Existing Wording: Consent.policy Definition: A reference to the policy that this consents to. Policies may be organizational, but are often defined jurisdictionally, or in law. Control 1..1

Type = uri

Comments: If the policy reference is not known, the resource cannot be processed. Where the reference is absent, there is no particular policy other than what is expressed directly in the consent resource.

Proposed Wording: Consent.policy Definition: A reference to any healthcare consumer, organization, or jurisdictions policy upon which the Consent Directive is deemed to be based by the domain authority in a manner that support retrieval of the actual policies for purposes on informed consent. Control 1..*

Type = uri/attachment/Resource

Comment:

Many Consent Directives are based on more than one consent policy. The authors insist that the Consent.policy is a rules engine computable mash up of the 0..* consent policies upon which a Consent Directive and its underlying Consent.except are based. This is problematic for the following reasons:

Conveying the 1.. consent policies upon which a Consent Directive is based is an absolutely core element of any Consent Directive.

*Each of these foundational consent policies must be referenceable and understandable by the grantor and grantee as separate policies, not an undifferentiated blend of mashed up policies or this is NOT informed consent, i.e., both the grantor and grantee must understand policy matters beyond the simple listing of computable policy rules, which do not include and are not structured to include, for example:

*applicability, purpose, and scope of the consent policy

• the domain in which the consent policy has effect

• the consent policies effective period - e.g., when it expire and perhaps be replaced by a new consent policy

*the authority that promulgated the consent policy

*any authority charged with enforcing the consent policy

*penalties for not complying with the consent policy

*rights of aggrieved parties to the consent policy

This is a fatal flaw in the FHIR Consent Resource. Without the ability to represent or retrieve each consent policy upon which a Consent Directive is based, it is not informed Consent, which means it's not really a consent at all. That's why a grantee who is deemed unable to make an informed decision about the rights being granted is typically required to have a proxy to make an informed decision on the grantee's behalf.

Summary:

Need to support multiple policies