eHealth Infrastructure
3.2.0 - release

This page is part of the FUT Infrastructure (v3.2.0: Release) based on FHIR (HL7® FHIR® Standard) R4. This is the current published version in its permanent home (it will always be available at this URL). For a full list of available versions, see the Directory of published versions

Resource Profile: ehealth-consent

Official URL: http://ehealth.sundhed.dk/fhir/StructureDefinition/ehealth-consent Version: 3.2.0
Active as of 2024-09-02 Computable Name: ehealth-consent

Introduction

A Consent resource is a record of a healthcare consumer’s policy choices, which permits or denies identified actors(s) or identified role(s) to perform one or more actions within a given policy context, for specific purpose(s) and period of time.

Scope and Usage

In the eHealth infrastructure a Consent resource is used

  1. as a record of the fact that a Patient has given a Consent and
  2. to enforce data policies that require Consent to be given and recorded for a Patient.

When a Patient gives a consent, this consent must be recorded as a Consent resource. This resource can be created by the Patient herself or by a Practitioner as a result of conversations or correspondence with the Patient.

eHealth operates with two categories of consents:

  1. Category PITEOC: Consent given by a Patient to be enrolled into a telemedical EpisodeOfCare. This Consent is interpretated to also apply to all CarePlan instances related to the consented EpisodeOfCare.

  2. Category SSLPCI: Consent given by a Patient to have his/her contact information (physical address and telecommunication endpoints) being disclosed to a specified actor supplying device(s) and service(s) to the Patient as part of an EpisodeOfCare and related CarePlan(s).

Consents of category PITEOC are expressed by creating a Consent resource with:

  • Consent.category.coding.system = "http://ehealth.sundhed.dk/cs/consent-category"
  • Consent.category.coding.code = "PITEOC".

Consents of category SSLPCI are expressed by creating a Consent resource with:

  • Consent.category.coding.system = "http://ehealth.sundhed.dk/cs/consent-category"
  • Consent.category.coding.code = "SSLPCI".

Business rules are built into eHealth infrastructure to ensure that data can only be processed or forwarded to other systems and actors when the proper Consent is given.

This means, that:

  1. An EpisodeOfCare can only change status to active if a Consent with category PITEOC has been given.
  2. An SSL Order can only change status to submitted if a Consent with category SSLPCI has been given.

In addition to the Consent.category element, the following elements must be set on a Consent resource for the policy enforcing business logic to take effect:

  • Consent.patient - the patient who is the subject of this consent (must coincide with the EpisodeOfCare.patient referenced by Consent.data.reference)
  • Consent.data.reference - the EpisodeOfCare for which this Consent is in force.
  • Consent.actor - the actor (Organization, CareTeam, Practitioner) whose behaviour is controlled by this consent.
  • Consent.status - the status of this consent (only active consents are considered to be in force)
  • Consent.period - the (possibly open-ended) period for which this consent is in force.

For more information see the element descriptions in the snapshot table on this page and also see the example Consent resources on the Examples tab.

Remarks on operations

Update

The update operation on Consent only accepts changes to the patient, category, data.reference, actor, status, and period contents.

Usage:

Formal Views of Profile Content

Description of Profiles, Differentials, Snapshots and how the different presentations work.

This structure is derived from Consent

NameFlagsCard.TypeDescription & Constraintsdoco
.. Consent 0..* Consent A healthcare consumer's choices to permit or deny recipients or roles to perform actions for specific purposes and periods of time
... category 1..* CodeableConcept Classification of the consent statement - for indexing/retrieval
Binding: Consent Category (required)
... patient 1..1 Reference(ehealth-patient) {r} Who the consent applies to
... organization 0..* Reference(ehealth-organization) {r} Custodian of the consent
.... source[x]:sourceReference 0..1 Reference(ehealth-consent | ehealth-documentreference | Contract | ehealth-questionnaireresponse) Source from which this consent is taken

doco Documentation for this format

Terminology Bindings (Differential)

