Facade Consent

http://fhir.patientsknowbest.com/structuredefinition/facade-consent

https://www.hl7.org/fhir/STU3/consent.html

Overview

PKB restricts access to data based on 4 privacy labels. A patient grants an actor permission to access 0 or more of those privacy labels.

The Consent resource represents which privacy labels the patient has permitted a specific actor to access. The privacy labels themselves are represented as a security label, taken from the same set of security labels that will be returned in Meta.security.

Note: Consent resources are themselves subject to consent filtering. As such, if a patient has a Consent resource for an Organization that the caller does not have consent to know about (i.e. the Organization has been tagged with a privacy label that has not been granted to the caller) then that Organization's consent will be silently omitted from the result set.

Relevant PKB entities

[[Consent Record]]

Mappings

FHIR	PKB	Notes

FHIR	PKB	Notes
Resource id	[[Consent Record.Public ID]]
Consent.status	<conditional> If [[Consent Record.Discharged]] is FALSE: "active" Else: "inactive"
Consent.patient	A Reference to the [[Patient]] should be returned. patient: Reference reference = the relative URL of the Patient resource display = [[User.Title]] [[User.Given Name]] [[User.Family Name]]
Consent.actor	Who the consent has been granted to. actor: BackboneElement role: CodeableConcept coding[0]: Coding code = "CONSENTER" system = "http://hl7.org/fhir/v3/RoleCode" reference: Reference reference = <conditional> If consent has been granted to a [[Team]]: the relative URL of the Organization (representing the Team) Else if consent has been granted to an Individual [[Professional]]: the relative URL of the Practitioner Else if consent has been granted to a [[Patient]]: a reference to a contained RelatedPerson instance (see RelatedPerson mappings) display = <conditional> If consent has been granted to a [[Team]]: [[Team.Name]] Else if consent has been granted to an Individual [[Professional]]: [[User.Title]] [[User.Given Name]] [[User.Family Name]] Else if consent has been granted to a [[Patient]]: [[User.Title]] [[User.Given Name]] [[User.Family Name]]
Consent.policy	policy[0]: BackboneElement authority = "http://www.patientsknowbest.com"
Consent.except	For each privacy label the actor has been granted consent for, an "except" element should be returned. except: BackboneElement type = "permit" securityLabel: Coding system = "http://fhir.patientsknowbest.com/codesystem/privacy-label" code = corresponding value from [[Data Point.Privacy Label]]	The idea here is that the overall Consent resource represents a "policy". The PKB policy for consent is "opt-in" in the sense that the patient specifies what someone can see, rather than what they cannot see. So this Consent resource means the actor cannot see anything, except the entries in the "except" list. Note - we need one except entry for each privacy label because the FHIR specs state that if multiple security labels are included in one list, then the corresponding data needs to have all those labels, but PKB operates a single-label policy.