Stream: implementers
Topic: Consent for things other than patient
Brian Postlethwaite (Dec 14 2017 at 14:19):
The consent resource is currently not usable for anything other than patient.
So it can't be used to provide consent to access other data (such as restricted content related to an organization or worker)
Brian Postlethwaite (Dec 14 2017 at 15:13):
The consent.verfication.verifiedWith doesn't permit a Practitioner, or Organization to be referenced
Do others think this is a miss (will then log a change request)
John Moehrke (Dec 14 2017 at 15:22):
The Consent resource is designed to handle Consent. It is not a general purpose access-control-rules resource. To this scope, the Consent is to be used for all kinds of consent including consent to treat, consent to advanced directives, consent to participate , etc...
John Moehrke (Dec 14 2017 at 15:23):
The use-case you identify seems more like a normal OAuth flow... These kind of rules don't often need to be described in an interoperable way, just the results of an authorization decision. Which is the model OAuth uses.
John Moehrke (Dec 14 2017 at 15:23):
Possibly a Contract resource could be used if you really need something in FHIR for this.
Brian Postlethwaite (Dec 14 2017 at 15:33):
Its metadata tags on content to indicate how it should be shared, and to what type of person (not actual person) essentially what you have in consent.
These 2 restrictions on it are the only 2 things making it not work for me.
I'm almost done updating the IG to show how we planned to use it.
(rather than creating another new resource which essentially has the same stuff in it)
Brian Postlethwaite (Dec 14 2017 at 15:39):
http://build.fhir.org/ig/HL7/VhDir/StructureDefinition-usage-restriction.html
This is the current (non consent) based definition (which is currently modeled as a complex extension in this IG)
Update will be coming tomorrow - on R4 - once its !@#$ building
Last updated: Apr 12 2022 at 19:14 UTC
