Page Status: draft updated 2025-11-03

Permission - HVOOrganizationInteractionPermission

Page index

General information
Profile
- Details
Supported operations
- HTTP methods
- Query operations

General information

Profile

HVOOrganizationInteractionPermission (Permission)	C		Permission	There are no (further) constraints on this element Element id Permission Short description Access Rules Definition Permission resource holds access rules for a given data and context. Data type Permission Constraints dom-2: If the resource is contained in another resource, it SHALL NOT contain nested Resources `contained.contained.empty()` dom-3: If the resource is contained in another resource, it SHALL be referred to from elsewhere in the resource or SHALL refer to the containing resource `contained.where((('#'+id in (%resource.descendants().reference \| %resource.descendants().ofType(canonical) \| %resource.descendants().ofType(uri) \| %resource.descendants().ofType(url))) or descendants().where(reference = '#').exists() or descendants().where(ofType(canonical) = '#').exists() or descendants().where(ofType(canonical) = '#').exists()).not()).trace('unmatched', id).empty()` dom-4: If a resource is contained in another resource, it SHALL NOT have a meta.versionId or a meta.lastUpdated `contained.meta.versionId.empty() and contained.meta.lastUpdated.empty()` dom-5: If a resource is contained in another resource, it SHALL NOT have a security label `contained.meta.security.empty()` dom-6: A resource should have narrative for robust management text.`div`.exists() Mappings rim: Entity, Role, or Act w5: infrastructure.information
id	Σ	0..1	id	There are no (further) constraints on this element Element id Permission.id Short description Logical id of this artifact Definition The logical id of the resource, as used in the URL for the resource. Once assigned, this value never changes. Comments Within the context of the FHIR RESTful interactions, the resource has an id except for cases like the create and conditional update. Otherwise, the use of the resouce id depends on the given use case. Data type id
meta	Σ	0..1	Meta	There are no (further) constraints on this element Element id Permission.meta Short description Metadata about the resource Definition The metadata about the resource. This is content that is maintained by the infrastructure. Changes to the content might not always be associated with version changes to the resource. Data type Meta Constraints ele-1: All FHIR elements must have a @value or children `hasValue() or (children().count() > id.count())`
implicitRules	Σ ?!	0..1	uri	There are no (further) constraints on this element Element id Permission.implicitRules Short description A set of rules under which this content was created Definition A reference to a set of rules that were followed when the resource was constructed, and which must be understood when processing the content. Often, this is a reference to an implementation guide that defines the special rules along with other profiles etc. Comments Asserting this rule set restricts the content to be only understood by a limited set of trading partners. This inherently limits the usefulness of the data in the long term. However, the existing health eco-system is highly fractured, and not yet ready to define, collect, and exchange data in a generally computable sense. Wherever possible, implementers and/or specification writers should avoid using this element. Often, when used, the URL is a reference to an implementation guide that defines these special rules as part of its narrative along with other profiles, value sets, etc. Data type uri Constraints ele-1: All FHIR elements must have a @value or children `hasValue() or (children().count() > id.count())`
language		0..1	codeBinding	There are no (further) constraints on this element Element id Permission.language Short description Language of the resource content Definition The base language in which the resource is written. Comments Language is provided to support indexing and accessibility (typically, services such as text to speech use the language tag). The html language tag in the narrative applies to the narrative. The language tag on the resource may be used to specify the language of other presentations generated from the data in the resource. Not all the content has to be in the base language. The Resource.language should not be assumed to apply to the narrative automatically. If a language is specified, it should it also be specified on the div element in the html (see rules in HTML5 for information about the relationship between xml:lang and the html lang attribute). Data type code Binding IETF language tag for a human language AllLanguages (required) Additional bindings CommonLanguages (starter) Constraints ele-1: All FHIR elements must have a @value or children `hasValue() or (children().count() > id.count())`
text	C	0..1	Narrative	There are no (further) constraints on this element Element id Permission.text Short description Text summary of the resource, for human interpretation Alternate names narrative, html, xhtml, display Definition A human-readable narrative that contains a summary of the resource and can be used to represent the content of the resource to a human. The narrative need not encode all the structured data, but is required to contain sufficient detail to make it "clinically safe" for a human to just read the narrative. Resource definitions may define what content should be represented in the narrative to ensure clinical safety. Comments Contained resources do not have a narrative. Resources that are not contained SHOULD have a narrative. In some cases, a resource may only have text with little or no additional discrete data (as long as all minOccurs=1 elements are satisfied). This may be necessary for data from legacy systems where information is captured as a "text blob" or where text is additionally entered raw or narrated and encoded information is added later. Data type Narrative Conditions The cardinality or value of this element may be affected by these constraints: dom-6 Constraints ele-1: All FHIR elements must have a @value or children `hasValue() or (children().count() > id.count())` Mappings rim: Act.text?
contained	C	0..*	Resource	There are no (further) constraints on this element Element id Permission.contained Short description Contained, inline Resources Alternate names inline resources, anonymous resources, contained resources Definition These resources do not have an independent existence apart from the resource that contains them - they cannot be identified independently, nor can they have their own independent transaction scope. This is allowed to be a Parameters resource if and only if it is referenced by a resource that provides context/meaning. Comments This should never be done when the content can be identified properly, as once identification is lost, it is extremely difficult (and context dependent) to restore it again. Contained resources may have profiles and tags in their meta elements, but SHALL NOT have security labels. Data type Resource Conditions The cardinality or value of this element may be affected by these constraints: dom-2, dom-4, dom-3, dom-5 Mappings rim: N/A
extension	C	0..*	Extension	There are no (further) constraints on this element Element id Permission.extension Short description Additional content defined by implementations Alternate names extensions, user content Definition May be used to represent additional information that is not part of the basic definition of the resource. To make the use of extensions safe and managable, there is a strict set of governance applied to the definition and use of extensions. Though any implementer can define an extension, there is a set of requirements that SHALL be met as part of the definition of the extension. Comments There can be no stigma associated with the use of extensions by any application, project, or standard - regardless of the institution or jurisdiction that uses or defines the extensions. The use of extensions is what allows the FHIR specification to retain a core level of simplicity for everyone. Data type Extension Constraints ele-1: All FHIR elements must have a @value or children `hasValue() or (children().count() > id.count())` ext-1: Must have either extensions or value[x], not both `extension.exists() != value.exists()` Mappings rim: N/A
modifierExtension	Σ ?! C	0..*	Extension	There are no (further) constraints on this element Element id Permission.modifierExtension Short description Extensions that cannot be ignored Alternate names extensions, user content Definition May be used to represent additional information that is not part of the basic definition of the resource and that modifies the understanding of the element that contains it and/or the understanding of the containing element's descendants. Usually modifier elements provide negation or qualification. To make the use of extensions safe and managable, there is a strict set of governance applied to the definition and use of extensions. Though any implementer is allowed to define an extension, there is a set of requirements that SHALL be met as part of the definition of the extension. Applications processing a resource are required to check for modifier extensions. Modifier extensions SHALL NOT change the meaning of any elements on Resource or DomainResource (including cannot change the meaning of modifierExtension itself). Requirements Modifier extensions allow for extensions that cannot be safely ignored to be clearly distinguished from the vast majority of extensions which can be safely ignored. This promotes interoperability by eliminating the need for implementers to prohibit the presence of extensions. For further information, see the definition of modifier extensions. Comments There can be no stigma associated with the use of extensions by any application, project, or standard - regardless of the institution or jurisdiction that uses or defines the extensions. The use of extensions is what allows the FHIR specification to retain a core level of simplicity for everyone. Data type Extension Constraints ele-1: All FHIR elements must have a @value or children `hasValue() or (children().count() > id.count())` ext-1: Must have either extensions or value[x], not both `extension.exists() != value.exists()` Mappings rim: N/A
status	S Σ	1..1	codeBinding	There are no (further) constraints on this element Element id Permission.status Short description active \| entered-in-error \| draft \| rejected Definition Status. Data type code Binding Codes identifying the lifecycle stage of a product. PermissionStatus (required) Constraints ele-1: All FHIR elements must have a @value or children `hasValue() or (children().count() > id.count())` Mappings fhirconsent: Consent.status
asserter	Σ	0..1	Reference(Practitioner \| PractitionerRole \| Organization \| CareTeam \| Patient \| RelatedPerson \| HealthcareService)	There are no (further) constraints on this element Element id Permission.asserter Short description The person or entity that asserts the permission Definition The person or entity that asserts the permission. Data type Reference(Practitioner \| PractitionerRole \| Organization \| CareTeam \| Patient \| RelatedPerson \| HealthcareService) Constraints ele-1: All FHIR elements must have a @value or children `hasValue() or (children().count() > id.count())` Mappings fhirconsent: Consent.grantor, Consent.grantee, Consent.manager, Consent.controller
date	Σ	0..*	dateTime	There are no (further) constraints on this element Element id Permission.date Short description The date that permission was asserted Alternate names class Definition The date that permission was asserted. Data type dateTime Constraints ele-1: All FHIR elements must have a @value or children `hasValue() or (children().count() > id.count())` Mappings fhirconsent: Consent.dateTime
validity	S Σ	1..1	Period	There are no (further) constraints on this element Element id Permission.validity Short description The period in which the permission is active Alternate names type Definition The period in which the permission is active. Data type Period Constraints ele-1: All FHIR elements must have a @value or children `hasValue() or (children().count() > id.count())` Mappings fhirconsent: Consent.provision.period
id		0..1	id	There are no (further) constraints on this element Element id Permission.validity.id Short description Unique id for inter-element referencing Definition Unique id for the element within a resource (for internal references). This may be any string value that does not contain spaces. Data type id Conditions The cardinality or value of this element may be affected by these constraints: ele-1 Mappings rim: n/a
extension	C	0..*	Extension	There are no (further) constraints on this element Element id Permission.validity.extension Short description Additional content defined by implementations Alternate names extensions, user content Definition May be used to represent additional information that is not part of the basic definition of the element. To make the use of extensions safe and managable, there is a strict set of governance applied to the definition and use of extensions. Though any implementer can define an extension, there is a set of requirements that SHALL be met as part of the definition of the extension. Comments There can be no stigma associated with the use of extensions by any application, project, or standard - regardless of the institution or jurisdiction that uses or defines the extensions. The use of extensions is what allows the FHIR specification to retain a core level of simplicity for everyone. Data type Extension Slicing Unordered, Open, by url(Value) Extensions are always sliced by (at least) url Constraints ele-1: All FHIR elements must have a @value or children `hasValue() or (children().count() > id.count())` ext-1: Must have either extensions or value[x], not both `extension.exists() != value.exists()` Mappings rim: n/a
