Summary
Request & Response
Diagnostics
Care Provision
Medications
Workflow
Entities
Management
Individuals
General
Billing
Support
Payment
Security
Other
Conformance
Terminology
Documents
Definitional Artifacts
Medication Definition
Evidence-Based Medicine
Quality Reporting & Testing
Public Health & Research
Complex
Primitive
ActivityDefinition
CanonicalResource
CapabilityStatement
ChargeItemDefinition
Claim
CodeSystem
Composition
ConceptMap
CoverageEligibilityRequest
DocumentReference
Encounter
EpisodeOfCare
Group
Library
List
Measure
MedicinalProductDefinition
MessageHeader
NamingSystem
Observation
Patient
PlanDefinition
Resource
SpecimenDefinition
StructureDefinition
StructureMap
Subscription
ValueSet
default
Permission resource holds access rules for a given data and context.
Permission
Path
Permission
Id
Permission
Cardinality
0 - *
Definition
Permission resource holds access rules for a given data and context.
Comment
Constraint
dom-2 [error]
If the resource is contained in another resource, it SHALL NOT contain nested Resources
dom-3 [error]
If the resource is contained in another resource, it SHALL be referred to from elsewhere in the resource or SHALL refer to the containing resource
dom-4 [error]
If a resource is contained in another resource, it SHALL NOT have a meta.versionId or a meta.lastUpdated
dom-5 [error]
If a resource is contained in another resource, it SHALL NOT have a security label
dom-6 [warning]
A resource should have narrative for robust management
Path
Permission.status
Id
Permission.status
Type
Cardinality
1 - 1
Definition
Status.
Comment
Binding
Strength
required
Description
Codes identifying the lifecycle stage of a product.
ValueSet
Constraint
ele-1 [error]
All FHIR elements must have a @value or children
Path
Permission.asserter
Id
Permission.asserter
Type
Cardinality
0 - 1
Definition
The person or entity that asserts the permission.
Comment
Constraint
ele-1 [error]
All FHIR elements must have a @value or children
Path
Permission.asserter.Reference.reference
Id
Reference.reference
Type
Cardinality
0 - 1
Definition
A reference to a location at which the other resource is found. The reference may be a relative reference, in which case it is relative to the service base URL, or an absolute URL that resolves to the location where the resource is found. The reference may be version specific or not. If the reference is not to a FHIR RESTful server, then it should be assumed to be version specific. Internal fragment references (start with '#') refer to contained resources.
Comment
Using absolute URLs provides a stable scalable approach suitable for a cloud/web context, while using relative/logical references provides a flexible approach suitable for use when trading across closed eco-system boundaries. Absolute URLs do not need to point to a FHIR RESTful server, though this is the preferred approach. If the URL conforms to the structure "[type]/[id]" then it should be assumed that the reference is to a FHIR RESTful server.
Constraint
ele-1 [error]
All FHIR elements must have a @value or children
Condition
ref-2
ref-1
Path
Permission.asserter.Reference.type
Id
Reference.type
Type
Cardinality
0 - 1
Definition
The expected type of the target of the reference. If both Reference.type and Reference.reference are populated and Reference.reference is a FHIR URL, both SHALL be consistent.
The type is the Canonical URL of Resource Definition that is the type this reference refers to. References are URLs that are relative to http://hl7.org/fhir/StructureDefinition/ e.g. "Patient" is a reference to http://hl7.org/fhir/StructureDefinition/Patient. Absolute URLs are only allowed for logical models (and can only be used in references in logical models, not resources).
Comment
This element is used to indicate the type of the target of the reference. This may be used which ever of the other elements are populated (or not). In some cases, the type of the target may be determined by inspection of the reference (e.g. a known RESTful URL) or by resolving the target of the reference.
Binding
Strength
extensible
Description
Aa resource (or, for logical models, the URI of the logical model).
ValueSet
Constraint
ele-1 [error]
All FHIR elements must have a @value or children
Path
Permission.asserter.Reference.identifier
Id
Reference.identifier
Type
Cardinality
0 - 1
Definition
An identifier for the target resource. This is used when there is no way to reference the other resource directly, either because the entity it represents is not available through a FHIR server, or because there is no way for the author of the resource to convert a known identifier to an actual location. There is no requirement that a Reference.identifier point to something that is actually exposed as a FHIR instance, but it SHALL point to a business concept that would be expected to be exposed as a FHIR instance, and that instance would need to be of a FHIR resource type allowed by the reference.
Comment
When an identifier is provided in place of a reference, any system processing the reference will only be able to resolve the identifier to a reference if it understands the business context in which the identifier is used. Sometimes this is global (e.g. a national identifier) but often it is not. For this reason, none of the useful mechanisms described for working with references (e.g. chaining, includes) are possible, nor should servers be expected to be able resolve the reference. Servers may accept an identifier based reference untouched, resolve it, and/or reject it - see CapabilityStatement.rest.resource.referencePolicy.
When both an identifier and a literal reference are provided, the literal reference is preferred. Applications processing the resource are allowed - but not required - to check that the identifier matches the literal reference
Applications converting a logical reference to a literal reference may choose to leave the logical reference present, or remove it.
Reference is intended to point to a structure that can potentially be expressed as a FHIR resource, though there is no need for it to exist as an actual FHIR resource instance - except in as much as an application wishes to actual find the target of the reference. The content referred to be the identifier must meet the logical constraints implied by any limitations on what resource types are permitted for the reference. For example, it would not be legitimate to send the identifier for a drug prescription if the type were Reference(Observation|DiagnosticReport). One of the use-cases for Reference.identifier is the situation where no FHIR representation exists (where the type is Reference (Any).
This element only allows for a single identifier. In the case where additional identifers are required, use the [http://hl7.org/fhir/StructureDefinition/additionalIdentifier](http://hl7.org/fhir/extensions/StructureDefinition-additionalIdentifier.html) extension.
Constraint
ele-1 [error]
All FHIR elements must have a @value or children
Condition
ref-2
Path
Permission.asserter.Reference.identifier.Identifier.use
Id
Identifier.use
Type
Cardinality
0 - 1
Definition
The purpose of this identifier.
