HL7 Vietnam VN Core FHIR Implementation Guide

Bộ Hướng dẫn Triển khai Core FHIR cho Việt Nam
0.8.0 - Draft for Community Review Viet Nam cờ

Bộ Hướng dẫn Triển khai Core FHIR cho Việt Nam - Draft for Community Review (v0.8.0) built by the FHIR (HL7® FHIR® Standard) Build Tools. See the Directory of published versions

Hồ sơ tài nguyên: Đồng ý xử lý dữ liệu VN Core — VN Core Consent Profile - Mô tả chi tiết

Draft tại thời điểm 2026-07-16

Các định nghĩa cho vn-core-consent hồ sơ tài nguyên

Guidance on how to interpret the contents of this table can be foundhere

0. Consent
Definition

A record of a healthcare consumer’s choices, which permits or denies identified recipient(s) or recipient role(s) to perform one or more actions within a given policy context, for specific purposes and periods of time.

ShortA healthcare consumer's choices to permit or deny recipients or roles to perform actions for specific purposes and periods of time
Comments

Broadly, there are 3 key areas of consent for patients: Consent around sharing information (aka Privacy Consent Directive - Authorization to Collect, Use, or Disclose information), consent for specific treatment, or kinds of treatment, and general advance care directives.

Control0..*
Is Modifierfalse
Summaryfalse
Invariantsdom-2: If the resource is contained in another resource, it SHALL NOT contain nested Resources (contained.contained.empty())
dom-3: If the resource is contained in another resource, it SHALL be referred to from elsewhere in the resource or SHALL refer to the containing resource (contained.where((('#'+id in (%resource.descendants().reference | %resource.descendants().as(canonical) | %resource.descendants().as(uri) | %resource.descendants().as(url))) or descendants().where(reference = '#').exists() or descendants().where(as(canonical) = '#').exists() or descendants().where(as(canonical) = '#').exists()).not()).trace('unmatched', id).empty())
dom-4: If a resource is contained in another resource, it SHALL NOT have a meta.versionId or a meta.lastUpdated (contained.meta.versionId.empty() and contained.meta.lastUpdated.empty())
dom-5: If a resource is contained in another resource, it SHALL NOT have a security label (contained.meta.security.empty())
dom-6: A resource should have narrative for robust management (text.`div`.exists())
ppc-1: Either a Policy or PolicyRule (policy.exists() or policyRule.exists())
ppc-2: IF Scope=privacy, there must be a patient (patient.exists() or scope.coding.where(system='something' and code='patient-privacy').exists().not())
ppc-3: IF Scope=research, there must be a patient (patient.exists() or scope.coding.where(system='something' and code='research').exists().not())
ppc-4: IF Scope=adr, there must be a patient (patient.exists() or scope.coding.where(system='something' and code='adr').exists().not())
ppc-5: IF Scope=treatment, there must be a patient (patient.exists() or scope.coding.where(system='something' and code='treatment').exists().not())
vn-consent-rejected-not-permit: Bản ghi status=rejected (từ chối ngay từ đầu) không được chứa rule permit ở BẤT KỲ độ sâu nested nào — cho phép đang hiệu lực phải dùng status=active ((status = 'rejected') implies provision.repeat(provision).type.where($this = 'permit').empty())
vn-consent-provision-structure: Theo R4: root rule (Consent.provision) KHÔNG mang type; mọi rule permit/deny khai ở nested (provision.provision[*]) và bắt buộc có type (provision.exists() implies (provision.type.empty() and provision.provision.exists() and provision.repeat(provision).all(type.exists())))
ppc-1: Either a Policy or PolicyRule (policy.exists() or policyRule.exists())
ppc-2: IF Scope=privacy, there must be a patient (patient.exists() or scope.coding.where(system='something' and code='patient-privacy').exists().not())
ppc-3: IF Scope=research, there must be a patient (patient.exists() or scope.coding.where(system='something' and code='research').exists().not())
ppc-4: IF Scope=adr, there must be a patient (patient.exists() or scope.coding.where(system='something' and code='adr').exists().not())
ppc-5: IF Scope=treatment, there must be a patient (patient.exists() or scope.coding.where(system='something' and code='treatment').exists().not())
2. Consent.implicitRules
Definition

A reference to a set of rules that were followed when the resource was constructed, and which must be understood when processing the content. Often, this is a reference to an implementation guide that defines the special rules along with other profiles etc.

ShortA set of rules under which this content was created
Comments

Asserting this rule set restricts the content to be only understood by a limited set of trading partners. This inherently limits the usefulness of the data in the long term. However, the existing health eco-system is highly fractured, and not yet ready to define, collect, and exchange data in a generally computable sense. Wherever possible, implementers and/or specification writers should avoid using this element. Often, when used, the URL is a reference to an implementation guide that defines these special rules as part of it's narrative along with other profiles, value sets, etc.

