Basic Definition

Access policy communicates the limitations and/or requirements that define how a user may gain access to a particular set of data.

Access policy is limited to describing restrictions that respect the privacy and rights of the participants arising from consents, protocols, or other official documents. It should not be used to describe technical requirements for accessing data.

Access policy is defined using a standard set of codes, with one policy per set of codes that apply to a specified portion of the data. Each Access Policy element also includes a free text field that allows for further description of the policy and necessary steps for gaining access.

For Summary-only submissions, Access Policy elements should be included in order to describe the various data use limitations present in the dataset. For submissions which include data and/or participant records, Access Policy should be associated with the participants and data files to appropriately describe the applicable limitations.

Primary Profile Restrictions and Enhancements

• category must be assigned research.
• a meaningful description must be provided using the Access Policy Description extension.
• a provision.purpose must be defined for each distinct research constraint associated with this policy. These codes must be selected from the ValueSet representing the codes found in ResearchDataAccessCodes.
• For those policies that are disease specific, the code, DS, shall be used and must be accompanied by a properly defined Disease Use Limitation.

• Key Elements Table
• Differential Table
• Snapshot Table
• Statistics/References
• All

Name	Flags	Card.	Type	Description & Constraints    Filter: Bindings Constraints Obligations
Consent	C	0..*	Consent	A healthcare consumer's choices to permit or deny recipients or roles to perform actions for specific purposes and periods of time Constraints: ppc-1, ppc-2, ppc-3, ppc-4, ppc-5, completed-consent-code
implicitRules	?!Σ	0..1	uri	A set of rules under which this content was created
Slices for extension		1..*	Extension	Extension Slice: Unordered, Open by value:url
extension:description		0..1	markdown	Descriptive text summarizing the policy restrictions and other details associated with this access provision. URL: https://nih-ncpi.github.io/ncpi-fhir-ig-2/StructureDefinition/access-policy-description
extension:accessType		1..1	CodeableConcept	Type of access restrictions on file downloads ( open | registered | controlled ) URL: https://nih-ncpi.github.io/ncpi-fhir-ig-2/StructureDefinition/access-type Binding: Research Data Access Type Codes (required)
extension:website		0..1	url	URL describing the policy restrictions in detail. URL: https://nih-ncpi.github.io/ncpi-fhir-ig-2/StructureDefinition/research-web-link
modifierExtension	?!	0..*	Extension	Extensions that cannot be ignored
status	?!Σ	1..1	code	draft | proposed | active | rejected | inactive | entered-in-error Binding: ConsentState (required): Indicates the state of the consent.
scope	?!Σ	1..1	CodeableConcept	Which of the four areas this resource covers (extensible) Binding: ConsentScopeCodes (extensible): The four anticipated uses for the Consent Resource.
category	Σ	1..*	CodeableConcept	Classification of the consent statement - for indexing/retrieval Binding: ConsentCategoryCodes (extensible): A classification of the type of consents found in a consent statement. Required Pattern: At least the following
id		0..1	string	Unique id for inter-element referencing
extension		0..*	Extension	Additional content defined by implementations
coding		1..*	Coding	Code defined by a terminology system Fixed Value: (Complex)
id		0..1	string	Unique id for inter-element referencing
extension		0..*	Extension	Additional content defined by implementations
system		1..1	uri	Identity of the terminology system Fixed Value: http://terminology.hl7.org/CodeSystem/consentcategorycodes
version		0..1	string	Version of the system - if relevant
code		1..1	code	Symbol in syntax defined by the system Fixed Value: research
display		1..1	string	Representation defined by the system Fixed Value: Research Information Access
userSelected		0..1	boolean	If this coding was chosen directly by the user
text		0..1	string	Plain text representation of the concept
Documentation for this format

Terminology Bindings

Path	Status	Usage	ValueSet	Version	Source
Consent.status	Base	required	ConsentState	📍4.0.1	FHIR Std.
Consent.scope	Base	extensible	Consent Scope Codes	📍4.0.1	FHIR Std.
Consent.category	Base	extensible	Consent Category Codes	📍4.0.1	FHIR Std.