Comment
Applications can assume that an identifier is permanent unless it explicitly says that it is temporary.
Requirements
Allows the appropriate identifier for a particular context of use to be selected from among a set of identifiers.
Binding
Strength
required
Description
Identifies the purpose for this identifier, if known .
ValueSet
Constraint
ele-1 [error]
All FHIR elements must have a @value or children
Path
Permission.asserter.Reference.identifier.Identifier.type
Id
Identifier.type
Type
Cardinality
0 - 1
Definition
A coded type for the identifier that can be used to determine which identifier to use for a specific purpose.
Comment
This element deals only with general categories of identifiers. It SHOULD not be used for codes that correspond 1..1 with the Identifier.system. Some identifiers may fall into multiple categories due to common usage. Where the system is known, a type is unnecessary because the type is always part of the system definition. However systems often need to handle identifiers where the system is not known. There is not a 1:1 relationship between type and system, since many different systems have the same type.
Requirements
Allows users to make use of identifiers when the identifier system is not known.
Binding
Strength
extensible
Description
A coded type for an identifier that can be used to determine which identifier to use for a specific purpose.
ValueSet
Constraint
ele-1 [error]
All FHIR elements must have a @value or children
Path
Permission.asserter.Reference.identifier.Identifier.type.CodeableConcept.coding
Id
CodeableConcept.coding
Type
Cardinality
0 - *
Definition
A reference to a code defined by a terminology system.
Comment
Codes may be defined very casually in enumerations, or code lists, up to very formal definitions such as SNOMED CT - see the HL7 v3 Core Principles for more information. Ordering of codings is undefined and SHALL NOT be used to infer meaning. Generally, at most only one of the coding values will be labeled as UserSelected = true.
Requirements
Allows for alternative encodings within a code system, and translations to other code systems.
Constraint
ele-1 [error]
All FHIR elements must have a @value or children
Path
Permission.asserter.Reference.identifier.Identifier.system
Id
Identifier.system
Type
Cardinality
0 - 1
Definition
Establishes the namespace for the value - that is, an absolute URL that describes a set values that are unique.
Comment
Identifier.system is always case sensitive.
Requirements
There are many sets of identifiers. To perform matching of two identifiers, we need to know what set we're dealing with. The system identifies a particular set of unique identifiers.
Constraint
ele-1 [error]
All FHIR elements must have a @value or children
Path
Permission.asserter.Reference.identifier.Identifier.value
Id
Identifier.value
Type
Cardinality
0 - 1
Definition
The portion of the identifier typically relevant to the user and which is unique within the context of the system.
Comment
If the value is a full URI, then the system SHALL be urn:ietf:rfc:3986. The value's primary purpose is computational mapping. As a result, it may be normalized for comparison purposes (e.g. removing non-significant whitespace, dashes, etc.) A value formatted for human display can be conveyed using the [http://hl7.org/fhir/StructureDefinition/rendered-value](http://hl7.org/fhir/extensions/StructureDefinition-rendered-value.html)). Identifier.value is to be treated as case sensitive unless knowledge of the Identifier.system allows the processer to be confident that non-case-sensitive processing is safe.
Constraint
ele-1 [error]
All FHIR elements must have a @value or children
Condition
ident-1
Path
Permission.asserter.Reference.identifier.Identifier.period
Id
Identifier.period
Type
Cardinality
0 - 1
Definition
Time period during which identifier is/was valid for use.
Comment
Constraint
ele-1 [error]
All FHIR elements must have a @value or children
Path
Permission.asserter.Reference.identifier.Identifier.period.Period.start
Id
Period.start
Type
Cardinality
0 - 1
Definition
The start of the period. The boundary is inclusive.
Comment
If the low element is missing, the meaning is that the low boundary is not known.
Constraint
ele-1 [error]
All FHIR elements must have a @value or children
Condition
per-1
Path
Permission.asserter.Reference.identifier.Identifier.period.Period.end
Id
Period.end
Type
Cardinality
0 - 1
Definition
The end of the period. If the end of the period is missing, it means no end was known or planned at the time the instance was created. The start may be in the past, and the end date in the future, which means that period is expected/planned to end at that time.
Comment
The end value includes any matching date/time. i.e. 2012-02-03T10:00:00 is in a period that has an end value of 2012-02-03.
Constraint
ele-1 [error]
All FHIR elements must have a @value or children
Condition
per-1
Path
Permission.asserter.Reference.identifier.Identifier.assigner
Id
Identifier.assigner
Type
Cardinality
0 - 1
Definition
Organization that issued/manages the identifier.
Comment
The Identifier.assigner may omit the .reference element and only contain a .display element reflecting the name or other textual information about the assigning organization.
Constraint
ele-1 [error]
All FHIR elements must have a @value or children
Path
Permission.asserter.Reference.identifier.Identifier.assigner.Reference.reference
Id
Reference.reference
Type
Cardinality
0 - 1
Definition
A reference to a location at which the other resource is found. The reference may be a relative reference, in which case it is relative to the service base URL, or an absolute URL that resolves to the location where the resource is found. The reference may be version specific or not. If the reference is not to a FHIR RESTful server, then it should be assumed to be version specific. Internal fragment references (start with '#') refer to contained resources.
Comment
Using absolute URLs provides a stable scalable approach suitable for a cloud/web context, while using relative/logical references provides a flexible approach suitable for use when trading across closed eco-system boundaries. Absolute URLs do not need to point to a FHIR RESTful server, though this is the preferred approach. If the URL conforms to the structure "[type]/[id]" then it should be assumed that the reference is to a FHIR RESTful server.
Constraint
ele-1 [error]
All FHIR elements must have a @value or children
Condition
ref-2
ref-1
Path
Permission.asserter.Reference.identifier.Identifier.assigner.Reference.type
Id
Reference.type
Type
Cardinality
0 - 1
Definition
The expected type of the target of the reference. If both Reference.type and Reference.reference are populated and Reference.reference is a FHIR URL, both SHALL be consistent.
