The FHIR R4 Consent resource captures a patient's policy choices regarding data access, allowing healthcare providers to manage and track permissions granted to recipients for accessing patient information. It supports defining specific actions and purposes within a given policy context and timeframe.

Health Gorilla exposes Consent as part of its FHIR R4 API to support patient-centric management of privacy and authorization records.

Use Cases

Retrieving a patient’s active privacy or treatment consents
Recording a new consent document or policy authorization
Revoking or removing existing consents
Filtering consents by date, category, or status

Scope and Behavior

This documentation describes the FHIR R4 API interface for Consent. Health Gorilla’s platform may use additional internal services and data standards to acquire, normalize, and route clinical information. Only the FHIR R4–exposed behavior is documented here.

Health Gorilla supports a subset of the HL7 FHIR R4 Consent resource. Not all optional elements defined in the HL7 specification may be stored, indexed, or returned. Unsupported or unrecognized elements may be ignored or normalized during processing.

In Health Gorilla, Consent is most commonly accessed as part of patient record retrieval and authorization workflows, where consent data may be aggregated and normalized for policy enforcement and audit purposes. This resource supports privacy compliance, treatment authorization, and information-sharing governance use cases.

Authentication

All requests to the FHIR R4 API require OAuth 2.0 authentication using a bearer token. Unauthorized requests return 401 Unauthorized responses.

Required Scopes

consent.read for GET
consent.write for POST and DELETE

For more information, go to: OAuth 2.0 Authentication.

Search Behavior

Searches are scoped to the authenticated tenant. The patient parameter is required for patient-scoped searches and is recommended for most search use cases.

Results are returned as a FHIR Bundle. Pagination may be applied. Use standard FHIR pagination links (Bundle.link) to retrieve additional result pages.

Note: The parameters listed below are not exhaustive and reflect commonly used fields in typical Health Gorilla workflows. Supported parameters and behavior may vary by configuration.

Frequently Used Search Parameters

Parameter	Description	Example Values	FHIR Data Type
`patient`	Filters by patient	`Patient/{id}`	`Reference`
`status`	Filters by the current status of the consent	`active`, `draft`, `inactive`	`token`
`category`	Filters by the category or type of consent	`treatment`, `privacy`	`token`
`date`	Filters by consent date or effective period (applies to `Consent.dateTime` and `Consent.provision.period`)	`ge2024-01-01`, `le2024-12-31`	`date`

Commonly Returned Resource Attributes

Attribute	Description	Example Values	FHIR Data Type
`patient`	Reference to the patient associated with the consent	`Patient/{id}`	`Reference(Patient)`
`status`	The current status of the consent	`draft`, `active`, `inactive`	`code`
`category`	Classification of the consent	`treatment`, `privacy`	`CodeableConcept[]`
`scope`	Broad category of consent purpose	`patient-privacy`	`CodeableConcept`
`dateTime`	Timestamp when the consent was created or signed	`YYYY-MM-DDTHH:MM:SSZ`	`dateTime`
`policy.uri`	Link to the governing privacy or consent policy (if populated)	`https://example.com/privacy-policy`	`uri`
`policy.authority`	Organization responsible for enforcing the policy (if populated)	`https://example.com`	`uri`
`provision`	Consent permissions, actors, purposes, and data restrictions	Structured provision entries	`BackboneElement[]`

Notifications

The FHIR R4 API does not provide direct resource-change subscriptions for Consent. Changes to consent information may surface through broader notification workflows, depending on enabled Health Gorilla products and configuration.

Error Handling

All Consent operations follow standard Health Gorilla error handling, including use of FHIR OperationOutcome for structured responses. For more information, go to: Error Handling.

Additional Resources

HL7 FHIR Consent Specification