start	S Σ C	1..1	dateTime	There are no (further) constraints on this element Element id Permission.validity.start Short description Starting time with inclusive boundary Definition The start of the period. The boundary is inclusive. Comments If the low element is missing, the meaning is that the low boundary is not known. Data type dateTime Conditions The cardinality or value of this element may be affected by these constraints: per-1 Constraints ele-1: All FHIR elements must have a @value or children `hasValue() or (children().count() > id.count())` Mappings v2: DR.1 rim: ./low
end	S Σ C	0..1	dateTime	There are no (further) constraints on this element Element id Permission.validity.end Short description End time with inclusive boundary, if not ongoing Definition The end of the period. If the end of the period is missing, it means no end was known or planned at the time the instance was created. The start may be in the past, and the end date in the future, which means that period is expected/planned to end at that time. Comments The end value includes any matching date/time. i.e. 2012-02-03T10:00:00 is in a period that has an end value of 2012-02-03. Meaning when missing If the end of the period is missing, it means that the period is ongoing Data type dateTime Conditions The cardinality or value of this element may be affected by these constraints: per-1 Constraints ele-1: All FHIR elements must have a @value or children `hasValue() or (children().count() > id.count())` Mappings v2: DR.2 rim: ./high
justification	Σ	0..1	BackboneElement	There are no (further) constraints on this element Element id Permission.justification Short description The asserted justification for using the data Definition The asserted justification for using the data. Data type BackboneElement Constraints ele-1: All FHIR elements must have a @value or children `hasValue() or (children().count() > id.count())`
id		0..1	string	There are no (further) constraints on this element Element id Permission.justification.id Short description Unique id for inter-element referencing Definition Unique id for the element within a resource (for internal references). This may be any string value that does not contain spaces. Data type string Conditions The cardinality or value of this element may be affected by these constraints: ele-1 Mappings rim: n/a
extension	C	0..*	Extension	There are no (further) constraints on this element Element id Permission.justification.extension Short description Additional content defined by implementations Alternate names extensions, user content Definition May be used to represent additional information that is not part of the basic definition of the element. To make the use of extensions safe and managable, there is a strict set of governance applied to the definition and use of extensions. Though any implementer can define an extension, there is a set of requirements that SHALL be met as part of the definition of the extension. Comments There can be no stigma associated with the use of extensions by any application, project, or standard - regardless of the institution or jurisdiction that uses or defines the extensions. The use of extensions is what allows the FHIR specification to retain a core level of simplicity for everyone. Data type Extension Constraints ele-1: All FHIR elements must have a @value or children `hasValue() or (children().count() > id.count())` ext-1: Must have either extensions or value[x], not both `extension.exists() != value.exists()` Mappings rim: n/a
modifierExtension	Σ ?! C	0..*	Extension	There are no (further) constraints on this element Element id Permission.justification.modifierExtension Short description Extensions that cannot be ignored even if unrecognized Alternate names extensions, user content, modifiers Definition May be used to represent additional information that is not part of the basic definition of the element and that modifies the understanding of the element in which it is contained and/or the understanding of the containing element's descendants. Usually modifier elements provide negation or qualification. To make the use of extensions safe and managable, there is a strict set of governance applied to the definition and use of extensions. Though any implementer can define an extension, there is a set of requirements that SHALL be met as part of the definition of the extension. Applications processing a resource are required to check for modifier extensions. Modifier extensions SHALL NOT change the meaning of any elements on Resource or DomainResource (including cannot change the meaning of modifierExtension itself). Requirements Modifier extensions allow for extensions that cannot be safely ignored to be clearly distinguished from the vast majority of extensions which can be safely ignored. This promotes interoperability by eliminating the need for implementers to prohibit the presence of extensions. For further information, see the definition of modifier extensions. Comments There can be no stigma associated with the use of extensions by any application, project, or standard - regardless of the institution or jurisdiction that uses or defines the extensions. The use of extensions is what allows the FHIR specification to retain a core level of simplicity for everyone. Data type Extension Constraints ele-1: All FHIR elements must have a @value or children `hasValue() or (children().count() > id.count())` ext-1: Must have either extensions or value[x], not both `extension.exists() != value.exists()` Mappings rim: N/A
basis	Σ	0..*	CodeableConcept	There are no (further) constraints on this element Element id Permission.justification.basis Short description The regulatory grounds upon which this Permission builds Definition This would be a codeableconcept, or a coding, which can be constrained to , for example, the 6 grounds for processing in GDPR. Data type CodeableConcept Binding Regulatory policy examples ConsentPolicyRuleCodes (example) Constraints ele-1: All FHIR elements must have a @value or children `hasValue() or (children().count() > id.count())` Mappings fhirconsent: Consent.regulatoryBasis
evidence	Σ	0..*	Reference(Resource)	There are no (further) constraints on this element Element id Permission.justification.evidence Short description Justifing rational Definition Justifing rational. Comments While any resource may be used, DocumentReference, Consent, PlanDefinition, and Contract would be most frequent Data type Reference(Resource) Constraints ele-1: All FHIR elements must have a @value or children `hasValue() or (children().count() > id.count())` Mappings fhirconsent: Consent.policyBasis.reference
combining	S Σ ?!	1..1	codeBindingFixed Value	Element id Permission.combining Short description deny-overrides \| permit-overrides \| ordered-deny-overrides \| ordered-permit-overrides \| deny-unless-permit \| permit-unless-deny Definition Defines a procedure for arriving at an access decision given the set of rules. Comments see XACML Combining Rules Data type code Binding How the rules are to be combined. PermissionRuleCombining (required) Constraints ele-1: All FHIR elements must have a @value or children `hasValue() or (children().count() > id.count())` Fixed value permit-unless-deny
rule	S Σ	0..*	BackboneElement	There are no (further) constraints on this element Element id Permission.rule Short description Constraints to the Permission Definition A set of rules. Data type BackboneElement Constraints ele-1: All FHIR elements must have a @value or children `hasValue() or (children().count() > id.count())`
id		0..1	string	There are no (further) constraints on this element Element id Permission.rule.id Short description Unique id for inter-element referencing Definition Unique id for the element within a resource (for internal references). This may be any string value that does not contain spaces. Data type string Conditions The cardinality or value of this element may be affected by these constraints: ele-1 Mappings rim: n/a
extension	C	0..*	Extension	There are no (further) constraints on this element Element id Permission.rule.extension Short description Additional content defined by implementations Alternate names extensions, user content Definition May be used to represent additional information that is not part of the basic definition of the element. To make the use of extensions safe and managable, there is a strict set of governance applied to the definition and use of extensions. Though any implementer can define an extension, there is a set of requirements that SHALL be met as part of the definition of the extension. Comments There can be no stigma associated with the use of extensions by any application, project, or standard - regardless of the institution or jurisdiction that uses or defines the extensions. The use of extensions is what allows the FHIR specification to retain a core level of simplicity for everyone. Data type Extension Constraints ele-1: All FHIR elements must have a @value or children `hasValue() or (children().count() > id.count())` ext-1: Must have either extensions or value[x], not both `extension.exists() != value.exists()` Mappings rim: n/a
modifierExtension	Σ ?! C	0..*	Extension	There are no (further) constraints on this element Element id Permission.rule.modifierExtension Short description Extensions that cannot be ignored even if unrecognized Alternate names extensions, user content, modifiers Definition May be used to represent additional information that is not part of the basic definition of the element and that modifies the understanding of the element in which it is contained and/or the understanding of the containing element's descendants. Usually modifier elements provide negation or qualification. To make the use of extensions safe and managable, there is a strict set of governance applied to the definition and use of extensions. Though any implementer can define an extension, there is a set of requirements that SHALL be met as part of the definition of the extension. Applications processing a resource are required to check for modifier extensions. Modifier extensions SHALL NOT change the meaning of any elements on Resource or DomainResource (including cannot change the meaning of modifierExtension itself). Requirements Modifier extensions allow for extensions that cannot be safely ignored to be clearly distinguished from the vast majority of extensions which can be safely ignored. This promotes interoperability by eliminating the need for implementers to prohibit the presence of extensions. For further information, see the definition of modifier extensions. Comments There can be no stigma associated with the use of extensions by any application, project, or standard - regardless of the institution or jurisdiction that uses or defines the extensions. The use of extensions is what allows the FHIR specification to retain a core level of simplicity for everyone. Data type Extension Constraints ele-1: All FHIR elements must have a @value or children `hasValue() or (children().count() > id.count())` ext-1: Must have either extensions or value[x], not both `extension.exists() != value.exists()` Mappings rim: N/A
type	Σ ?!	0..1	codeBindingFixed Value	Element id Permission.rule.type Short description deny \| permit Definition deny \| permit. Data type code Binding How a rule statement is applied. ConsentProvisionType (required) Constraints ele-1: All FHIR elements must have a @value or children `hasValue() or (children().count() > id.count())` Fixed value permit Mappings fhirconsent: Consent.provision.type
data	S Σ	0..*	BackboneElement	There are no (further) constraints on this element Element id Permission.rule.data Short description The selection criteria to identify data that is within scope of this provision Definition A description or definition of which activities are allowed to be done on the data. Data type BackboneElement Constraints ele-1: All FHIR elements must have a @value or children `hasValue() or (children().count() > id.count())`
id		0..1	string	There are no (further) constraints on this element Element id Permission.rule.data.id Short description Unique id for inter-element referencing Definition Unique id for the element within a resource (for internal references). This may be any string value that does not contain spaces. Data type string Conditions The cardinality or value of this element may be affected by these constraints: ele-1 Mappings rim: n/a
extension	C	0..*	Extension	There are no (further) constraints on this element Element id Permission.rule.data.extension Short description Additional content defined by implementations Alternate names extensions, user content Definition May be used to represent additional information that is not part of the basic definition of the element. To make the use of extensions safe and managable, there is a strict set of governance applied to the definition and use of extensions. Though any implementer can define an extension, there is a set of requirements that SHALL be met as part of the definition of the extension. Comments There can be no stigma associated with the use of extensions by any application, project, or standard - regardless of the institution or jurisdiction that uses or defines the extensions. The use of extensions is what allows the FHIR specification to retain a core level of simplicity for everyone. Data type Extension Constraints ele-1: All FHIR elements must have a @value or children `hasValue() or (children().count() > id.count())` ext-1: Must have either extensions or value[x], not both `extension.exists() != value.exists()` Mappings rim: n/a
