ONC LEAP Computable Consent Project

Logo

Documentation and Lessons Learned for the ONC LEAP Computable Consent Project.

policyRule values

24 May 2020 - Mohammad Jafari

Tags: cds change-request

Based on the current specifications, policyRule is a required attribute unless the consent points to an external representation of the policy (using the policy attribute). In other words, if a system chooses to use native FHIR encoding of consent rules it must specify a value for this attribute. This attribute sets the base rule for the consent and is essentially the default decision for any situation not explicitly addressed as an exception using the provision structure.

Currently, the value for this attribute is bound to an extensible value set which contains a number of pre-defined policies. For efficient processing of the consent rules, any consent processor software must be able to determine the default rule of the consent in the form of either a deny (opt-in) or a permit (opt-out), so that if a request context does not match any of the exceptions specified by the provisions, this default decision is followed. If this default decision is not explicitly encoded in the consent resource itself, the consent consumer must either query an outside service or maintain a mapping internally in order to determine which policies from the value set default to opt-in and which ones default to opt-out. Besides the complexity, this can also lead to inconsistencies in interpretation, as well as inability to process the consent if a particular policy value is not known to the consent processor.

There are two alternatives to fix this issue:

{
  "system": "http://terminology.hl7.org/CodeSystem/v3-ActCode",
  "code": "OPTIN"
}
{
  "system": "http://terminology.hl7.org/CodeSystem/v3-ActCode",
  "code": "OPTOUT"
}

Update: We filed FHIR-32817 to address this.