PathConformanceValueSetURI
Consent.categoryrequiredConsentCategory (a valid code from Consent Category)
http://ehealth.sundhed.dk/vs/consent-category
from this IG
NameFlagsCard.TypeDescription & Constraintsdoco
.. Consent C 0..* Consent A healthcare consumer's choices to permit or deny recipients or roles to perform actions for specific purposes and periods of time
ppc-1: Either a Policy or PolicyRule
ppc-2: IF Scope=privacy, there must be a patient
ppc-3: IF Scope=research, there must be a patient
ppc-4: IF Scope=adr, there must be a patient
ppc-5: IF Scope=treatment, there must be a patient
... implicitRules ?!Σ 0..1 uri A set of rules under which this content was created
... modifierExtension ?! 0..* Extension Extensions that cannot be ignored
... status ?!Σ 1..1 code draft | proposed | active | rejected | inactive | entered-in-error
Binding: ConsentState (required): Indicates the state of the consent.

... category Σ 1..* CodeableConcept Classification of the consent statement - for indexing/retrieval
Binding: Consent Category (required)
... patient Σ 1..1 Reference(ehealth-patient) {r} Who the consent applies to
... organization Σ 0..* Reference(ehealth-organization) {r} Custodian of the consent
... Slices for source[x] Σ 0..1 Source from which this consent is taken
Slice: Unordered, Open by type:$this
.... sourceAttachment Attachment
.... sourceReference Reference(Consent | DocumentReference | Contract | QuestionnaireResponse)
.... source[x]:sourceReference Σ 0..1 Reference(ehealth-consent | ehealth-documentreference | Contract | ehealth-questionnaireresponse) Source from which this consent is taken

doco Documentation for this format

Terminology Bindings

PathConformanceValueSetURI
Consent.statusrequiredConsentState
http://hl7.org/fhir/ValueSet/consent-state-codes|4.0.1
from the FHIR Standard
Consent.scopeextensibleConsentScopeCodes
http://hl7.org/fhir/ValueSet/consent-scope
from the FHIR Standard
Consent.categoryrequiredConsentCategory (a valid code from Consent Category)
http://ehealth.sundhed.dk/vs/consent-category
from this IG
NameFlagsCard.TypeDescription & Constraintsdoco
.. Consent C 0..* Consent A healthcare consumer's choices to permit or deny recipients or roles to perform actions for specific purposes and periods of time
ppc-1: Either a Policy or PolicyRule
ppc-2: IF Scope=privacy, there must be a patient
ppc-3: IF Scope=research, there must be a patient
ppc-4: IF Scope=adr, there must be a patient
ppc-5: IF Scope=treatment, there must be a patient
... id Σ 0..1 id Logical id of this artifact
... meta Σ 0..1 Meta Metadata about the resource
... implicitRules ?!Σ 0..1 uri A set of rules under which this content was created
... text 0..1 Narrative Text summary of the resource, for human interpretation
... contained 0..* Resource Contained, inline Resources
... extension 0..* Extension Additional content defined by implementations
... modifierExtension ?! 0..* Extension Extensions that cannot be ignored
... identifier Σ 0..* Identifier Identifier for this record (external references)

Example General: {"system":"http://acme.org/identifier/local/eCMS","value":"Local eCMS identifier"}
... status ?!Σ 1..1 code draft | proposed | active | rejected | inactive | entered-in-error
Binding: ConsentState (required): Indicates the state of the consent.

... scope ?!Σ 1..1 CodeableConcept Which of the four areas this resource covers (extensible)
Binding: ConsentScopeCodes (extensible): The four anticipated uses for the Consent Resource.

... category Σ 1..* CodeableConcept Classification of the consent statement - for indexing/retrieval
Binding: Consent Category (required)
... patient Σ 1..1 Reference(ehealth-patient) {r} Who the consent applies to
... dateTime Σ 0..1 dateTime When this Consent was created or indexed
... performer Σ 0..* Reference(Organization | Patient | Practitioner | RelatedPerson | PractitionerRole) Who is agreeing to the policy and rules
... organization Σ 0..* Reference(ehealth-organization) {r} Custodian of the consent
... Slices for source[x] Σ 0..1 Source from which this consent is taken
Slice: Unordered, Open by type:$this
.... sourceAttachment Attachment
.... sourceReference Reference(Consent | DocumentReference | Contract | QuestionnaireResponse)
.... source[x]:sourceReference Σ 0..1 Reference(ehealth-consent | ehealth-documentreference | Contract | ehealth-questionnaireresponse) Source from which this consent is taken
... policy 0..* BackboneElement Policies covered by this consent
.... id 0..1 string Unique id for inter-element referencing
.... extension 0..* Extension Additional content defined by implementations
.... modifierExtension ?!Σ 0..* Extension Extensions that cannot be ignored even if unrecognized
.... authority C 0..1 uri Enforcement source for policy
.... uri C 0..1 uri Specific policy covered by this consent
... policyRule ΣC 0..1 CodeableConcept Regulation that this consents to
Binding: ConsentPolicyRuleCodes (extensible): Regulatory policy examples.