The type is the Canonical URL of Resource Definition that is the type this reference refers to. References are URLs that are relative to http://hl7.org/fhir/StructureDefinition/ e.g. "Patient" is a reference to http://hl7.org/fhir/StructureDefinition/Patient. Absolute URLs are only allowed for logical models (and can only be used in references in logical models, not resources).
Comment
This element is used to indicate the type of the target of the reference. This may be used which ever of the other elements are populated (or not). In some cases, the type of the target may be determined by inspection of the reference (e.g. a known RESTful URL) or by resolving the target of the reference.
Binding
Strength
extensible
Description
Aa resource (or, for logical models, the URI of the logical model).
ValueSet
Constraint
ele-1 [error]
All FHIR elements must have a @value or children
Path
Permission.asserter.Reference.identifier.Identifier.assigner.Reference.identifier
Id
Reference.identifier
Type
Cardinality
0 - 1
Definition
An identifier for the target resource. This is used when there is no way to reference the other resource directly, either because the entity it represents is not available through a FHIR server, or because there is no way for the author of the resource to convert a known identifier to an actual location. There is no requirement that a Reference.identifier point to something that is actually exposed as a FHIR instance, but it SHALL point to a business concept that would be expected to be exposed as a FHIR instance, and that instance would need to be of a FHIR resource type allowed by the reference.
Comment
When an identifier is provided in place of a reference, any system processing the reference will only be able to resolve the identifier to a reference if it understands the business context in which the identifier is used. Sometimes this is global (e.g. a national identifier) but often it is not. For this reason, none of the useful mechanisms described for working with references (e.g. chaining, includes) are possible, nor should servers be expected to be able resolve the reference. Servers may accept an identifier based reference untouched, resolve it, and/or reject it - see CapabilityStatement.rest.resource.referencePolicy.
When both an identifier and a literal reference are provided, the literal reference is preferred. Applications processing the resource are allowed - but not required - to check that the identifier matches the literal reference
Applications converting a logical reference to a literal reference may choose to leave the logical reference present, or remove it.
Reference is intended to point to a structure that can potentially be expressed as a FHIR resource, though there is no need for it to exist as an actual FHIR resource instance - except in as much as an application wishes to actual find the target of the reference. The content referred to be the identifier must meet the logical constraints implied by any limitations on what resource types are permitted for the reference. For example, it would not be legitimate to send the identifier for a drug prescription if the type were Reference(Observation|DiagnosticReport). One of the use-cases for Reference.identifier is the situation where no FHIR representation exists (where the type is Reference (Any).
This element only allows for a single identifier. In the case where additional identifers are required, use the [http://hl7.org/fhir/StructureDefinition/additionalIdentifier](http://hl7.org/fhir/extensions/StructureDefinition-additionalIdentifier.html) extension.
Constraint
ele-1 [error]
All FHIR elements must have a @value or children
Condition
ref-2
Path
Permission.asserter.Reference.identifier.Identifier.assigner.Reference.display
Id
Reference.display
Type
Cardinality
0 - 1
Definition
Plain text narrative that identifies the resource in addition to the resource reference.
Comment
This is generally not the same as the Resource.text of the referenced resource. The purpose is to identify what's being referenced, not to fully describe it.
Constraint
ele-1 [error]
All FHIR elements must have a @value or children
Condition
ref-2
Path
Permission.asserter.Reference.display
Id
Reference.display
Type
Cardinality
0 - 1
Definition
Plain text narrative that identifies the resource in addition to the resource reference.
Comment
This is generally not the same as the Resource.text of the referenced resource. The purpose is to identify what's being referenced, not to fully describe it.
Constraint
ele-1 [error]
All FHIR elements must have a @value or children
Condition
ref-2
Path
Permission.date
Id
Permission.date
Type
Cardinality
0 - *
Definition
The date that permission was asserted.
Comment
Constraint
ele-1 [error]
All FHIR elements must have a @value or children
Path
Permission.validity
Id
Permission.validity
Type
Cardinality
0 - 1
Definition
The period in which the permission is active.
Comment
Constraint
ele-1 [error]
All FHIR elements must have a @value or children
Path
Permission.validity.Period.start
Id
Period.start
Type
Cardinality
0 - 1
Definition
The start of the period. The boundary is inclusive.
Comment
If the low element is missing, the meaning is that the low boundary is not known.
Constraint
ele-1 [error]
All FHIR elements must have a @value or children
Condition
per-1
Path
Permission.validity.Period.end
Id
Period.end
Type
Cardinality
0 - 1
Definition
The end of the period. If the end of the period is missing, it means no end was known or planned at the time the instance was created. The start may be in the past, and the end date in the future, which means that period is expected/planned to end at that time.
Comment
The end value includes any matching date/time. i.e. 2012-02-03T10:00:00 is in a period that has an end value of 2012-02-03.
Constraint
ele-1 [error]
All FHIR elements must have a @value or children
Condition
per-1
Path
Permission.justification
Id
Permission.justification
Type
Cardinality
0 - 1
Definition
The asserted justification for using the data.
Comment
Constraint
ele-1 [error]
All FHIR elements must have a @value or children
Path
Permission.justification.basis
Id
Permission.justification.basis
Type
Cardinality
0 - *
Definition
This would be a codeableconcept, or a coding, which can be constrained to , for example, the 6 grounds for processing in GDPR.
Comment
Binding
Strength
example
Description
Regulatory policy examples
ValueSet
Constraint
ele-1 [error]
All FHIR elements must have a @value or children
Path
Permission.justification.basis.CodeableConcept.coding
Id
CodeableConcept.coding
Type
Cardinality
0 - *
Definition
A reference to a code defined by a terminology system.
Comment
Codes may be defined very casually in enumerations, or code lists, up to very formal definitions such as SNOMED CT - see the HL7 v3 Core Principles for more information. Ordering of codings is undefined and SHALL NOT be used to infer meaning. Generally, at most only one of the coding values will be labeled as UserSelected = true.
