<status value="active" /> <date value="2017-11-01" /> <contact> <name value="Ioana Singureanu" /> <telecom> <system value="email" /> <value value="ioana@eversolve.com" /> <use value="work" /> </telecom> <telecom> <system value="url" /> <value value="www.eversolve.com" /> <period> <start value="1999-06-15" /> </period> </telecom> </contact> <description value="The FHIR STU3 (Release 3) Consent profile describes how Consent2Share (C2S) application and associated access control solution uses FHIR resources to represent and persist patient consent for treatment, research, or disclosure (e.g. 42 CFR Part 2, Title 38). This specification describes how C2S populates a FHIR Consent resource. This Consent profile does not use any contained resources. Contained resources allow the inadvertent sharing of Protected Information to unauthorized users and application. Therefore, any references to patients, providers, organizations are described as external references to resources stored on the same server. Dependencies: Consents that conform to this specification must include reference other resources: - Patient (as patient and/or consenting party), RelatedPerson (as consenting party) - Practitioner (custodians, information recipients), and - Organization (custodian, custodians, information recipients" /> <jurisdiction> <coding> <code value="US" /> <display value="US-Realm" /> </coding> <text value="US-Realm Consent Profile published by Consent2Share" /> </jurisdiction> <purpose value="This profile is intended to be implemented by consent management systems." /> <copyright value="+Copyright (c) 2017 SAMHSA. All Rights Reserved. This product is licensed to you under the Apache License, Version 2.0 (the "License"). You may not use this product except in compliance with the License" /> <fhirVersion value="3.0.1" /> <kind value="resource" /> <abstract value="false" /> <type value="Consent" /> <baseDefinition value="http://hl7.org/fhir/StructureDefinition/Consent" /> <derivation value="constraint" /> <differential> <element id="Consent"> <path value="Consent" /> <definition value="The following is a final draft profile for approval specification that describes the use of FHIR Consent resources in the Consent2Share (C2S) application and associated access control solution. This specification describes how C2S populates a FHIR Consent resource. This Consent profile does not use any contained resources. All the references to patients, providers, organizations are described as external references. Limitation: Current C2S implementation supports multiple identifier types and identifier registry IDs from FHIR. The specification does not support consents to allow other individuals (i.e. FHIR RelatedPerson, Person) to access a patient's protected information (e.g. 42 CFR Part 2). A record of a healthcare consumerâs policy choices, which permits or denies identified recipient(s) or recipient role(s) to perform one or more actions within a given policy context, for specific purposes and periods of time." /> <mustSupport value="true" /> </element> <element id="Consent.identifier"> <path value="Consent.identifier" /> <definition value="FHIR Reference: "Unique identifier for this copy of the Consent Statement." Note: This identifier is set by the consent management application (e.g. GUID)." /> <min value="1" /> <mustSupport value="true" /> </element> <element id="Consent.identifier.use"> <path value="Consent.identifier.use" /> <max value="0" /> <mustSupport value="false" /> </element> <element id="Consent.identifier.type"> <path value="Consent.identifier.type" /> <max value="0" /> </element> <element id="Consent.identifier.system"> <path value="Consent.identifier.system" /> <min value="1" /> <mustSupport value="true" /> </element> <element id="Consent.identifier.value"> <path value="Consent.identifier.value" /> <min value="1" /> <mustSupport value="true" /> </element> <element id="Consent.identifier.period"> <path value="Consent.identifier.period" /> <max value="0" /> </element> <element id="Consent.identifier.assigner"> <path value="Consent.identifier.assigner" /> <max value="0" /> </element> <element id="Consent.status"> <path value="Consent.status" /> <short value="Current state of the Consent" /> <definition value="FHIR Reference: "Indicates the current state of this consent." Constraints introduced in this profile are indicated below: States supported: "proposed" - created but not signed FHIR Reference: "The consent has been proposed but not yet agreed to by all parties. The negotiation stage. (Proposed)" "active" - the consent is signed FHIR Reference: "The consent is to be followed and enforced (Active)" "inactive" - the consent either expired or was revoked through an update. FHIR Reference: "The consent is terminated or replaced (Inactive)" "entered-in-error" - may also be supported FHIR Reference: "The consent was created wrongly (e.g. wrong patient) and should be ignored (Entered in Error)"" /> <mustSupport value="true" /> </element> <element id="Consent.category"> <path value="Consent.category" /> <definition value="FHIR Reference: "A classification of the type of consents found in the statement. This element supports indexing and retrieval of consent statements." Not supported for this profile." /> <max value="0" /> </element> <element id="Consent.patient"> <path value="Consent.patient" /> <label value="Consent subject" /> <short value="Who the consent applies to (external reference)" /> <definition value="FHIR Reference: "The patient/healthcare consumer to whom this consent applies." This data elemen identifies the patient whose records are subject to the consent for disclosure or who agrees to treatment or research study." /> <mustSupport value="true" /> </element> <element id="Consent.period"> <path value="Consent.period" /> <definition value="FHIR Reference: "Relevant time or time-period when this Consent is applicable." The "start" date is set when the consent is made active. Even if the consent is post-signed, the "start" date is the date when the consent becomes active The "end" date is set when the consent is expired or revoked or made inactive The start date cannot be earlier than the "dateTime"." /> <min value="1" /> <mustSupport value="true" /> </element> <element id="Consent.period.start"> <path value="Consent.period.start" /> <definition value="The start date of when the Consent goes into effect. If the Consent is post-signed then the Consent.period.start is the date when the consent becomes active. The boundary is inclusive." /> <mustSupport value="true" /> </element> <element id="Consent.period.end"> <path value="Consent.period.end" /> <definition value="The end date when the consent terms is expired (inactive) or was revoked (expiration date = consent.period.end). If the end of the period is missing, it means that the period is ongoing. The start may be in the past, and the end date in the future, which means that period is expected/planned to end at that time." /> </element> <element id="Consent.dateTime"> <path value="Consent.dateTime" /> <definition value="FHIR Reference: "When this Consent was issued / created / indexed." Note: This is the date the consent was signed by the consenter and made active. Unsigned consents will not contain this date." /> <min value="1" /> <mustSupport value="true" /> </element> <element id="Consent.consentingParty"> <path value="Consent.consentingParty" /> <label value="Consent Signing Party" /> <definition value="FHIR Reference: "Either the Grantor, which is the entity responsible for granting the rights listed in a Consent Directive or the Grantee, which is the entity responsible for complying with the Consent Directive, including any obligations or limitations on authorizations and enforcement of prohibitions." Note: For this profile, this data element identifes the individual authorized to sign the consent, Typically the consenting party/consenter is the patient but the consent may also be signed by a proxy." /> <min value="1" /> <max value="1" /> <type> <code value="Reference" /> <targetProfile value="http://hl7.org/fhir/StructureDefinition/Patient" /> </type> <type> <code value="Reference" /> <targetProfile value="http://hl7.org/fhir/StructureDefinition/RelatedPerson" /> </type> <mustSupport value="true" /> </element> <element id="Consent.actor"> <path value="Consent.actor" /> <label value="Providers" /> <slicing> <discriminator> <type value="value" /> <path value="role.coding.code" /> </discriminator> <description value="This data element was constrained to two slices for "information custodian" and "information recipient" roles but additoinal roles may added by specializations." /> <rules value="open" /> </slicing> <definition value="FHIR Reference: "Who or what is controlled by this consent. Use group to identify a set of actors by some property they share (e.g. 'admitting officers')." This data element may occur at least two times: - at least one occurrence of custodian actor (slice) - at least one occurrence of information recipient actor (slice) The profile for this data element will use "slicing" to distinguish the custodians from the information recipients and ensure at least one of each was specified. Note: This data element is used to specify the custodian (role code: INF) and intended recipient(s) (role code: IRCP) of the information referenced by the consent. According to US Federal policy (e.g. 42 CFR Part 2) this data element can be used to reference one or more individuals/organizations for both roles." /> <comment value="actor cardinality is [2..