth Organization) {r }	Custodian of the consent
source[x]	0..1		Source from which this consent is taken
sourceAttachment		Attachment
sourceIdentifier		Identifier
sourceReference		Reference(eHealth Consent \| ehealth-documentreference \| Contract \| eHealth QuestionnaireResponse)
data	1..*	BackboneElement	Data controlled by this consent
reference	1..1	Reference(eHealth EpisodeOfCare) {r }	The actual data reference
except
actor
reference	1..1	Reference(eHealth Device \| Group \| eHealth CareTeam \| eHealth Organization \| eHealth Patient \| eHealth Practitioner \| eHealth RelatedPerson) {r }	Resource for the actor (or group, by role)
data
reference	1..1	Reference(Resource) {r }	The actual data reference
Documentation for this format

Snapshot View

Name	Flags	Card.	Type	Description & Constraints
Consent	I	0..*	Consent	Used to express a Consent regarding Healthcare.
id	Σ	0..1	id	Logical id of this artifact
meta	Σ	0..1	Meta	Metadata about the resource
implicitRules	?!Σ	0..1	uri	A set of rules under which this content was created
language		0..1	code	Language of the resource content Binding: Common Languages (extensible) Max Binding: All Languages: A human language.
text		0..1	Narrative	Text summary of the resource, for human interpretation
contained		0..*	Resource	Contained, inline Resources
extension		0..*	Extension	Additional Content defined by implementations
modifierExtension	?!	0..*	Extension	Extensions that cannot be ignored
identifier	Σ	0..1	Identifier	Identifier for this record (external references) Example General: {"system":"urn:ietf:rfc:3986","value":"Local eCMS identifier"}
status	?!Σ	1..1	code	draft \| proposed \| active \| rejected \| inactive \| entered-in-error Binding: ConsentState (required): Indicates the state of the consent
category	Σ	1..*	CodeableConcept	Type of the consent statement Binding: Consent Category (required)
id		0..1	string	xml:id (or equivalent in JSON)
extension		0..*	Extension	Additional Content defined by implementations Slice: Unordered, Open by value:url
coding	Σ	0..*	Coding	Code defined by a terminology system Binding: Consent Category (required): Value set of kinds of consents.
text	Σ	0..1	string	Plain text representation of the concept
patient	Σ	1..1	Reference(eHealth Patient) {r }	Who the consent applies to
period	Σ	1..1	Period	Period that this consent applies
id		0..1	string	xml:id (or equivalent in JSON)
extension		0..*	Extension	Additional Content defined by implementations Slice: Unordered, Open by value:url
start	ΣI	1..1	dateTime	Starting time with inclusive boundary
end	ΣI	0..1	dateTime	End time with inclusive boundary, if not ongoing
dateTime	Σ	0..1	dateTime	When this Consent was created or indexed
consentingParty	Σ	1..*	Reference(eHealth Organization \| eHealth Patient \| eHealth Practitioner \| eHealth RelatedPerson) {r }	Who is agreeing to the policy and exceptions
actor	Σ	1..*	BackboneElement	Who\|what controlled by this consent (or group, by role)
id		0..1	string	xml:id (or equivalent in JSON)
extension		0..*	Extension	Additional Content defined by implementations
modifierExtension	?!Σ	0..*	Extension	Extensions that cannot be ignored
role		1..1	CodeableConcept	How the actor is involved Binding: SecurityRoleType (extensible): How an actor is involved in the consent considerations
reference		1..1	Reference(eHealth Device \| Group \| eHealth CareTeam \| eHealth Organization \| eHealth Patient \| eHealth Practitioner \| eHealth RelatedPerson) {r }	Resource for the actor (or group, by role)
action	Σ	0..*	CodeableConcept	Actions controlled by this consent Binding: Consent Action Codes (example): Detailed codes for the consent action.
organization	Σ	0..*	Reference(eHealth Organization) {r }	Custodian of the consent
source[x]	Σ	0..1		Source from which this consent is taken
sourceAttachment			Attachment
sourceIdentifier			Identifier
sourceReference			Reference(eHealth Consent \| ehealth-documentreference \| Contract \| eHealth QuestionnaireResponse)
policy		0..*	BackboneElement	Policies covered by this consent
id		0..1	string	xml:id (or equivalent in JSON)
extension		0..*	Extension	Additional Content defined by implementations
modifierExtension	?!Σ	0..*	Extension	Extensions that cannot be ignored
authority	I	0..1	uri	Enforcement source for policy
uri	I	0..1	uri	Specific policy covered by this consent
policyRule	ΣI	0..1	uri	Policy that this consents to
securityLabel	Σ	0..*	Coding	Security Labels that define affected resources Binding: All Security Labels (extensible): Security Labels from the Healthcare Privacy and Security Classification System.
purpose	Σ	0..*	Coding	Context of activities for which the agreement is made Binding: PurposeOfUse (extensible): What purposes of use are controlled by this exception. If more than one label is specified, operations must have all the specified labels
dataPeriod	Σ	0..1	Period	Timeframe for data controlled by this consent
data	Σ	1..*	BackboneElement	Data controlled by this consent
id		0..1	string	xml:id (or equivalent in JSON)
extension		0..*	Extension	Additional Content defined by implementations
modifierExtension	?!Σ	0..*	Extension	Extensions that cannot be ignored
meaning	Σ	1..1	code	instance \| related \| dependents \| authoredby Binding: ConsentDataMeaning (required): How a resource reference is interpreted when testing consent restrictions
reference	Σ	1..1	Reference(eHealth EpisodeOfCare) {r }	The actual data reference
except	Σ	0..*	BackboneElement	Additional rule - addition or removal of permissions
id		0..1	string	xml:id (or equivalent in JSON)
extension		0..*	Extension	Additional Content defined by implementations
modifierExtension	?!Σ	0..*	Extension	Extensions that cannot be ignored
type	Σ	1..1	code	deny \| permit Binding: ConsentExceptType (required): How an exception statement is applied, such as adding additional consent or removing consent
period	Σ	0..1	Period	Timeframe for this exception
actor	Σ	0..*	BackboneElement	Who\|what controlled by this exception (or group, by role)
id		0..1	string	xml:id (or equivalent in JSON)
extension		0..*	Extension	Additional Content defined by implementations
modifierExtension	?!Σ	0..*	Extension	Extensions that cannot be ignored
role		1..1	CodeableConcept	How the actor is involved Binding: SecurityRoleType (extensible): How an actor is involved in the consent considerations
reference		1..1	Reference(eHealth Device \| Group \| eHealth CareTeam \| eHealth Organization \| eHealth Patient \| eHealth Practitioner \| eHealth RelatedPerson) {r }	Resource for the actor (or group, by role)
action	Σ	0..*	CodeableConcept	Actions controlled by this exception Binding: Consent Action Codes (example): Detailed codes for the consent action.
securityLabel	Σ	0..*	Coding	Security Labels that define affected resources Binding: All Security Labels (extensible): Security Labels from the Healthcare Privacy and Security Classification System.
purpose	Σ	0..*	Coding	Context of activities covered by this exception Binding: PurposeOfUse (extensible): What purposes of use are controlled by this exception. If more than one label is specified, operations must have all the specified labels
class	Σ	0..*	Coding	e.g. Resource Type, Profile, or CDA etc Binding: Consent Content Class (extensible): The class (type) of information a consent rule covers
code	Σ	0..*	Coding	e.g. LOINC or SNOMED CT code, etc in the content Binding: Consent Content Codes (example): If this code is found in an instance, then the exception applies
dataPeriod	Σ	0..1	Period	Timeframe for data controlled by this exception
data	Σ	0..*	BackboneElement	Data controlled by this exception
id		0..1	string	xml:id (or equivalent in JSON)
extension		0..*	Extension	Additional Content defined by implementations
modifierExtension	?!Σ	0..*	Extension	Extensions that cannot be ignored
meaning	Σ	1..1	code	instance \| related \| dependents \| authoredby Binding: ConsentDataMeaning (required): How a resource reference is interpreted when testing consent restrictions
reference	Σ	1..1	Reference(Resource) {r }	The actual data reference
Documentation for this format