Constraints

Id	Grade	Path(s)	Description	Expression
completed-consent-code	error	Consent	If category is DS then there must be a ResearchConsentDiseaseAbbreviation	provision.purpose.where(code = 'DS').empty() or provision.extension.where(url='https://nih-ncpi.github.io/ncpi-fhir-ig/StructureDefinition/research-disease-use-limitation').exists()
dom-2	error	Consent	If the resource is contained in another resource, it SHALL NOT contain nested Resources	contained.contained.empty()
dom-3	error	Consent	If the resource is contained in another resource, it SHALL be referred to from elsewhere in the resource or SHALL refer to the containing resource	contained.where((('#'+id in (%resource.descendants().reference | %resource.descendants().as(canonical) | %resource.descendants().as(uri) | %resource.descendants().as(url))) or descendants().where(reference = '#').exists() or descendants().where(as(canonical) = '#').exists() or descendants().where(as(canonical) = '#').exists()).not()).trace('unmatched', id).empty()
dom-4	error	Consent	If a resource is contained in another resource, it SHALL NOT have a meta.versionId or a meta.lastUpdated	contained.meta.versionId.empty() and contained.meta.lastUpdated.empty()
dom-5	error	Consent	If a resource is contained in another resource, it SHALL NOT have a security label	contained.meta.security.empty()
dom-6	best practice	Consent	A resource should have narrative for robust management	text.`div`.exists()
ele-1	error	**ALL** elements	All FHIR elements must have a @value or children	hasValue() or (children().count() > id.count())
ext-1	error	**ALL** extensions	Must have either extensions or value[x], not both	extension.exists() != value.exists()
ppc-1	error	Consent	Either a Policy or PolicyRule	policy.exists() or policyRule.exists()
ppc-2	error	Consent	IF Scope=privacy, there must be a patient	patient.exists() or scope.coding.where(system='something' and code='patient-privacy').exists().not()
ppc-3	error	Consent	IF Scope=research, there must be a patient	patient.exists() or scope.coding.where(system='something' and code='research').exists().not()
ppc-4	error	Consent	IF Scope=adr, there must be a patient	patient.exists() or scope.coding.where(system='something' and code='adr').exists().not()
ppc-5	error	Consent	IF Scope=treatment, there must be a patient	patient.exists() or scope.coding.where(system='something' and code='treatment').exists().not()

This structure is derived from Consent

Name	Flags	Card.	Type	Description & Constraints    Filter: Bindings Constraints Obligations
Consent	C	0..*	Consent	A healthcare consumer's choices to permit or deny recipients or roles to perform actions for specific purposes and periods of time Constraints: completed-consent-code
Slices for extension		1..*	Extension	Extension Slice: Unordered, Open by value:url
extension:description		0..1	markdown	Descriptive text summarizing the policy restrictions and other details associated with this access provision. URL: https://nih-ncpi.github.io/ncpi-fhir-ig-2/StructureDefinition/access-policy-description
extension:accessType		1..1	CodeableConcept	Type of access restrictions on file downloads ( open | registered | controlled ) URL: https://nih-ncpi.github.io/ncpi-fhir-ig-2/StructureDefinition/access-type Binding: Research Data Access Type Codes (required)
extension:website		0..1	url	URL describing the policy restrictions in detail. URL: https://nih-ncpi.github.io/ncpi-fhir-ig-2/StructureDefinition/research-web-link
category		1..*	CodeableConcept	Classification of the consent statement - for indexing/retrieval Required Pattern: At least the following
coding		1..*	Coding	Code defined by a terminology system Fixed Value: (Complex)
system		1..1	uri	Identity of the terminology system Fixed Value: http://terminology.hl7.org/CodeSystem/consentcategorycodes
code		1..1	code	Symbol in syntax defined by the system Fixed Value: research
display		1..1	string	Representation defined by the system Fixed Value: Research Information Access
provision
Slices for extension		0..*	Extension	Extension Slice: Unordered, Open by value:url
extension:diseaseUseLimitation		0..1	CodeableConcept	Consent Code Disease Abbreviation URL: https://nih-ncpi.github.io/ncpi-fhir-ig-2/StructureDefinition/research-disease-use-limitation Binding: MeSH Terms (example)
purpose		0..*	Coding	Context of activities covered by this rule Binding: Research Data Access Codes (extensible)
Documentation for this format

Terminology Bindings (Differential)

Path	Status	Usage	ValueSet	Version	Source
Consent.provision.purpose	Base	extensible	Research Data Access Codes	📦0.2.0	This IG

Constraints

Id	Grade	Path(s)	Description	Expression
completed-consent-code	error	Consent	If category is DS then there must be a ResearchConsentDiseaseAbbreviation	provision.purpose.where(code = 'DS').empty() or provision.extension.where(url='https://nih-ncpi.github.io/ncpi-fhir-ig/StructureDefinition/research-disease-use-limitation').exists()

