NZ Shared Digital Health Record API
0.5.0 - ballot
NZ Shared Digital Health Record API
0.5.0 - ballot
NZ Shared Digital Health Record API - Local Development build (v0.5.0) built by the FHIR (HL7® FHIR® Standard) Build Tools. See the Directory of published versions
| Official URL: https://fhir-ig.digital.health.nz/sdhr/StructureDefinition/SDHRConsent | Version: 0.5.0 | |||
| Draft as of 2025-06-10 | Computable Name: SDHRConsent | |||
Consent resource created to reflect a patient has agreed to share their information with authorised health workers, originating from a practice management system For more detail on how this resource is used, see the consent based access control page.
Usages:
Description of Profiles, Differentials, Snapshots and how the different presentations work.
| Name | Flags | Card. | Type | Description & Constraints Filter:   |
|---|---|---|---|---|
  Consent |
C | 0..* | Consent | A healthcare consumer's choices to permit or deny recipients or roles to perform actions for specific purposes and periods of time Constraints: ppc-1, ppc-2, ppc-3, ppc-4, ppc-5 |
  implicitRules |
?!Σ | 0..1 | uri | A set of rules under which this content was created |
 modifierExtension |
?! | 0..* | Extension | Extensions that cannot be ignored |
| status |
?!Σ | 1..1 | code | The state of the Consent. This must be active to release data from the server Binding: ConsentState (required): Indicates the state of the consent. |
  scope |
?!Σ | 1..1 | CodeableConcept | Which of the four areas this resource covers (extensible) Binding: ConsentScopeCodes (extensible): The four anticipated uses for the Consent Resource. Required Pattern: At least the following |
   coding |
1..* | Coding | Code defined by a terminology system Fixed Value: (complex) | |
 system |
1..1 | uri | Identity of the terminology system Fixed Value: http://terminology.hl7.org/CodeSystem/consentscope | |
 code |
1..1 | code | Symbol in syntax defined by the system Fixed Value: patient-privacy | |
| category |
Σ | 1..1 | CodeableConcept | The category of the consent, which is a code that indicates the type of consent Binding: ConsentCategoryCodes (extensible): A classification of the type of consents found in a consent statement. Fixed Value: 887031000000108 |
 patient |
Σ | 1..1 | Reference(Patient) | Who the consent applies to |
| reference |
ΣC | 1..1 | string | Must be an absolute URL reference to the patient on the NHI system. See constraints for details. Constraints: nhi-url-format |
| type |
Σ | 1..1 | uri | Type the reference refers to (e.g. "Patient") Binding: ResourceType (extensible): Aa resource (or, for logical models, the URI of the logical model). Required Pattern: Patient |
| policy |
1..* | BackboneElement | Policies covered by this consent | |
| modifierExtension |
?!Σ | 0..* | Extension | Extensions that cannot be ignored even if unrecognized |
| provision |
Σ | 1..1 | BackboneElement | The provision of the consent, which may be a permit or deny |
| modifierExtension |
?!Σ | 0..* | Extension | Extensions that cannot be ignored even if unrecognized |
| type |
Σ | 1..1 | code | The type of consent, either permit or deny Binding: ConsentProvisionType (required): How a rule statement is applied, such as adding additional consent or removing consent. |
| action |
Σ | 1..* | CodeableConcept | The action that is being permitted or denied Binding: ConsentActionCodes (example): Detailed codes for the consent action. |
| Documentation for this format | ||||
| Path | Conformance | ValueSet / Code | URI |
| Consent.status | required | ConsentStatehttp://hl7.org/fhir/ValueSet/consent-state-codes|4.0.1From the FHIR Standard | |
| Consent.scope | extensible | Pattern Value: patient-privacyhttp://hl7.org/fhir/ValueSet/consent-scopeFrom the FHIR Standard | |
| Consent.category | extensible | Fixed Value: 887031000000108http://hl7.org/fhir/ValueSet/consent-categoryFrom the FHIR Standard | |
| Consent.patient.type | extensible | Pattern Value: Patienthttp://hl7.org/fhir/ValueSet/resource-typesFrom the FHIR Standard | |
| Consent.provision.type | required | ConsentProvisionTypehttp://hl7.org/fhir/ValueSet/consent-provision-type|4.0.1From the FHIR Standard | |
| Consent.provision.action | example | ConsentActionCodeshttp://hl7.org/fhir/ValueSet/consent-actionFrom the FHIR Standard |
| Id | Grade | Path(s) | Details | Requirements |
| dom-2 | error | Consent | If the resource is contained in another resource, it SHALL NOT contain nested Resources : contained.contained.empty() | |
| dom-3 | error | Consent | If the resource is contained in another resource, it SHALL be referred to from elsewhere in the resource or SHALL refer to the containing resource : contained.where((('#'+id in (%resource.descendants().reference | %resource.descendants().as(canonical) | %resource.descendants().as(uri) | %resource.descendants().as(url))) or descendants().where(reference = '#').exists() or descendants().where(as(canonical) = '#').exists() or descendants().where(as(canonical) = '#').exists()).not()).trace('unmatched', id).empty() | |