Requirements
Allows for alternative encodings within a code system, and translations to other code systems.
Constraint
ele-1 [error]
All FHIR elements must have a @value or children
Path
Permission.justification.basis.CodeableConcept.coding.Coding.system
Id
Coding.system
Type
Cardinality
0 - 1
Definition
The identification of the code system that defines the meaning of the symbol in the code.
Comment
The URI may be an OID (urn:oid:...) or a UUID (urn:uuid:...). OIDs and UUIDs SHALL be references to the HL7 OID registry. Otherwise, the URI should come from HL7's list of FHIR defined special URIs or it should be an absolute reference to some definition that establishes the system clearly and unambiguously.
Requirements
Need to be unambiguous about the source of the definition of the symbol.
Constraint
ele-1 [error]
All FHIR elements must have a @value or children
Path
Permission.justification.basis.CodeableConcept.coding.Coding.version
Id
Coding.version
Type
Cardinality
0 - 1
Definition
The version of the code system which was used when choosing this code. Note that a well-maintained code system does not need the version reported, because the meaning of codes is consistent across versions. However this cannot consistently be assured, and when the meaning is not guaranteed to be consistent, the version SHOULD be exchanged.
Comment
Where the terminology does not clearly define what string should be used to identify code system versions, the recommendation is to use the date (expressed in FHIR date format) on which that version was officially published as the version date.
Constraint
ele-1 [error]
All FHIR elements must have a @value or children
Path
Permission.justification.basis.CodeableConcept.coding.Coding.code
Id
Coding.code
Type
Cardinality
0 - 1
Definition
A symbol in syntax defined by the system. The symbol may be a predefined code or an expression in a syntax defined by the coding system (e.g. post-coordination).
Comment
Requirements
Need to refer to a particular code in the system.
Constraint
ele-1 [error]
All FHIR elements must have a @value or children
Condition
cod-1
Path
Permission.justification.basis.CodeableConcept.coding.Coding.display
Id
Coding.display
Type
Cardinality
0 - 1
Definition
A representation of the meaning of the code in the system, following the rules of the system.
Comment
Requirements
Need to be able to carry a human-readable meaning of the code for readers that do not know the system.
Constraint
ele-1 [error]
All FHIR elements must have a @value or children
Condition
cod-1
Path
Permission.justification.basis.CodeableConcept.coding.Coding.userSelected
Id
Coding.userSelected
Type
Cardinality
0 - 1
Definition
Indicates that this coding was chosen by a user directly - e.g. off a pick list of available items (codes or displays).
Comment
Amongst a set of alternatives, a directly chosen code is the most appropriate starting point for new translations. There is some ambiguity about what exactly 'directly chosen' implies, and trading partner agreement may be needed to clarify the use of this element and its consequences more completely.
Requirements
This has been identified as a clinical safety criterium - that this exact system/code pair was chosen explicitly, rather than inferred by the system based on some rules or language processing.
Constraint
ele-1 [error]
All FHIR elements must have a @value or children
Path
Permission.justification.evidence
Id
Permission.justification.evidence
Type
Cardinality
0 - *
Definition
Justifing rational.
Comment
While any resource may be used, DocumentReference, Consent, PlanDefinition, and Contract would be most frequent
Constraint
ele-1 [error]
All FHIR elements must have a @value or children
Path
Permission.justification.evidence.Reference.reference
Id
Reference.reference
Type
Cardinality
0 - 1
Definition
A reference to a location at which the other resource is found. The reference may be a relative reference, in which case it is relative to the service base URL, or an absolute URL that resolves to the location where the resource is found. The reference may be version specific or not. If the reference is not to a FHIR RESTful server, then it should be assumed to be version specific. Internal fragment references (start with '#') refer to contained resources.
Comment
Using absolute URLs provides a stable scalable approach suitable for a cloud/web context, while using relative/logical references provides a flexible approach suitable for use when trading across closed eco-system boundaries. Absolute URLs do not need to point to a FHIR RESTful server, though this is the preferred approach. If the URL conforms to the structure "[type]/[id]" then it should be assumed that the reference is to a FHIR RESTful server.
Constraint
ele-1 [error]
All FHIR elements must have a @value or children
Condition
ref-2
ref-1
Path
Permission.justification.evidence.Reference.type
Id
Reference.type
Type
Cardinality
0 - 1
Definition
The expected type of the target of the reference. If both Reference.type and Reference.reference are populated and Reference.reference is a FHIR URL, both SHALL be consistent.
The type is the Canonical URL of Resource Definition that is the type this reference refers to. References are URLs that are relative to http://hl7.org/fhir/StructureDefinition/ e.g. "Patient" is a reference to http://hl7.org/fhir/StructureDefinition/Patient. Absolute URLs are only allowed for logical models (and can only be used in references in logical models, not resources).
Comment
This element is used to indicate the type of the target of the reference. This may be used which ever of the other elements are populated (or not). In some cases, the type of the target may be determined by inspection of the reference (e.g. a known RESTful URL) or by resolving the target of the reference.
Binding
Strength
extensible
Description
Aa resource (or, for logical models, the URI of the logical model).
ValueSet
Constraint
ele-1 [error]
All FHIR elements must have a @value or children
Path
Permission.justification.evidence.Reference.identifier
Id
Reference.identifier
Type
Cardinality
0 - 1
Definition
An identifier for the target resource. This is used when there is no way to reference the other resource directly, either because the entity it represents is not available through a FHIR server, or because there is no way for the author of the resource to convert a known identifier to an actual location. There is no requirement that a Reference.identifier point to something that is actually exposed as a FHIR instance, but it SHALL point to a business concept that would be expected to be exposed as a FHIR instance, and that instance would need to be of a FHIR resource type allowed by the reference.
Comment
When an identifier is provided in place of a reference, any system processing the reference will only be able to resolve the identifier to a reference if it understands the business context in which the identifier is used. Sometimes this is global (e.g. a national identifier) but often it is not. For this reason, none of the useful mechanisms described for working with references (e.g. chaining, includes) are possible, nor should servers be expected to be able resolve the reference. Servers may accept an identifier based reference untouched, resolve it, and/or reject it - see CapabilityStatement.rest.resource.referencePolicy.