Name	Flags	Card.	Type	Description & Constraints    Filter: Bindings Constraints Obligations
Consent	C	0..*	Consent	A healthcare consumer's choices to permit or deny recipients or roles to perform actions for specific purposes and periods of time Constraints: ppc-1, ppc-2, ppc-3, ppc-4, ppc-5, completed-consent-code
id	Σ	0..1	id	Logical id of this artifact
meta	Σ	0..1	Meta	Metadata about the resource
implicitRules	?!Σ	0..1	uri	A set of rules under which this content was created
language		0..1	code	Language of the resource content Binding: CommonLanguages (preferred): A human language. Additional Bindings Purpose AllLanguages Max Binding
text		0..1	Narrative	Text summary of the resource, for human interpretation This profile does not constrain the narrative in regard to content, language, or traceability to data elements
contained		0..*	Resource	Contained, inline Resources
Slices for extension		1..*	Extension	Extension Slice: Unordered, Open by value:url
extension:description		0..1	markdown	Descriptive text summarizing the policy restrictions and other details associated with this access provision. URL: https://nih-ncpi.github.io/ncpi-fhir-ig-2/StructureDefinition/access-policy-description
extension:accessType		1..1	CodeableConcept	Type of access restrictions on file downloads ( open | registered | controlled ) URL: https://nih-ncpi.github.io/ncpi-fhir-ig-2/StructureDefinition/access-type Binding: Research Data Access Type Codes (required)
extension:website		0..1	url	URL describing the policy restrictions in detail. URL: https://nih-ncpi.github.io/ncpi-fhir-ig-2/StructureDefinition/research-web-link
modifierExtension	?!	0..*	Extension	Extensions that cannot be ignored
identifier	Σ	0..*	Identifier	Identifier for this record (external references) Example General: {"system":"http://acme.org/identifier/local/eCMS","value":"Local eCMS identifier"}
status	?!Σ	1..1	code	draft | proposed | active | rejected | inactive | entered-in-error Binding: ConsentState (required): Indicates the state of the consent.
scope	?!Σ	1..1	CodeableConcept	Which of the four areas this resource covers (extensible) Binding: ConsentScopeCodes (extensible): The four anticipated uses for the Consent Resource.
category	Σ	1..*	CodeableConcept	Classification of the consent statement - for indexing/retrieval Binding: ConsentCategoryCodes (extensible): A classification of the type of consents found in a consent statement. Required Pattern: At least the following
id		0..1	string	Unique id for inter-element referencing
extension		0..*	Extension	Additional content defined by implementations
coding		1..*	Coding	Code defined by a terminology system Fixed Value: (Complex)
id		0..1	string	Unique id for inter-element referencing
extension		0..*	Extension	Additional content defined by implementations
system		1..1	uri	Identity of the terminology system Fixed Value: http://terminology.hl7.org/CodeSystem/consentcategorycodes
version		0..1	string	Version of the system - if relevant
code		1..1	code	Symbol in syntax defined by the system Fixed Value: research
display		1..1	string	Representation defined by the system Fixed Value: Research Information Access
userSelected		0..1	boolean	If this coding was chosen directly by the user
text		0..1	string	Plain text representation of the concept
patient	Σ	0..1	Reference(Patient)	Who the consent applies to
dateTime	Σ	0..1	dateTime	When this Consent was created or indexed
performer	Σ	0..*	Reference(Organization | Patient | Practitioner | RelatedPerson | PractitionerRole)	Who is agreeing to the policy and rules
organization	Σ	0..*	Reference(Organization)	Custodian of the consent
source[x]	Σ	0..1		Source from which this consent is taken
sourceAttachment			Attachment
sourceReference			Reference(Consent | DocumentReference | Contract | QuestionnaireResponse)
policy		0..*	BackboneElement	Policies covered by this consent
id		0..1	string	Unique id for inter-element referencing
extension		0..*	Extension	Additional content defined by implementations
modifierExtension	?!Σ	0..*	Extension	Extensions that cannot be ignored even if unrecognized
authority	C	0..1	uri	Enforcement source for policy
uri	C	0..1	uri	Specific policy covered by this consent
policyRule	ΣC	0..1	CodeableConcept	Regulation that this consents to Binding: ConsentPolicyRuleCodes (extensible): Regulatory policy examples.
verification	Σ	0..*	BackboneElement	Consent Verified by patient or family
id		0..1	string	Unique id for inter-element referencing
extension		0..*	Extension	Additional content defined by implementations
modifierExtension	?!Σ	0..*	Extension	Extensions that cannot be ignored even if unrecognized
verified	Σ	1..1	boolean	Has been verified
verifiedWith		0..1	Reference(Patient | RelatedPerson)	Person who verified
verificationDate		0..1	dateTime	When consent verified
provision	Σ	0..1	BackboneElement	Constraints to the base Consent.policyRule
id		0..1	string	Unique id for inter-element referencing
Slices for extension		0..*	Extension	Extension Slice: Unordered, Open by value:url
extension:diseaseUseLimitation		0..1	CodeableConcept	Consent Code Disease Abbreviation URL: https://nih-ncpi.github.io/ncpi-fhir-ig-2/StructureDefinition/research-disease-use-limitation Binding: MeSH Terms (example)
modifierExtension	?!Σ	0..*	Extension	Extensions that cannot be ignored even if unrecognized
type	Σ	0..1	code	deny | permit Binding: ConsentProvisionType (required): How a rule statement is applied, such as adding additional consent or removing consent.
period	Σ	0..1	Period	Timeframe for this rule
actor		0..*	BackboneElement	Who|what controlled by this rule (or group, by role)
id		0..1	string	Unique id for inter-element referencing
extension		0..*	Extension	Additional content defined by implementations
modifierExtension	?!Σ	0..*	Extension	Extensions that cannot be ignored even if unrecognized
role		1..1	CodeableConcept	How the actor is involved Binding: SecurityRoleType (extensible): How an actor is involved in the consent considerations.
reference		1..1	Reference(Device | Group | CareTeam | Organization | Patient | Practitioner | RelatedPerson | PractitionerRole)	Resource for the actor (or group, by role)
action	Σ	0..*	CodeableConcept	Actions controlled by this rule Binding: ConsentActionCodes (example): Detailed codes for the consent action.
securityLabel	Σ	0..*	Coding	Security Labels that define affected resources Binding: All Security Labels (extensible): Security Labels from the Healthcare Privacy and Security Classification System.
purpose	Σ	0..*	Coding	Context of activities covered by this rule Binding: Research Data Access Codes (extensible)
class	Σ	0..*	Coding	e.g. Resource Type, Profile, CDA, etc. Binding: ConsentContentClass (extensible): The class (type) of information a consent rule covers.
code	Σ	0..*	CodeableConcept	e.g. LOINC or SNOMED CT code, etc. in the content Binding: ConsentContentCodes (example): If this code is found in an instance, then the exception applies.
dataPeriod	Σ	0..1	Period	Timeframe for data controlled by this rule
data	Σ	0..*	BackboneElement	Data controlled by this rule
id		0..1	string	Unique id for inter-element referencing
extension		0..*	Extension	Additional content defined by implementations
modifierExtension	?!Σ	0..*	Extension	Extensions that cannot be ignored even if unrecognized
meaning	Σ	1..1	code	instance | related | dependents | authoredby Binding: ConsentDataMeaning (required): How a resource reference is interpreted when testing consent restrictions.
reference	Σ	1..1	Reference(Resource)	The actual data reference
provision		0..*	See provision (Consent)	Nested Exception Rules
Documentation for this format