| dom-4 | error | Consent | If a resource is contained in another resource, it SHALL NOT have a meta.versionId or a meta.lastUpdated : contained.meta.versionId.empty() and contained.meta.lastUpdated.empty() | |
| dom-5 | error | Consent | If a resource is contained in another resource, it SHALL NOT have a security label : contained.meta.security.empty() | |
| dom-6 | best practice | Consent | A resource should have narrative for robust management : text.`div`.exists() | |
| ele-1 | error | **ALL** elements | All FHIR elements must have a @value or children : hasValue() or (children().count() > id.count()) | |
| ext-1 | error | **ALL** extensions | Must have either extensions or value[x], not both : extension.exists() != value.exists() | |
| nhi-url-format | error | Consent.patient.reference | Reference must be an NHI Patient URL with format https://api.hip.digital.health.nz/fhir/nhi/v1/Patient/ZZZ1111 or ZZZ11AA : matches('^https://api.hip.digital.health.nz/fhir/nhi/v1/Patient/[A-Z]{3}([0-9]{4}|[0-9]{2}[A-Z]{2})$') | |
| ppc-1 | error | Consent | Either a Policy or PolicyRule : policy.exists() or policyRule.exists() | |
| ppc-2 | error | Consent | IF Scope=privacy, there must be a patient : patient.exists() or scope.coding.where(system='something' and code='patient-privacy').exists().not() | |
| ppc-3 | error | Consent | IF Scope=research, there must be a patient : patient.exists() or scope.coding.where(system='something' and code='research').exists().not() | |
| ppc-4 | error | Consent | IF Scope=adr, there must be a patient : patient.exists() or scope.coding.where(system='something' and code='adr').exists().not() | |
| ppc-5 | error | Consent | IF Scope=treatment, there must be a patient : patient.exists() or scope.coding.where(system='something' and code='treatment').exists().not() |
This structure is derived from Consent
| Name | Flags | Card. | Type | Description & Constraints Filter: |
|---|---|---|---|---|
| Consent |
0..* | Consent | A healthcare consumer's choices to permit or deny recipients or roles to perform actions for specific purposes and periods of time | |
 status |
1..1 | code | The state of the Consent. This must be active to release data from the server | |
| scope |
1..1 | CodeableConcept | Which of the four areas this resource covers (extensible) Required Pattern: At least the following | |
| coding |
1..* | Coding | Code defined by a terminology system Fixed Value: (complex) | |
| system |
1..1 | uri | Identity of the terminology system Fixed Value: http://terminology.hl7.org/CodeSystem/consentscope | |
| code |
1..1 | code | Symbol in syntax defined by the system Fixed Value: patient-privacy | |
| category |
1..1 | CodeableConcept | The category of the consent, which is a code that indicates the type of consent Fixed Value: 887031000000108 | |
| patient |
1..1 | Reference(Patient) | Who the consent applies to | |
| reference |
C | 1..1 | string | Must be an absolute URL reference to the patient on the NHI system. See constraints for details. Constraints: nhi-url-format |
| type |
1..1 | uri | Type the reference refers to (e.g. "Patient") Required Pattern: Patient | |
| policy |
1..* | BackboneElement | Policies covered by this consent | |
| provision |
1..1 | BackboneElement | The provision of the consent, which may be a permit or deny | |
| type |
1..1 | code | The type of consent, either permit or deny | |
| period |
||||
| start |
1..1 | dateTime | The date and time the Consent is considered to be in effect | |
| end |
0..1 | dateTime | The date and time the Consent is considered to be expired | |
| action |
1..* | CodeableConcept | The action that is being permitted or denied | |
| Documentation for this format | ||||
| Id | Grade | Path(s) | Details | Requirements |
| nhi-url-format | error | Consent.patient.reference | Reference must be an NHI Patient URL with format https://api.hip.digital.health.nz/fhir/nhi/v1/Patient/ZZZ1111 or ZZZ11AA : matches('^https://api.hip.digital.health.nz/fhir/nhi/v1/Patient/[A-Z]{3}([0-9]{4}|[0-9]{2}[A-Z]{2})$') |
| Name | Flags | Card. | Type | Description & Constraints Filter: | ||||
|---|---|---|---|---|---|---|---|---|
| Consent |
C | 0..* | Consent | A healthcare consumer's choices to permit or deny recipients or roles to perform actions for specific purposes and periods of time Constraints: ppc-1, ppc-2, ppc-3, ppc-4, ppc-5 | ||||
| id |
Σ | 0..1 | id | Logical id of this artifact | ||||
| meta |
Σ | 0..1 | Meta | Metadata about the resource | ||||
| implicitRules |
?!Σ | 0..1 | uri | A set of rules under which this content was created | ||||
| language |
0..1 | code | Language of the resource content Binding: CommonLanguages (preferred): A human language.