*] and at least one CST (Custodian) representing the entity/entities making the disclosure and one or more IRCP (Information Recipient) -representing the entity/entities receiving the information subject to this consent- must be required but there could be more than 2." /> <requirements value="At least one CST and one IRCP must be required but there could be more of either side." /> <min value="2" /> <mustSupport value="true" /> </element> <element id="Consent.actor.role"> <path value="Consent.actor.role" /> <label value="Disclosure Providers" /> </element> <element id="Consent.actor.role.coding"> <path value="Consent.actor.role.coding" /> <binding> <strength value="extensible" /> <description value="V3 Participation Type" /> <valueSetUri value="http://hl7.org/fhir/v3/ParticipationType" /> </binding> </element> <element id="Consent.actor.role.coding.code"> <path value="Consent.actor.role.coding.code" /> <binding> <strength value="extensible" /> <description value="V3 Participation Type" /> <valueSetUri value="http://hl7.org/fhir/v3/ParticipationType" /> </binding> </element> <element id="Consent.actor.role.coding.display"> <extension url="http://hl7.org/fhir/StructureDefinition/elementdefinition-translatable"> <valueBoolean value="true" /> </extension> <path value="Consent.actor.role.coding.display" /> <definition value="A representation of the meaning of the code in the system, following the rules of the system." /> <comment value="At least one CST (Custodian) and one IRCP (Information Recipient) must be required but there could be more of either side. Note that FHIR strings may not exceed 1MB in size" /> </element> <element id="Consent.actor.reference"> <path value="Consent.actor.reference" /> <type> <code value="Reference" /> <targetProfile value="http://hl7.org/fhir/StructureDefinition/Group" /> </type> <type> <code value="Reference" /> <targetProfile value="http://hl7.org/fhir/StructureDefinition/CareTeam" /> </type> <type> <code value="Reference" /> <profile value="Organization" /> <targetProfile value="http://hl7.org/fhir/StructureDefinition/Organization" /> <aggregation value="referenced" /> </type> <type> <code value="Reference" /> <targetProfile value="http://hl7.org/fhir/StructureDefinition/Patient" /> </type> <type> <code value="Reference" /> <profile value="Practitioner" /> <targetProfile value="http://hl7.org/fhir/StructureDefinition/Practitioner" /> <aggregation value="referenced" /> </type> <type> <code value="Reference" /> <targetProfile value="http://hl7.org/fhir/StructureDefinition/RelatedPerson" /> </type> </element> <element id="Consent.actor:custodianActor"> <path value="Consent.actor" /> <sliceName value="custodianActor" /> <label value="custodian" /> <code> <code value="CST" /> <display value="Custodian Actor" /> </code> <short value="Custodian controlled by this consent (or group, by role)" /> <definition value="This "actor" structure is used to specify the custodian information in Consent.actor data element." /> <comment value="This slice identifiers the actors authorized by this consent; this actor is the custodian of the information intended to be disclosed." /> <min value="1" /> <mustSupport value="true" /> </element> <element id="Consent.actor:custodianActor.role"> <path value="Consent.actor.role" /> <definition value="FHIR Reference: Custodian (CST) Definition: "An entity (person, organization or device) that is in charge of maintaining the information of this act (e.g., who maintains the report or the master service catalog item, etc.)." Custodian (CST) identifies the provider or organization that is the custodian of the information that is subject to this consent." /> <mustSupport value="true" /> </element> <element id="Consent.actor:custodianActor.role.coding"> <path value="Consent.actor.role.coding" /> <min value="1" /> <max value="1" /> <mustSupport value="true" /> </element> <element id="Consent.actor:custodianActor.role.coding.system"> <path value="Consent.actor.role.coding.system" /> <min value="1" /> <fixedUri value="http://hl7.org/fhir/v3/ParticipationType" /> <mustSupport value="true" /> <binding> <strength value="required" /> <valueSetUri value="http://hl7.org/fhir/ValueSet/security-role-type" /> </binding> </element> <element id="Consent.actor:custodianActor.role.coding.version"> <path value="Consent.actor.role.coding.version" /> <max value="0" /> </element> <element id="Consent.actor:custodianActor.role.coding.code"> <path value="Consent.actor.role.coding.code" /> <code> <code value="CST" /> </code> <min value="1" /> <fixedCode value="CST" /> <mustSupport value="true" /> </element> <element id="Consent.actor:custodianActor.role.coding.userSelected"> <path value="Consent.actor.role.coding.userSelected" /> <max value="0" /> </element> <element id="Consent.actor:custodianActor.reference"> <path value="Consent.actor.reference" /> <definition value="FHIR Reference: "The resource that identifies the actor. To identify actors by type, use group to identify a set of actors by some property they share (e.g. 