Terminology Bindings

Path	Status	Usage	ValueSet	Version	Source
Consent.language	Base	preferred	Common Languages	📍4.0.1	FHIR Std.
Consent.status	Base	required	ConsentState	📍4.0.1	FHIR Std.
Consent.scope	Base	extensible	Consent Scope Codes	📍4.0.1	FHIR Std.
Consent.category	Base	extensible	Consent Category Codes	📍4.0.1	FHIR Std.
Consent.policyRule	Base	extensible	Consent PolicyRule Codes	📍4.0.1	FHIR Std.
Consent.provision.type	Base	required	ConsentProvisionType	📍4.0.1	FHIR Std.
Consent.provision.actor.​role	Base	extensible	SecurityRoleType	📍4.0.1	FHIR Std.
Consent.provision.action	Base	example	Consent Action Codes	📍4.0.1	FHIR Std.
Consent.provision.securityLabel	Base	extensible	SecurityLabels	📍4.0.1	FHIR Std.
Consent.provision.purpose	Base	extensible	Research Data Access Codes	📦0.2.0	This IG
Consent.provision.class	Base	extensible	Consent Content Class	📍4.0.1	FHIR Std.
Consent.provision.code	Base	example	Consent Content Codes	📍4.0.1	FHIR Std.
Consent.provision.data.​meaning	Base	required	ConsentDataMeaning	📍4.0.1	FHIR Std.

Constraints

Id	Grade	Path(s)	Description	Expression
completed-consent-code	error	Consent	If category is DS then there must be a ResearchConsentDiseaseAbbreviation	provision.purpose.where(code = 'DS').empty() or provision.extension.where(url='https://nih-ncpi.github.io/ncpi-fhir-ig/StructureDefinition/research-disease-use-limitation').exists()
dom-2	error	Consent	If the resource is contained in another resource, it SHALL NOT contain nested Resources	contained.contained.empty()
dom-3	error	Consent	If the resource is contained in another resource, it SHALL be referred to from elsewhere in the resource or SHALL refer to the containing resource	contained.where((('#'+id in (%resource.descendants().reference | %resource.descendants().as(canonical) | %resource.descendants().as(uri) | %resource.descendants().as(url))) or descendants().where(reference = '#').exists() or descendants().where(as(canonical) = '#').exists() or descendants().where(as(canonical) = '#').exists()).not()).trace('unmatched', id).empty()
dom-4	error	Consent	If a resource is contained in another resource, it SHALL NOT have a meta.versionId or a meta.lastUpdated	contained.meta.versionId.empty() and contained.meta.lastUpdated.empty()
dom-5	error	Consent	If a resource is contained in another resource, it SHALL NOT have a security label	contained.meta.security.empty()
dom-6	best practice	Consent	A resource should have narrative for robust management	text.`div`.exists()
ele-1	error	**ALL** elements	All FHIR elements must have a @value or children	hasValue() or (children().count() > id.count())
ext-1	error	**ALL** extensions	Must have either extensions or value[x], not both	extension.exists() != value.exists()
ppc-1	error	Consent	Either a Policy or PolicyRule	policy.exists() or policyRule.exists()
ppc-2	error	Consent	IF Scope=privacy, there must be a patient	patient.exists() or scope.coding.where(system='something' and code='patient-privacy').exists().not()
ppc-3	error	Consent	IF Scope=research, there must be a patient	patient.exists() or scope.coding.where(system='something' and code='research').exists().not()
ppc-4	error	Consent	IF Scope=adr, there must be a patient	patient.exists() or scope.coding.where(system='something' and code='adr').exists().not()
ppc-5	error	Consent	IF Scope=treatment, there must be a patient	patient.exists() or scope.coding.where(system='something' and code='treatment').exists().not()

