HL7 Terminology
1.0.0 - Publication

This page is part of the HL7 Terminology (v1.0.0: Release) based on FHIR R4. The current version which supercedes this version is 5.2.0. For a full list of available versions, see the Directory of published versions

ActConsentDirective

Summary

Defining URL:http://terminology.hl7.org/ValueSet/v3-ActConsentDirective
Version:2.0.0
Name:ActConsentDirective
Status:Active
Title:ActConsentDirective
Definition:

ActConsentDirective codes are used to specify the type of Consent Directive to which a Consent Directive Act conforms.

OID:2.16.840.1.113883.1.11.20425 (for OID based terminology systems)
Source Resource:XML / JSON / Turtle

References

Content Logical Definition

Logical Definition (CLD)

 

Expansion

This value set contains 10 concepts

Expansion based on ActCode v2.0.0 (CodeSystem)

All codes from system http://terminology.hl7.org/CodeSystem/v3-ActCode

CodeDisplayDefinition
EMRGONLYemergency onlyPrivacy consent directive restricting or prohibiting access, use, or disclosure of personal information, including de-identified information, and personal effects, such as biometrics, biospecimen or genetic material, which may be used to identify an individual in a registry or repository for all purposes except for emergency treatment generally, which may include treatment during a disaster, a threat, in an emergency department and for break the glass purposes of use as specified by applicable domain policy. *Usage Note:* To specify the scope of an “EMRGONLY� consent directive within a policy domain, use one or more of the following Purpose of Use codes in the ActReason code system OID: 2.16.840.1.113883.5.8. * ETREAT (Emergency Treatment): To perform one or more operations on information for provision of immediately needed health care for an emergent condition. * BTG (break the glass): To perform policy override operations on information for provision of immediately needed health care for an emergent condition affecting potential harm, death or patient safety by end users who are not provisioned for this purpose of use. Includes override of organizational provisioning policies and may include override of subject of care consent directive restricting access. * ERTREAT (emergency room treatment): To perform one or more operations on information for provision of immediately needed health care for an emergent condition in an emergency room or similar emergent care context by end users provisioned for this purpose, which does not constitute as policy override such as in a "Break the Glass" purpose of use. * THREAT (threat): To perform one or more operations on information used to prevent injury or disease to living subjects who may be the target of violence. * DISASTER (disaster): To perform one or more operations on information used for provision of immediately needed health care to a population of living subjects located in a disaster zone. Map: An “emergency only� consent directive maps to ISO/TS 17975:2015(E) 5.13 Exceptional access
GRANTORCHOICEgrantor choiceA grantor's terms of agreement to which a grantee may assent or dissent, and which may include an opportunity for a grantee to request restrictions or extensions. *Comment:* A grantor typically is able to stipulate preferred terms of agreement when the grantor has control over the topic of the agreement, which a grantee must accept in full or may be offered an opportunity to extend or restrict certain terms. *Usage Note:* If the grantor's term of agreement must be accepted in full, then this is considered "basic consent". If a grantee is offered an opportunity to extend or restrict certain terms, then the agreement is considered "granular consent". **Examples:** * Healthcare: A PHR account holder \[grantor\] may require any PHR user \[grantee\] to accept the terms of agreement in full, or may permit a PHR user to extend or restrict terms selected by the account holder or requested by the PHR user. * Non-healthcare: The owner of a resource server \[grantor\] may require any authorization server \[grantee\] to meet authorization requirements stipulated in the grantor's terms of agreement.
IMPLIEDimplied consentA grantor's presumed assent to the grantee's terms of agreement is based on the grantor's behavior, which may result from not expressly assenting to the consent directive offered, or from having no right to assent or dissent offered by the grantee. *Comment:* Implied or "implicit" consent occurs when the behavior of the grantor is understood by a reasonable person to signal agreement to the grantee's terms. *Usage Note:* Implied consent with no opportunity to assent or dissent to certain terms is considered "basic consent". **Examples:** * Healthcare: A patient schedules an appointment with a provider, and either does not take the opportunity to expressly assent or dissent to the provider's consent directive, does not have an opportunity to do so, as in the case where emergency care is required, or simply behaves as though the patient \[grantor\] agrees to the rights granted to the provider \[grantee\] in an implicit consent directive. * An injured and unconscious patient is deemed to have assented to emergency treatment by those permitted to do so under jurisdictional laws, e.g., Good Samaritan laws. * Non-healthcare: Upon receiving a driver's license, the driver is deemed to have assented without explicitly consenting to undergoing field sobriety tests. * A corporation that does business in a foreign nation is deemed to have deemed to have assented without explicitly consenting to abide by that nation's laws.
