The FHIR R4 Consent resource captures a patient's policy choices regarding data access, allowing healthcare providers to manage and track permissions granted to recipients for accessing patient information. It supports defining specific actions and purposes within a given policy context and timeframe.
Use Cases
- Retrieve a patient’s active privacy or treatment consents
- Record a new consent document or policy authorization
- Revoke or remove existing consents
- Filter consents by date, category, or status
Base URLs
- Production: https://api.healthgorilla.com/fhir/R4/Consent
- Sandbox: https://sandbox.healthgorilla.com/fhir/R4/Consent
Authentication
All requests require OAuth 2.0 authentication using a Bearer Token. Unauthorized requests return 401 Unauthorized responses.
Required Scopes
consent.readfor GETconsent.writefor POST, DELETE
For more information, go to: OAuth 2.0 Authentication.
Supported Methods
| Method | Operation | Description |
|---|---|---|
GET | Read Consent | Retrieves a Consent resource by its unique ID. |
GET | Search Consent | Searches for Consent resources based on specified criteria, such as patient ID. |
POST | Create Consent | Adds a new Consent resource to the system. |
DELETE | Delete Consent | Removes a Consent resource from the system. |
Frequently Used Search Parameters
| Parameter | Description | FHIR Value Set / Example Values | FHIR Data Type | Required |
|---|---|---|---|---|
patient | Filters by patient ID | Patient/{id} | Reference | Yes |
status | Filters by the current status of the consent | ConsentStatus (active, draft, inactive) | token | No |
category | Filters by the category or type of consent | LOINC Code 59284-0 (treatment, privacy) | token | No |
date | Filters by consent creation date | ge2024-01-01, le2024-12-31 | date | No |
Commonly Returned Resource Attributes
| Attribute | Description | Example Values | FHIR Data Type | Required |
|---|---|---|---|---|
patient | Reference to the patient associated with the consent | Patient/{id} | Reference(Patient) | Yes |
status | The current status of the consent | active | code | Yes |
category | Classification of the consent | LOINC: 59284-0 | CodeableConcept[] | Yes |
scope | Broad category of consent purpose | consentscope (patient-privacy) | CodeableConcept | Yes |
dateTime | Timestamp when the consent was created or signed | YYYY-MM-DDTHH:MM:SSZ | dateTime | No |
policy.uri | Link to the governing privacy or consent policy | https://example.com/privacy-policy | uri | No |
policy.authority | Organization responsible for enforcing the policy | https://example.com | uri | No |
Webhooks
Clients can subscribe to receive notifications when new consents are recorded, or when existing records are updated or revoked. For more information, go to: Webhooks & Polling.
Error Handling
All Consent operations follow standard Health Gorilla error handling, including use of FHIR OperationOutcome for structured responses. For more information, go to: Error Handling.