... verification Σ 0..* BackboneElement Consent Verified by patient or family
.... id 0..1 string Unique id for inter-element referencing
.... extension 0..* Extension Additional content defined by implementations
.... modifierExtension ?!Σ 0..* Extension Extensions that cannot be ignored even if unrecognized
.... verified Σ 1..1 boolean Has been verified
.... verifiedWith 0..1 Reference(Patient | RelatedPerson) Person who verified
.... verificationDate 0..1 dateTime When consent verified
... provision Σ 0..1 BackboneElement Constraints to the base Consent.policyRule
.... id 0..1 string Unique id for inter-element referencing
.... extension 0..* Extension Additional content defined by implementations
.... modifierExtension ?!Σ 0..* Extension Extensions that cannot be ignored even if unrecognized
.... type Σ 0..1 code deny | permit
Binding: ConsentProvisionType (required): How a rule statement is applied, such as adding additional consent or removing consent.

.... period Σ 0..1 Period Timeframe for this rule
.... actor 0..* BackboneElement Who|what controlled by this rule (or group, by role)
..... id 0..1 string Unique id for inter-element referencing
..... extension 0..* Extension Additional content defined by implementations
..... modifierExtension ?!Σ 0..* Extension Extensions that cannot be ignored even if unrecognized
..... role 1..1 CodeableConcept How the actor is involved
Binding: SecurityRoleType (extensible): How an actor is involved in the consent considerations.

..... reference 1..1 Reference(Device | Group | CareTeam | Organization | Patient | Practitioner | RelatedPerson | PractitionerRole) Resource for the actor (or group, by role)
.... action Σ 0..* CodeableConcept Actions controlled by this rule
Binding: ConsentActionCodes (example): Detailed codes for the consent action.


.... securityLabel Σ 0..* Coding Security Labels that define affected resources
Binding: All Security Labels (extensible): Security Labels from the Healthcare Privacy and Security Classification System.


.... purpose Σ 0..* Coding Context of activities covered by this rule
Binding: PurposeOfUse (extensible): What purposes of use are controlled by this exception. If more than one label is specified, operations must have all the specified labels.


.... class Σ 0..* Coding e.g. Resource Type, Profile, CDA, etc.
Binding: ConsentContentClass (extensible): The class (type) of information a consent rule covers.


.... code Σ 0..* CodeableConcept e.g. LOINC or SNOMED CT code, etc. in the content
Binding: ConsentContentCodes (example): If this code is found in an instance, then the exception applies.


.... dataPeriod Σ 0..1 Period Timeframe for data controlled by this rule
.... data Σ 0..* BackboneElement Data controlled by this rule
..... id 0..1 string Unique id for inter-element referencing
..... extension 0..* Extension Additional content defined by implementations
..... modifierExtension ?!Σ 0..* Extension Extensions that cannot be ignored even if unrecognized
..... meaning Σ 1..1 code instance | related | dependents | authoredby
Binding: ConsentDataMeaning (required): How a resource reference is interpreted when testing consent restrictions.