modifierExtension	Σ ?! C	0..*	Extension	There are no (further) constraints on this element Element id Permission.rule.data.modifierExtension Short description Extensions that cannot be ignored even if unrecognized Alternate names extensions, user content, modifiers Definition May be used to represent additional information that is not part of the basic definition of the element and that modifies the understanding of the element in which it is contained and/or the understanding of the containing element's descendants. Usually modifier elements provide negation or qualification. To make the use of extensions safe and managable, there is a strict set of governance applied to the definition and use of extensions. Though any implementer can define an extension, there is a set of requirements that SHALL be met as part of the definition of the extension. Applications processing a resource are required to check for modifier extensions. Modifier extensions SHALL NOT change the meaning of any elements on Resource or DomainResource (including cannot change the meaning of modifierExtension itself). Requirements Modifier extensions allow for extensions that cannot be safely ignored to be clearly distinguished from the vast majority of extensions which can be safely ignored. This promotes interoperability by eliminating the need for implementers to prohibit the presence of extensions. For further information, see the definition of modifier extensions. Comments There can be no stigma associated with the use of extensions by any application, project, or standard - regardless of the institution or jurisdiction that uses or defines the extensions. The use of extensions is what allows the FHIR specification to retain a core level of simplicity for everyone. Data type Extension Constraints ele-1: All FHIR elements must have a @value or children `hasValue() or (children().count() > id.count())` ext-1: Must have either extensions or value[x], not both `extension.exists() != value.exists()` Mappings rim: N/A
resource	S Σ	0..*	BackboneElement	There are no (further) constraints on this element Element id Permission.rule.data.resource Short description Explicit FHIR Resource references Definition Explicit FHIR Resource references. Data type BackboneElement Constraints ele-1: All FHIR elements must have a @value or children `hasValue() or (children().count() > id.count())` Mappings fhirconsent: Consent.provision.data
id		0..1	string	There are no (further) constraints on this element Element id Permission.rule.data.resource.id Short description Unique id for inter-element referencing Definition Unique id for the element within a resource (for internal references). This may be any string value that does not contain spaces. Data type string Conditions The cardinality or value of this element may be affected by these constraints: ele-1 Mappings rim: n/a
extension	C	0..*	Extension	There are no (further) constraints on this element Element id Permission.rule.data.resource.extension Short description Additional content defined by implementations Alternate names extensions, user content Definition May be used to represent additional information that is not part of the basic definition of the element. To make the use of extensions safe and managable, there is a strict set of governance applied to the definition and use of extensions. Though any implementer can define an extension, there is a set of requirements that SHALL be met as part of the definition of the extension. Comments There can be no stigma associated with the use of extensions by any application, project, or standard - regardless of the institution or jurisdiction that uses or defines the extensions. The use of extensions is what allows the FHIR specification to retain a core level of simplicity for everyone. Data type Extension Constraints ele-1: All FHIR elements must have a @value or children `hasValue() or (children().count() > id.count())` ext-1: Must have either extensions or value[x], not both `extension.exists() != value.exists()` Mappings rim: n/a
modifierExtension	Σ ?! C	0..*	Extension	There are no (further) constraints on this element Element id Permission.rule.data.resource.modifierExtension Short description Extensions that cannot be ignored even if unrecognized Alternate names extensions, user content, modifiers Definition May be used to represent additional information that is not part of the basic definition of the element and that modifies the understanding of the element in which it is contained and/or the understanding of the containing element's descendants. Usually modifier elements provide negation or qualification. To make the use of extensions safe and managable, there is a strict set of governance applied to the definition and use of extensions. Though any implementer can define an extension, there is a set of requirements that SHALL be met as part of the definition of the extension. Applications processing a resource are required to check for modifier extensions. Modifier extensions SHALL NOT change the meaning of any elements on Resource or DomainResource (including cannot change the meaning of modifierExtension itself). Requirements Modifier extensions allow for extensions that cannot be safely ignored to be clearly distinguished from the vast majority of extensions which can be safely ignored. This promotes interoperability by eliminating the need for implementers to prohibit the presence of extensions. For further information, see the definition of modifier extensions. Comments There can be no stigma associated with the use of extensions by any application, project, or standard - regardless of the institution or jurisdiction that uses or defines the extensions. The use of extensions is what allows the FHIR specification to retain a core level of simplicity for everyone. Data type Extension Constraints ele-1: All FHIR elements must have a @value or children `hasValue() or (children().count() > id.count())` ext-1: Must have either extensions or value[x], not both `extension.exists() != value.exists()` Mappings rim: N/A
meaning	S Σ	1..1	codeBindingFixed Value	Element id Permission.rule.data.resource.meaning Short description instance \| related \| dependents \| authoredby Definition How the resource reference is interpreted when testing consent restrictions. Data type code Binding How a resource reference is interpreted when testing consent restrictions. ConsentDataMeaning (required) Constraints ele-1: All FHIR elements must have a @value or children `hasValue() or (children().count() > id.count())` Fixed value instance
reference	S Σ	1..1	Reference(HVOOrganization \| HVOOrganizationalUnit)	Element id Permission.rule.data.resource.reference Short description The actual data reference Definition A reference to a specific resource that defines which resources are covered by this consent. Data type Reference(HVOOrganization \| HVOOrganizationalUnit) Constraints ele-1: All FHIR elements must have a @value or children `hasValue() or (children().count() > id.count())`
security	Σ	0..*	Coding	There are no (further) constraints on this element Element id Permission.rule.data.security Short description Security tag code on .meta.security Definition The data in scope are those with the given codes present in that data .meta.security element. Comments Note the ConfidentialityCode vocabulary indicates the highest value, thus a security label of "R" then it applies to all resources that are labeled "R" or lower. E.g. for Confidentiality, it's a high water mark. For other kinds of security labels, subsumption logic applies. When the purpose of use tag is on the data, access request purpose of use shall not conflict. Data type Coding Constraints ele-1: All FHIR elements must have a @value or children `hasValue() or (children().count() > id.count())` Mappings fhirconsent: Consent.provision.securityLabel
period	Σ	0..*	Period	There are no (further) constraints on this element Element id Permission.rule.data.period Short description Timeframe encompasing data create/update Definition Clinical or Operational Relevant period of time that bounds the data controlled by this rule. Comments This has a different sense to the .validity. Data type Period Constraints ele-1: All FHIR elements must have a @value or children `hasValue() or (children().count() > id.count())` Mappings fhirconsent: Consent.provision.dataPeriod
expression	S Σ	0..1	Expression	There are no (further) constraints on this element Element id Permission.rule.data.expression Short description Expression identifying the data Definition Used when other data selection elements are insufficient. Data type Expression Constraints ele-1: All FHIR elements must have a @value or children `hasValue() or (children().count() > id.count())` Mappings fhirconsent: Consent.provision.class, Consent.provision.code, Consent.provision.expression
activity	S Σ	0..*	BackboneElement	There are no (further) constraints on this element Element id Permission.rule.activity Short description A description or definition of which activities are allowed to be done on the data Definition A description or definition of which activities are allowed to be done on the data. Data type BackboneElement Constraints ele-1: All FHIR elements must have a @value or children `hasValue() or (children().count() > id.count())`
id		0..1	string	There are no (further) constraints on this element Element id Permission.rule.activity.id Short description Unique id for inter-element referencing Definition Unique id for the element within a resource (for internal references). This may be any string value that does not contain spaces. Data type string Conditions The cardinality or value of this element may be affected by these constraints: ele-1 Mappings rim: n/a
extension	C	0..*	Extension	There are no (further) constraints on this element Element id Permission.rule.activity.extension Short description Additional content defined by implementations Alternate names extensions, user content Definition May be used to represent additional information that is not part of the basic definition of the element. To make the use of extensions safe and managable, there is a strict set of governance applied to the definition and use of extensions. Though any implementer can define an extension, there is a set of requirements that SHALL be met as part of the definition of the extension. Comments There can be no stigma associated with the use of extensions by any application, project, or standard - regardless of the institution or jurisdiction that uses or defines the extensions. The use of extensions is what allows the FHIR specification to retain a core level of simplicity for everyone. Data type Extension Constraints ele-1: All FHIR elements must have a @value or children `hasValue() or (children().count() > id.count())` ext-1: Must have either extensions or value[x], not both `extension.exists() != value.exists()` Mappings rim: n/a
modifierExtension	Σ ?! C	0..*	Extension	There are no (further) constraints on this element Element id Permission.rule.activity.modifierExtension Short description Extensions that cannot be ignored even if unrecognized Alternate names extensions, user content, modifiers Definition May be used to represent additional information that is not part of the basic definition of the element and that modifies the understanding of the element in which it is contained and/or the understanding of the containing element's descendants. Usually modifier elements provide negation or qualification. To make the use of extensions safe and managable, there is a strict set of governance applied to the definition and use of extensions. Though any implementer can define an extension, there is a set of requirements that SHALL be met as part of the definition of the extension. Applications processing a resource are required to check for modifier extensions. Modifier extensions SHALL NOT change the meaning of any elements on Resource or DomainResource (including cannot change the meaning of modifierExtension itself). Requirements Modifier extensions allow for extensions that cannot be safely ignored to be clearly distinguished from the vast majority of extensions which can be safely ignored. This promotes interoperability by eliminating the need for implementers to prohibit the presence of extensions. For further information, see the definition of modifier extensions. Comments There can be no stigma associated with the use of extensions by any application, project, or standard - regardless of the institution or jurisdiction that uses or defines the extensions. The use of extensions is what allows the FHIR specification to retain a core level of simplicity for everyone. Data type Extension Constraints ele-1: All FHIR elements must have a @value or children `hasValue() or (children().count() > id.count())` ext-1: Must have either extensions or value[x], not both `extension.exists() != value.exists()` Mappings rim: N/A
actor	S Σ	0..*	Reference(HVODevice)	Element id Permission.rule.activity.actor Short description Authorized actor(s) Definition The actor(s) authorized for the defined activity. Data type Reference(HVODevice) Constraints ele-1: All FHIR elements must have a @value or children `hasValue() or (children().count() > id.count())` Mappings fhirconsent: Consent.provision.actor
action	S Σ	0..*	CodeableConceptBinding	Element id Permission.rule.activity.action Short description Actions controlled by this rule Definition Actions controlled by this Rule. Comments Note that this is the direct action (not the grounds for the action covered in the purpose element). At present, the only action in the understood and tested scope of this resource is 'read'. Data type CodeableConcept Binding Detailed codes for the action. TypeRestfulInteraction (required) Constraints ele-1: All FHIR elements must have a @value or children `hasValue() or (children().count() > id.count())` Mappings fhirconsent: Consent.provision.action
purpose	Σ	0..*	CodeableConceptBinding	There are no (further) constraints on this element Element id Permission.rule.activity.purpose Short description The purpose for which the permission is given Definition The purpose for which the permission is given. Data type CodeableConcept Binding What purposes of use are controlled by this exception. If more than one label is specified, operations must have all the specified labels. PurposeOfUse (preferred) Constraints ele-1: All FHIR elements must have a @value or children `hasValue() or (children().count() > id.count())` Mappings fhirconsent: Consent.provision.purpose
limit	Σ	0..*	CodeableConcept	There are no (further) constraints on this element Element id Permission.rule.limit Short description What limits apply to the use of the data Definition What limits apply to the use of the data. Data type CodeableConcept Binding Obligations and Refrains SecurityLabelEventExamples (example) Constraints ele-1: All FHIR elements must have a @value or children `hasValue() or (children().count() > id.count())`

