<?xml version=“1.0” encoding=“UTF-8”?> <Consent xmlns=“hl7.org/fhir”>
<id value="consent-example-smartonfhir"/> <meta> <security> <system value="http://terminology.hl7.org/CodeSystem/v3-ActReason"/> <code value="HTEST"/> <display value="test health data"/> </security> </meta> <status value="active"/> <scope> <coding> <system value="http://terminology.hl7.org/CodeSystem/consentscope"/> <code value="patient-privacy"/> </coding> </scope> <category> <coding> <system value="http://loinc.org"/> <code value="59284-0"/> </coding> </category> <!-- In this SMART on FHIR login, the user consents for data sharing for their elderly parent's record --> <patient> <reference value="Patient/xcda"/> </patient> <dateTime value="2016-06-23T17:02:33+10:00"/> <performer> <!-- this is the patient record that matches the person making the decision. note: it's not always a related person --> <reference value="RelatedPerson/peter"/> </performer> <organization> <!-- The organization running the Authentication server --> <reference value="Organization/f001"/> </organization> <!-- there's no source record for a Smart on FHIR consent --> <!-- now the consent details itself start --> <!-- smart on fhir is always the base opt-in policy --> <policyRule> <coding> <system value="http://terminology.hl7.org/CodeSystem/v3-ActCode"/> <code value="OPTIN"/> </coding> </policyRule> <!-- each scope that relates to FHIR resource access is represented as an exception --> <provision> <period> <start value="2016-06-23T17:02:33+10:00"/> <end value="2016-06-23T17:32:33+10:00"/> </period> <provision> <!-- this rule corresponds to MedicationRequest/read --> <type value="permit"/> <!-- no actors here, or anything, just read/write and the resource type --> <action> <coding> <system value="http://terminology.hl7.org/CodeSystem/consentaction"/> <code value="access"/> </coding> </action> <class> <system value="http://hl7.org/fhir/resource-types"/> <code value="MedicationRequest"/> </class> </provision> </provision>
</Consent>