| |||||
| text |
0..1 | Narrative | Text summary of the resource, for human interpretation | |||||
| contained |
0..* | Resource | Contained, inline Resources | |||||
 extension |
0..* | Extension | Additional content defined by implementations | |||||
| modifierExtension |
?! | 0..* | Extension | Extensions that cannot be ignored | ||||
| identifier |
Σ | 0..* | Identifier | Identifier for this record (external references) Example General: {"system":"http://acme.org/identifier/local/eCMS","value":"Local eCMS identifier"} | ||||
| status |
?!Σ | 1..1 | code | The state of the Consent. This must be active to release data from the server Binding: ConsentState (required): Indicates the state of the consent. | ||||
| scope |
?!Σ | 1..1 | CodeableConcept | Which of the four areas this resource covers (extensible) Binding: ConsentScopeCodes (extensible): The four anticipated uses for the Consent Resource. Required Pattern: At least the following | ||||
| id |
0..1 | string | Unique id for inter-element referencing | |||||
| extension |
0..* | Extension | Additional content defined by implementations | |||||
| coding |
1..* | Coding | Code defined by a terminology system Fixed Value: (complex) | |||||
| id |
0..1 | string | Unique id for inter-element referencing | |||||
| extension |
0..* | Extension | Additional content defined by implementations | |||||
| system |
1..1 | uri | Identity of the terminology system Fixed Value: http://terminology.hl7.org/CodeSystem/consentscope | |||||
| version |
0..1 | string | Version of the system - if relevant | |||||
| code |
1..1 | code | Symbol in syntax defined by the system Fixed Value: patient-privacy | |||||
| display |
0..1 | string | Representation defined by the system | |||||
| userSelected |
0..1 | boolean | If this coding was chosen directly by the user | |||||
| text |
0..1 | string | Plain text representation of the concept | |||||
| category |
Σ | 1..1 | CodeableConcept | The category of the consent, which is a code that indicates the type of consent Binding: ConsentCategoryCodes (extensible): A classification of the type of consents found in a consent statement. Fixed Value: 887031000000108 | ||||
| patient |
Σ | 1..1 | Reference(Patient) | Who the consent applies to | ||||
| id |
0..1 | string | Unique id for inter-element referencing | |||||
| extension |
0..* | Extension | Additional content defined by implementations Slice: Unordered, Open by value:url | |||||
| reference |
ΣC | 1..1 | string | Must be an absolute URL reference to the patient on the NHI system. See constraints for details. Constraints: nhi-url-format | ||||
| type |
Σ | 1..1 | uri | Type the reference refers to (e.g. "Patient") Binding: ResourceType (extensible): Aa resource (or, for logical models, the URI of the logical model). Required Pattern: Patient | ||||
| identifier |
Σ | 0..1 | Identifier | Logical reference, when literal reference is not known | ||||
| display |
Σ | 0..1 | string | Text alternative for the resource | ||||
| dateTime |
Σ | 0..1 | dateTime | When this Consent was created or indexed | ||||
| performer |
Σ | 0..* | Reference(Organization | Patient | Practitioner | RelatedPerson | PractitionerRole) | Who is agreeing to the policy and rules | ||||
| organization |
Σ | 0..* | Reference(Organization) | Custodian of the consent | ||||
 source[x] |
Σ | 0..1 | Source from which this consent is taken | |||||
| sourceAttachment |
Attachment | |||||||
| sourceReference |
Reference(Consent | DocumentReference | Contract | QuestionnaireResponse) | |||||||
| policy |
1..* | BackboneElement | Policies covered by this consent | |||||
| id |
0..1 | string | Unique id for inter-element referencing | |||||
| extension |
0..* | Extension | Additional content defined by implementations | |||||
| modifierExtension |
?!Σ | 0..* | Extension | Extensions that cannot be ignored even if unrecognized | ||||
| authority |
C | 0..1 | uri | Enforcement source for policy | ||||
| uri |
C | 0..1 | uri | Specific policy covered by this consent | ||||
| policyRule |
ΣC | 0..1 | CodeableConcept | Regulation that this consents to Binding: ConsentPolicyRuleCodes (extensible): Regulatory policy examples. | ||||
| verification |
Σ | 0..* | BackboneElement | Consent Verified by patient or family | ||||
| id |
0..1 | string | Unique id for inter-element referencing | |||||
| extension |
0..* | Extension | Additional content defined by implementations | |||||
| modifierExtension |
?!Σ | 0..* | Extension | Extensions that cannot be ignored even if unrecognized | ||||
| verified |
Σ | 1..1 | boolean | Has been verified | ||||
| verifiedWith |
0..1 | Reference(Patient | RelatedPerson) | Person who verified | |||||
| verificationDate |
0..1 | dateTime | When consent verified | |||||
| provision |
Σ | 1..1 | BackboneElement | The provision of the consent, which may be a permit or deny | ||||
| id |
0..1 | string | Unique id for inter-element referencing | |||||
| extension |
0..* | Extension | Additional content defined by implementations | |||||
| modifierExtension |
?!Σ | 0..* | Extension | Extensions that cannot be ignored even if unrecognized | ||||
| type |
Σ | 1..1 | code | The type of consent, either permit or deny Binding: ConsentProvisionType (required): How a rule statement is applied, such as adding additional consent or removing consent. | ||||
| period |
Σ | 0..1 | Period | Timeframe for this rule | ||||
| id |
0..1 | string | Unique id for inter-element referencing | |||||
| extension |
0..* | Extension | Additional content defined by implementations Slice: Unordered, Open by value:url | |||||
| start |
ΣC | 1..1 | dateTime | The date and time the Consent is considered to be in effect | ||||
| end |
ΣC | 0..1 | dateTime | The date and time the Consent is considered to be expired | ||||
| actor |