Permission
Short	Access Rules
Definition	Permission resource holds access rules for a given data and context.
Cardinality	0..*
Constraints	dom-2: If the resource is contained in another resource, it SHALL NOT contain nested Resources `contained.contained.empty()` dom-3: If the resource is contained in another resource, it SHALL be referred to from elsewhere in the resource or SHALL refer to the containing resource `contained.where((('#'+id in (%resource.descendants().reference \| %resource.descendants().ofType(canonical) \| %resource.descendants().ofType(uri) \| %resource.descendants().ofType(url))) or descendants().where(reference = '#').exists() or descendants().where(ofType(canonical) = '#').exists() or descendants().where(ofType(canonical) = '#').exists()).not()).trace('unmatched', id).empty()` dom-4: If a resource is contained in another resource, it SHALL NOT have a meta.versionId or a meta.lastUpdated `contained.meta.versionId.empty() and contained.meta.lastUpdated.empty()` dom-5: If a resource is contained in another resource, it SHALL NOT have a security label `contained.meta.security.empty()` dom-6: A resource should have narrative for robust management text.`div`.exists()
Mappings	rim: Entity, Role, or Act w5: infrastructure.information
Permission.id
Short	Logical id of this artifact
Definition	The logical id of the resource, as used in the URL for the resource. Once assigned, this value never changes.
Cardinality	0..1
Type	id
Summary	True
Comments	Within the context of the FHIR RESTful interactions, the resource has an id except for cases like the create and conditional update. Otherwise, the use of the resouce id depends on the given use case.
Permission.meta
Short	Metadata about the resource
Definition	The metadata about the resource. This is content that is maintained by the infrastructure. Changes to the content might not always be associated with version changes to the resource.
Cardinality	0..1
Type	Meta
Summary	True
Constraints	ele-1: All FHIR elements must have a @value or children `hasValue() or (children().count() > id.count())`
Permission.implicitRules
Short	A set of rules under which this content was created
Definition	A reference to a set of rules that were followed when the resource was constructed, and which must be understood when processing the content. Often, this is a reference to an implementation guide that defines the special rules along with other profiles etc.
Cardinality	0..1
Type	uri
Modifier	True
Summary	True
Comments	Asserting this rule set restricts the content to be only understood by a limited set of trading partners. This inherently limits the usefulness of the data in the long term. However, the existing health eco-system is highly fractured, and not yet ready to define, collect, and exchange data in a generally computable sense. Wherever possible, implementers and/or specification writers should avoid using this element. Often, when used, the URL is a reference to an implementation guide that defines these special rules as part of its narrative along with other profiles, value sets, etc.
Constraints	ele-1: All FHIR elements must have a @value or children `hasValue() or (children().count() > id.count())`
Permission.language
Short	Language of the resource content
Definition	The base language in which the resource is written.
Cardinality	0..1
Type	code
Binding	IETF language tag for a human language AllLanguages (required) Additional bindings CommonLanguages (starter)
Comments	Language is provided to support indexing and accessibility (typically, services such as text to speech use the language tag). The html language tag in the narrative applies to the narrative. The language tag on the resource may be used to specify the language of other presentations generated from the data in the resource. Not all the content has to be in the base language. The Resource.language should not be assumed to apply to the narrative automatically. If a language is specified, it should it also be specified on the div element in the html (see rules in HTML5 for information about the relationship between xml:lang and the html lang attribute).
Constraints	ele-1: All FHIR elements must have a @value or children `hasValue() or (children().count() > id.count())`
Permission.text
Short	Text summary of the resource, for human interpretation
Definition	A human-readable narrative that contains a summary of the resource and can be used to represent the content of the resource to a human. The narrative need not encode all the structured data, but is required to contain sufficient detail to make it "clinically safe" for a human to just read the narrative. Resource definitions may define what content should be represented in the narrative to ensure clinical safety.
Cardinality	0..1
Type	Narrative
Alias	narrative, html, xhtml, display
Comments	Contained resources do not have a narrative. Resources that are not contained SHOULD have a narrative. In some cases, a resource may only have text with little or no additional discrete data (as long as all minOccurs=1 elements are satisfied). This may be necessary for data from legacy systems where information is captured as a "text blob" or where text is additionally entered raw or narrated and encoded information is added later.
Conditions	The cardinality or value of this element may be affected by these constraints: dom-6
Constraints	ele-1: All FHIR elements must have a @value or children `hasValue() or (children().count() > id.count())`
Mappings	rim: Act.text?
Permission.contained
Short	Contained, inline Resources
Definition	These resources do not have an independent existence apart from the resource that contains them - they cannot be identified independently, nor can they have their own independent transaction scope. This is allowed to be a Parameters resource if and only if it is referenced by a resource that provides context/meaning.
Cardinality	0..*
Type	Resource
Alias	inline resources, anonymous resources, contained resources
Comments	This should never be done when the content can be identified properly, as once identification is lost, it is extremely difficult (and context dependent) to restore it again. Contained resources may have profiles and tags in their meta elements, but SHALL NOT have security labels.
Conditions	The cardinality or value of this element may be affected by these constraints: dom-2, dom-4, dom-3, dom-5
Mappings	rim: N/A
Permission.extension
Short	Additional content defined by implementations
Definition	May be used to represent additional information that is not part of the basic definition of the resource. To make the use of extensions safe and managable, there is a strict set of governance applied to the definition and use of extensions. Though any implementer can define an extension, there is a set of requirements that SHALL be met as part of the definition of the extension.
Cardinality	0..*
Type	Extension
Alias	extensions, user content
Comments	There can be no stigma associated with the use of extensions by any application, project, or standard - regardless of the institution or jurisdiction that uses or defines the extensions. The use of extensions is what allows the FHIR specification to retain a core level of simplicity for everyone.
Constraints	ele-1: All FHIR elements must have a @value or children `hasValue() or (children().count() > id.count())` ext-1: Must have either extensions or value[x], not both `extension.exists() != value.exists()`
Mappings	rim: N/A
Permission.modifierExtension
Short	Extensions that cannot be ignored
Definition	May be used to represent additional information that is not part of the basic definition of the resource and that modifies the understanding of the element that contains it and/or the understanding of the containing element's descendants. Usually modifier elements provide negation or qualification. To make the use of extensions safe and managable, there is a strict set of governance applied to the definition and use of extensions. Though any implementer is allowed to define an extension, there is a set of requirements that SHALL be met as part of the definition of the extension. Applications processing a resource are required to check for modifier extensions. Modifier extensions SHALL NOT change the meaning of any elements on Resource or DomainResource (including cannot change the meaning of modifierExtension itself).
Cardinality	0..*
Type	Extension
Modifier	True
Summary	True
Alias	extensions, user content
Requirements	Modifier extensions allow for extensions that cannot be safely ignored to be clearly distinguished from the vast majority of extensions which can be safely ignored. This promotes interoperability by eliminating the need for implementers to prohibit the presence of extensions. For further information, see the definition of modifier extensions.
Comments	There can be no stigma associated with the use of extensions by any application, project, or standard - regardless of the institution or jurisdiction that uses or defines the extensions. The use of extensions is what allows the FHIR specification to retain a core level of simplicity for everyone.
Constraints	ele-1: All FHIR elements must have a @value or children `hasValue() or (children().count() > id.count())` ext-1: Must have either extensions or value[x], not both `extension.exists() != value.exists()`
Mappings	rim: N/A
Permission.status
Short	active \| entered-in-error \| draft \| rejected
Definition	Status.
Cardinality	1..1
Type	code
Binding	Codes identifying the lifecycle stage of a product. PermissionStatus (required)
Must Support	True
Summary	True
Constraints	ele-1: All FHIR elements must have a @value or children `hasValue() or (children().count() > id.count())`
Mappings	fhirconsent: Consent.status
Permission.asserter
Short	The person or entity that asserts the permission
Definition	The person or entity that asserts the permission.
Cardinality	0..1
Type	Reference(Practitioner \| PractitionerRole \| Organization \| CareTeam \| Patient \| RelatedPerson \| HealthcareService)
Summary	True
Constraints	ele-1: All FHIR elements must have a @value or children `hasValue() or (children().count() > id.count())`
Mappings	fhirconsent: Consent.grantor, Consent.grantee, Consent.manager, Consent.controller
Permission.date
Short	The date that permission was asserted
Definition	The date that permission was asserted.
Cardinality	0..*
Type	dateTime
Summary	True
Alias	class
Constraints	ele-1: All FHIR elements must have a @value or children `hasValue() or (children().count() > id.count())`
Mappings	fhirconsent: Consent.dateTime
Permission.validity
Short	The period in which the permission is active
Definition	The period in which the permission is active.
Cardinality	1..1
Type	Period
Must Support	True
Summary	True
Alias	type
Constraints	ele-1: All FHIR elements must have a @value or children `hasValue() or (children().count() > id.count())`
Mappings	fhirconsent: Consent.provision.period
Permission.validity.id
Short	Unique id for inter-element referencing
Definition	Unique id for the element within a resource (for internal references). This may be any string value that does not contain spaces.
Cardinality	0..1
Type	id
Conditions	The cardinality or value of this element may be affected by these constraints: ele-1
Mappings	rim: n/a
Permission.validity.extension
Short	Additional content defined by implementations
Definition	May be used to represent additional information that is not part of the basic definition of the element. To make the use of extensions safe and managable, there is a strict set of governance applied to the definition and use of extensions. Though any implementer can define an extension, there is a set of requirements that SHALL be met as part of the definition of the extension.
Cardinality	0..*
Type	Extension
Alias	extensions, user content
Comments	There can be no stigma associated with the use of extensions by any application, project, or standard - regardless of the institution or jurisdiction that uses or defines the extensions. The use of extensions is what allows the FHIR specification to retain a core level of simplicity for everyone.
Slicing	Unordered, Open, by url(Value) Extensions are always sliced by (at least) url
Constraints	ele-1: All FHIR elements must have a @value or children `hasValue() or (children().count() > id.count())` ext-1: Must have either extensions or value[x], not both `extension.exists() != value.exists()`
Mappings	rim: n/a
Permission.validity.start
Short	Starting time with inclusive boundary
Definition	The start of the period. The boundary is inclusive.
Cardinality	1..1
Type	dateTime
Must Support	True
Summary	True
Comments	If the low element is missing, the meaning is that the low boundary is not known.
Conditions	The cardinality or value of this element may be affected by these constraints: per-1
Constraints	ele-1: All FHIR elements must have a @value or children `hasValue() or (children().count() > id.count())`