IMPLIEDDimplied consent with opportunity to dissentA grantor's presumed assent to the grantee's terms of agreement, which is based on the grantor's behavior, and includes a right to dissent to certain terms. *Comment:* A grantor assenting to the grantee's terms of agreement may or may not exercise a right to dissent to grantor selected terms or to grantee's selected terms to which a grantor may dissent. *Usage Note:* Implied or "implicit" consent with an "opportunity to dissent" occurs when the grantor's behavior is understood by a reasonable person to signal assent to the grantee's terms of agreement whether the grantor requests or the grantee approves further restrictions, is considered "granular consent". **Examples:** * Healthcare Examples: A healthcare provider deems a patient's assent to disclosure of health information to family members and friends, but offers an opportunity or permits the patient to dissent to such disclosures. * A health information exchanges deems a patient to have assented to disclosure of health information for treatment purposes, but offers the patient an opportunity to dissents to disclosure to particular provider organizations. * Non-healthcare Examples: A bank deems a banking customer's assent to specified collection, access, use, or disclosure of financial information as a requirement of holding a bank account, but provides the user an opportunity to limit third-party collection, access, use or disclosure of that information for marketing purposes.
NOCONSENTno consentNo notification or opportunity is provided for a grantor to assent or dissent to a grantee's terms of agreement. *Comment:* A "No Consent" policy scheme provides no opportunity for accommodation of an individual's preferences, and may not comply with Fair Information Practice Principles \[FIPP\] by enabling the data subject to object, access collected information, correct errors, or have accounting of disclosures. *Usage Note:* The grantee's terms of agreement, may be available to the grantor by reviewing the grantee's privacy policies, but there is no notice by which a grantor is apprised of the policy directly or able to acknowledge. **Examples:** * Healthcare: Without notification or an opportunity to assent or dissent, a patient's health information is automatically included in and available (often according to certain rules) through a health information exchange. Note that this differs from implied consent, where the patient is assumed to have consented. * Without notification or an opportunity to assent or dissent, a patient's health information is collected, accessed, used, or disclosed for research, public health, security, fraud prevention, court order, or law enforcement. * Non-healthcare: Without notification or an opportunity to assent or dissent, a consumer's healthcare or non-healthcare internet searches are aggregated for secondary uses such as behavioral tracking and profiling. * Without notification or an opportunity to assent or dissent, a consumer's location and activities in a shopping mall are tracked by RFID tags on purchased items.
NOPPnotice of privacy practicesAn implied privacy consent directive or notification, which the data subject may or may not acknowledge. The notification specifies permitted actions, which may include access, use, or disclosure of any and all personal information. The notification specifies the scope of personal information, which may include de-identified information, and personal effects, such as biometrics, biospecimen or genetic material, that may be used to identify an individual in a registry or repository. The notification specifies the purposes for which personal information may be used such as treatment, payment, operations, research, information exchange, public health, disaster, quality and safety reporting; as required by law including court order, law enforcement, national security, military authorities; and for data analytics, marketing, and profiling. *Usage Notes:* Map: An "implied" consent directive maps to ISO/TS 17975:2015(E) definition forImplied: Consent to Collect, Use and Disclose personal health information is implied by the actions or inactions of the individual and the circumstances under which it was implied".