'admitting officers')." In C2S to specify a "General Designation Consent", we specify CareTeam resource as intended recipient or Organization resource corresponding to HIE is the intended recipient. Providers will be added and removed as needed over time to the patient." /> <type> <code value="Reference" /> <targetProfile value="http://hl7.org/fhir/StructureDefinition/CareTeam" /> </type> <type> <code value="Reference" /> <targetProfile value="http://hl7.org/fhir/StructureDefinition/Organization" /> </type> <type> <code value="Reference" /> <targetProfile value="http://hl7.org/fhir/StructureDefinition/Patient" /> </type> <type> <code value="Reference" /> <targetProfile value="http://hl7.org/fhir/StructureDefinition/Practitioner" /> </type> <type> <code value="Reference" /> <targetProfile value="http://hl7.org/fhir/StructureDefinition/RelatedPerson" /> </type> <mustSupport value="true" /> </element> <element id="Consent.actor:recipientActor"> <path value="Consent.actor" /> <sliceName value="recipientActor" /> <label value="information recipient" /> <short value="Recipient controlled by this consent (or group, by role)" /> <definition value="This "actor" structure is used to specify the recipient of information in Consent.actor data element." /> <comment value="This slice is used to specify the intended recipient(s) of the consent. It identifies the indivdiuals or organizations who are authorized to receive the information specified in the consent." /> <min value="1" /> <mustSupport value="true" /> </element> <element id="Consent.actor:recipientActor.role"> <path value="Consent.actor.role" /> <code> <system value="http://hl7.org/fhir/v3/ParticipationType" /> <code value="IRCP" /> <display value="Information Recipient" /> </code> <definition value="FHIR Reference: Information Recipient (IRCP) Definition: "A party, who may or should receive or who has received the Act or subsequent or derivative information of that Act. Information recipient is inert, i.e., independent of mood." Rationale: this is a generalization of a too diverse family that the definition can't be any more specific, and the concept is abstract so one of the specializations should be used." This data element identifies how the individual/organization is involved: Information Recipient (IRCP) identifies the provider or organization that is intended to receive the disclosed information." /> <mustSupport value="true" /> </element> <element id="Consent.actor:recipientActor.role.coding"> <path value="Consent.actor.role.coding" /> <min value="1" /> <mustSupport value="true" /> </element> <element id="Consent.actor:recipientActor.role.coding.system"> <path value="Consent.actor.role.coding.system" /> <min value="1" /> <fixedUri value="http://hl7.org/fhir/v3/ParticipationType" /> <mustSupport value="true" /> <binding> <strength value="required" /> <valueSetUri value="http://hl7.org/fhir/ValueSet/security-role-type" /> </binding> </element> <element id="Consent.actor:recipientActor.role.coding.version"> <path value="Consent.actor.role.coding.version" /> <max value="0" /> </element> <element id="Consent.actor:recipientActor.role.coding.code"> <path value="Consent.actor.role.coding.code" /> <code> <system value="http://hl7.org/fhir/v3/ParticipationType" /> <code value="IRCP" /> </code> <min value="1" /> <fixedCode value="IRCP" /> <mustSupport value="true" /> </element> <element id="Consent.actor:recipientActor.role.coding.userSelected"> <path value="Consent.actor.role.coding.userSelected" /> <max value="0" /> </element> <element id="Consent.actor:recipientActor.reference"> <path value="Consent.actor.reference" /> <definition value="FHIR Reference: "The resource that identifies the actor. To identify actors by type, use group to identify a set of actors by some property they share (e.g. 