Search loading...

API Hub

Explore and Make use of Nationally Defined Messaging APIs

 

Consent Validation Implementation Guidance

Consent resource implementation guidance

Usage

Patient consent of different types can be carried in a Consent object.

Some encounters may be validated before action - for example, some ambulance requests are validated by clinicians before the ambulance is sent.

Linked to the triage journey by patient and data.

Other consent models are discussed on the Consent Overview page.

Name Cardinality Type FHIR Documentation CDS Implementation Guidance
id 0..1 id Logical id of this artifact Note that this will always be populated except when the resource is being created (initial creation call)
meta 0..1 Meta Metadata about the resource
implicitRules 0..1 uri A set of rules under which this content was created
language 0..1 code Language of the resource content.
Common Languages (Extensible but limited to All Languages)
text 0..1 Narrative Text summary of the resource, for human interpretation
contained 0..* Resource Contained, inline Resources This SHOULD NOT be populated
extension 0..* Extension Additional Content defined by implementations
modifierExtension 0..* Extension Extensions that cannot be ignored
identifier 0..* Identifier Business Identifier for observation
status 1..1 code draft | proposed | active | rejected | inactive | entered-in-error
ConsentState (Required)
This will normally be active
category 0..* CodeableConcept Classification of the consent statement - for indexing/retrieval
Consent Category Codes (Example)
patient 1..1 Reference(Patient) Who the consent applies to This MUST be the Patient in the encounter report.
period 0..1 Period Period that this consent applies
start 0..1 Period Starting time with inclusive boundary This MUST be populated
end 0..1 Period End time with inclusive boundary, if not ongoing If not populated, then assumed to be in the future/open-ended
dateTime 0..1 dateTime When this Consent was created or indexed This SHOULD be populated
consentingParty 0..* Reference(Organization| Patient | Practitioner | RelatedPerson) Who is agreeing to the policy and exceptions this will normally be Patient, but may be RelatedPerson
actor 0..* BackboneElement Who|what controlled by this consent (or group, by role) This SHOULD be populated with the organization (or individual) that is performing the validation
role 1..1 CodeableConcept How the actor is involved
SecurityRoleType (Extensible)
reference 1..1 Reference(Device | Group | CareTeam | Organization | Patient | Practitioner | RelatedPerson) Resource for the actor (or group, by role)
action 0..* CodeableConcept Actions controlled by this consent
Consent Action Codes (Example)
For validation this SHOULD be populated with 'use'.
organization 0..* Custodian of the consent Provider organisation This SHOULD be populated with the Encounter.serviceProvider
source[x] 0..1 Source from which this consent is taken Typically from a QuestionnaireResponse ("Are you happy for your GP to see this call?")
sourceAttachment Attachment
sourceIdentifier Identifier
sourceReference Reference(Consent | DocumentReference | Contract | QuestionnaireResponse)
policy 0..* BackboneElement This MUST NOT be populated.
authority 0..1 uri Enforcement source for policy
uri 0..1 uri Specific policy covered by this consent
policyRule 0..1 uri This SHOULD be populated with `http://hl7.org/fhir/ConsentPolicy/opt-out` as direct care is an opt-out scenario.
securityLabel 0..* Coding Security Labels that define affected resources
All Security Labels (Extensible)
purpose 0..* Coding Context of activities for which the agreement is made
PurposeOfUse (Extensible)
dataPeriod 0..1 Period Timeframe for data controlled by this consent This MUST be populated
start 0..1 Period Timeframe for data controlled by this consent This MUST be populated
end 0..1 Period Timeframe for data controlled by this consent This MAY be populated, but if not then assume the dataPeriod is active and open-ended
data 0..* BackboneElement Data controlled by this consent The Encounter(s) to which this consent applies
meaning 1..1 code instance | related | dependents | authoredby
ConsentDataMeaning (Required)
This MUST be populated with both 'related' and 'dependents' as separate data elements.
reference 1..1 Reference(Any) The actual data reference This SHOULD be the Encounter
except 0..* BackboneElement Additional rule - addition or removal of permissions
type 1..1 code deny | permit
ConsentExceptType (Required)
period 0..1 Period Timeframe for this exception
actor 0..* BackboneElement Who|what controlled by this exception (or group, by role)
role 1..1 CodeableConcept How the actor is involved
SecurityRoleType (Extensible)
reference 1..1 Reference(Device | Group | CareTeam | Organization | Patient | Practitioner | RelatedPerson) Resource for the actor (or group, by role)
action 0..* CodeableConcept Actions controlled by this exception
Consent Action Codes (Example)
securityLabel 0..* Coding Security Labels that define affected resources
All Security Labels (Extensible)
purpose 0..* Coding Context of activities covered by this exception
PurposeOfUse (Extensible)
class 0..* Coding e.g. Resource Type, Profile, or CDA etc
Consent Content Class (Extensible)
code 0..* Coding e.g. LOINC or SNOMED CT code, etc in the content
Consent Content Codes (Example)
dataPeriod 0..1 Period Timeframe for data controlled by this exception
data 0..* BackboneElement Data controlled by this exception
meaning 1..1 code instance | related | dependents | authoredby
ConsentDataMeaning (Required)
reference 1..1 Reference(Any) The actual data reference
Tags: rest fhir api

All content is available under the Open Government Licence v3.0, except where otherwise stated