FHIR R4 Consent Library

Overview

This asset is a component of MuleSoft Accelerator for Healthcare.

MuleSoft Accelerator for Healthcare enables healthcare providers to unlock critical patient data to build a patient 360 within Salesforce Health Cloud, faster and easier than ever before. The solution includes pre-built APIs, connectors, integration templates, and a prescriptive end-to-end reference architecture to bring patient demographics information and COVID-19 test results from any EHR into Health Cloud using HL7 V2 or FHIR standards.

The solution also provides a library of United States Core Data for Interoperability (USCDI) and FHIR R4 resources to help healthcare developers adhere to interoperability needs and jumpstart the development of healthcare digital transformation initiatives.

Use case covered

The purpose of this Resource is to be used to express a Consent regarding Healthcare. There are four anticipated uses for the Consent Resource, all of which are written or verbal agreements by a healthcare consumer [grantor] or a personal representative, made to an authorized entity [grantee] concerning authorized or restricted actions with any limitations on purpose of use, and handling instructions to which the authorized entity must comply:

• Privacy Consent Directive: Agreement to collect, access, use or disclose (share) information.
• Medical Treatment Consent Directive: Consent to undergo a specific treatment (or record of refusal to consent).
• Research Consent Directive: Consent to participate in research protocol and information sharing required.
• Advance Care Directives: Consent to instructions for potentially needed medical treatment (e.g. DNR).

This resource is scoped to cover all four uses, but at this time, only the privacy use case is modeled. The scope of the resource may change when the other possible scopes are investigated, tested, or profiled.

A FHIR Consent Directive instance is considered the encoded legally binding Consent Directive if it meets requirements of a policy domain requirements for an enforceable contract. In some domains, electronic signatures of one or both of the parties to the content of an encoded representation of a Consent Form is deemed to constitute a legally binding Consent Directive. Some domains accept a notary’s electronic signature over the wet or electronic signature of a party to the Consent Directive as the additional identity proofing required to make an encoded Consent Directive legally binding. Other domains may only accept a wet signature or might not require the parties’ signatures at all.

Whatever the criteria are for making an encoded FHIR Consent Directive legally binding, anything less than a legally binding representation of a Consent Directive must be identified as such, i.e., as a derivative of the legally binding Consent Directive, which has specific usage in Consent Directive workflow management.

Definitions:

Consent	The record of a healthcare consumer’s policy choices, which permits or denies identified recipient(s) or recipient role(s) to perform one or more actions within a given policy context, for specific purposes and periods of time
Consent Directive	The legal record of a healthcare consumer's agreement with a party responsible for enforcing the consumer’s choices, which permits or denies identified actors or roles to perform actions affecting the consumer within a given context for specific purposes and periods of time
Consent Form	Human readable consent content describing one or more actions impacting the grantor for which the grantee would be authorized or prohibited from performing. It includes the terms, rules, and conditions pertaining to the authorization or restrictions, such as effective time, applicability or scope, purposes of use, obligations and prohibitions to which the grantee must comply. Once a Consent Form is "executed" by means required by policy, such as verbal agreement, wet signature, or electronic/digital signature, it becomes a legally binding Consent Directive.
Consent Directive Derivative	Consent Content that conveys the minimal set of information needed to manage Consent Directive workflow, including providing Consent Directive content sufficient to: Represent a Consent Directive Register or index a Consent Directive Query and respond about a Consent Directive Retrieve a Consent Directive Notify authorized entities about Consent Directive status changes Determine entities authorized to collect, access, use or disclose information about the Consent Directive or about the information governed by the Consent Directive. Derived Consent content includes the Security Labels encoding the applicable privacy and security policies. Consent Security Labels inform recipients about specific access control measures required for compliance.
Consent Statement	A Consent Directive derivative has less than full fidelity to the legally binding Consent Directive from which it was "transcribed". It provides recipients with the full content representation they may require for compliance purposes, and typically include a reference to or an attached unstructured representation for recipients needing an exact copy of the legal agreement.
Consent Registration	The legal record of a healthcare consumer's agreement with a party responsible for enforcing the consumer’s choices, which permits or denies identified actors or roles to perform actions affecting the consumer within a given context for specific purposes and periods of timeA Consent Directive derivative that conveys the minimal set of information needed to register an active and revoked Consent Directive, or to update Consent status as it changes during its lifecycle.
Consent Query/Response Types	The FHIR Consent Resource specifies multiple Consent Search parameters, which support many types of queries for Consent Resource content. There are several Query/Response patterns that are typically used for obtaining information about consent directive content for the following use cases: Find Active Consent Directive: A query that includes sufficient consent directive content to determine whether a specific party is authorized to share information governed by a consent directive with another specific party. The Response is either: "Yes" meaning that both parties are authorized to share the information with one another. "No" meaning that the authorized querier is not permitted to share with another specific party "No information found" meaning that there is no active Consent Directive in which the querier is authorized to share the governed information. Find Consent Directive Authorized Entities: A query that includes sufficient consent directive content to return a list of entities with which the querier is authorized to share governed information. The response to an authorized querier is the list of any authorized entities with which the querier is permitted to share governed information. The response to an unauthorized querier is that "no information is found". Find Consent Directive(s): A query that includes sufficient consent directive content to return a list of Consent Directive metadata for an authorized querier to determine what Consent Directives are available, and to locate and retrieve one or more of those Consent Directives as needed.
Policy context	Any organizational or jurisdictional policies, which may limit the consumer’s policy choices, and which includes the named range of actions allowed
Healthcare Consumer	The individual establishing his/her personal consent (i.e. Consenter). In FHIR, this is referred to as the 'Patient' though this word is not used across all contexts of care

This library is used in FHIR R4 Consent API.

More information about FHIR R4 Consent specification can be found here.