'admitting officers')."" /> <type> <code value="Reference" /> <targetProfile value="http://hl7.org/fhir/StructureDefinition/Organization" /> </type> <type> <code value="Reference" /> <targetProfile value="http://hl7.org/fhir/StructureDefinition/Patient" /> </type> <type> <code value="Reference" /> <targetProfile value="http://hl7.org/fhir/StructureDefinition/Practitioner" /> </type> <type> <code value="Reference" /> <targetProfile value="http://hl7.org/fhir/StructureDefinition/RelatedPerson" /> </type> <mustSupport value="true" /> </element> <element id="Consent.action"> <path value="Consent.action" /> <definition value="FHIR Reference: "Actions controlled by this consent." Note: The actions apply to the data specified in the "Consent.except" data element. Typically "disclose" is the default action." /> <min value="1" /> <mustSupport value="true" /> </element> <element id="Consent.organization"> <path value="Consent.organization" /> <definition value="FHIR Reference: "The organization that manages the consent, and the framework within which it is executed." This organization is the custodian of the consent rather than the data referenced by consent. In most cases this is also the custodian of the protected data specified in Consent.actor (role=CST)." /> <min value="1" /> <max value="1" /> <mustSupport value="true" /> </element> <element id="Consent.organization.reference"> <path value="Consent.organization.reference" /> <min value="1" /> <mustSupport value="true" /> </element> <element id="Consent.source[x]"> <path value="Consent.source[x]" /> <definition value="FHIR Reference: "The source on which this consent statement is based. The source might be a scanned original paper form, or a reference to a consent that links back to such a source, a reference to a document repository (e.g. XDS) that stores the original consent document. The following sources listed below: sourceAttachment - FHIR Reference: "The source can be contained inline (Attachment)" sourceIdentifier - FHIR Reference: "The source can be referenced simply by an identifier (Identifier), e.g. a CDA document id." sourceReference - FHIR Reference: "The source can be referenced directly (Consent), referenced in a consent repository (DocumentReference), referenced as a contract, or referenced in a QuestionnaireResponse (Reference(Consent | DocumentReference | Contract | QuestionnaireResponse))". The C2S application will populate "contentType" as "application/pdf" and "data" as the base64encoded PDF document. Currently source specifies a link to the CDA consent or to a Questionnaire responses. e.g; "sourceAttachment": { "contentType": "application/pdf", "title": "The Consent Example.", "data": "data object" If there is no attachment, then we should not have a "sourceAttachment". If there is no attachment, there should be a title." /> <type> <code value="Attachment" /> </type> <type> <code value="Reference" /> <targetProfile value="http://hl7.org/fhir/StructureDefinition/QuestionnaireResponse" /> </type> <type> <code value="Reference" /> <targetProfile value="http://hl7.org/fhir/StructureDefinition/c2s-consent-1.0" /> </type> </element> <element id="Consent.policy"> <path value="Consent.policy" /> <definition value="FHIR Reference: "The references to the policies that are included in this consent scope. Policies may be organizational, but are often defined jurisdictionally, or in law." Not supported for this profile." /> <max value="0" /> </element> <element id="Consent.policyRule"> <path value="Consent.policyRule" /> <definition value="FHIR Reference: "A reference to the specific computable policy. Might be a unique identifier of a policy set in XACML, or other rules engine. If the policy reference is not known, the resource cannot be processed. Where the reference is absent, there is no particular policy other than what is expressed directly in the consent resource." Note: This data element may reference one or more policies addressed by the consent, may reference the URI of XACML policy that Consent 2 Share (C2S) uses to execute this Consent at run time." /> <mustSupport value="true" /> </element> <element id="Consent.securityLabel"> <path value="Consent.securityLabel" /> <definition value="FHIR Reference: "A set of security labels that define which resources are controlled by this consent. If more than one label is specified, all resources must have all the specified labels." Note: The "Consent.except.securityLabel" is used to specify the protected information specified by the consenter. Not supported for this profile." /> <max value="0" /> </element> <element id="Consent.purpose"> <path value="Consent.purpose" /> <definition value="FHIR Reference: "The context of the activities a user is taking - why the user is accessing the data - that are controlled by this consent." Note: The consent purpose may