Key Elements View

Name	Flags	Card.	Type	Description & Constraints    Filter: Bindings Constraints Obligations
Consent	C	0..*	Consent	A healthcare consumer's choices to permit or deny recipients or roles to perform actions for specific purposes and periods of time Constraints: ppc-1, ppc-2, ppc-3, ppc-4, ppc-5, completed-consent-code
implicitRules	?!Σ	0..1	uri	A set of rules under which this content was created
Slices for extension		1..*	Extension	Extension Slice: Unordered, Open by value:url
extension:description		0..1	markdown	Descriptive text summarizing the policy restrictions and other details associated with this access provision. URL: https://nih-ncpi.github.io/ncpi-fhir-ig-2/StructureDefinition/access-policy-description
extension:accessType		1..1	CodeableConcept	Type of access restrictions on file downloads ( open | registered | controlled ) URL: https://nih-ncpi.github.io/ncpi-fhir-ig-2/StructureDefinition/access-type Binding: Research Data Access Type Codes (required)
extension:website		0..1	url	URL describing the policy restrictions in detail. URL: https://nih-ncpi.github.io/ncpi-fhir-ig-2/StructureDefinition/research-web-link
modifierExtension	?!	0..*	Extension	Extensions that cannot be ignored
status	?!Σ	1..1	code	draft | proposed | active | rejected | inactive | entered-in-error Binding: ConsentState (required): Indicates the state of the consent.
scope	?!Σ	1..1	CodeableConcept	Which of the four areas this resource covers (extensible) Binding: ConsentScopeCodes (extensible): The four anticipated uses for the Consent Resource.
category	Σ	1..*	CodeableConcept	Classification of the consent statement - for indexing/retrieval Binding: ConsentCategoryCodes (extensible): A classification of the type of consents found in a consent statement. Required Pattern: At least the following
id		0..1	string	Unique id for inter-element referencing
extension		0..*	Extension	Additional content defined by implementations
coding		1..*	Coding	Code defined by a terminology system Fixed Value: (Complex)
id		0..1	string	Unique id for inter-element referencing
extension		0..*	Extension	Additional content defined by implementations
system		1..1	uri	Identity of the terminology system Fixed Value: http://terminology.hl7.org/CodeSystem/consentcategorycodes
version		0..1	string	Version of the system - if relevant
code		1..1	code	Symbol in syntax defined by the system Fixed Value: research
display		1..1	string	Representation defined by the system Fixed Value: Research Information Access
userSelected		0..1	boolean	If this coding was chosen directly by the user
text		0..1	string	Plain text representation of the concept
Documentation for this format

Terminology Bindings

Path	Status	Usage	ValueSet	Version	Source
Consent.status	Base	required	ConsentState	📍4.0.1	FHIR Std.
Consent.scope	Base	extensible	Consent Scope Codes	📍4.0.1	FHIR Std.
Consent.category	Base	extensible	Consent Category Codes	📍4.0.1	FHIR Std.

Constraints

Id	Grade	Path(s)	Description	Expression
completed-consent-code	error	Consent	If category is DS then there must be a ResearchConsentDiseaseAbbreviation	provision.purpose.where(code = 'DS').empty() or provision.extension.where(url='https://nih-ncpi.github.io/ncpi-fhir-ig/StructureDefinition/research-disease-use-limitation').exists()
dom-2	error	Consent	If the resource is contained in another resource, it SHALL NOT contain nested Resources	contained.contained.empty()
dom-3	error	Consent	If the resource is contained in another resource, it SHALL be referred to from elsewhere in the resource or SHALL refer to the containing resource	contained.where((('#'+id in (%resource.descendants().reference | %resource.descendants().as(canonical) | %resource.descendants().as(uri) | %resource.descendants().as(url))) or descendants().where(reference = '#').exists() or descendants().where(as(canonical) = '#').exists() or descendants().where(as(canonical) = '#').exists()).not()).trace('unmatched', id).empty()
dom-4	error	Consent	If a resource is contained in another resource, it SHALL NOT have a meta.versionId or a meta.lastUpdated	contained.meta.versionId.empty() and contained.meta.lastUpdated.empty()
dom-5	error	Consent	If a resource is contained in another resource, it SHALL NOT have a security label	contained.meta.security.empty()
dom-6	best practice	Consent	A resource should have narrative for robust management	text.`div`.exists()
ele-1	error	**ALL** elements	All FHIR elements must have a @value or children	hasValue() or (children().count() > id.count())
ext-1	error	**ALL** extensions	Must have either extensions or value[x], not both	extension.exists() != value.exists()
ppc-1	error	Consent	Either a Policy or PolicyRule	policy.exists() or policyRule.exists()
ppc-2	error	Consent	IF Scope=privacy, there must be a patient	patient.exists() or scope.coding.where(system='something' and code='patient-privacy').exists().not()
ppc-3	error	Consent	IF Scope=research, there must be a patient	patient.exists() or scope.coding.where(system='something' and code='research').exists().not()
ppc-4	error	Consent	IF Scope=adr, there must be a patient	patient.exists() or scope.coding.where(system='something' and code='adr').exists().not()
ppc-5	error	Consent	IF Scope=treatment, there must be a patient	patient.exists() or scope.coding.where(system='something' and code='treatment').exists().not()