0..* | BackboneElement | Who|what controlled by this rule (or group, by role) | |||||
| id |
0..1 | string | Unique id for inter-element referencing | |||||
| extension |
0..* | Extension | Additional content defined by implementations | |||||
| modifierExtension |
?!Σ | 0..* | Extension | Extensions that cannot be ignored even if unrecognized | ||||
| role |
1..1 | CodeableConcept | How the actor is involved Binding: SecurityRoleType (extensible): How an actor is involved in the consent considerations. | |||||
| reference |
1..1 | Reference(Device | Group | CareTeam | Organization | Patient | Practitioner | RelatedPerson | PractitionerRole) | Resource for the actor (or group, by role) | |||||
| action |
Σ | 1..* | CodeableConcept | The action that is being permitted or denied Binding: ConsentActionCodes (example): Detailed codes for the consent action. | ||||
| securityLabel |
Σ | 0..* | Coding | Security Labels that define affected resources Binding: All Security Labels (extensible): Security Labels from the Healthcare Privacy and Security Classification System. | ||||
| purpose |
Σ | 0..* | Coding | Context of activities covered by this rule Binding: PurposeOfUse (extensible): What purposes of use are controlled by this exception. If more than one label is specified, operations must have all the specified labels. | ||||
| class |
Σ | 0..* | Coding | e.g. Resource Type, Profile, CDA, etc. Binding: ConsentContentClass (extensible): The class (type) of information a consent rule covers. | ||||
| code |
Σ | 0..* | CodeableConcept | e.g. LOINC or SNOMED CT code, etc. in the content Binding: ConsentContentCodes (example): If this code is found in an instance, then the exception applies. | ||||
| dataPeriod |
Σ | 0..1 | Period | Timeframe for data controlled by this rule | ||||
| data |
Σ | 0..* | BackboneElement | Data controlled by this rule | ||||
| id |
0..1 | string | Unique id for inter-element referencing | |||||
| extension |
0..* | Extension | Additional content defined by implementations | |||||
| modifierExtension |
?!Σ | 0..* | Extension | Extensions that cannot be ignored even if unrecognized | ||||
| meaning |
Σ | 1..1 | code | instance | related | dependents | authoredby Binding: ConsentDataMeaning (required): How a resource reference is interpreted when testing consent restrictions. | ||||
| reference |
Σ | 1..1 | Reference(Resource) | The actual data reference | ||||
| provision |
0..* | See provision (Consent) | Nested Exception Rules | |||||
| Documentation for this format | ||||||||
| Path | Conformance | ValueSet / Code | URI | |||
| Consent.language | preferred | CommonLanguageshttp://hl7.org/fhir/ValueSet/languagesFrom the FHIR Standard
| ||||
| Consent.status | required | ConsentStatehttp://hl7.org/fhir/ValueSet/consent-state-codes|4.0.1From the FHIR Standard | ||||
| Consent.scope | extensible | Pattern Value: patient-privacyhttp://hl7.org/fhir/ValueSet/consent-scopeFrom the FHIR Standard | ||||
| Consent.category | extensible | Fixed Value: 887031000000108http://hl7.org/fhir/ValueSet/consent-categoryFrom the FHIR Standard | ||||
| Consent.patient.type | extensible | Pattern Value: Patienthttp://hl7.org/fhir/ValueSet/resource-typesFrom the FHIR Standard | ||||
| Consent.policyRule | extensible | ConsentPolicyRuleCodeshttp://hl7.org/fhir/ValueSet/consent-policyFrom the FHIR Standard | ||||
| Consent.provision.type | required | ConsentProvisionTypehttp://hl7.org/fhir/ValueSet/consent-provision-type|4.0.1From the FHIR Standard | ||||
| Consent.provision.actor.role | extensible | SecurityRoleTypehttp://hl7.org/fhir/ValueSet/security-role-typeFrom the FHIR Standard | ||||
| Consent.provision.action | example | ConsentActionCodeshttp://hl7.org/fhir/ValueSet/consent-actionFrom the FHIR Standard | ||||
| Consent.provision.securityLabel | extensible | All Security Labelshttp://hl7.org/fhir/ValueSet/security-labelsFrom the FHIR Standard | ||||
| Consent.provision.purpose | extensible | PurposeOfUsehttp://terminology.hl7.org/ValueSet/v3-PurposeOfUse | ||||
| Consent.provision.class | extensible | ConsentContentClasshttp://hl7.org/fhir/ValueSet/consent-content-classFrom the FHIR Standard | ||||
| Consent.provision.code | example | ConsentContentCodes(a valid code from LOINC)http://hl7.org/fhir/ValueSet/consent-content-codeFrom the FHIR Standard | ||||
| Consent.provision.data.meaning | required | ConsentDataMeaninghttp://hl7.org/fhir/ValueSet/consent-data-meaning|4.0.1From the FHIR Standard |
| Id | Grade | Path(s) | Details | Requirements |
| dom-2 | error | Consent | If the resource is contained in another resource, it SHALL NOT contain nested Resources : contained.contained.empty() | |
| dom-3 | error | Consent | If the resource is contained in another resource, it SHALL be referred to from elsewhere in the resource or SHALL refer to the containing resource : contained.where((('#'+id in (%resource.descendants().reference | %resource.descendants().as(canonical) | %resource.descendants().as(uri) | %resource.descendants().as(url))) or descendants().where(reference = '#').exists() or descendants().where(as(canonical) = '#').exists() or descendants().where(as(canonical) = '#').exists()).not()).trace('unmatched', id).empty() | |
| dom-4 | error | Consent | If a resource is contained in another resource, it SHALL NOT have a meta.versionId or a meta.lastUpdated : contained.meta.versionId.empty() and contained.meta.lastUpdated.empty() | |
| dom-5 | error | Consent | If a resource is contained in another resource, it SHALL NOT have a security label : contained.meta.security.empty() | |
| dom-6 | best practice | Consent | A resource should have narrative for robust management : text.`div`.exists() | |
| ele-1 | error | **ALL** elements | All FHIR elements must have a @value or children : hasValue() or (children().count() > id.count()) | |
