Consent exceptions

Note: Draft. May change due to changes in national legislation.

The user can restrict healthcare professional's access to user's data giving consent exceptions. The consent exceptions are specified with security labels mechanism of the FHIR standard. A security label is attached to a resource to provide specific security metadata about the information in the resource.

The security metadata is set in coded form in the meta element of the resource instance. The type of the meta element is Meta. In the structure of the Meta type there is security element which data type is Coding, the exception is set in this security element.

The consent exception is set in the same element and in the same way in different resource instances.

  • For example in Observation resource instances: Observation.meta.security
  • For example in MedicationStatement resource instance: MedicationStatement.meta.security

Observation instance example of the Observation.meta.security element:

{
         "resourceType": "Observation",
         "id": "c4394e13-d6ac-4535-b2e2-216733cbd1dc",
         "meta":          {
            "versionId": "1",
            "lastUpdated": "2017-09-22T10:04:16.169+03:00",
            "profile": ["http://phr.kanta.fi/StructureDefinition/fiphr-bloodpressure-stu3"],
            "security": [            {
               "system": "http://hl7.org/fhir/v3/Confidentiality",
               "code": "R",
               "display": "restricted"
            }]
         },

The security labels (codes) used in consent exceptions are defined in the value set Finnish PHR Confidentiality https://simplifier.net/FinnishPHR/fiphr-vs-confidentiality.

The following codes from the code system http://hl7.org/fhir/v3/Confidentiality are included in Finnish PHR Confidentiality value set and used in the consent exception:

  • R = restricted (see the use of code in "Patterns server follows in security labels")
  • U = unrestricted (see the use of code in "Patterns server follows in security labels")

Patterns FinnishPHR server follows in security labels

  • If the consent exception is not set in the resource instance and the consent is given, then there are no resctrictiosn for healthcare professionals to retrieve user's resource instance form the FinnishPHR.
  • If the consent exception is set to R (restricted), then healthcare professional's access to user's resource instance is forbidden.
  • If the user wants to cancel consent exception of the resource instance, there is own code U (unrestricted) which SHALL be updated to the resource instance (SHALL not be set empty). If the consent exception is set to U, then there are no resctrictions for healthcare professionals to retrieve user's resource instance.
  • If the consent exception is set in the resource instance already stored in the resource server and application updates resource instance without security element, resource server will ensure that the updated resource will inherit the consent exception.
  • If the resource instance given in create or update interaction has an unrecognized security label (code), resource server will return an error response.

Note. In the sandbox version and customer testing version it can be assumed that the consent exists and is given.