When both an identifier and a literal reference are provided, the literal reference is preferred. Applications processing the resource are allowed - but not required - to check that the identifier matches the literal reference
Applications converting a logical reference to a literal reference may choose to leave the logical reference present, or remove it.
Reference is intended to point to a structure that can potentially be expressed as a FHIR resource, though there is no need for it to exist as an actual FHIR resource instance - except in as much as an application wishes to actual find the target of the reference. The content referred to be the identifier must meet the logical constraints implied by any limitations on what resource types are permitted for the reference. For example, it would not be legitimate to send the identifier for a drug prescription if the type were Reference(Observation|DiagnosticReport). One of the use-cases for Reference.identifier is the situation where no FHIR representation exists (where the type is Reference (Any).
This element only allows for a single identifier. In the case where additional identifers are required, use the [http://hl7.org/fhir/StructureDefinition/additionalIdentifier](http://hl7.org/fhir/extensions/StructureDefinition-additionalIdentifier.html) extension.
Constraint
ele-1 [error]
All FHIR elements must have a @value or children
Condition
ref-2
Path
Permission.justification.evidence.Reference.identifier.Identifier.use
Id
Identifier.use
Type
Cardinality
0 - 1
Definition
The purpose of this identifier.
Comment
Applications can assume that an identifier is permanent unless it explicitly says that it is temporary.
Requirements
Allows the appropriate identifier for a particular context of use to be selected from among a set of identifiers.
Binding
Strength
required
Description
Identifies the purpose for this identifier, if known .
ValueSet
Constraint
ele-1 [error]
All FHIR elements must have a @value or children
Path
Permission.justification.evidence.Reference.identifier.Identifier.type
Id
Identifier.type
Type
Cardinality
0 - 1
Definition
A coded type for the identifier that can be used to determine which identifier to use for a specific purpose.
Comment
This element deals only with general categories of identifiers. It SHOULD not be used for codes that correspond 1..1 with the Identifier.system. Some identifiers may fall into multiple categories due to common usage. Where the system is known, a type is unnecessary because the type is always part of the system definition. However systems often need to handle identifiers where the system is not known. There is not a 1:1 relationship between type and system, since many different systems have the same type.
Requirements
Allows users to make use of identifiers when the identifier system is not known.
Binding
Strength
extensible
Description
A coded type for an identifier that can be used to determine which identifier to use for a specific purpose.
ValueSet
Constraint
ele-1 [error]
All FHIR elements must have a @value or children
Path
Permission.justification.evidence.Reference.identifier.Identifier.system
Id
Identifier.system
Type
Cardinality
0 - 1
Definition
Establishes the namespace for the value - that is, an absolute URL that describes a set values that are unique.
Comment
Identifier.system is always case sensitive.
Requirements
There are many sets of identifiers. To perform matching of two identifiers, we need to know what set we're dealing with. The system identifies a particular set of unique identifiers.
Constraint
ele-1 [error]
All FHIR elements must have a @value or children
Path
Permission.justification.evidence.Reference.identifier.Identifier.value
Id
Identifier.value
Type
Cardinality
0 - 1
Definition
The portion of the identifier typically relevant to the user and which is unique within the context of the system.
Comment
If the value is a full URI, then the system SHALL be urn:ietf:rfc:3986. The value's primary purpose is computational mapping. As a result, it may be normalized for comparison purposes (e.g. removing non-significant whitespace, dashes, etc.) A value formatted for human display can be conveyed using the [http://hl7.org/fhir/StructureDefinition/rendered-value](http://hl7.org/fhir/extensions/StructureDefinition-rendered-value.html)). Identifier.value is to be treated as case sensitive unless knowledge of the Identifier.system allows the processer to be confident that non-case-sensitive processing is safe.
Constraint
ele-1 [error]
All FHIR elements must have a @value or children
Condition
ident-1
Path
Permission.justification.evidence.Reference.identifier.Identifier.period
Id
Identifier.period
Type
Cardinality
0 - 1
Definition
Time period during which identifier is/was valid for use.
Comment
Constraint
ele-1 [error]
All FHIR elements must have a @value or children
Path
Permission.justification.evidence.Reference.identifier.Identifier.assigner
Id
Identifier.assigner
Type
Cardinality
0 - 1
Definition
Organization that issued/manages the identifier.
Comment
The Identifier.assigner may omit the .reference element and only contain a .display element reflecting the name or other textual information about the assigning organization.
Constraint
ele-1 [error]
All FHIR elements must have a @value or children
Path
Permission.justification.evidence.Reference.display
Id
Reference.display
Type
Cardinality
0 - 1
Definition
Plain text narrative that identifies the resource in addition to the resource reference.
Comment
This is generally not the same as the Resource.text of the referenced resource. The purpose is to identify what's being referenced, not to fully describe it.
Constraint
ele-1 [error]
All FHIR elements must have a @value or children
Condition
ref-2
combining
deny-overrides | permit-overrides | ordered-deny-overrides | ordered-permit-overrides | deny-unless-permit | permit-unless-deny
Path
Permission.combining
Id
Permission.combining
Type
Cardinality
1 - 1
Definition
Defines a procedure for arriving at an access decision given the set of rules.
Comment
see [XACML Combining Rules](http://docs.oasis-open.org/xacml/3.0/xacml-3.0-core-spec-cos01-en.html#_Toc325047267)
Binding
Strength
required
Description
How the rules are to be combined.
ValueSet
Constraint
ele-1 [error]
All FHIR elements must have a @value or children
Path
Permission.rule
Id
Permission.rule
Type
Cardinality
0 - *
Definition
A set of rules.
Comment
Constraint
ele-1 [error]
All FHIR elements must have a @value or children
Path
Permission.rule.type
Id
Permission.rule.type
Type
Cardinality
0 - 1
Definition
deny | permit.
