FHIR Chat · Use of Consent · Security and Privacy

Stream: Security and Privacy

Topic: Use of Consent

view this post on Zulip Grahame Grieve (Apr 11 2018 at 19:34):

@Willy Giese is asking me about whether anyone has used Consent enough to write some kind of validation engine to check that the rules in a single Consent make sense. @John Moehrke @Duane Decouteau @David Pyke - thanks

view this post on Zulip David Pyke (Apr 11 2018 at 19:40):

I'll ask around to some who may not be part of the FHIR zulip

view this post on Zulip Grahame Grieve (Apr 11 2018 at 19:48):

thx

view this post on Zulip Grahame Grieve (Apr 11 2018 at 19:48):

btw I wrote this as an example for a FHIR workshop in Chile earlier today:

view this post on Zulip Grahame Grieve (Apr 11 2018 at 19:48):

<!--

A consent statement from a minor granting her mother access
to her medical records, bar any information related to sexual activity

-->
<Consent xmlns="http://hl7.org/fhir">

  <!-- this is active -->
  <status value="active"/>

  <!-- scope/category, for indexing purposes only -->
  <scope>
    <coding>
      <system value="http://hl7.org/fhir/consentscope"/>
      <code value="patient-privacy"/>
  </scope>
  <category>
    <coding>
      <system value="http://hl7.org/fhir/v3/ActCode"/>
      <code value="INFA"/>
      <display value="information access"/>
    </coding>
  </category>

  <!-- this consent relates to the sharing of records for Amy, the daughter -->
  <patient>
    <reference value="Patient/3423434"/>
    <display value="Amy YoungPerson, dob 23-Oct 2003"/>
  </patient>
  <dateTime value="2018-04-012T11:56:0+04:00"/>

  <!-- this consent is made by Amy, the daughter -->
  <performer>
    <reference value="Patient/3423434"/>
  </performer>

  <!-- the consent is made with Good Health Hospital -->
  <organization>
    <reference value="Organization/2.16.840.1.113883.19.5"/>
  </organization>

  <!-- this consent specifically relates to the policies
  published by Australia that control parental access to a
  teenager's health record -->
  <policy>
    <authority value="http://health.gov.au"/>
    <uri value="http://health.gov.au/policies/teenage-access"/>
  </policy>

  <!-- this is *not* verified by family! <verification> -->

  <!-- General provision: mother has access to the record, ongoing -->
  <provision>
    <type value="permit"/>

    <actor>
      <role>
        <coding>
          <system value="http://hl7.org/fhir/v3/ParticipationType"/>
          <code value="IRCP"/>
          <display value="information recipient"/>
        </coding>
      </role>
      <reference>
        <reference value="RelatedPerson/3423434-23"/>
      </reference>
    </actor>
    <!-- mother can access the child's record, but not modify it -->
    <action>
      <coding>
        <system value="http://hl7.org/fhir/consentaction"/>
        <code value="access"/>
        <display value="Access"/>
      </coding>
    </action>
    <!-- qualification to the provision: nothing relating to sexual activity -->
    <provision>
      <type value="deny"/>

      <!-- Note: this assumes that appropriate security labelling is actually happening -->
      <securityLabel>
        <system value="http://hl7.org/fhir/v3/ActCode"/>
        <code value="SEX"/>
        <display value="sexuality and reproductive health information sensitivity"/>
      </securityLabel>
    </provision>
  </provision>
</Consent>\

Last updated: Apr 12 2022 at 19:14 UTC


An HL7 Website -