The FHIR R4 Consent
resource captures a patient's policy choices regarding data access, allowing healthcare providers to manage and track permissions granted to recipients for accessing patient information. It supports defining specific actions and purposes within a given policy context and timeframe.
Use Cases
- Retrieve a patient’s active privacy or treatment consents
- Record a new consent document or policy authorization
- Revoke or remove existing consents
- Filter consents by date, category, or status
Base URLs
- Production: https://api.healthgorilla.com/fhir/R4/Consent
- Sandbox: https://sandbox.healthgorilla.com/fhir/R4/Consent
Authentication
All requests require OAuth 2.0 authentication using a Bearer Token. Unauthorized requests return 401 Unauthorized
responses.
Required Scopes
consent.read
for GETconsent.write
for POST, DELETE
For more information, go to: OAuth 2.0 Authentication.
Supported Methods
Method | Operation | Description |
---|---|---|
GET | Read Consent | Retrieves a Consent resource by its unique ID. |
GET | Search Consent | Searches for Consent resources based on specified criteria, such as patient ID. |
POST | Create Consent | Adds a new Consent resource to the system. |
DELETE | Delete Consent | Removes a Consent resource from the system. |
Frequently Used Search Parameters
Parameter | Description | FHIR Value Set / Example Values | FHIR Data Type | Required |
---|---|---|---|---|
patient | Filters by patient ID | Patient/{id} | Reference | Yes |
status | Filters by the current status of the consent | ConsentStatus (active , draft , inactive ) | token | No |
category | Filters by the category or type of consent | LOINC Code 59284-0 (treatment , privacy ) | token | No |
date | Filters by consent creation date | ge2024-01-01 , le2024-12-31 | date | No |
Commonly Returned Resource Attributes
Attribute | Description | Example Values | FHIR Data Type | Required |
---|---|---|---|---|
patient | Reference to the patient associated with the consent | Patient/{id} | Reference(Patient) | Yes |
status | The current status of the consent | active | code | Yes |
category | Classification of the consent | LOINC: 59284-0 | CodeableConcept[] | Yes |
scope | Broad category of consent purpose | consentscope (patient-privacy ) | CodeableConcept | Yes |
dateTime | Timestamp when the consent was created or signed | YYYY-MM-DDTHH:MM:SSZ | dateTime | No |
policy.uri | Link to the governing privacy or consent policy | https://example.com/privacy-policy | uri | No |
policy.authority | Organization responsible for enforcing the policy | https://example.com | uri | No |
Webhooks
Clients can subscribe to receive notifications when new consents are recorded, or when existing records are updated or revoked. For more information, go to: Webhooks & Polling.
Error Handling
All Consent
operations follow standard Health Gorilla error handling, including use of FHIR OperationOutcome
for structured responses. For more information, go to: Error Handling.