Comment
Binding
Strength
required
Description
How a rule statement is applied.
ValueSet
Constraint
ele-1 [error]
All FHIR elements must have a @value or children
Path
Permission.rule.data
Id
Permission.rule.data
Type
Cardinality
0 - *
Definition
A description or definition of which activities are allowed to be done on the data.
Comment
Constraint
ele-1 [error]
All FHIR elements must have a @value or children
Path
Permission.rule.data.resource
Id
Permission.rule.data.resource
Type
Cardinality
0 - *
Definition
Explicit FHIR Resource references.
Comment
Constraint
ele-1 [error]
All FHIR elements must have a @value or children
Path
Permission.rule.data.resource.meaning
Id
Permission.rule.data.resource.meaning
Type
Cardinality
1 - 1
Definition
How the resource reference is interpreted when testing consent restrictions.
Comment
Binding
Strength
required
Description
How a resource reference is interpreted when testing consent restrictions.
ValueSet
Constraint
ele-1 [error]
All FHIR elements must have a @value or children
Path
Permission.rule.data.resource.reference
Id
Permission.rule.data.resource.reference
Type
Cardinality
1 - 1
Definition
A reference to a specific resource that defines which resources are covered by this consent.
Comment
Constraint
ele-1 [error]
All FHIR elements must have a @value or children
Path
Permission.rule.data.security
Id
Permission.rule.data.security
Type
Cardinality
0 - *
Definition
The data in scope are those with the given codes present in that data .meta.security element.
Comment
Note the ConfidentialityCode vocabulary indicates the highest value, thus a security label of "R" then it applies to all resources that are labeled "R" or lower. E.g. for Confidentiality, it's a high water mark. For other kinds of security labels, subsumption logic applies. When the purpose of use tag is on the data, access request purpose of use shall not conflict.
Constraint
ele-1 [error]
All FHIR elements must have a @value or children
Path
Permission.rule.data.security.Coding.system
Id
Coding.system
Type
Cardinality
0 - 1
Definition
The identification of the code system that defines the meaning of the symbol in the code.
Comment
The URI may be an OID (urn:oid:...) or a UUID (urn:uuid:...). OIDs and UUIDs SHALL be references to the HL7 OID registry. Otherwise, the URI should come from HL7's list of FHIR defined special URIs or it should be an absolute reference to some definition that establishes the system clearly and unambiguously.
Requirements
Need to be unambiguous about the source of the definition of the symbol.
Constraint
ele-1 [error]
All FHIR elements must have a @value or children
Path
Permission.rule.data.security.Coding.version
Id
Coding.version
Type
Cardinality
0 - 1
Definition
The version of the code system which was used when choosing this code. Note that a well-maintained code system does not need the version reported, because the meaning of codes is consistent across versions. However this cannot consistently be assured, and when the meaning is not guaranteed to be consistent, the version SHOULD be exchanged.
Comment
Where the terminology does not clearly define what string should be used to identify code system versions, the recommendation is to use the date (expressed in FHIR date format) on which that version was officially published as the version date.
Constraint
ele-1 [error]
All FHIR elements must have a @value or children
Path
Permission.rule.data.security.Coding.code
Id
Coding.code
Type
Cardinality
0 - 1
Definition
A symbol in syntax defined by the system. The symbol may be a predefined code or an expression in a syntax defined by the coding system (e.g. post-coordination).
Comment
Requirements
Need to refer to a particular code in the system.
Constraint
ele-1 [error]
All FHIR elements must have a @value or children
Condition
cod-1
Path
Permission.rule.data.security.Coding.display
Id
Coding.display
Type
Cardinality
0 - 1
Definition
A representation of the meaning of the code in the system, following the rules of the system.
Comment
Requirements
Need to be able to carry a human-readable meaning of the code for readers that do not know the system.
Constraint
ele-1 [error]
All FHIR elements must have a @value or children
Condition
cod-1
Path
Permission.rule.data.security.Coding.userSelected
Id
Coding.userSelected
Type
Cardinality
0 - 1
Definition
Indicates that this coding was chosen by a user directly - e.g. off a pick list of available items (codes or displays).
Comment
Amongst a set of alternatives, a directly chosen code is the most appropriate starting point for new translations. There is some ambiguity about what exactly 'directly chosen' implies, and trading partner agreement may be needed to clarify the use of this element and its consequences more completely.
Requirements
This has been identified as a clinical safety criterium - that this exact system/code pair was chosen explicitly, rather than inferred by the system based on some rules or language processing.
Constraint
ele-1 [error]
All FHIR elements must have a @value or children
Path
Permission.rule.data.period
Id
Permission.rule.data.period
Type
Cardinality
0 - *
Definition
Clinical or Operational Relevant period of time that bounds the data controlled by this rule.
Comment
This has a different sense to the .validity.
Constraint
ele-1 [error]
All FHIR elements must have a @value or children
Path
Permission.rule.data.period.Period.start
Id
Period.start
Type
Cardinality
0 - 1
Definition
The start of the period. The boundary is inclusive.
Comment
If the low element is missing, the meaning is that the low boundary is not known.
Constraint
ele-1 [error]
All FHIR elements must have a @value or children
Condition
per-1
Path
Permission.rule.data.period.Period.end
Id
Period.end
Type
Cardinality
0 - 1
Definition
The end of the period. If the end of the period is missing, it means no end was known or planned at the time the instance was created. The start may be in the past, and the end date in the future, which means that period is expected/planned to end at that time.
Comment
The end value includes any matching date/time. i.e. 2012-02-03T10:00:00 is in a period that has an end value of 2012-02-03.
Constraint
ele-1 [error]
All FHIR elements must have a @value or children
Condition
per-1
Path
Permission.rule.data.expression
Id
Permission.rule.data.expression
Type
Cardinality
0 - 1
Definition
Used when other data selection elements are insufficient.
Comment
Constraint
ele-1 [error]
All FHIR elements must have a @value or children
Path
Permission.rule.data.expression.Expression.description
Id
Expression.description
Type
Cardinality
0 - 1
Definition
A brief, natural language description of the condition that effectively communicates the intended semantics.