..... reference Σ 1..1 Reference(Resource) The actual data reference
.... provision 0..* See provision (Consent) Nested Exception Rules

doco Documentation for this format

Terminology Bindings

PathConformanceValueSetURI
Consent.languagepreferredCommonLanguages
Additional Bindings Purpose
AllLanguages Max Binding
http://hl7.org/fhir/ValueSet/languages
from the FHIR Standard
Consent.statusrequiredConsentState
http://hl7.org/fhir/ValueSet/consent-state-codes|4.0.1
from the FHIR Standard
Consent.scopeextensibleConsentScopeCodes
http://hl7.org/fhir/ValueSet/consent-scope
from the FHIR Standard
Consent.categoryrequiredConsentCategory (a valid code from Consent Category)
http://ehealth.sundhed.dk/vs/consent-category
from this IG
Consent.policyRuleextensibleConsentPolicyRuleCodes
http://hl7.org/fhir/ValueSet/consent-policy
from the FHIR Standard
Consent.provision.typerequiredConsentProvisionType
http://hl7.org/fhir/ValueSet/consent-provision-type|4.0.1
from the FHIR Standard
Consent.provision.actor.roleextensibleSecurityRoleType
http://hl7.org/fhir/ValueSet/security-role-type
from the FHIR Standard
Consent.provision.actionexampleConsentActionCodes
http://hl7.org/fhir/ValueSet/consent-action
from the FHIR Standard
Consent.provision.securityLabelextensibleAll Security Labels
http://hl7.org/fhir/ValueSet/security-labels
from the FHIR Standard
Consent.provision.purposeextensiblePurposeOfUse
http://terminology.hl7.org/ValueSet/v3-PurposeOfUse
Consent.provision.classextensibleConsentContentClass
http://hl7.org/fhir/ValueSet/consent-content-class
from the FHIR Standard
Consent.provision.codeexampleConsentContentCodes (a valid code from LOINC)
http://hl7.org/fhir/ValueSet/consent-content-code
from the FHIR Standard
Consent.provision.data.meaningrequiredConsentDataMeaning
http://hl7.org/fhir/ValueSet/consent-data-meaning|4.0.1
from the FHIR Standard

Differential View

This structure is derived from Consent

NameFlagsCard.TypeDescription & Constraintsdoco
.. Consent 0..* Consent A healthcare consumer's choices to permit or deny recipients or roles to perform actions for specific purposes and periods of time
... category 1..* CodeableConcept Classification of the consent statement - for indexing/retrieval
Binding: Consent Category (required)
... patient 1..1 Reference(ehealth-patient) {r} Who the consent applies to
... organization 0..* Reference(ehealth-organization) {r} Custodian of the consent
.... source[x]:sourceReference 0..1 Reference(ehealth-consent | ehealth-documentreference | Contract | ehealth-questionnaireresponse) Source from which this consent is taken

doco Documentation for this format

Terminology Bindings (Differential)

PathConformanceValueSetURI
Consent.categoryrequiredConsentCategory (a valid code from Consent Category)
http://ehealth.sundhed.dk/vs/consent-category
from this IG

Key Elements View

NameFlagsCard.TypeDescription & Constraintsdoco
.. Consent C 0..* Consent A healthcare consumer's choices to permit or deny recipients or roles to perform actions for specific purposes and periods of time
ppc-1: Either a Policy or PolicyRule
ppc-2: IF Scope=privacy, there must be a patient
ppc-3: IF Scope=research, there must be a patient
ppc-4: IF Scope=adr, there must be a patient
ppc-5: IF Scope=treatment, there must be a patient
... implicitRules ?!Σ 0..1 uri A set of rules under which this content was created
... modifierExtension ?! 0..* Extension Extensions that cannot be ignored
... status ?!Σ 1..1 code draft | proposed | active | rejected | inactive | entered-in-error
Binding: ConsentState (required): Indicates the state of the consent.

... category Σ 1..* CodeableConcept Classification of the consent statement - for indexing/retrieval
Binding: Consent Category (required)
... patient Σ 1..1 Reference(ehealth-patient) {r} Who the consent applies to
... organization Σ 0..* Reference(ehealth-organization) {r} Custodian of the consent
... Slices for source[x] Σ 0..1 Source from which this consent is taken
Slice: Unordered, Open by type:$this
.... sourceAttachment Attachment
.... sourceReference Reference(Consent | DocumentReference | Contract | QuestionnaireResponse)
.... source[x]:sourceReference Σ 0..1 Reference(ehealth-consent | ehealth-documentreference | Contract | ehealth-questionnaireresponse) Source from which this consent is taken

doco Documentation for this format

Terminology Bindings

PathConformanceValueSetURI
Consent.statusrequiredConsentState
http://hl7.org/fhir/ValueSet/consent-state-codes|4.0.1
from the FHIR Standard
Consent.scopeextensibleConsentScopeCodes
http://hl7.org/fhir/ValueSet/consent-scope
from the FHIR Standard
Consent.categoryrequiredConsentCategory (a valid code from Consent Category)
http://ehealth.sundhed.dk/vs/consent-category
from this IG