| ext-1 | error | **ALL** extensions | Must have either extensions or value[x], not both : extension.exists() != value.exists() | |
| nhi-url-format | error | Consent.patient.reference | Reference must be an NHI Patient URL with format https://api.hip.digital.health.nz/fhir/nhi/v1/Patient/ZZZ1111 or ZZZ11AA : matches('^https://api.hip.digital.health.nz/fhir/nhi/v1/Patient/[A-Z]{3}([0-9]{4}|[0-9]{2}[A-Z]{2})$') | |
| ppc-1 | error | Consent | Either a Policy or PolicyRule : policy.exists() or policyRule.exists() | |
| ppc-2 | error | Consent | IF Scope=privacy, there must be a patient : patient.exists() or scope.coding.where(system='something' and code='patient-privacy').exists().not() | |
| ppc-3 | error | Consent | IF Scope=research, there must be a patient : patient.exists() or scope.coding.where(system='something' and code='research').exists().not() | |
| ppc-4 | error | Consent | IF Scope=adr, there must be a patient : patient.exists() or scope.coding.where(system='something' and code='adr').exists().not() | |
| ppc-5 | error | Consent | IF Scope=treatment, there must be a patient : patient.exists() or scope.coding.where(system='something' and code='treatment').exists().not() |
This structure is derived from Consent
Key Elements View
| Name | Flags | Card. | Type | Description & Constraints Filter: |
|---|---|---|---|---|
| Consent |
C | 0..* | Consent | A healthcare consumer's choices to permit or deny recipients or roles to perform actions for specific purposes and periods of time Constraints: ppc-1, ppc-2, ppc-3, ppc-4, ppc-5 |
| implicitRules |
?!Σ | 0..1 | uri | A set of rules under which this content was created |
| modifierExtension |
?! | 0..* | Extension | Extensions that cannot be ignored |
| status |
?!Σ | 1..1 | code | The state of the Consent. This must be active to release data from the server Binding: ConsentState (required): Indicates the state of the consent. |
| scope |
?!Σ | 1..1 | CodeableConcept | Which of the four areas this resource covers (extensible) Binding: ConsentScopeCodes (extensible): The four anticipated uses for the Consent Resource. Required Pattern: At least the following |
| coding |
1..* | Coding | Code defined by a terminology system Fixed Value: (complex) | |
| system |
1..1 | uri | Identity of the terminology system Fixed Value: http://terminology.hl7.org/CodeSystem/consentscope | |
| code |
1..1 | code | Symbol in syntax defined by the system Fixed Value: patient-privacy | |
| category |
Σ | 1..1 | CodeableConcept | The category of the consent, which is a code that indicates the type of consent Binding: ConsentCategoryCodes (extensible): A classification of the type of consents found in a consent statement. Fixed Value: 887031000000108 |
| patient |
Σ | 1..1 | Reference(Patient) | Who the consent applies to |
| reference |
ΣC | 1..1 | string | Must be an absolute URL reference to the patient on the NHI system. See constraints for details. Constraints: nhi-url-format |
| type |
Σ | 1..1 | uri | Type the reference refers to (e.g. "Patient") Binding: ResourceType (extensible): Aa resource (or, for logical models, the URI of the logical model). Required Pattern: Patient |
| policy |
1..* | BackboneElement | Policies covered by this consent | |
| modifierExtension |
?!Σ | 0..* | Extension | Extensions that cannot be ignored even if unrecognized |
| provision |
Σ | 1..1 | BackboneElement | The provision of the consent, which may be a permit or deny |
| modifierExtension |
?!Σ | 0..* | Extension | Extensions that cannot be ignored even if unrecognized |
| type |
Σ | 1..1 | code | The type of consent, either permit or deny Binding: ConsentProvisionType (required): How a rule statement is applied, such as adding additional consent or removing consent. |
| action |
Σ | 1..* | CodeableConcept | The action that is being permitted or denied Binding: ConsentActionCodes (example): Detailed codes for the consent action. |
| Documentation for this format | ||||
| Path | Conformance | ValueSet / Code | URI |
| Consent.status | required | ConsentStatehttp://hl7.org/fhir/ValueSet/consent-state-codes|4.0.1From the FHIR Standard | |
| Consent.scope | extensible | Pattern Value: patient-privacyhttp://hl7.org/fhir/ValueSet/consent-scopeFrom the FHIR Standard | |
| Consent.category | extensible | Fixed Value: 887031000000108http://hl7.org/fhir/ValueSet/consent-categoryFrom the FHIR Standard | |
| Consent.patient.type | extensible | Pattern Value: Patienthttp://hl7.org/fhir/ValueSet/resource-typesFrom the FHIR Standard | |
| Consent.provision.type | required | ConsentProvisionTypehttp://hl7.org/fhir/ValueSet/consent-provision-type|4.0.1From the FHIR Standard | |
| Consent.provision.action | example | ConsentActionCodeshttp://hl7.org/fhir/ValueSet/consent-actionFrom the FHIR Standard |
| Id | Grade | Path(s) | Details | Requirements |
| dom-2 | error | Consent | If the resource is contained in another resource, it SHALL NOT contain nested Resources : contained.contained.empty() | |
| dom-3 | error | Consent | If the resource is contained in another resource, it SHALL be referred to from elsewhere in the resource or SHALL refer to the containing resource : contained.where((('#'+id in (%resource.descendants().reference | %resource.descendants().as(canonical) | %resource.descendants().as(uri) | %resource.descendants().as(url))) or descendants().where(reference = '#').exists() or descendants().where(as(canonical) = '#').exists() or descendants().where(as(canonical) = '#').exists()).not()).trace('unmatched', id).empty() | |
| dom-4 | error | Consent | If a resource is contained in another resource, it SHALL NOT have a meta.versionId or a meta.lastUpdated : contained.meta.versionId.empty() and contained.meta.lastUpdated.empty() | |