Control0..1
Typeuri
Is Modifiertrue because This element is labeled as a modifier because the implicit rules may provide additional knowledge about the resource that modifies it's meaning or interpretation
Primitive ValueThis primitive element may be present, or absent, or replaced by an extension
Summarytrue
Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
4. Consent.extension
Definition

An Extension


May be used to represent additional information that is not part of the basic definition of the resource. To make the use of extensions safe and manageable, there is a strict set of governance applied to the definition and use of extensions. Though any implementer can define an extension, there is a set of requirements that SHALL be met as part of the definition of the extension.

ShortExtensionAdditional content defined by implementations
Comments

There can be no stigma associated with the use of extensions by any application, project, or standard - regardless of the institution or jurisdiction that uses or defines the extensions. The use of extensions is what allows the FHIR specification to retain a core level of simplicity for everyone.

Control0..*
TypeExtension
Is Modifierfalse
Summaryfalse
Alternate Namesextensions, user content
Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
ext-1: Must have either extensions or value[x], not both (extension.exists() != value.exists())
SlicingThis element introduces a set of slices on Consent.extension. The slices areUnordered and Open, and can be differentiated using the following discriminators:
  • value @ url
  • 6. Consent.extension:processingLegalBasis
    Slice NameprocessingLegalBasis
    Definition

    Khi việc xử lý dữ liệu diễn ra KHÔNG qua sự đồng ý (cấp cứu, hoạt động cơ quan nhà nước...), ghi căn cứ Điều 19 khoản 1 tại đây thay vì dùng category miễn trừ (mô hình cũ ≤0.7.0 đã deprecated). Bên viện dẫn điểm a chịu nghĩa vụ chứng minh; hệ thống lưu bằng chứng qua AuditEvent (Điều 19 khoản 2).

    ShortCăn cứ xử lý không cần đồng ý (Luật 91/2025/QH15 Điều 19 khoản 1)
    Control0..1
    This element is affected by the following invariants: ele-1
    TypeExtension(Căn cứ xử lý không cần đồng ý — Processing Legal Basis Extension) (Extension Type: CodeableConcept)
    Is Modifierfalse
    Must Supporttrue
    Summaryfalse
    Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
    ext-1: Must have either extensions or value[x], not both (extension.exists() != value.exists())
    ext-1: Must have either extensions or value[x], not both (extension.exists() != value.exists())
    8. Consent.modifierExtension
    Definition

    May be used to represent additional information that is not part of the basic definition of the resource and that modifies the understanding of the element that contains it and/or the understanding of the containing element's descendants. Usually modifier elements provide negation or qualification. To make the use of extensions safe and manageable, there is a strict set of governance applied to the definition and use of extensions. Though any implementer is allowed to define an extension, there is a set of requirements that SHALL be met as part of the definition of the extension. Applications processing a resource are required to check for modifier extensions.

    Modifier extensions SHALL NOT change the meaning of any elements on Resource or DomainResource (including cannot change the meaning of modifierExtension itself).

    ShortExtensions that cannot be ignored
    Comments

    There can be no stigma associated with the use of extensions by any application, project, or standard - regardless of the institution or jurisdiction that uses or defines the extensions. The use of extensions is what allows the FHIR specification to retain a core level of simplicity for everyone.

    Control0..*
    TypeExtension
    Is Modifiertrue because Modifier extensions are expected to modify the meaning or interpretation of the resource that contains them
    Summaryfalse
    Requirements

    Modifier extensions allow for extensions that cannot be safely ignored to be clearly distinguished from the vast majority of extensions which can be safely ignored. This promotes interoperability by eliminating the need for implementers to prohibit the presence of extensions. For further information, see the definition of modifier extensions.

    Alternate Namesextensions, user content
    Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
    ext-1: Must have either extensions or value[x], not both (extension.exists() != value.exists())
    10. Consent.status
    Definition

    Trạng thái theo ma trận Luật 91/2025/QH15: active (bản ghi đang hiệu lực — kể cả từ chối chủ động qua rule nested provision.provision.type=deny), rejected (đề nghị đồng ý bị từ chối ngay từ đầu theo Điều 4 khoản 1 điểm b), inactive (đã chấm dứt: rút lại theo Điều 10, hết thời hạn, hoặc bị thay thế).


    Indicates the current state of this consent.

    ShortTrạng thái đồng ýdraft | proposed | active | rejected | inactive | entered-in-error
    Comments

    KHÔNG dùng rejected cho việc rút lại — rút lại sự đồng ý đang hiệu lực (Điều 10) chuyển bản ghi sang inactive; bản chép mới ghi nhận từ chối tiếp theo (nếu có) dùng active + rule nested deny.