be for "treatment", "research" (e.g. patient-centered outcomes research, precision medicine research). In the case of 42 CFR Part 2, the purpose of the consent is permit disclsoure for treatment. If the purpose of the discslosure is in repsonse to an emergnecy, the consent is not necessary. The emergency disclosure is typically referred as "break the glass"." /> <min value="1" /> <mustSupport value="true" /> <binding> <strength value="required" /> <valueSetUri value="http://hl7.org/fhir/ValueSet/v3-PurposeOfUse" /> </binding> </element> <element id="Consent.purpose.system"> <path value="Consent.purpose.system" /> <min value="1" /> <fixedUri value="http://hl7.org/fhir/v3/ActReason" /> <mustSupport value="true" /> </element> <element id="Consent.purpose.code"> <path value="Consent.purpose.code" /> <min value="1" /> <mustSupport value="true" /> </element> <element id="Consent.dataPeriod"> <path value="Consent.dataPeriod" /> <definition value="FHIR Reference: "Clinical or Operational Relevant period of time that bounds the data controlled by this consent." Not supported for this profile." /> <max value="0" /> </element> <element id="Consent.data"> <path value="Consent.data" /> <definition value="FHIR Reference: "The resources controlled by this consent, if specific resources are referenced." Not supported for this profile." /> <max value="0" /> </element> <element id="Consent.data.meaning"> <path value="Consent.data.meaning" /> <short value="How the resource reference is interpreted when testing consent restrictions" /> <definition value="How the resource reference is interpreted when testing consent restrictions. The following resource reference listed below: instance - FHIR Reference: "The consent applies directly to the instance of the resource" related - FHIR Reference: "The consent applies directly to the instance of the resource and instances it refers to" dependents - FHIR Reference: "The consent applies directly to the instance of the resource and instances that refer to it" authoredby - FHIR Reference: "The consent applies to instances of resources that are authored by"" /> </element> <element id="Consent.data.reference"> <path value="Consent.data.reference" /> <definition value="FHIR Reference: A reference to a specific resource that defines which resources are covered by this consent." /> </element> <element id="Consent.except"> <extension url="http://hl7.org/fhir/StructureDefinition/structuredefinition-explicit-type-name"> <valueString value="Except" /> </extension> <path value="Consent.except" /> <label value="Sensitive Information Categories" /> <definition value="FHIR Reference: "An exception to the base policy of this consent. An exception can be an addition or removal of access permissions." This structure is used to specify the exception to the privacy policy. Note: This repeated data element identifies specific types of protected information and they are not needed if the consent reference "all protected information" held by the authorized organization. If the consent does not specify any "exceptions" (i.e. Consent.Except), the security label should be used instead." /> <min value="1" /> <mustSupport value="true" /> </element> <element id="Consent.except.type"> <path value="Consent.except.type" /> <short value="Action to take - permit or deny" /> <definition value="FHIR Reference: "Action to take - permit or deny - when the exception conditions are met." This structure is used to specify how an exception statement is applied as a "permission" or "denial" of the action (e.g. disclosure) for specific types of protected information. The default for Conset2Share (C2S) is "permit" since C2S users specify information that is "permitted" for disclosure. The following are the defined codes for Consent-Except-Type: â¢ deny â¢ permit deny - FHIR Reference: "Consent is denied for actions meeting these rules (Deny/Opt Out). permit - FHIR Reference: "Consent is provided for actions meeting these rules (Permit/Opt In)."" /> <defaultValueCode value="permit" /> <mustSupport value="true" /> </element> <element id="Consent.except.period"> <path value="Consent.except.period" /> <definition value="FHIR Reference: "The timeframe in this exception is valid." This concept is supported by "Consent.period". Not supported for this profile." /> <max value="0" /> </element> <element id="Consent.except.actor"> <extension url="http://hl7.org/fhir/StructureDefinition/structuredefinition-explicit-type-name"> <valueString value="ExceptActor" /> </extension> <path value="Consent.except.actor" /> <definition value="FHIR Reference: "Who or what is controlled by this Exception. Use group to identify a set of actors by some property they share (e.g. 