| dom-5 | error | Consent | If a resource is contained in another resource, it SHALL NOT have a security label : contained.meta.security.empty() | |
| dom-6 | best practice | Consent | A resource should have narrative for robust management : text.`div`.exists() | |
| ele-1 | error | **ALL** elements | All FHIR elements must have a @value or children : hasValue() or (children().count() > id.count()) | |
| ext-1 | error | **ALL** extensions | Must have either extensions or value[x], not both : extension.exists() != value.exists() | |
| nhi-url-format | error | Consent.patient.reference | Reference must be an NHI Patient URL with format https://api.hip.digital.health.nz/fhir/nhi/v1/Patient/ZZZ1111 or ZZZ11AA : matches('^https://api.hip.digital.health.nz/fhir/nhi/v1/Patient/[A-Z]{3}([0-9]{4}|[0-9]{2}[A-Z]{2})$') | |
| ppc-1 | error | Consent | Either a Policy or PolicyRule : policy.exists() or policyRule.exists() | |
| ppc-2 | error | Consent | IF Scope=privacy, there must be a patient : patient.exists() or scope.coding.where(system='something' and code='patient-privacy').exists().not() | |
| ppc-3 | error | Consent | IF Scope=research, there must be a patient : patient.exists() or scope.coding.where(system='something' and code='research').exists().not() | |
| ppc-4 | error | Consent | IF Scope=adr, there must be a patient : patient.exists() or scope.coding.where(system='something' and code='adr').exists().not() | |
| ppc-5 | error | Consent | IF Scope=treatment, there must be a patient : patient.exists() or scope.coding.where(system='something' and code='treatment').exists().not() |
Differential View
This structure is derived from Consent
| Name | Flags | Card. | Type | Description & Constraints Filter: |
|---|---|---|---|---|
| Consent |
0..* | Consent | A healthcare consumer's choices to permit or deny recipients or roles to perform actions for specific purposes and periods of time | |
| status |
1..1 | code | The state of the Consent. This must be active to release data from the server | |
| scope |
1..1 | CodeableConcept | Which of the four areas this resource covers (extensible) Required Pattern: At least the following | |
| coding |
1..* | Coding | Code defined by a terminology system Fixed Value: (complex) | |
| system |
1..1 | uri | Identity of the terminology system Fixed Value: http://terminology.hl7.org/CodeSystem/consentscope | |
| code |
1..1 | code | Symbol in syntax defined by the system Fixed Value: patient-privacy | |
| category |
1..1 | CodeableConcept | The category of the consent, which is a code that indicates the type of consent Fixed Value: 887031000000108 | |
| patient |
1..1 | Reference(Patient) | Who the consent applies to | |
| reference |
C | 1..1 | string | Must be an absolute URL reference to the patient on the NHI system. See constraints for details. Constraints: nhi-url-format |
| type |
1..1 | uri | Type the reference refers to (e.g. "Patient") Required Pattern: Patient | |
| policy |
1..* | BackboneElement | Policies covered by this consent | |
| provision |
1..1 | BackboneElement | The provision of the consent, which may be a permit or deny | |
| type |
1..1 | code | The type of consent, either permit or deny | |
| period |
||||
| start |
1..1 | dateTime | The date and time the Consent is considered to be in effect | |
| end |
0..1 | dateTime | The date and time the Consent is considered to be expired | |
| action |
1..* | CodeableConcept | The action that is being permitted or denied | |
| Documentation for this format | ||||
| Id | Grade | Path(s) | Details | Requirements |
| nhi-url-format | error | Consent.patient.reference | Reference must be an NHI Patient URL with format https://api.hip.digital.health.nz/fhir/nhi/v1/Patient/ZZZ1111 or ZZZ11AA : matches('^https://api.hip.digital.health.nz/fhir/nhi/v1/Patient/[A-Z]{3}([0-9]{4}|[0-9]{2}[A-Z]{2})$') |
Snapshot View
| Name | Flags | Card. | Type | Description & Constraints Filter: | ||||
|---|---|---|---|---|---|---|---|---|
| Consent |
C | 0..* | Consent | A healthcare consumer's choices to permit or deny recipients or roles to perform actions for specific purposes and periods of time Constraints: ppc-1, ppc-2, ppc-3, ppc-4, ppc-5 | ||||
| id |
Σ | 0..1 | id | Logical id of this artifact | ||||
| meta |
Σ | 0..1 | Meta | Metadata about the resource | ||||
| implicitRules |
?!Σ | 0..1 | uri | A set of rules under which this content was created | ||||
| language |
0..1 | code | Language of the resource content Binding: CommonLanguages (preferred): A human language.
| |||||
| text |
0..1 | Narrative | Text summary of the resource, for human interpretation | |||||
| contained |
0..* | Resource | Contained, inline Resources | |||||
| extension |
0..* | Extension | Additional content defined by implementations | |||||
| modifierExtension |
?! | 0..* | Extension | Extensions that cannot be ignored | ||||
| identifier |
Σ | 0..* | Identifier | Identifier for this record (external references) Example General: {"system":"http://acme.org/identifier/local/eCMS","value":"Local eCMS identifier"} | ||||
| status |
?!Σ | 1..1 | code | The state of the Consent. This must be active to release data from the server Binding: ConsentState (required): Indicates the state of the consent. | ||||
| scope |
?!Σ | 1..1 | CodeableConcept | Which of the four areas this resource covers (extensible) Binding: ConsentScopeCodes (extensible): The four anticipated uses for the Consent Resource. Required Pattern: At least the following | ||||
| id |
0..1 | string | Unique id for inter-element referencing | |||||
| extension |
0..* | Extension | Additional content defined by implementations | |||||
| coding |
1..* | Coding | Code defined by a terminology system Fixed Value: (complex) | |||||
| id |
0..1 | string | Unique id for inter-element referencing | |||||
| extension |
