Existing Wording: Consent.purpose defined as "The context of the activities a user is taking - why the user is accessing the data - that are controlled by this consent."

Proposed Wording: Remove Consent.purpose.

Comment:

The HL7 definition for this set of ActReason codes is equivalent while more complete than the FHIR Consent definition. It serves exactly the same function, and will result in possibly conflicting purposes of use.

C:ActReason:PurposeOfUse:23408 Definition: Reason for performing one or more operations on information, which may be permitted by source systems security policy in accordance with one or more privacy policies and consent directives. Description: The rationale or purpose for an act relating to the management of personal health information, such as collecting personal health information for research or public health purposes.

The only reason to have a purpose of use in a Consent Directive is to computably represent the purpose(s) of use specified in it so that recipients and downstream users know the permissible reasons for and workflows in which they may perform permitted privacy actions.

The Consent.purpose is not conformant with the HL7 Healthcare Privacy and Classification System [HCS], which is the normative standard specifying how privacy tags are to be used in a security label structure, will lead to conflicting or duplicative use of this privacy tag, and lead to confusion or put all end users at increased risk of breach.

The authors of this model have not provided any rationale for having a Consent.purpose rather than a Consent.securityLabel.

Summary:

The Consent.purpose is not conformant with the HL7 Healthcare Privacy and Classification System [HCS]