Mappings	v2: DR.1 rim: ./low
Permission.validity.end
Short	End time with inclusive boundary, if not ongoing
Definition	The end of the period. If the end of the period is missing, it means no end was known or planned at the time the instance was created. The start may be in the past, and the end date in the future, which means that period is expected/planned to end at that time.
Cardinality	0..1
Type	dateTime
Must Support	True
Summary	True
Comments	The end value includes any matching date/time. i.e. 2012-02-03T10:00:00 is in a period that has an end value of 2012-02-03.
Meaning when missing	If the end of the period is missing, it means that the period is ongoing
Conditions	The cardinality or value of this element may be affected by these constraints: per-1
Constraints	ele-1: All FHIR elements must have a @value or children `hasValue() or (children().count() > id.count())`
Mappings	v2: DR.2 rim: ./high
Permission.justification
Short	The asserted justification for using the data
Definition	The asserted justification for using the data.
Cardinality	0..1
Type	BackboneElement
Summary	True
Constraints	ele-1: All FHIR elements must have a @value or children `hasValue() or (children().count() > id.count())`
Permission.justification.id
Short	Unique id for inter-element referencing
Definition	Unique id for the element within a resource (for internal references). This may be any string value that does not contain spaces.
Cardinality	0..1
Type	string
Conditions	The cardinality or value of this element may be affected by these constraints: ele-1
Mappings	rim: n/a
Permission.justification.extension
Short	Additional content defined by implementations
Definition	May be used to represent additional information that is not part of the basic definition of the element. To make the use of extensions safe and managable, there is a strict set of governance applied to the definition and use of extensions. Though any implementer can define an extension, there is a set of requirements that SHALL be met as part of the definition of the extension.
Cardinality	0..*
Type	Extension
Alias	extensions, user content
Comments	There can be no stigma associated with the use of extensions by any application, project, or standard - regardless of the institution or jurisdiction that uses or defines the extensions. The use of extensions is what allows the FHIR specification to retain a core level of simplicity for everyone.
Constraints	ele-1: All FHIR elements must have a @value or children `hasValue() or (children().count() > id.count())` ext-1: Must have either extensions or value[x], not both `extension.exists() != value.exists()`
Mappings	rim: n/a
Permission.justification.modifierExtension
Short	Extensions that cannot be ignored even if unrecognized
Definition	May be used to represent additional information that is not part of the basic definition of the element and that modifies the understanding of the element in which it is contained and/or the understanding of the containing element's descendants. Usually modifier elements provide negation or qualification. To make the use of extensions safe and managable, there is a strict set of governance applied to the definition and use of extensions. Though any implementer can define an extension, there is a set of requirements that SHALL be met as part of the definition of the extension. Applications processing a resource are required to check for modifier extensions. Modifier extensions SHALL NOT change the meaning of any elements on Resource or DomainResource (including cannot change the meaning of modifierExtension itself).
Cardinality	0..*
Type	Extension
Modifier	True
Summary	True
Alias	extensions, user content, modifiers
Requirements	Modifier extensions allow for extensions that cannot be safely ignored to be clearly distinguished from the vast majority of extensions which can be safely ignored. This promotes interoperability by eliminating the need for implementers to prohibit the presence of extensions. For further information, see the definition of modifier extensions.
Comments	There can be no stigma associated with the use of extensions by any application, project, or standard - regardless of the institution or jurisdiction that uses or defines the extensions. The use of extensions is what allows the FHIR specification to retain a core level of simplicity for everyone.
Constraints	ele-1: All FHIR elements must have a @value or children `hasValue() or (children().count() > id.count())` ext-1: Must have either extensions or value[x], not both `extension.exists() != value.exists()`
Mappings	rim: N/A
Permission.justification.basis
Short	The regulatory grounds upon which this Permission builds
Definition	This would be a codeableconcept, or a coding, which can be constrained to , for example, the 6 grounds for processing in GDPR.
Cardinality	0..*
Type	CodeableConcept
Binding	Regulatory policy examples ConsentPolicyRuleCodes (example)
Summary	True
Constraints	ele-1: All FHIR elements must have a @value or children `hasValue() or (children().count() > id.count())`
Mappings	fhirconsent: Consent.regulatoryBasis
Permission.justification.evidence
Short	Justifing rational
Definition	Justifing rational.
Cardinality	0..*
Type	Reference(Resource)
Summary	True
Comments	While any resource may be used, DocumentReference, Consent, PlanDefinition, and Contract would be most frequent
Constraints	ele-1: All FHIR elements must have a @value or children `hasValue() or (children().count() > id.count())`
Mappings	fhirconsent: Consent.policyBasis.reference
Permission.combining
Short	deny-overrides \| permit-overrides \| ordered-deny-overrides \| ordered-permit-overrides \| deny-unless-permit \| permit-unless-deny
Definition	Defines a procedure for arriving at an access decision given the set of rules.
Cardinality	1..1
Type	code
Binding	How the rules are to be combined. PermissionRuleCombining (required)
Must Support	True
Modifier	True
Summary	True
Comments	see XACML Combining Rules
Constraints	ele-1: All FHIR elements must have a @value or children `hasValue() or (children().count() > id.count())`
Fixed Value	permit-unless-deny
Permission.rule
Short	Constraints to the Permission
Definition	A set of rules.
Cardinality	0..*
Type	BackboneElement
Must Support	True
Summary	True
Constraints	ele-1: All FHIR elements must have a @value or children `hasValue() or (children().count() > id.count())`
Permission.rule.id
Short	Unique id for inter-element referencing
Definition	Unique id for the element within a resource (for internal references). This may be any string value that does not contain spaces.
Cardinality	0..1
Type	string
Conditions	The cardinality or value of this element may be affected by these constraints: ele-1
Mappings	rim: n/a
Permission.rule.extension
Short	Additional content defined by implementations
Definition	May be used to represent additional information that is not part of the basic definition of the element. To make the use of extensions safe and managable, there is a strict set of governance applied to the definition and use of extensions. Though any implementer can define an extension, there is a set of requirements that SHALL be met as part of the definition of the extension.
Cardinality	0..*
Type	Extension
Alias	extensions, user content
Comments	There can be no stigma associated with the use of extensions by any application, project, or standard - regardless of the institution or jurisdiction that uses or defines the extensions. The use of extensions is what allows the FHIR specification to retain a core level of simplicity for everyone.
Constraints	ele-1: All FHIR elements must have a @value or children `hasValue() or (children().count() > id.count())` ext-1: Must have either extensions or value[x], not both `extension.exists() != value.exists()`
Mappings	rim: n/a
Permission.rule.modifierExtension
Short	Extensions that cannot be ignored even if unrecognized
Definition	May be used to represent additional information that is not part of the basic definition of the element and that modifies the understanding of the element in which it is contained and/or the understanding of the containing element's descendants. Usually modifier elements provide negation or qualification. To make the use of extensions safe and managable, there is a strict set of governance applied to the definition and use of extensions. Though any implementer can define an extension, there is a set of requirements that SHALL be met as part of the definition of the extension. Applications processing a resource are required to check for modifier extensions. Modifier extensions SHALL NOT change the meaning of any elements on Resource or DomainResource (including cannot change the meaning of modifierExtension itself).
Cardinality	0..*
Type	Extension
Modifier	True
Summary	True
Alias	extensions, user content, modifiers
Requirements	Modifier extensions allow for extensions that cannot be safely ignored to be clearly distinguished from the vast majority of extensions which can be safely ignored. This promotes interoperability by eliminating the need for implementers to prohibit the presence of extensions. For further information, see the definition of modifier extensions.
Comments	There can be no stigma associated with the use of extensions by any application, project, or standard - regardless of the institution or jurisdiction that uses or defines the extensions. The use of extensions is what allows the FHIR specification to retain a core level of simplicity for everyone.
Constraints	ele-1: All FHIR elements must have a @value or children `hasValue() or (children().count() > id.count())` ext-1: Must have either extensions or value[x], not both `extension.exists() != value.exists()`
Mappings	rim: N/A
Permission.rule.type
Short	deny \| permit
Definition	deny \| permit.
Cardinality	0..1
Type	code
Binding	How a rule statement is applied. ConsentProvisionType (required)
Modifier	True
Summary	True
Constraints	ele-1: All FHIR elements must have a @value or children `hasValue() or (children().count() > id.count())`
Fixed Value	permit
Mappings	fhirconsent: Consent.provision.type
Permission.rule.data
Short	The selection criteria to identify data that is within scope of this provision
Definition	A description or definition of which activities are allowed to be done on the data.
Cardinality	0..*
Type	BackboneElement
Must Support	True
Summary	True
Constraints	ele-1: All FHIR elements must have a @value or children `hasValue() or (children().count() > id.count())`
Permission.rule.data.id
Short	Unique id for inter-element referencing
Definition	Unique id for the element within a resource (for internal references). This may be any string value that does not contain spaces.
Cardinality	0..1
Type	string
Conditions	The cardinality or value of this element may be affected by these constraints: ele-1
Mappings	rim: n/a
Permission.rule.data.extension
Short	Additional content defined by implementations
Definition	May be used to represent additional information that is not part of the basic definition of the element. To make the use of extensions safe and managable, there is a strict set of governance applied to the definition and use of extensions. Though any implementer can define an extension, there is a set of requirements that SHALL be met as part of the definition of the extension.
Cardinality	0..*
Type	Extension
Alias	extensions, user content
Comments	There can be no stigma associated with the use of extensions by any application, project, or standard - regardless of the institution or jurisdiction that uses or defines the extensions. The use of extensions is what allows the FHIR specification to retain a core level of simplicity for everyone.
Constraints	ele-1: All FHIR elements must have a @value or children `hasValue() or (children().count() > id.count())` ext-1: Must have either extensions or value[x], not both `extension.exists() != value.exists()`
Mappings	rim: n/a
Permission.rule.data.modifierExtension
Short	Extensions that cannot be ignored even if unrecognized
Definition	May be used to represent additional information that is not part of the basic definition of the element and that modifies the understanding of the element in which it is contained and/or the understanding of the containing element's descendants. Usually modifier elements provide negation or qualification. To make the use of extensions safe and managable, there is a strict set of governance applied to the definition and use of extensions. Though any implementer can define an extension, there is a set of requirements that SHALL be met as part of the definition of the extension. Applications processing a resource are required to check for modifier extensions. Modifier extensions SHALL NOT change the meaning of any elements on Resource or DomainResource (including cannot change the meaning of modifierExtension itself).