0..* | Extension | Additional content defined by implementations | |||||
| system |
1..1 | uri | Identity of the terminology system Fixed Value: http://terminology.hl7.org/CodeSystem/consentscope | |||||
| version |
0..1 | string | Version of the system - if relevant | |||||
| code |
1..1 | code | Symbol in syntax defined by the system Fixed Value: patient-privacy | |||||
| display |
0..1 | string | Representation defined by the system | |||||
| userSelected |
0..1 | boolean | If this coding was chosen directly by the user | |||||
| text |
0..1 | string | Plain text representation of the concept | |||||
| category |
Σ | 1..1 | CodeableConcept | The category of the consent, which is a code that indicates the type of consent Binding: ConsentCategoryCodes (extensible): A classification of the type of consents found in a consent statement. Fixed Value: 887031000000108 | ||||
| patient |
Σ | 1..1 | Reference(Patient) | Who the consent applies to | ||||
| id |
0..1 | string | Unique id for inter-element referencing | |||||
| extension |
0..* | Extension | Additional content defined by implementations Slice: Unordered, Open by value:url | |||||
| reference |
ΣC | 1..1 | string | Must be an absolute URL reference to the patient on the NHI system. See constraints for details. Constraints: nhi-url-format | ||||
| type |
Σ | 1..1 | uri | Type the reference refers to (e.g. "Patient") Binding: ResourceType (extensible): Aa resource (or, for logical models, the URI of the logical model). Required Pattern: Patient | ||||
| identifier |
Σ | 0..1 | Identifier | Logical reference, when literal reference is not known | ||||
| display |
Σ | 0..1 | string | Text alternative for the resource | ||||
| dateTime |
Σ | 0..1 | dateTime | When this Consent was created or indexed | ||||
| performer |
Σ | 0..* | Reference(Organization | Patient | Practitioner | RelatedPerson | PractitionerRole) | Who is agreeing to the policy and rules | ||||
| organization |
Σ | 0..* | Reference(Organization) | Custodian of the consent | ||||
| source[x] |
Σ | 0..1 | Source from which this consent is taken | |||||
| sourceAttachment |
Attachment | |||||||
| sourceReference |
Reference(Consent | DocumentReference | Contract | QuestionnaireResponse) | |||||||
| policy |
1..* | BackboneElement | Policies covered by this consent | |||||
| id |
0..1 | string | Unique id for inter-element referencing | |||||
| extension |
0..* | Extension | Additional content defined by implementations | |||||
| modifierExtension |
?!Σ | 0..* | Extension | Extensions that cannot be ignored even if unrecognized | ||||
| authority |
C | 0..1 | uri | Enforcement source for policy | ||||
| uri |
C | 0..1 | uri | Specific policy covered by this consent | ||||
| policyRule |
ΣC | 0..1 | CodeableConcept | Regulation that this consents to Binding: ConsentPolicyRuleCodes (extensible): Regulatory policy examples. | ||||
| verification |
Σ | 0..* | BackboneElement | Consent Verified by patient or family | ||||
| id |
0..1 | string | Unique id for inter-element referencing | |||||
| extension |
0..* | Extension | Additional content defined by implementations | |||||
| modifierExtension |
?!Σ | 0..* | Extension | Extensions that cannot be ignored even if unrecognized | ||||
| verified |
Σ | 1..1 | boolean | Has been verified | ||||
| verifiedWith |
0..1 | Reference(Patient | RelatedPerson) | Person who verified | |||||
| verificationDate |
0..1 | dateTime | When consent verified | |||||
| provision |
Σ | 1..1 | BackboneElement | The provision of the consent, which may be a permit or deny | ||||
| id |
0..1 | string | Unique id for inter-element referencing | |||||
| extension |
0..* | Extension | Additional content defined by implementations | |||||
| modifierExtension |
?!Σ | 0..* | Extension | Extensions that cannot be ignored even if unrecognized | ||||
| type |
Σ | 1..1 | code | The type of consent, either permit or deny Binding: ConsentProvisionType (required): How a rule statement is applied, such as adding additional consent or removing consent. | ||||
| period |
Σ | 0..1 | Period | Timeframe for this rule | ||||
| id |
0..1 | string | Unique id for inter-element referencing | |||||
| extension |
0..* | Extension | Additional content defined by implementations Slice: Unordered, Open by value:url | |||||
| start |
ΣC | 1..1 | dateTime | The date and time the Consent is considered to be in effect | ||||
| end |
ΣC | 0..1 | dateTime | The date and time the Consent is considered to be expired | ||||
| actor |
0..* | BackboneElement | Who|what controlled by this rule (or group, by role) | |||||
| id |
0..1 | string | Unique id for inter-element referencing | |||||
| extension |
0..* | Extension | Additional content defined by implementations | |||||
| modifierExtension |
?!Σ | 0..* | Extension | Extensions that cannot be ignored even if unrecognized | ||||
| role |
1..1 | CodeableConcept | How the actor is involved Binding: SecurityRoleType (extensible): How an actor is involved in the consent considerations. | |||||
| reference |
1..1 | Reference(Device | Group | CareTeam | Organization | Patient | Practitioner | RelatedPerson | PractitionerRole) | Resource for the actor (or group, by role) | |||||
| action |
Σ | 1..* | CodeableConcept | The action that is being permitted or denied Binding: ConsentActionCodes (example): Detailed codes for the consent action. | ||||
| securityLabel |
Σ | 0..* | Coding | Security Labels that define affected resources Binding: All Security Labels (extensible): Security Labels from the Healthcare Privacy and Security Classification System. | ||||
| purpose |
Σ | 0..* | Coding | Context of activities covered by this rule Binding: PurposeOfUse (extensible): What purposes of use are controlled by this exception. If more than one label is specified, operations must have all the specified labels. | ||||