Differential View

This structure is derived from Consent

Name	Flags	Card.	Type	Description & Constraints    Filter: Bindings Constraints Obligations
Consent	C	0..*	Consent	A healthcare consumer's choices to permit or deny recipients or roles to perform actions for specific purposes and periods of time Constraints: completed-consent-code
Slices for extension		1..*	Extension	Extension Slice: Unordered, Open by value:url
extension:description		0..1	markdown	Descriptive text summarizing the policy restrictions and other details associated with this access provision. URL: https://nih-ncpi.github.io/ncpi-fhir-ig-2/StructureDefinition/access-policy-description
extension:accessType		1..1	CodeableConcept	Type of access restrictions on file downloads ( open | registered | controlled ) URL: https://nih-ncpi.github.io/ncpi-fhir-ig-2/StructureDefinition/access-type Binding: Research Data Access Type Codes (required)
extension:website		0..1	url	URL describing the policy restrictions in detail. URL: https://nih-ncpi.github.io/ncpi-fhir-ig-2/StructureDefinition/research-web-link
category		1..*	CodeableConcept	Classification of the consent statement - for indexing/retrieval Required Pattern: At least the following
coding		1..*	Coding	Code defined by a terminology system Fixed Value: (Complex)
system		1..1	uri	Identity of the terminology system Fixed Value: http://terminology.hl7.org/CodeSystem/consentcategorycodes
code		1..1	code	Symbol in syntax defined by the system Fixed Value: research
display		1..1	string	Representation defined by the system Fixed Value: Research Information Access
provision
Slices for extension		0..*	Extension	Extension Slice: Unordered, Open by value:url
extension:diseaseUseLimitation		0..1	CodeableConcept	Consent Code Disease Abbreviation URL: https://nih-ncpi.github.io/ncpi-fhir-ig-2/StructureDefinition/research-disease-use-limitation Binding: MeSH Terms (example)
purpose		0..*	Coding	Context of activities covered by this rule Binding: Research Data Access Codes (extensible)
Documentation for this format

Terminology Bindings (Differential)

Path	Status	Usage	ValueSet	Version	Source
Consent.provision.purpose	Base	extensible	Research Data Access Codes	📦0.2.0	This IG

Constraints

Id	Grade	Path(s)	Description	Expression
completed-consent-code	error	Consent	If category is DS then there must be a ResearchConsentDiseaseAbbreviation	provision.purpose.where(code = 'DS').empty() or provision.extension.where(url='https://nih-ncpi.github.io/ncpi-fhir-ig/StructureDefinition/research-disease-use-limitation').exists()