Snapshot View

NameFlagsCard.TypeDescription & Constraintsdoco
.. Consent C 0..* Consent A healthcare consumer's choices to permit or deny recipients or roles to perform actions for specific purposes and periods of time
ppc-1: Either a Policy or PolicyRule
ppc-2: IF Scope=privacy, there must be a patient
ppc-3: IF Scope=research, there must be a patient
ppc-4: IF Scope=adr, there must be a patient
ppc-5: IF Scope=treatment, there must be a patient
... id Σ 0..1 id Logical id of this artifact
... meta Σ 0..1 Meta Metadata about the resource
... implicitRules ?!Σ 0..1 uri A set of rules under which this content was created
... text 0..1 Narrative Text summary of the resource, for human interpretation
... contained 0..* Resource Contained, inline Resources
... extension 0..* Extension Additional content defined by implementations
... modifierExtension ?! 0..* Extension Extensions that cannot be ignored
... identifier Σ 0..* Identifier Identifier for this record (external references)

Example General: {"system":"http://acme.org/identifier/local/eCMS","value":"Local eCMS identifier"}
... status ?!Σ 1..1 code draft | proposed | active | rejected | inactive | entered-in-error
Binding: ConsentState (required): Indicates the state of the consent.

... scope ?!Σ 1..1 CodeableConcept Which of the four areas this resource covers (extensible)
Binding: ConsentScopeCodes (extensible): The four anticipated uses for the Consent Resource.

... category Σ 1..* CodeableConcept Classification of the consent statement - for indexing/retrieval
Binding: Consent Category (required)
... patient Σ 1..1 Reference(ehealth-patient) {r} Who the consent applies to
... dateTime Σ 0..1 dateTime When this Consent was created or indexed
... performer Σ 0..* Reference(Organization | Patient | Practitioner | RelatedPerson | PractitionerRole) Who is agreeing to the policy and rules
... organization Σ 0..* Reference(ehealth-organization) {r} Custodian of the consent
... Slices for source[x] Σ 0..1 Source from which this consent is taken
Slice: Unordered, Open by type:$this
.... sourceAttachment Attachment
.... sourceReference Reference(Consent | DocumentReference | Contract | QuestionnaireResponse)
.... source[x]:sourceReference Σ 0..1 Reference(ehealth-consent | ehealth-documentreference | Contract | ehealth-questionnaireresponse) Source from which this consent is taken
... policy 0..* BackboneElement Policies covered by this consent
.... id 0..1 string Unique id for inter-element referencing
.... extension 0..* Extension Additional content defined by implementations
.... modifierExtension ?!Σ 0..* Extension Extensions that cannot be ignored even if unrecognized
.... authority C 0..1 uri Enforcement source for policy
.... uri C 0..1 uri Specific policy covered by this consent
... policyRule ΣC 0..1 CodeableConcept Regulation that this consents to
Binding: ConsentPolicyRuleCodes (extensible): Regulatory policy examples.

... verification Σ 0..* BackboneElement Consent Verified by patient or family
.... id 0..1 string Unique id for inter-element referencing
.... extension 0..* Extension Additional content defined by implementations
.... modifierExtension ?!Σ 0..* Extension Extensions that cannot be ignored even if unrecognized
.... verified Σ 1..1 boolean Has been verified
.... verifiedWith 0..1 Reference(Patient | RelatedPerson) Person who verified
.... verificationDate 0..1 dateTime When consent verified
... provision Σ 0..1 BackboneElement Constraints to the base Consent.policyRule
.... id 0..1 string Unique id for inter-element referencing
.... extension 0..* Extension Additional content defined by implementations
.... modifierExtension ?!Σ 0..* Extension Extensions that cannot be ignored even if unrecognized
.... type Σ 0..1 code deny | permit
Binding: ConsentProvisionType (required): How a rule statement is applied, such as adding additional consent or removing consent.

