Consent

The FHIR R4 Consent resource captures a patient's policy choices regarding data access, allowing healthcare providers to manage and track permissions granted to recipients for accessing patient information. It supports defining specific actions and purposes within a given policy context and timeframe.

Use Cases

  • Retrieve a patient’s active privacy or treatment consents
  • Record a new consent document or policy authorization
  • Revoke or remove existing consents
  • Filter consents by date, category, or status

Base URLs

Authentication

All requests require OAuth 2.0 authentication using a Bearer Token. Unauthorized requests return 401 Unauthorized responses.

Required Scopes

  • consent.read for GET
  • consent.write for POST, DELETE

For more information, go to: OAuth 2.0 Authentication.

Supported Methods

MethodOperationDescription
GETRead ConsentRetrieves a Consent resource by its unique ID.
GETSearch ConsentSearches for Consent resources based on specified criteria, such as patient ID.
POSTCreate ConsentAdds a new Consent resource to the system.
DELETEDelete ConsentRemoves a Consent resource from the system.

Frequently Used Search Parameters

ParameterDescriptionFHIR Value Set / Example ValuesFHIR Data TypeRequired
patientFilters by patient IDPatient/{id}ReferenceYes
statusFilters by the current status of the consentConsentStatus (active, draft, inactive)tokenNo
categoryFilters by the category or type of consentLOINC Code 59284-0 (treatment, privacy)tokenNo
dateFilters by consent creation datege2024-01-01, le2024-12-31dateNo

Commonly Returned Resource Attributes

AttributeDescriptionExample ValuesFHIR Data TypeRequired
patientReference to the patient associated with the consentPatient/{id}Reference(Patient)Yes
statusThe current status of the consentactivecodeYes
categoryClassification of the consentLOINC: 59284-0CodeableConcept[]Yes
scopeBroad category of consent purposeconsentscope (patient-privacy)CodeableConceptYes
dateTimeTimestamp when the consent was created or signedYYYY-MM-DDTHH:MM:SSZdateTimeNo
policy.uriLink to the governing privacy or consent policyhttps://example.com/privacy-policyuriNo
policy.authorityOrganization responsible for enforcing the policyhttps://example.comuriNo

Webhooks

Clients can subscribe to receive notifications when new consents are recorded, or when existing records are updated or revoked. For more information, go to: Webhooks & Polling.

Error Handling

All Consent operations follow standard Health Gorilla error handling, including use of FHIR OperationOutcome for structured responses. For more information, go to: Error Handling.

Additional Resources

HL7 FHIR Consent Specification