    This element is labeled as a modifier because the status contains the codes rejected and entered-in-error that mark the Consent as not currently valid.

    Control1..1
    BindingThe codes SHALL be taken from ConsentStatehttp://hl7.org/fhir/ValueSet/consent-state-codes|4.0.1
    (required to http://hl7.org/fhir/ValueSet/consent-state-codes|4.0.1)

    Indicates the state of the consent.

    Typecode
    Is Modifiertrue because This element is labelled as a modifier because it is a status element that contains status entered-in-error which means that the resource should not be treated as valid
    Primitive ValueThis primitive element may be present, or absent, or replaced by an extension
    Must Supporttrue
    Summarytrue
    Requirements

    The Consent Directive that is pointed to might be in various lifecycle states, e.g., a revoked Consent Directive.

    Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
    12. Consent.scope
    Definition

    Phạm vi đồng ý — mặc định patient-privacy cho DLCN y tế nhạy cảm.


    A selector of the type of consent being presented: ADR, Privacy, Treatment, Research. This list is now extensible.

    ShortPhạm vi đồng ýWhich of the four areas this resource covers (extensible)
    Control1..1
    BindingUnless not suitable, these codes SHALL be taken from ConsentScopeCodeshttp://hl7.org/fhir/ValueSet/consent-scope|4.0.1
    (extensible to http://hl7.org/fhir/ValueSet/consent-scope|4.0.1)

    The four anticipated uses for the Consent Resource.

    TypeCodeableConcept
    Is Modifiertrue because Allows changes to codes based on scope selection
    Must Supporttrue
    Summarytrue
    Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
    14. Consent.category
    Definition

    Phân loại chỉ thị đồng ý: quyền riêng tư, điều trị, nghiên cứu, đồng ý qua đại diện. Theo Luật 91/2025/QH15 Điều 9 (sự đồng ý), Điều 24 (đại diện theo pháp luật). Các trường hợp KHÔNG cần đồng ý (Điều 19) không phải loại đồng ý — dùng extension[processingLegalBasis].


    A classification of the type of consents found in the statement. This element supports indexing and retrieval of consent statements.

    ShortLoại đồng ýClassification of the consent statement - for indexing/retrieval
    Control1..*
    BindingUnless not suitable, these codes SHALL be taken from Loại đồng ý — VN Consent Category ValueSethttp://hl7.org/fhir/ValueSet/consent-category|4.0.1
    (extensible to http://fhir.hl7.org.vn/core/ValueSet/vn-consent-category-vs)
    TypeCodeableConcept
    Is Modifierfalse
    Must Supporttrue
    Summarytrue
    Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
    16. Consent.patient
    Definition

    Bệnh nhân — chủ thể dữ liệu cá nhân theo Luật 91/2025/QH15 Điều 2 khoản 5.


    The patient/healthcare consumer to whom this consent applies.

    ShortChủ thể dữ liệuWho the consent applies to
    Comments

    Commonly, the patient the consent pertains to is the author, but for young and old people, it may be some other person.

    Control10..1
    TypeReference(Bệnh nhân VN Core — VN Core Patient Profile, Patient)
    Is Modifierfalse
    Must Supporttrue
    Summarytrue
    Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
    18. Consent.dateTime
    Definition

    Thời điểm ghi nhận sự đồng ý hoặc từ chối. Hình thức đồng ý phải rõ ràng, cụ thể, kiểm chứng được theo Luật 91/2025/QH15 Điều 9 khoản 3.


    When this Consent was issued / created / indexed.

    ShortThời điểm đồng ýWhen this Consent was created or indexed
    Comments

    This is not the time of the original consent, but the time that this statement was made or derived.

    Control10..1
    TypedateTime
    Is Modifierfalse
    Primitive ValueThis primitive element may be present, or absent, or replaced by an extension
    Must Supporttrue
    Summarytrue
    Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
    20. Consent.performer
    Definition

    Người thực hiện đồng ý: bệnh nhân, hoặc người đại diện theo pháp luật đối với trẻ em/người bị mất hoặc hạn chế năng lực hành vi dân sự (Luật 91/2025/QH15 Điều 24 khoản 2). Trẻ em từ đủ 07 tuổi: công bố thông tin đời tư cần đồng ý của CẢ trẻ và người đại diện.


    Either the Grantor, which is the entity responsible for granting the rights listed in a Consent Directive or the Grantee, which is the entity responsible for complying with the Consent Directive, including any obligations or limitations on authorizations and enforcement of prohibitions.

