Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


Consent resource might be used to hold specific consent on file or to send information about given consent along with healthcare information. To show that querying organization has a valid consent from a patient for a specific class of data and a specific purpose of processing. A list of examples for consent usage can be found here. ($TBA: get a GDPR example to the example page)

Explicit consent always requires a specific purpose of use or purpose of processing. HL7 provides a specific vocabulary to be used in this context. However, it is up to the implementing organizations to negotiate and agree on a specific codeset for interoperability purposes. Specific usage of consent might be specified in an implementation guide (IG). For instance, HL7 works on an IG for use-cases based on HL7 International Patient Summary (IPS). 


Information about the purpose of processing can be either implicit (e.g. all processed data in a system follows the same principle) or explicitly stored using security labeling. In the latter the PoU of any consent can be matched against an object's PoU security label to enforce access rights.

Simple usecase

$TBA: simple workflow including consent - try to reuse Girogios google doc:

Transparency about processing personal data