Terminology Bindings

Path	Conformance	ValueSet
Consent.language	extensible	Common Languages Max Binding: All Languages
Consent.status	required	ConsentState
Consent.category	required	ConsentCategory
Consent.category.coding	required	ConsentCategory
Consent.actor.role	extensible	SecurityRoleType
Consent.action	example	Consent Action Codes
Consent.securityLabel	extensible	All Security Labels
Consent.purpose	extensible	PurposeOfUse
Consent.data.meaning	required	ConsentDataMeaning
Consent.except.type	required	ConsentExceptType
Consent.except.actor.role	extensible	SecurityRoleType
Consent.except.action	example	Consent Action Codes
Consent.except.securityLabel	extensible	All Security Labels
Consent.except.purpose	extensible	PurposeOfUse
Consent.except.class	extensible	Consent Content Class
Consent.except.code	example	Consent Content Codes
Consent.except.data.meaning	required	ConsentDataMeaning

Constraints

Id	Path	Details	Requirements
dom-2	Consent	If the resource is contained in another resource, it SHALL NOT contain nested Resources : contained.contained.empty()
dom-1	Consent	If the resource is contained in another resource, it SHALL NOT contain any narrative : contained.text.empty()
dom-4	Consent	If a resource is contained in another resource, it SHALL NOT have a meta.versionId or a meta.lastUpdated : contained.meta.versionId.empty() and contained.meta.lastUpdated.empty()
dom-3	Consent	If the resource is contained in another resource, it SHALL be referred to from elsewhere in the resource : contained.where(('#'+id in %resource.descendants().reference).not()).empty()
ppc-1	Consent	Either a Policy or PolicyRule : policy.exists() or policyRule.exists()
ele-1	Consent.actor	All FHIR elements must have a @value or children : hasValue() \| (children().count() > id.count())
ele-1	Consent.policy	All FHIR elements must have a @value or children : hasValue() \| (children().count() > id.count())
ele-1	Consent.data	All FHIR elements must have a @value or children : hasValue() \| (children().count() > id.count())
ele-1	Consent.except	All FHIR elements must have a @value or children : hasValue() \| (children().count() > id.count())
ele-1	Consent.except.actor	All FHIR elements must have a @value or children : hasValue() \| (children().count() > id.count())
ele-1	Consent.except.data	All FHIR elements must have a @value or children : hasValue() \| (children().count() > id.count())

StructureDefinition: ehealth-consent

Introduction

Scope and Usage

Registration of Consent

Enforcement of Consent

Remarks on operations

Update

Formal Views of Profile Content

Terminology Bindings

Constraints