Inferensys

Glossary

FHIR Consent

A FHIR resource that records a patient's agreement or refusal for the collection, access, use, or disclosure of their health information for specific purposes.
Strategy consultant facilitating AI use case discovery workshop, sticky notes on glass wall, casual corporate meeting.
PRIVACY DIRECTIVE RESOURCE

What is FHIR Consent?

A FHIR resource that records a patient's agreement or refusal for the collection, access, use, or disclosure of their health information for specific purposes.

FHIR Consent is a record of a patient's privacy directive, capturing their authorization or denial for the processing of their Protected Health Information (PHI). It formalizes the legal basis for data sharing, specifying the actor, purpose, and period of the permission, moving beyond simple binary opt-in/opt-out flags to granular, computable policies.

The resource models complex privacy rules by linking a patient to specific provision elements that define what data is covered, who can access it, and for what clinical or research purpose. It enforces terminology binding to codes like HIPAA purposes of use, enabling automated enforcement by a FHIR Server security layer to block unauthorized data access at the API level.

PRIVACY DIRECTIVE ENGINE

Key Features of the FHIR Consent Resource

The FHIR Consent resource is a record of a healthcare consumer's choices, which permits or denies identified recipients or roles to perform specific actions on their protected health information for defined purposes.

02

Scope and Granularity

The scope element defines the breadth of the consent. It distinguishes between high-level privacy directives (patient-privacy) and specific research authorizations (research). Granularity is achieved by scoping provisions to specific data classes (e.g., medication records) or time periods, enabling a patient to consent to the use of lab data but not psychotherapy notes.

03

Actor and Purpose Binding

Provisions bind specific actors (individuals, organizations, or roles) to permitted actions and purposes. An actor can be a named practitioner, a care team role, or an organization. The purpose element uses codes like TREAT (treatment), HPAYMT (payment), or HMARKT (marketing) to align with HIPAA and GDPR use cases, ensuring the reason for access is explicitly authorized.

04

Verification and Provenance

The verification element captures the process by which the consent was confirmed as authentic. It records whether the consent was verified with the patient or a representative, the verification date, and the verifying party. This is critical for legal admissibility and audit trails, distinguishing a signed directive from an unverified patient preference.

05

Consent State Machine

The status element drives a lifecycle state machine with values including:

  • draft: The consent is being authored and is not yet active.
  • active: The consent is in force and must be enforced.
  • inactive: The consent is temporarily suspended.
  • entered-in-error: The record was created accidentally and is invalid.
  • rejected: The consent was refused by the patient.
06

Data Perimeter Control

The data element within a provision restricts the scope of information governed by the rule. It uses a FHIRPath expression to define a precise data perimeter, such as Observation.category = laboratory. This allows a single consent to apply a deny rule only to sensitive categories like genomic data or HIV-related results, while permitting access to the rest of the record.

FHIR CONSENT

Frequently Asked Questions

Clear answers to the most common technical and operational questions about the FHIR Consent resource, its implementation, and its role in privacy-compliant healthcare data exchange.

A FHIR Consent resource is a formal, computable record of a patient's or their authorized representative's agreement, refusal, or dissent regarding the collection, access, use, or disclosure of their Protected Health Information (PHI) for a specific purpose. It operates by defining a set of actors, actions, and constraints. The resource's core components include a patient reference, a scope (e.g., patient-privacy or research), and a category (e.g., OPTIN or OPTOUT). The provision element is the operational heart, specifying the actors authorized or denied, the specific data resources or clinical compartments affected, the allowed actions (like read or disclose), and the purpose of use (e.g., TREAT for treatment or HPAYMT for payment). This structured, machine-readable format allows security and privacy engines in a FHIR Server to automatically enforce patient-directed privacy policies at the API level, rather than relying on scanned paper forms.

Prasad Kumkar

About the author

Prasad Kumkar

CEO & MD, Inference Systems

Prasad Kumkar is the CEO & MD of Inference Systems and writes about AI systems architecture, LLM infrastructure, model serving, evaluation, and production deployment. Over 5+ years, he has worked across computer vision models, L5 autonomous vehicle systems, and LLM research, with a focus on taking complex AI ideas into real-world engineering systems.

His work and writing cover AI systems, large language models, AI agents, multimodal systems, autonomous systems, inference optimization, RAG, evaluation, and production AI engineering.