| class |
Σ | 0..* | Coding | e.g. Resource Type, Profile, CDA, etc. Binding: ConsentContentClass (extensible): The class (type) of information a consent rule covers. | ||||
| code |
Σ | 0..* | CodeableConcept | e.g. LOINC or SNOMED CT code, etc. in the content Binding: ConsentContentCodes (example): If this code is found in an instance, then the exception applies. | ||||
| dataPeriod |
Σ | 0..1 | Period | Timeframe for data controlled by this rule | ||||
| data |
Σ | 0..* | BackboneElement | Data controlled by this rule | ||||
| id |
0..1 | string | Unique id for inter-element referencing | |||||
| extension |
0..* | Extension | Additional content defined by implementations | |||||
| modifierExtension |
?!Σ | 0..* | Extension | Extensions that cannot be ignored even if unrecognized | ||||
| meaning |
Σ | 1..1 | code | instance | related | dependents | authoredby Binding: ConsentDataMeaning (required): How a resource reference is interpreted when testing consent restrictions. | ||||
| reference |
Σ | 1..1 | Reference(Resource) | The actual data reference | ||||
| provision |
0..* | See provision (Consent) | Nested Exception Rules | |||||
| Documentation for this format | ||||||||
| Path | Conformance | ValueSet / Code | URI | |||
| Consent.language | preferred | CommonLanguageshttp://hl7.org/fhir/ValueSet/languagesFrom the FHIR Standard
| ||||
| Consent.status | required | ConsentStatehttp://hl7.org/fhir/ValueSet/consent-state-codes|4.0.1From the FHIR Standard | ||||
| Consent.scope | extensible | Pattern Value: patient-privacyhttp://hl7.org/fhir/ValueSet/consent-scopeFrom the FHIR Standard | ||||
| Consent.category | extensible | Fixed Value: 887031000000108http://hl7.org/fhir/ValueSet/consent-categoryFrom the FHIR Standard | ||||
| Consent.patient.type | extensible | Pattern Value: Patienthttp://hl7.org/fhir/ValueSet/resource-typesFrom the FHIR Standard | ||||
| Consent.policyRule | extensible | ConsentPolicyRuleCodeshttp://hl7.org/fhir/ValueSet/consent-policyFrom the FHIR Standard | ||||
| Consent.provision.type | required | ConsentProvisionTypehttp://hl7.org/fhir/ValueSet/consent-provision-type|4.0.1From the FHIR Standard | ||||
| Consent.provision.actor.role | extensible | SecurityRoleTypehttp://hl7.org/fhir/ValueSet/security-role-typeFrom the FHIR Standard | ||||
| Consent.provision.action | example | ConsentActionCodeshttp://hl7.org/fhir/ValueSet/consent-actionFrom the FHIR Standard | ||||
| Consent.provision.securityLabel | extensible | All Security Labelshttp://hl7.org/fhir/ValueSet/security-labelsFrom the FHIR Standard | ||||
| Consent.provision.purpose | extensible | PurposeOfUsehttp://terminology.hl7.org/ValueSet/v3-PurposeOfUse | ||||
| Consent.provision.class | extensible | ConsentContentClasshttp://hl7.org/fhir/ValueSet/consent-content-classFrom the FHIR Standard | ||||
| Consent.provision.code | example | ConsentContentCodes(a valid code from LOINC)http://hl7.org/fhir/ValueSet/consent-content-codeFrom the FHIR Standard | ||||
| Consent.provision.data.meaning | required | ConsentDataMeaninghttp://hl7.org/fhir/ValueSet/consent-data-meaning|4.0.1From the FHIR Standard |
| Id | Grade | Path(s) | Details | Requirements |
| dom-2 | error | Consent | If the resource is contained in another resource, it SHALL NOT contain nested Resources : contained.contained.empty() | |
| dom-3 | error | Consent | If the resource is contained in another resource, it SHALL be referred to from elsewhere in the resource or SHALL refer to the containing resource : contained.where((('#'+id in (%resource.descendants().reference | %resource.descendants().as(canonical) | %resource.descendants().as(uri) | %resource.descendants().as(url))) or descendants().where(reference = '#').exists() or descendants().where(as(canonical) = '#').exists() or descendants().where(as(canonical) = '#').exists()).not()).trace('unmatched', id).empty() | |
| dom-4 | error | Consent | If a resource is contained in another resource, it SHALL NOT have a meta.versionId or a meta.lastUpdated : contained.meta.versionId.empty() and contained.meta.lastUpdated.empty() | |
| dom-5 | error | Consent | If a resource is contained in another resource, it SHALL NOT have a security label : contained.meta.security.empty() | |
| dom-6 | best practice | Consent | A resource should have narrative for robust management : text.`div`.exists() | |
| ele-1 | error | **ALL** elements | All FHIR elements must have a @value or children : hasValue() or (children().count() > id.count()) | |
| ext-1 | error | **ALL** extensions | Must have either extensions or value[x], not both : extension.exists() != value.exists() | |
| nhi-url-format | error | Consent.patient.reference | Reference must be an NHI Patient URL with format https://api.hip.digital.health.nz/fhir/nhi/v1/Patient/ZZZ1111 or ZZZ11AA : matches('^https://api.hip.digital.health.nz/fhir/nhi/v1/Patient/[A-Z]{3}([0-9]{4}|[0-9]{2}[A-Z]{2})$') | |
| ppc-1 | error | Consent | Either a Policy or PolicyRule : policy.exists() or policyRule.exists() | |
| ppc-2 | error | Consent | IF Scope=privacy, there must be a patient : patient.exists() or scope.coding.where(system='something' and code='patient-privacy').exists().not() | |
| ppc-3 | error | Consent | IF Scope=research, there must be a patient : patient.exists() or scope.coding.where(system='something' and code='research').exists().not() | |
| ppc-4 | error | Consent | IF Scope=adr, there must be a patient : patient.exists() or scope.coding.where(system='something' and code='adr').exists().not() | |
| ppc-5 | error | Consent | IF Scope=treatment, there must be a patient : patient.exists() or scope.coding.where(system='something' and code='treatment').exists().not() |
This structure is derived from Consent
Other representations of profile: CSV, Excel, Schematron