Snapshot View

Name	Flags	Card.	Type	Description & Constraints    Filter: Bindings Constraints Obligations
Consent	C	0..*	Consent	A healthcare consumer's choices to permit or deny recipients or roles to perform actions for specific purposes and periods of time Constraints: ppc-1, ppc-2, ppc-3, ppc-4, ppc-5, completed-consent-code
id	Σ	0..1	id	Logical id of this artifact
meta	Σ	0..1	Meta	Metadata about the resource
implicitRules	?!Σ	0..1	uri	A set of rules under which this content was created
language		0..1	code	Language of the resource content Binding: CommonLanguages (preferred): A human language. Additional Bindings Purpose AllLanguages Max Binding
text		0..1	Narrative	Text summary of the resource, for human interpretation This profile does not constrain the narrative in regard to content, language, or traceability to data elements
contained		0..*	Resource	Contained, inline Resources
Slices for extension		1..*	Extension	Extension Slice: Unordered, Open by value:url
extension:description		0..1	markdown	Descriptive text summarizing the policy restrictions and other details associated with this access provision. URL: https://nih-ncpi.github.io/ncpi-fhir-ig-2/StructureDefinition/access-policy-description
extension:accessType		1..1	CodeableConcept	Type of access restrictions on file downloads ( open | registered | controlled ) URL: https://nih-ncpi.github.io/ncpi-fhir-ig-2/StructureDefinition/access-type Binding: Research Data Access Type Codes (required)
extension:website		0..1	url	URL describing the policy restrictions in detail. URL: https://nih-ncpi.github.io/ncpi-fhir-ig-2/StructureDefinition/research-web-link
modifierExtension	?!	0..*	Extension	Extensions that cannot be ignored
identifier	Σ	0..*	Identifier	Identifier for this record (external references) Example General: {"system":"http://acme.org/identifier/local/eCMS","value":"Local eCMS identifier"}
status	?!Σ	1..1	code	draft | proposed | active | rejected | inactive | entered-in-error Binding: ConsentState (required): Indicates the state of the consent.
scope	?!Σ	1..1	CodeableConcept	Which of the four areas this resource covers (extensible) Binding: ConsentScopeCodes (extensible): The four anticipated uses for the Consent Resource.
category	Σ	1..*	CodeableConcept	Classification of the consent statement - for indexing/retrieval Binding: ConsentCategoryCodes (extensible): A classification of the type of consents found in a consent statement. Required Pattern: At least the following
id		0..1	string	Unique id for inter-element referencing
extension		0..*	Extension	Additional content defined by implementations
coding		1..*	Coding	Code defined by a terminology system Fixed Value: (Complex)
id		0..1	string	Unique id for inter-element referencing
extension		0..*	Extension	Additional content defined by implementations
system		1..1	uri	Identity of the terminology system Fixed Value: http://terminology.hl7.org/CodeSystem/consentcategorycodes
version		0..1	string	Version of the system - if relevant
code		1..1	code	Symbol in syntax defined by the system Fixed Value: research
display		1..1	string	Representation defined by the system Fixed Value: Research Information Access
userSelected		0..1	boolean	If this coding was chosen directly by the user
text		0..1	string	Plain text representation of the concept
patient	Σ	0..1	Reference(Patient)	Who the consent applies to
dateTime	Σ	0..1	dateTime	When this Consent was created or indexed
performer	Σ	0..*	Reference(Organization | Patient | Practitioner | RelatedPerson | PractitionerRole)	Who is agreeing to the policy and rules
organization	Σ	0..*	Reference(Organization)	Custodian of the consent
source[x]	Σ	0..1		Source from which this consent is taken
sourceAttachment			Attachment
sourceReference			Reference(Consent | DocumentReference | Contract | QuestionnaireResponse)
policy		0..*	BackboneElement	Policies covered by this consent
id		0..1	string	Unique id for inter-element referencing
extension		0..*	Extension	Additional content defined by implementations
modifierExtension	?!Σ	0..*	Extension	Extensions that cannot be ignored even if unrecognized
authority	C	0..1	uri	Enforcement source for policy
uri	C	0..1	uri	Specific policy covered by this consent
policyRule	ΣC	0..1	CodeableConcept	Regulation that this consents to Binding: ConsentPolicyRuleCodes (extensible): Regulatory policy examples.
verification	Σ	0..*	BackboneElement	Consent Verified by patient or family
id		0..1	string	Unique id for inter-element referencing
extension		0..*	Extension	Additional content defined by implementations
modifierExtension	?!Σ	0..*	Extension	Extensions that cannot be ignored even if unrecognized
verified	Σ	1..1	boolean	Has been verified
verifiedWith		0..1	Reference(Patient | RelatedPerson)	Person who verified
verificationDate		0..1	dateTime	When consent verified
provision	Σ	0..1	BackboneElement	Constraints to the base Consent.policyRule
id		0..1	string	Unique id for inter-element referencing
Slices for extension		0..*	Extension	Extension Slice: Unordered, Open by value:url
extension:diseaseUseLimitation		0..1	CodeableConcept	Consent Code Disease Abbreviation URL: https://nih-ncpi.github.io/ncpi-fhir-ig-2/StructureDefinition/research-disease-use-limitation Binding: MeSH Terms (example)
modifierExtension	?!Σ	0..*	Extension	Extensions that cannot be ignored even if unrecognized
type	Σ	0..1	code	deny | permit Binding: ConsentProvisionType (required): How a rule statement is applied, such as adding additional consent or removing consent.
period	Σ	0..1	Period	Timeframe for this rule
actor		0..*	BackboneElement	Who|what controlled by this rule (or group, by role)
id		0..1	string	Unique id for inter-element referencing
extension		0..*	Extension	Additional content defined by implementations
modifierExtension	?!Σ	0..*	Extension	Extensions that cannot be ignored even if unrecognized
role		1..1	CodeableConcept	How the actor is involved Binding: SecurityRoleType (extensible): How an actor is involved in the consent considerations.
reference		1..1	Reference(Device | Group | CareTeam | Organization | Patient | Practitioner | RelatedPerson | PractitionerRole)	Resource for the actor (or group, by role)
action	Σ	0..*	CodeableConcept	Actions controlled by this rule Binding: ConsentActionCodes (example): Detailed codes for the consent action.
securityLabel	Σ	0..*	Coding	Security Labels that define affected resources Binding: All Security Labels (extensible): Security Labels from the Healthcare Privacy and Security Classification System.
purpose	Σ	0..*	Coding	Context of activities covered by this rule Binding: Research Data Access Codes (extensible)
class	Σ	0..*	Coding	e.g. Resource Type, Profile, CDA, etc. Binding: ConsentContentClass (extensible): The class (type) of information a consent rule covers.
code	Σ	0..*	CodeableConcept	e.g. LOINC or SNOMED CT code, etc. in the content Binding: ConsentContentCodes (example): If this code is found in an instance, then the exception applies.
dataPeriod	Σ	0..1	Period	Timeframe for data controlled by this rule
data	Σ	0..*	BackboneElement	Data controlled by this rule
id		0..1	string	Unique id for inter-element referencing
extension		0..*	Extension	Additional content defined by implementations
modifierExtension	?!Σ	0..*	Extension	Extensions that cannot be ignored even if unrecognized
meaning	Σ	1..1	code	instance | related | dependents | authoredby Binding: ConsentDataMeaning (required): How a resource reference is interpreted when testing consent restrictions.
reference	Σ	1..1	Reference(Resource)	The actual data reference
provision		0..*	See provision (Consent)	Nested Exception Rules
Documentation for this format