'admitting officers')." This concept is addressed by "Consent.actor". Not supported for this profile." /> <max value="0" /> </element> <element id="Consent.except.action"> <path value="Consent.except.action" /> <definition value="FHIR Reference: "Actions controlled by this Exception." This concept is addressed by "Consent.action". Not supported for this profile." /> <max value="0" /> </element> <element id="Consent.except.securityLabel"> <path value="Consent.except.securityLabel" /> <definition value="FHIR Reference: "A set of security labels that define which resources are controlled by this exception. If more than one label is specified, all resources must have all the specified labels."" /> <min value="1" /> <mustSupport value="true" /> </element> <element id="Consent.except.securityLabel.system"> <path value="Consent.except.securityLabel.system" /> <min value="1" /> <fixedUri value="http://hl7.org/fhir/v3/ActCode" /> <mustSupport value="true" /> </element> <element id="Consent.except.securityLabel.version"> <path value="Consent.except.securityLabel.version" /> <max value="0" /> </element> <element id="Consent.except.securityLabel.code"> <path value="Consent.except.securityLabel.code" /> <min value="1" /> <mustSupport value="true" /> </element> <element id="Consent.except.securityLabel.userSelected"> <path value="Consent.except.securityLabel.userSelected" /> <max value="0" /> </element> <element id="Consent.except.purpose"> <path value="Consent.except.purpose" /> <definition value="FHIR Reference: "The context of the activities a user is taking - why the user is accessing the data - that are controlled by this exception." This concept is addressed by "Consent.purpose". Not supported for this profile." /> <max value="0" /> </element> <element id="Consent.except.class"> <path value="Consent.except.class" /> <short value="Class of information covered by this exception" /> <definition value="FHIR Reference: "The class of information covered by this exception. The type can be a FHIR resource type, a profile on a type, or a CDA document, or some other type that indicates what sort of information the consent relates to." Not supported for this profile." /> <max value="0" /> </element> <element id="Consent.except.code"> <path value="Consent.except.code" /> <short value="Code found in an instance of the content (LOINC or SNOMED CT code, etc)" /> <definition value="FHIR Reference: "If this code is found in an instance, then the exception applies." Not supported for this profile." /> <max value="0" /> </element> <element id="Consent.except.code.version"> <path value="Consent.except.code.version" /> <max value="0" /> </element> <element id="Consent.except.dataPeriod"> <path value="Consent.except.dataPeriod" /> <definition value="FHIR Reference: "Clinical or Operational Relevant period of time that bounds the data controlled by this exception." Not supported for this profile - the Consent.period applies to this exception." /> <max value="0" /> </element> <element id="Consent.except.data"> <extension url="http://hl7.org/fhir/StructureDefinition/structuredefinition-explicit-type-name"> <valueString value="ExceptData" /> </extension> <path value="Consent.except.data" /> <definition value="FHIR Reference: "The resources controlled by this consent, if specific resources are referenced." Not supported for this profile." /> <max value="0" /> </element> <element id="Consent.except.data.meaning"> <path value="Consent.except.data.meaning" /> <comment value="This structure is not supported for this profile. Note that FHIR strings may not exceed 1MB in size" /> </element> </differential> </StructureDefinition>

The FHIR STU3 (Release 3) Consent profile describes how Consent2Share (C2S) application and associated access control solution uses FHIR resources to represent and persist patient consent for treatment, research, or disclosure (e.g. 42 CFR Part 2, Title 38). This specification describes how C2S populates a FHIR Consent resource. This Consent profile does not use any contained resources. Contained resources allow the inadvertent sharing of Protected Information to unauthorized users and application. Therefore, any references to patients, providers, organizations are described as external references to resources stored on the same server. Dependencies: Consents that conform to this specification must include reference other resources

Patient (as patient and/or consenting party), RelatedPerson (as consenting party)
Practitioner (custodians, information recipients), and
Organization (custodian, custodians, information recipients