Cardinality	0..*
Type	Extension
Modifier	True
Summary	True
Alias	extensions, user content, modifiers
Requirements	Modifier extensions allow for extensions that cannot be safely ignored to be clearly distinguished from the vast majority of extensions which can be safely ignored. This promotes interoperability by eliminating the need for implementers to prohibit the presence of extensions. For further information, see the definition of modifier extensions.
Comments	There can be no stigma associated with the use of extensions by any application, project, or standard - regardless of the institution or jurisdiction that uses or defines the extensions. The use of extensions is what allows the FHIR specification to retain a core level of simplicity for everyone.
Constraints	ele-1: All FHIR elements must have a @value or children `hasValue() or (children().count() > id.count())` ext-1: Must have either extensions or value[x], not both `extension.exists() != value.exists()`
Mappings	rim: N/A
Permission.rule.data.resource
Short	Explicit FHIR Resource references
Definition	Explicit FHIR Resource references.
Cardinality	0..*
Type	BackboneElement
Must Support	True
Summary	True
Constraints	ele-1: All FHIR elements must have a @value or children `hasValue() or (children().count() > id.count())`
Mappings	fhirconsent: Consent.provision.data
Permission.rule.data.resource.id
Short	Unique id for inter-element referencing
Definition	Unique id for the element within a resource (for internal references). This may be any string value that does not contain spaces.
Cardinality	0..1
Type	string
Conditions	The cardinality or value of this element may be affected by these constraints: ele-1
Mappings	rim: n/a
Permission.rule.data.resource.extension
Short	Additional content defined by implementations
Definition	May be used to represent additional information that is not part of the basic definition of the element. To make the use of extensions safe and managable, there is a strict set of governance applied to the definition and use of extensions. Though any implementer can define an extension, there is a set of requirements that SHALL be met as part of the definition of the extension.
Cardinality	0..*
Type	Extension
Alias	extensions, user content
Comments	There can be no stigma associated with the use of extensions by any application, project, or standard - regardless of the institution or jurisdiction that uses or defines the extensions. The use of extensions is what allows the FHIR specification to retain a core level of simplicity for everyone.
Constraints	ele-1: All FHIR elements must have a @value or children `hasValue() or (children().count() > id.count())` ext-1: Must have either extensions or value[x], not both `extension.exists() != value.exists()`
Mappings	rim: n/a
Permission.rule.data.resource.modifierExtension
Short	Extensions that cannot be ignored even if unrecognized
Definition	May be used to represent additional information that is not part of the basic definition of the element and that modifies the understanding of the element in which it is contained and/or the understanding of the containing element's descendants. Usually modifier elements provide negation or qualification. To make the use of extensions safe and managable, there is a strict set of governance applied to the definition and use of extensions. Though any implementer can define an extension, there is a set of requirements that SHALL be met as part of the definition of the extension. Applications processing a resource are required to check for modifier extensions. Modifier extensions SHALL NOT change the meaning of any elements on Resource or DomainResource (including cannot change the meaning of modifierExtension itself).
Cardinality	0..*
Type	Extension
Modifier	True
Summary	True
Alias	extensions, user content, modifiers
Requirements	Modifier extensions allow for extensions that cannot be safely ignored to be clearly distinguished from the vast majority of extensions which can be safely ignored. This promotes interoperability by eliminating the need for implementers to prohibit the presence of extensions. For further information, see the definition of modifier extensions.
Comments	There can be no stigma associated with the use of extensions by any application, project, or standard - regardless of the institution or jurisdiction that uses or defines the extensions. The use of extensions is what allows the FHIR specification to retain a core level of simplicity for everyone.
Constraints	ele-1: All FHIR elements must have a @value or children `hasValue() or (children().count() > id.count())` ext-1: Must have either extensions or value[x], not both `extension.exists() != value.exists()`
Mappings	rim: N/A
Permission.rule.data.resource.meaning
Short	instance \| related \| dependents \| authoredby
Definition	How the resource reference is interpreted when testing consent restrictions.
Cardinality	1..1
Type	code
Binding	How a resource reference is interpreted when testing consent restrictions. ConsentDataMeaning (required)
Must Support	True
Summary	True
Constraints	ele-1: All FHIR elements must have a @value or children `hasValue() or (children().count() > id.count())`
Fixed Value	instance
Permission.rule.data.resource.reference
Short	The actual data reference
Definition	A reference to a specific resource that defines which resources are covered by this consent.
Cardinality	1..1
Type	Reference(HVOOrganization \| HVOOrganizationalUnit)
Must Support	True
Summary	True
Constraints	ele-1: All FHIR elements must have a @value or children `hasValue() or (children().count() > id.count())`
Permission.rule.data.security
Short	Security tag code on .meta.security
Definition	The data in scope are those with the given codes present in that data .meta.security element.
Cardinality	0..*
Type	Coding
Summary	True
Comments	Note the ConfidentialityCode vocabulary indicates the highest value, thus a security label of "R" then it applies to all resources that are labeled "R" or lower. E.g. for Confidentiality, it's a high water mark. For other kinds of security labels, subsumption logic applies. When the purpose of use tag is on the data, access request purpose of use shall not conflict.
Constraints	ele-1: All FHIR elements must have a @value or children `hasValue() or (children().count() > id.count())`
Mappings	fhirconsent: Consent.provision.securityLabel
Permission.rule.data.period
Short	Timeframe encompasing data create/update
Definition	Clinical or Operational Relevant period of time that bounds the data controlled by this rule.
Cardinality	0..*
Type	Period
Summary	True
Comments	This has a different sense to the .validity.
Constraints	ele-1: All FHIR elements must have a @value or children `hasValue() or (children().count() > id.count())`
Mappings	fhirconsent: Consent.provision.dataPeriod
Permission.rule.data.expression
Short	Expression identifying the data
Definition	Used when other data selection elements are insufficient.
Cardinality	0..1
Type	Expression
Must Support	True
Summary	True
Constraints	ele-1: All FHIR elements must have a @value or children `hasValue() or (children().count() > id.count())`
Mappings	fhirconsent: Consent.provision.class, Consent.provision.code, Consent.provision.expression
Permission.rule.activity
Short	A description or definition of which activities are allowed to be done on the data
Definition	A description or definition of which activities are allowed to be done on the data.
Cardinality	0..*
Type	BackboneElement
Must Support	True
Summary	True
Constraints	ele-1: All FHIR elements must have a @value or children `hasValue() or (children().count() > id.count())`
Permission.rule.activity.id
Short	Unique id for inter-element referencing
Definition	Unique id for the element within a resource (for internal references). This may be any string value that does not contain spaces.
Cardinality	0..1
Type	string
Conditions	The cardinality or value of this element may be affected by these constraints: ele-1
Mappings	rim: n/a
Permission.rule.activity.extension
Short	Additional content defined by implementations
Definition	May be used to represent additional information that is not part of the basic definition of the element. To make the use of extensions safe and managable, there is a strict set of governance applied to the definition and use of extensions. Though any implementer can define an extension, there is a set of requirements that SHALL be met as part of the definition of the extension.
Cardinality	0..*
Type	Extension
Alias	extensions, user content
Comments	There can be no stigma associated with the use of extensions by any application, project, or standard - regardless of the institution or jurisdiction that uses or defines the extensions. The use of extensions is what allows the FHIR specification to retain a core level of simplicity for everyone.
Constraints	ele-1: All FHIR elements must have a @value or children `hasValue() or (children().count() > id.count())` ext-1: Must have either extensions or value[x], not both `extension.exists() != value.exists()`
Mappings	rim: n/a
Permission.rule.activity.modifierExtension
Short	Extensions that cannot be ignored even if unrecognized
Definition	May be used to represent additional information that is not part of the basic definition of the element and that modifies the understanding of the element in which it is contained and/or the understanding of the containing element's descendants. Usually modifier elements provide negation or qualification. To make the use of extensions safe and managable, there is a strict set of governance applied to the definition and use of extensions. Though any implementer can define an extension, there is a set of requirements that SHALL be met as part of the definition of the extension. Applications processing a resource are required to check for modifier extensions. Modifier extensions SHALL NOT change the meaning of any elements on Resource or DomainResource (including cannot change the meaning of modifierExtension itself).
Cardinality	0..*
Type	Extension
Modifier	True
Summary	True
Alias	extensions, user content, modifiers
Requirements	Modifier extensions allow for extensions that cannot be safely ignored to be clearly distinguished from the vast majority of extensions which can be safely ignored. This promotes interoperability by eliminating the need for implementers to prohibit the presence of extensions. For further information, see the definition of modifier extensions.
Comments	There can be no stigma associated with the use of extensions by any application, project, or standard - regardless of the institution or jurisdiction that uses or defines the extensions. The use of extensions is what allows the FHIR specification to retain a core level of simplicity for everyone.
Constraints	ele-1: All FHIR elements must have a @value or children `hasValue() or (children().count() > id.count())` ext-1: Must have either extensions or value[x], not both `extension.exists() != value.exists()`
Mappings	rim: N/A
Permission.rule.activity.actor
Short	Authorized actor(s)
Definition	The actor(s) authorized for the defined activity.
Cardinality	0..*
Type	Reference(HVODevice)
Must Support	True
Summary	True
Constraints	ele-1: All FHIR elements must have a @value or children `hasValue() or (children().count() > id.count())`
Mappings	fhirconsent: Consent.provision.actor
Permission.rule.activity.action
Short	Actions controlled by this rule
Definition	Actions controlled by this Rule.
Cardinality	0..*
Type	CodeableConcept
Binding	Detailed codes for the action. TypeRestfulInteraction (required)
Must Support	True
Summary	True
Comments	Note that this is the direct action (not the grounds for the action covered in the purpose element). At present, the only action in the understood and tested scope of this resource is 'read'.
Constraints	ele-1: All FHIR elements must have a @value or children `hasValue() or (children().count() > id.count())`
Mappings	fhirconsent: Consent.provision.action
Permission.rule.activity.purpose
Short	The purpose for which the permission is given
Definition	The purpose for which the permission is given.
Cardinality	0..*
Type	CodeableConcept
Binding	What purposes of use are controlled by this exception. If more than one label is specified, operations must have all the specified labels. PurposeOfUse (preferred)
Summary	True
Constraints	ele-1: All FHIR elements must have a @value or children `hasValue() or (children().count() > id.count())`
Mappings	fhirconsent: Consent.provision.purpose
Permission.rule.limit
Short	What limits apply to the use of the data
Definition	What limits apply to the use of the data.
Cardinality	0..*
Type	CodeableConcept
Binding	Obligations and Refrains SecurityLabelEventExamples (example)
Summary	True
Constraints	ele-1: All FHIR elements must have a @value or children `hasValue() or (children().count() > id.count())`