.... period Σ 0..1 Period Timeframe for this rule
.... actor 0..* BackboneElement Who|what controlled by this rule (or group, by role)
..... id 0..1 string Unique id for inter-element referencing
..... extension 0..* Extension Additional content defined by implementations
..... modifierExtension ?!Σ 0..* Extension Extensions that cannot be ignored even if unrecognized
..... role 1..1 CodeableConcept How the actor is involved
Binding: SecurityRoleType (extensible): How an actor is involved in the consent considerations.

..... reference 1..1 Reference(Device | Group | CareTeam | Organization | Patient | Practitioner | RelatedPerson | PractitionerRole) Resource for the actor (or group, by role)
.... action Σ 0..* CodeableConcept Actions controlled by this rule
Binding: ConsentActionCodes (example): Detailed codes for the consent action.


.... securityLabel Σ 0..* Coding Security Labels that define affected resources
Binding: All Security Labels (extensible): Security Labels from the Healthcare Privacy and Security Classification System.


.... purpose Σ 0..* Coding Context of activities covered by this rule
Binding: PurposeOfUse (extensible): What purposes of use are controlled by this exception. If more than one label is specified, operations must have all the specified labels.


.... class Σ 0..* Coding e.g. Resource Type, Profile, CDA, etc.
Binding: ConsentContentClass (extensible): The class (type) of information a consent rule covers.


.... code Σ 0..* CodeableConcept e.g. LOINC or SNOMED CT code, etc. in the content
Binding: ConsentContentCodes (example): If this code is found in an instance, then the exception applies.


.... dataPeriod Σ 0..1 Period Timeframe for data controlled by this rule
.... data Σ 0..* BackboneElement Data controlled by this rule
..... id 0..1 string Unique id for inter-element referencing
..... extension 0..* Extension Additional content defined by implementations
..... modifierExtension ?!Σ 0..* Extension Extensions that cannot be ignored even if unrecognized
..... meaning Σ 1..1 code instance | related | dependents | authoredby
Binding: ConsentDataMeaning (required): How a resource reference is interpreted when testing consent restrictions.

..... reference Σ 1..1 Reference(Resource) The actual data reference
.... provision 0..* See provision (Consent) Nested Exception Rules

doco Documentation for this format

Terminology Bindings

PathConformanceValueSetURI
Consent.languagepreferredCommonLanguages
Additional Bindings Purpose
AllLanguages Max Binding
http://hl7.org/fhir/ValueSet/languages
from the FHIR Standard
Consent.statusrequiredConsentState
http://hl7.org/fhir/ValueSet/consent-state-codes|4.0.1
from the FHIR Standard
Consent.scopeextensibleConsentScopeCodes
http://hl7.org/fhir/ValueSet/consent-scope
from the FHIR Standard
Consent.categoryrequiredConsentCategory (a valid code from Consent Category)
http://ehealth.sundhed.dk/vs/consent-category
from this IG
Consent.policyRuleextensibleConsentPolicyRuleCodes
http://hl7.org/fhir/ValueSet/consent-policy
from the FHIR Standard
Consent.provision.typerequiredConsentProvisionType
http://hl7.org/fhir/ValueSet/consent-provision-type|4.0.1
from the FHIR Standard
Consent.provision.actor.roleextensibleSecurityRoleType
http://hl7.org/fhir/ValueSet/security-role-type
from the FHIR Standard
Consent.provision.actionexampleConsentActionCodes
http://hl7.org/fhir/ValueSet/consent-action
from the FHIR Standard
Consent.provision.securityLabelextensibleAll Security Labels
http://hl7.org/fhir/ValueSet/security-labels
from the FHIR Standard
Consent.provision.purposeextensiblePurposeOfUse
http://terminology.hl7.org/ValueSet/v3-PurposeOfUse
Consent.provision.classextensibleConsentContentClass
http://hl7.org/fhir/ValueSet/consent-content-class
from the FHIR Standard
Consent.provision.codeexampleConsentContentCodes (a valid code from LOINC)
http://hl7.org/fhir/ValueSet/consent-content-code
from the FHIR Standard
Consent.provision.data.meaningrequiredConsentDataMeaning
http://hl7.org/fhir/ValueSet/consent-data-meaning|4.0.1
from the FHIR Standard

 

Other representations of profile: CSV, Excel, Schematron