Comment
Constraint
ele-1 [error]
All FHIR elements must have a @value or children
Path
Permission.rule.data.expression.Expression.name
Id
Expression.name
Type
Cardinality
0 - 1
Definition
A short name assigned to the expression to allow for multiple reuse of the expression in the context where it is defined.
Comment
Constraint
ele-1 [error]
All FHIR elements must have a @value or children
Condition
exp-2
Path
Permission.rule.data.expression.Expression.expression
Id
Expression.expression
Type
Cardinality
0 - 1
Definition
An expression in the specified language that returns a value.
Comment
If Expression.expression and Expression.reference are both present, the Expression.expression might just be a name pointing something within the referenced content.
Constraint
ele-1 [error]
All FHIR elements must have a @value or children
Condition
exp-1
Path
Permission.rule.data.expression.Expression.reference
Id
Expression.reference
Type
Cardinality
0 - 1
Definition
A URI that defines where the expression is found.
Comment
If both a reference and an expression is found, the reference SHALL point to the same expression.
Constraint
ele-1 [error]
All FHIR elements must have a @value or children
Condition
exp-1
activity
A description or definition of which activities are allowed to be done on the data
Path
Permission.rule.activity
Id
Permission.rule.activity
Type
Cardinality
0 - *
Definition
A description or definition of which activities are allowed to be done on the data.
Comment
Constraint
ele-1 [error]
All FHIR elements must have a @value or children
Path
Permission.rule.activity.actor
Id
Permission.rule.activity.actor
Type
Cardinality
0 - *
Definition
The actor(s) authorized for the defined activity.
Comment
Constraint
ele-1 [error]
All FHIR elements must have a @value or children
Path
Permission.rule.activity.actor.Reference.reference
Id
Reference.reference
Type
Cardinality
0 - 1
Definition
A reference to a location at which the other resource is found. The reference may be a relative reference, in which case it is relative to the service base URL, or an absolute URL that resolves to the location where the resource is found. The reference may be version specific or not. If the reference is not to a FHIR RESTful server, then it should be assumed to be version specific. Internal fragment references (start with '#') refer to contained resources.
Comment
Using absolute URLs provides a stable scalable approach suitable for a cloud/web context, while using relative/logical references provides a flexible approach suitable for use when trading across closed eco-system boundaries. Absolute URLs do not need to point to a FHIR RESTful server, though this is the preferred approach. If the URL conforms to the structure "[type]/[id]" then it should be assumed that the reference is to a FHIR RESTful server.
Constraint
ele-1 [error]
All FHIR elements must have a @value or children
Condition
ref-2
ref-1
Path
Permission.rule.activity.actor.Reference.type
Id
Reference.type
Type
Cardinality
0 - 1
Definition
The expected type of the target of the reference. If both Reference.type and Reference.reference are populated and Reference.reference is a FHIR URL, both SHALL be consistent.
The type is the Canonical URL of Resource Definition that is the type this reference refers to. References are URLs that are relative to http://hl7.org/fhir/StructureDefinition/ e.g. "Patient" is a reference to http://hl7.org/fhir/StructureDefinition/Patient. Absolute URLs are only allowed for logical models (and can only be used in references in logical models, not resources).
Comment
This element is used to indicate the type of the target of the reference. This may be used which ever of the other elements are populated (or not). In some cases, the type of the target may be determined by inspection of the reference (e.g. a known RESTful URL) or by resolving the target of the reference.
Binding
Strength
extensible
Description
Aa resource (or, for logical models, the URI of the logical model).
ValueSet
Constraint
ele-1 [error]
All FHIR elements must have a @value or children
Path
Permission.rule.activity.actor.Reference.identifier
Id
Reference.identifier
Type
Cardinality
0 - 1
Definition
An identifier for the target resource. This is used when there is no way to reference the other resource directly, either because the entity it represents is not available through a FHIR server, or because there is no way for the author of the resource to convert a known identifier to an actual location. There is no requirement that a Reference.identifier point to something that is actually exposed as a FHIR instance, but it SHALL point to a business concept that would be expected to be exposed as a FHIR instance, and that instance would need to be of a FHIR resource type allowed by the reference.
Comment
When an identifier is provided in place of a reference, any system processing the reference will only be able to resolve the identifier to a reference if it understands the business context in which the identifier is used. Sometimes this is global (e.g. a national identifier) but often it is not. For this reason, none of the useful mechanisms described for working with references (e.g. chaining, includes) are possible, nor should servers be expected to be able resolve the reference. Servers may accept an identifier based reference untouched, resolve it, and/or reject it - see CapabilityStatement.rest.resource.referencePolicy.
When both an identifier and a literal reference are provided, the literal reference is preferred. Applications processing the resource are allowed - but not required - to check that the identifier matches the literal reference
Applications converting a logical reference to a literal reference may choose to leave the logical reference present, or remove it.
Reference is intended to point to a structure that can potentially be expressed as a FHIR resource, though there is no need for it to exist as an actual FHIR resource instance - except in as much as an application wishes to actual find the target of the reference. The content referred to be the identifier must meet the logical constraints implied by any limitations on what resource types are permitted for the reference. For example, it would not be legitimate to send the identifier for a drug prescription if the type were Reference(Observation|DiagnosticReport). One of the use-cases for Reference.identifier is the situation where no FHIR representation exists (where the type is Reference (Any).
This element only allows for a single identifier. In the case where additional identifers are required, use the [http://hl7.org/fhir/StructureDefinition/additionalIdentifier](http://hl7.org/fhir/extensions/StructureDefinition-additionalIdentifier.html) extension.
Constraint
ele-1 [error]
All FHIR elements must have a @value or children
Condition
ref-2
Path
Permission.rule.activity.actor.Reference.display
Id
Reference.display
Type
Cardinality
0 - 1
Definition
Plain text narrative that identifies the resource in addition to the resource reference.