<id value="HVOOrganizationInteractionPermission" />
<url value="http://electronichealth.se/fhir/hvo/StructureDefinition/HVOOrganizationInteractionPermission" />
<version value="0.1.0" />
<name value="HVOOrganizationInteractionPermission" />
<status value="draft" />
<fhirVersion value="5.0.0" />
<kind value="resource" />
<abstract value="false" />
<type value="Permission" />
<baseDefinition value="http://hl7.org/fhir/StructureDefinition/Permission" />
<derivation value="constraint" />
<differential>
<element id="Permission.status">
<path value="Permission.status" />
<mustSupport value="true" />
</element>
<element id="Permission.validity">
<path value="Permission.validity" />
<min value="1" />
<mustSupport value="true" />
</element>
<element id="Permission.validity.start">
<path value="Permission.validity.start" />
<min value="1" />
<mustSupport value="true" />
</element>
<element id="Permission.validity.end">
<path value="Permission.validity.end" />
<mustSupport value="true" />
</element>
<element id="Permission.combining">
<path value="Permission.combining" />
<fixedCode value="permit-unless-deny" />
<mustSupport value="true" />
</element>
<element id="Permission.rule">
<path value="Permission.rule" />
<mustSupport value="true" />
</element>
<element id="Permission.rule.type">
<path value="Permission.rule.type" />
<fixedCode value="permit" />
</element>
<element id="Permission.rule.data">
<path value="Permission.rule.data" />
<mustSupport value="true" />
</element>
<element id="Permission.rule.data.resource">
<path value="Permission.rule.data.resource" />
<mustSupport value="true" />
</element>
<element id="Permission.rule.data.resource.meaning">
<path value="Permission.rule.data.resource.meaning" />
<fixedCode value="instance" />
<mustSupport value="true" />
</element>
<element id="Permission.rule.data.resource.reference">
<path value="Permission.rule.data.resource.reference" />
<type>
<code value="Reference" />
<targetProfile value="http://electronichealth.se/fhir/hvo/StructureDefinition/HVOOrganization" />
<targetProfile value="http://electronichealth.se/fhir/hvo/StructureDefinition/HVOOrganizationalUnit" />
</type>
<mustSupport value="true" />
</element>
<element id="Permission.rule.data.expression">
<path value="Permission.rule.data.expression" />
<mustSupport value="true" />
</element>
<element id="Permission.rule.activity">
<path value="Permission.rule.activity" />
<mustSupport value="true" />
</element>
<element id="Permission.rule.activity.actor">
<path value="Permission.rule.activity.actor" />
<type>
<code value="Reference" />
<targetProfile value="http://electronichealth.se/fhir/hvo/StructureDefinition/HVODevice" />
</type>
<mustSupport value="true" />
</element>
<element id="Permission.rule.activity.action">
<path value="Permission.rule.activity.action" />
<mustSupport value="true" />
<binding>
<strength value="required" />
<valueSet value="http://hl7.org/fhir/ValueSet/type-restful-interaction" />
</binding>
</element>
</differential>

