Privacy Consent on FHIR (PCF)
1.1.0 - Trial-Implementation
Privacy Consent on FHIR (PCF)
1.1.0 - Trial-Implementation
This page is part of the Privacy Consent on FHIR (PCF) (v1.1.0: Publication) based on FHIR (HL7® FHIR® Standard) R4. This is the current published version. For a full list of available versions, see the Directory of published versions
Resource Consent "ex-consent-intermediate-data"
Profile: IHE PCF Explicit Intermediate Consent
Security Labels: http://terminology.hl7.org/CodeSystem/v3-ActReason
status: active
scope: Privacy Consent (Consent Scope Codes#patient-privacy)
category: Consent (LOINC#59284-0)
patient: Patient/ex-patient " SMITH"
dateTime: 2022-06-13
performer: Patient/ex-patient " SMITH"
organization: Organization/ex-organization "somewhere org"
source: DocumentReference/ex-documentreference
| Uri |
| http://example.org/policies/basePrivacyConsentPolicy.txt |
provision
type: permit
purpose: treatment (Details: http://terminology.hl7.org/CodeSystem/v3-ActReason code TREAT = 'treatment', stated as 'null'), healthcare payment (Details: http://terminology.hl7.org/CodeSystem/v3-ActReason code HPAYMT = 'healthcare payment', stated as 'null'), healthcare operations (Details: http://terminology.hl7.org/CodeSystem/v3-ActReason code HOPERAT = 'healthcare operations', stated as 'null')
data
meaning: instance
reference: Encounter/ex-encounter
data
meaning: instance
reference: Observation/ex-weight-2
data
meaning: instance
reference: Observation/ex-weight
data
meaning: instance
reference: Observation/ex-bloodPressure
data
meaning: instance
reference: Observation/ex-bloodSugar
data
meaning: instance
reference: Observation/ex-alcoholUse
Provided an ITI-71 results in a PERMIT access token issued. That token would have the following residual element to inform the Consent Enforcement Point that it needs to restrict the results.
Given that the token will express the permit portion, the residual would need to express the refinement. In this case, given that the data filter is at the root, it means that nothing BUT the data is allowed. The oAuth token would be expressing a general permit for the given user to the given patient data. Possibly with scope restrictions based on other business rules, such as a subset of actions (CRUDE) and resources.
The token would need to include an ihe_pcf extension to point at this consent, and that would include a residual to express the refinement. Shown as followed:
ihe_iua extension
ihe_iua extension parameters are not shown below"extensions" : {
"ihe_iua" : {
...
"purpose_of_use" : [{
"system" : "http://terminology.hl7.org/CodeSystem/v3-ActReason",
"code" : "TREAT"
},{
"system" : "http://terminology.hl7.org/CodeSystem/v3-ActReason",
"code" : "HPAYMT"
},{
"system" : "http://terminology.hl7.org/CodeSystem/v3-ActReason",
"code" : "HOPERAT"
}]
}
"ihe_pcf" : {
"patient_id" : "http://example.org/fhir/Patient/ex-patient",
"doc_id" : ["http://example.org/fhir/Consent/ex-consent-intermediate-data"],
"residual" : [
{
"type" : "forbid",
},{
"type" : "permit",
"data" : [{
"meaning" : "instance",
"reference" : {
"reference" : "http://example.org/fhir/Encounter/ex-encounter"
}
},{
"meaning" : "instance",
"reference" : {
"reference" : "http://example.org/fhir/Observation/ex-weight-2"
}
},{
"meaning" : "instance",
"reference" : {
"reference" : "http://example.org/fhir/Observation/ex-weight"
}
},{
"meaning" : "instance",
"reference" : {
"reference" : "http://example.org/fhir/Observation/ex-bloodPressure"
}
},{
"meaning" : "instance",
"reference" : {
"reference" : "http://example.org/fhir/Observation/ex-bloodSugar"
}
},{
"meaning" : "instance",
"reference" : {
"reference" : "http://example.org/fhir/Observation/ex-alcoholUse"
}
}]
}
]
}
}
IG © 2023+ IHE IT Infrastructure Technical Committee. Package ihe.iti.pcf#1.1.0 based on FHIR 4.0.1. Generated 2024-02-22
Links: Table of Contents |
QA Report
| New Issue | Issues
Version History |
|
Propose a change