Comment
This is generally not the same as the Resource.text of the referenced resource. The purpose is to identify what's being referenced, not to fully describe it.
Constraint
ele-1 [error]
All FHIR elements must have a @value or children
Condition
ref-2
Path
Permission.rule.activity.action
Id
Permission.rule.activity.action
Type
Cardinality
0 - *
Definition
Actions controlled by this Rule.
Comment
Note that this is the direct action (not the grounds for the action covered in the purpose element). At present, the only action in the understood and tested scope of this resource is 'read'.
Binding
Strength
example
Description
Detailed codes for the action.
ValueSet
Constraint
ele-1 [error]
All FHIR elements must have a @value or children
Path
Permission.rule.activity.action.CodeableConcept.coding
Id
CodeableConcept.coding
Type
Cardinality
0 - *
Definition
A reference to a code defined by a terminology system.
Comment
Codes may be defined very casually in enumerations, or code lists, up to very formal definitions such as SNOMED CT - see the HL7 v3 Core Principles for more information. Ordering of codings is undefined and SHALL NOT be used to infer meaning. Generally, at most only one of the coding values will be labeled as UserSelected = true.
Requirements
Allows for alternative encodings within a code system, and translations to other code systems.
Constraint
ele-1 [error]
All FHIR elements must have a @value or children
Path
Permission.rule.activity.purpose
Id
Permission.rule.activity.purpose
Type
Cardinality
0 - *
Definition
The purpose for which the permission is given.
Comment
Binding
Strength
preferred
Description
What purposes of use are controlled by this exception. If more than one label is specified, operations must have all the specified labels.
ValueSet
Constraint
ele-1 [error]
All FHIR elements must have a @value or children
Path
Permission.rule.activity.purpose.CodeableConcept.coding
Id
CodeableConcept.coding
Type
Cardinality
0 - *
Definition
A reference to a code defined by a terminology system.
Comment
Codes may be defined very casually in enumerations, or code lists, up to very formal definitions such as SNOMED CT - see the HL7 v3 Core Principles for more information. Ordering of codings is undefined and SHALL NOT be used to infer meaning. Generally, at most only one of the coding values will be labeled as UserSelected = true.
Requirements
Allows for alternative encodings within a code system, and translations to other code systems.
Constraint
ele-1 [error]
All FHIR elements must have a @value or children
Path
Permission.rule.limit
Id
Permission.rule.limit
Type
Cardinality
0 - *
Definition
What limits apply to the use of the data.
Comment
Binding
Strength
example
Description
Obligations and Refrains
ValueSet
Constraint
ele-1 [error]
All FHIR elements must have a @value or children
Path
Permission.rule.limit.CodeableConcept.coding
Id
CodeableConcept.coding
Type
Cardinality
0 - *
Definition
A reference to a code defined by a terminology system.
Comment
Codes may be defined very casually in enumerations, or code lists, up to very formal definitions such as SNOMED CT - see the HL7 v3 Core Principles for more information. Ordering of codings is undefined and SHALL NOT be used to infer meaning. Generally, at most only one of the coding values will be labeled as UserSelected = true.
Requirements
Allows for alternative encodings within a code system, and translations to other code systems.
Constraint
ele-1 [error]
All FHIR elements must have a @value or children
Path
Permission.rule.limit.CodeableConcept.coding.Coding.system
Id
Coding.system
Type
Cardinality
0 - 1
Definition
The identification of the code system that defines the meaning of the symbol in the code.
Comment
The URI may be an OID (urn:oid:...) or a UUID (urn:uuid:...). OIDs and UUIDs SHALL be references to the HL7 OID registry. Otherwise, the URI should come from HL7's list of FHIR defined special URIs or it should be an absolute reference to some definition that establishes the system clearly and unambiguously.
Requirements
Need to be unambiguous about the source of the definition of the symbol.
Constraint
ele-1 [error]
All FHIR elements must have a @value or children
Path
Permission.rule.limit.CodeableConcept.coding.Coding.version
Id
Coding.version
Type
Cardinality
0 - 1
Definition
The version of the code system which was used when choosing this code. Note that a well-maintained code system does not need the version reported, because the meaning of codes is consistent across versions. However this cannot consistently be assured, and when the meaning is not guaranteed to be consistent, the version SHOULD be exchanged.
Comment
Where the terminology does not clearly define what string should be used to identify code system versions, the recommendation is to use the date (expressed in FHIR date format) on which that version was officially published as the version date.
Constraint
ele-1 [error]
All FHIR elements must have a @value or children
Path
Permission.rule.limit.CodeableConcept.coding.Coding.code
Id
Coding.code
Type
Cardinality
0 - 1
Definition
A symbol in syntax defined by the system. The symbol may be a predefined code or an expression in a syntax defined by the coding system (e.g. post-coordination).
Comment
Requirements
Need to refer to a particular code in the system.
Constraint
ele-1 [error]
All FHIR elements must have a @value or children
Condition
cod-1
Path
Permission.rule.limit.CodeableConcept.coding.Coding.display
Id
Coding.display
Type
Cardinality
0 - 1
Definition
A representation of the meaning of the code in the system, following the rules of the system.
Comment
Requirements
Need to be able to carry a human-readable meaning of the code for readers that do not know the system.
Constraint
ele-1 [error]
All FHIR elements must have a @value or children
Condition
cod-1
Path
Permission.rule.limit.CodeableConcept.coding.Coding.userSelected
Id
Coding.userSelected
Type
Cardinality
0 - 1
Definition
Indicates that this coding was chosen by a user directly - e.g. off a pick list of available items (codes or displays).
Comment
Amongst a set of alternatives, a directly chosen code is the most appropriate starting point for new translations. There is some ambiguity about what exactly 'directly chosen' implies, and trading partner agreement may be needed to clarify the use of this element and its consequences more completely.
Requirements
This has been identified as a clinical safety criterium - that this exact system/code pair was chosen explicitly, rather than inferred by the system based on some rules or language processing.
Constraint
ele-1 [error]
All FHIR elements must have a @value or children