</StructureDefinition>

{

"resourceType": "StructureDefinition",
"id": "HVOOrganizationInteractionPermission",
"url": "http://electronichealth.se/fhir/hvo/StructureDefinition/HVOOrganizationInteractionPermission",
"version": "0.1.0",
"name": "HVOOrganizationInteractionPermission",
"status": "draft",
"fhirVersion": "5.0.0",
"kind": "resource",
"abstract": false,
"type": "Permission",
"baseDefinition": "http://hl7.org/fhir/StructureDefinition/Permission",
"derivation": "constraint",
"differential": {
"element": [
{
"id": "Permission.status",
"path": "Permission.status",
"mustSupport": true
},
{
"id": "Permission.validity",
"path": "Permission.validity",
"min": 1,
"mustSupport": true
},
{
"id": "Permission.validity.start",
"path": "Permission.validity.start",
"min": 1,
"mustSupport": true
},
{
"id": "Permission.validity.end",
"path": "Permission.validity.end",
"mustSupport": true
},
{
"id": "Permission.combining",
"path": "Permission.combining",
"fixedCode": "permit-unless-deny",
"mustSupport": true
},
{
"id": "Permission.rule",
"path": "Permission.rule",
"mustSupport": true
},
{
"id": "Permission.rule.type",
"path": "Permission.rule.type",
"fixedCode": "permit"
},
{
"id": "Permission.rule.data",
"path": "Permission.rule.data",
"mustSupport": true
},
{
"id": "Permission.rule.data.resource",
"path": "Permission.rule.data.resource",
"mustSupport": true
},
{
"id": "Permission.rule.data.resource.meaning",
"path": "Permission.rule.data.resource.meaning",
"fixedCode": "instance",
"mustSupport": true
},
{
"id": "Permission.rule.data.resource.reference",
"path": "Permission.rule.data.resource.reference",
"type": [
{
"code": "Reference",
"targetProfile": [
"http://electronichealth.se/fhir/hvo/StructureDefinition/HVOOrganization",
"http://electronichealth.se/fhir/hvo/StructureDefinition/HVOOrganizationalUnit"
]
}
],
"mustSupport": true
},
{
"id": "Permission.rule.data.expression",
"path": "Permission.rule.data.expression",
"mustSupport": true
},
{
"id": "Permission.rule.activity",
"path": "Permission.rule.activity",
"mustSupport": true
},
{
"id": "Permission.rule.activity.actor",
"path": "Permission.rule.activity.actor",
"type": [
{
"code": "Reference",
"targetProfile": [
"http://electronichealth.se/fhir/hvo/StructureDefinition/HVODevice"
]
}
],
"mustSupport": true
},
{
"id": "Permission.rule.activity.action",
"path": "Permission.rule.activity.action",
"mustSupport": true,
"binding": {
"strength": "required",
"valueSet": "http://hl7.org/fhir/ValueSet/type-restful-interaction"
}
}
]
}

}

Details

The must-support flag indicates that the element is expected in some use cases, and a missing flag that the element is never used.

To declare what system has permission to do what the permission details, use the rule.activity.actor element to reference a Device with the system ID in the identifier.value field. What action the system is authorized to do is filled in using the rule.activity.action element. What HVOOrganization or HVOOrganizationalUnit the system is allowed to perform the declared action on is expressed using the rule.data.resource element, where the meaning should be set to instance so that the reference is interpreted as an instance of HVOOrganization/HVOOrganizationalUnit.

Permission - HVOOrganizationInteractionPermission

Page index

General information

Profile

Details

Supported operations