Terminology Bindings

Path	Status	Usage	ValueSet	Version	Source
Consent.language	Base	preferred	Common Languages	📍4.0.1	FHIR Std.
Consent.status	Base	required	ConsentState	📍4.0.1	FHIR Std.
Consent.scope	Base	extensible	Consent Scope Codes	📍4.0.1	FHIR Std.
Consent.category	Base	extensible	Consent Category Codes	📍4.0.1	FHIR Std.
Consent.policyRule	Base	extensible	Consent PolicyRule Codes	📍4.0.1	FHIR Std.
Consent.provision.type	Base	required	ConsentProvisionType	📍4.0.1	FHIR Std.
Consent.provision.actor.​role	Base	extensible	SecurityRoleType	📍4.0.1	FHIR Std.
Consent.provision.action	Base	example	Consent Action Codes	📍4.0.1	FHIR Std.
Consent.provision.securityLabel	Base	extensible	SecurityLabels	📍4.0.1	FHIR Std.
Consent.provision.purpose	Base	extensible	Research Data Access Codes	📦0.2.0	This IG
Consent.provision.class	Base	extensible	Consent Content Class	📍4.0.1	FHIR Std.
Consent.provision.code	Base	example	Consent Content Codes	📍4.0.1	FHIR Std.
Consent.provision.data.​meaning	Base	required	ConsentDataMeaning	📍4.0.1	FHIR Std.

Constraints

Id	Grade	Path(s)	Description	Expression
completed-consent-code	error	Consent	If category is DS then there must be a ResearchConsentDiseaseAbbreviation	provision.purpose.where(code = 'DS').empty() or provision.extension.where(url='https://nih-ncpi.github.io/ncpi-fhir-ig/StructureDefinition/research-disease-use-limitation').exists()
dom-2	error	Consent	If the resource is contained in another resource, it SHALL NOT contain nested Resources	contained.contained.empty()
dom-3	error	Consent	If the resource is contained in another resource, it SHALL be referred to from elsewhere in the resource or SHALL refer to the containing resource	contained.where((('#'+id in (%resource.descendants().reference | %resource.descendants().as(canonical) | %resource.descendants().as(uri) | %resource.descendants().as(url))) or descendants().where(reference = '#').exists() or descendants().where(as(canonical) = '#').exists() or descendants().where(as(canonical) = '#').exists()).not()).trace('unmatched', id).empty()
dom-4	error	Consent	If a resource is contained in another resource, it SHALL NOT have a meta.versionId or a meta.lastUpdated	contained.meta.versionId.empty() and contained.meta.lastUpdated.empty()
dom-5	error	Consent	If a resource is contained in another resource, it SHALL NOT have a security label	contained.meta.security.empty()
dom-6	best practice	Consent	A resource should have narrative for robust management	text.`div`.exists()
ele-1	error	**ALL** elements	All FHIR elements must have a @value or children	hasValue() or (children().count() > id.count())
ext-1	error	**ALL** extensions	Must have either extensions or value[x], not both	extension.exists() != value.exists()
ppc-1	error	Consent	Either a Policy or PolicyRule	policy.exists() or policyRule.exists()
ppc-2	error	Consent	IF Scope=privacy, there must be a patient	patient.exists() or scope.coding.where(system='something' and code='patient-privacy').exists().not()
ppc-3	error	Consent	IF Scope=research, there must be a patient	patient.exists() or scope.coding.where(system='something' and code='research').exists().not()
ppc-4	error	Consent	IF Scope=adr, there must be a patient	patient.exists() or scope.coding.where(system='something' and code='adr').exists().not()
ppc-5	error	Consent	IF Scope=treatment, there must be a patient	patient.exists() or scope.coding.where(system='something' and code='treatment').exists().not()

This structure is derived from Consent

Summary

Mandatory: 2 elements

Extensions

This structure refers to these extensions:

• https://nih-ncpi.github.io/ncpi-fhir-ig-2/StructureDefinition/access-policy-description
• https://nih-ncpi.github.io/ncpi-fhir-ig-2/StructureDefinition/access-type
• https://nih-ncpi.github.io/ncpi-fhir-ig-2/StructureDefinition/research-web-link
• https://nih-ncpi.github.io/ncpi-fhir-ig-2/StructureDefinition/research-disease-use-limitation

While the standard FHIR R4 Consent is intended to be directly associated with a particular patient, given the nature of research access control policies, this profile is intended to be instantiated once and associated with a number of patients (TBD).