OPTINopt-inA grantor's assent to the terms of an agreement offered by a grantee without an opportunity for to dissent to any terms. *Comment:* Acceptance of a grantee's terms pertaining, for example, to permissible activities, purposes of use, handling caveats, expiry date, and revocation policies. *Usage Note:* Opt-in with no opportunity for a grantor to restrict certain permissions sought by the grantee is considered "basic consent". **Examples:** * Healthcare: A patient \[grantor\] signs a provider's \[grantee's\] consent directive form, which lists permissible collection, access, use, or disclosure activities, purposes of use, handling caveats, and revocation policies. * Non-healthcare: An employee \[grantor\] signs an employer's \[grantee's\] non-disclosure and non-compete agreement.
OPTINRopt-in with restrictionsA grantor's assent to the grantee's terms of an agreement with an opportunity for to dissent to certain grantor or grantee selected terms. *Comment:* A grantor dissenting to the grantee's terms of agreement may or may not exercise a right to assent to grantor's pre-approved restrictions or to grantee's selected terms to which a grantor may dissent. *Usage Note:* Opt-in with restrictions is considered "granular consent" because the grantor has an opportunity to narrow the permissions sought by the grantee. **Examples:** * Healthcare: A patient assent to grantee's consent directive terms for collection, access, use, or disclosure of health information, and dissents to disclosure to certain recipients as allowed by the provider's pre-approved restriction list. * Non-Healthcare: A cell phone user assents to the cell phone's privacy practices and terms of use, but dissents from location tracking by turning off the cell phone's tracking capability.
OPTOUTop-outA grantor's dissent to the terms of agreement offered by a grantee without an opportunity for to assent to any terms. *Comment:* Rejection of a grantee's terms of agreement pertaining, for example, to permissible activities, purposes of use, handling caveats, expiry date, and revocation policies. *Usage Note:* Opt-out with no opportunity for a grantor to permit certain permissions sought by the grantee is considered "basic consent". **Examples:** * Healthcare: A patient \[grantor\] declines to sign a provider's \[grantee's\] consent directive form, which lists permissible collection, access, use, or disclosure activities, purposes of use, handling caveats, revocation policies, and consequences of not assenting. * Non-healthcare: An employee \[grantor\] refuses to sign an employer's \[grantee's\] agreement not to join unions or participate in a strike where state law protects employee's collective bargaining rights. * A citizen \[grantor\] refuses to enroll in mandatory government \[grantee\] health insurance based on religious beliefs, which is an exemption.
OPTOUTEopt-out with exceptionsA grantor's dissent to the grantee's terms of agreement except for certain grantor or grantee selected terms. *Comment:* A rejection of a grantee's terms of agreement while assenting to certain permissions sought by the grantee or requesting approval of additional grantor terms. *Usage Note:* Opt-out with exceptions is considered a "granular consent" because the grantor has an opportunity to accept certain permissions sought by the grantee or request additional grantor terms, while rejecting other grantee terms. **Examples:** * Healthcare: A patient \[grantor\] dissents to a health information exchange consent directive with the exception of disclosure based on a limited "time to live" shared secret \[e.g., a token or password\], which the patient can give to a provider when seeking care. * Non-healthcare: A social media user \[grantor\] dissents from public access to their account, but assents to access to a circle of friends.

Explanation of the columns that may appear on this page:

Level A few code lists that FHIR defines are hierarchical - each code is assigned a level. In this scheme, some codes are under other codes, and imply that the code they are under also applies
Source The source of the definition of the code (when the value set draws in codes defined elsewhere)
Code The code (used as the code in the resource instance)
Display The display (used in the display element of a Coding). If there is no display, implementers should not simply display the code, but map the concept into their application
Definition An explanation of the meaning of the concept
Comments Additional notes about how to use the code

History

DateActionAuthorCustodianComment
2020-05-06reviseTed KleinVocabulary WGMigrated to the UTG maintenance environment and publishing tooling.
2014-03-26reviseVocabulary (Woody Beeler) (no record of original request)2014T1_2014-03-26_001283 (RIM release ID)Lock all vaue sets untouched since 2014-03-26 to trackingId 2014T1_2014_03_26