Existing Wording: This value set is used in the following places:

This value set is the designated 'entire code system' value set for ConsentStatus

Consent.status (Required)

This value set contains 6 concepts

All codes from system http://hl7.org/fhir/consent-status

Code Display Definition

draft Pending The consent is in development or awaiting use but is not yet intended to be acted upon.

proposed Proposed The consent has be proposed but not yet agreed to by all parties. The negotiation stage.

active Active The consent is to be followed and enforced.

rejected Rejected The consent has been rejected by one or more of the parties.

inactive Inactive The consent is terminated or replaced.

entered-in-error Entered in Error The consent was created wrongly (e.g. wrong patient) and should be ignored

Comment:

This "entire code system" value set http://hl7.org/fhir/consent-status was not fully explained to the CBCC WG as being the ONLY status codes, especially after being told that more complete example value sets were unacceptable, and relegating most of the value set bindings to poorly defined examples selected by the authors. This "entire code system" is far from a complete set, and even the example consent directive value set was more complete. This value set includes statuses that are not appropriate to all of the ways in which the content of the FHIR Consent is intended to be used - i.e., as a Consent Directive, a Consent Statement, or Consent Metadata.

*"Draft" never applies to Consent Directive, Consent Statement or Consent Metadata It only pertains to a Consent Form used for capturing the intentions of the parties to a Consent Directive. A Consent Directive may have the status of "policy", which represents the consent policy in a domain. (A draft Consent Form should be a profile on FHIR Questionnaire with Patient Friendly terms, and the completed form would be captured with a FHIR Questionnaire response, which would be used to populate a FHIR Consent, where the usage is either as a Consent Directive, Consent Statement, or Consent Metadata.)

*"Proposed" only pertains to a Consent Directive signed by one of the parties, but not yet signed or agreed to by the other party, e.g., when a provider presents a Consent Form to a consumer and asks if the consumer will "fill it out" by either signing as in an opt-in basic consent directive or by selecting any restrictions the provider's offered Consent Form allows the consumer to make. The same is true when a consumer requests a Consent Form to opt-out of a default opt-in "implied" Consent Directive. Another example is when a consumer requests additional restrictions to a default opt-in "implied" Consent Directive such as a HIPAA Consent Directive. This is the negotiation phase during which either party may decline to execute the proposed Consent Directive.

*"Active" only pertains to a Consent Directive, but may be conveyed as the status of a Consent Directive in a Consent Statement or Consent Metadata if the Consent Resource usage is flagged. This is a missing element in the Resource, and another comment argues that it needs to be added.

*"Rejected" only makes sense as a state transition from the status "proposed" when one or both parties cannot reach consensus on the terms of a Consent Directive. Rejected status may be conveyed as the status of a Consent Directive in a Consent Statement or Consent Metadata if the Consent Resource is appropriately flagged for one of these two uses.

*"Inactive" conflates four statuses - expiration, cancellation (because one or both parties failed to comply), updated, and revoked, because one or both parties changes their mind about the agreement - not equivalent to cancellation.

*"Entered-in-error" needs to specify whether the referenced consent content is a Consent Directive, Consent Statement, or Consent Metadata as any of the three could be entered in error.

*Missing statuses crucial to consent management where the referenced content is a Consent Directive, but which may be conveyed in a Consent Statement or Metadata, include:

*"Policy", which represents the consent policy in a domain, but is not executeable, e.g., regulatory description of the required content in a compliant Consent Directive;

*"Expired", which is the state of a Consent Directive once the expiry date of the Consent Directive is reached;

*"Amended", which is the state of a Consent Directive in which content is either updated/revised because content was removed or added;

*"Appended", which is the state of a Consent Directive in which additional content is attached without altering the existing content,, e.g., the Consent Form reference is added or its representation as a computable rule, unstructured text or image, or another structured format is attached.

*"Replaced", which is the state of a Consent Directive that has not reach expiry date is deprecated, but not revoked, and a new version is submitted without changing the date upon which it will expire, e.g., if the consumer is diagnosed with a condition for which the consumer previously agreed to share but now wants to restrict for all POUs, actions, and recipients;

*"Disputed", which is the state of a Consent Directive that is in effect, and one of the parties raises issue e.g., with the way in which the other party is interpreting the terms or there is allegation of non-compliance, e.g., a consumer claims that a disclosure made by the grantee constitues a breach.

*"Revoked", which is the state of a Consent Directive after a grantor consumer has rescinded the consumer's agreement with the rights conveyed to the grantee in the Consent Directive. In some policy domains, there are limitation on retrospective revocation, such as HIPAA, which does not permit the revocation to impact the grantee's rights exercised prior to the revocation, i.e., a provider may continue reimbursement and reporting activities triggered by actions previous to the revocation. In other policy domains such as US COPPA and EU GDPR, revocation may trigger "the right to be forgotten", which could result in a claw-back of all grantee's rights over data governed under the Consent Directive, which has been revoked.

Summary:

Issues w/ Consent status