    ShortNgười đồng ýWho is agreeing to the policy and rules
    Comments

    Commonly, the patient the consent pertains to is the consentor, but particularly for young and old people, it may be some other person - e.g. a legal guardian.

    Control0..*
    TypeReference(Bệnh nhân VN Core — VN Core Patient Profile, Người liên quan/người giám hộ VN Core — VN Core RelatedPerson Profile, Nhân viên y tế VN Core — VN Core Practitioner Profile, Organization, Patient, Practitioner, RelatedPerson, PractitionerRole)
    Is Modifierfalse
    Must Supporttrue
    Must Support TypesNo must-support rules about the choice of types/profiles
    Summarytrue
    Alternate Namesconsentor
    Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
    22. Consent.organization
    Definition

    Cơ sở khám chữa bệnh — bên kiểm soát dữ liệu (Luật 91/2025/QH15 Điều 2 khoản 7) hoặc bên kiểm soát và xử lý dữ liệu (Điều 2 khoản 9) khi tự vận hành hệ thống. Chịu nghĩa vụ lưu trữ và chứng minh sự đồng ý theo NĐ 356/2025/NĐ-CP Điều 6 khoản 2.


    The organization that manages the consent, and the framework within which it is executed.

    ShortCSKCB quản lý đồng ýCustodian of the consent
    Control0..*
    TypeReference(Cơ sở y tế VN Core — VN Core Organization Profile, Organization)
    Is Modifierfalse
    Must Supporttrue
    Summarytrue
    Alternate Namescustodian
    Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
    24. Consent.source[x]
    Definition

    Tài liệu gốc: bản scan chữ ký, phiếu đồng ý điện tử, hoặc ghi nhận khác kiểm chứng được (5 phương thức theo NĐ 356/2025/NĐ-CP Điều 6 khoản 1 — xem vn-ext-consent-method). Bên kiểm soát PHẢI lưu trữ sự đồng ý và chịu trách nhiệm chứng minh khi tranh chấp (NĐ 356/2025/NĐ-CP Điều 6 khoản 2). Im lặng/không phản hồi không được coi là đồng ý (Luật 91/2025/QH15 Điều 9 khoản 4 điểm d); cấm thiết lập mặc định đồng ý (NĐ 356/2025/NĐ-CP Điều 6 khoản 3).


    The source on which this consent statement is based. The source might be a scanned original paper form, or a reference to a consent that links back to such a source, a reference to a document repository (e.g. XDS) that stores the original consent document.

    ShortBản gốc đồng ýSource from which this consent is taken
    Comments

    The source can be contained inline (Attachment), referenced directly (Consent), referenced in a consent repository (DocumentReference), or simply by an identifier (Identifier), e.g. a CDA document id.

    Control0..1
    TypeChoice of: Attachment, Reference(Consent, DocumentReference, Contract, QuestionnaireResponse)
    [x] NoteSeeChoice of Data Typesfor further information about how to use [x]
    Is Modifierfalse
    Must Supporttrue
    Must Support TypesNo must-support rules about the choice of types/profiles
    Summarytrue
    Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
    26. Consent.policy
    Definition

    Tham chiếu đến văn bản pháp luật làm căn cứ cho đồng ý.


    The references to the policies that are included in this consent scope. Policies may be organizational, but are often defined jurisdictionally, or in law.

    ShortCăn cứ pháp lýPolicies covered by this consent
    Control0..*
    TypeBackboneElement
    Is Modifierfalse
    Must Supporttrue
    Summaryfalse
    Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
    28. Consent.policy.modifierExtension
    Definition

    May be used to represent additional information that is not part of the basic definition of the element and that modifies the understanding of the element in which it is contained and/or the understanding of the containing element's descendants. Usually modifier elements provide negation or qualification. To make the use of extensions safe and manageable, there is a strict set of governance applied to the definition and use of extensions. Though any implementer can define an extension, there is a set of requirements that SHALL be met as part of the definition of the extension. Applications processing a resource are required to check for modifier extensions.

    Modifier extensions SHALL NOT change the meaning of any elements on Resource or DomainResource (including cannot change the meaning of modifierExtension itself).

    ShortExtensions that cannot be ignored even if unrecognized
    Comments

    There can be no stigma associated with the use of extensions by any application, project, or standard - regardless of the institution or jurisdiction that uses or defines the extensions. The use of extensions is what allows the FHIR specification to retain a core level of simplicity for everyone.

    Control0..*
    TypeExtension
    Is Modifiertrue because Modifier extensions are expected to modify the meaning or interpretation of the element that contains them
    Summarytrue
    Requirements

    Modifier extensions allow for extensions that cannot be safely ignored to be clearly distinguished from the vast majority of extensions which can be safely ignored. This promotes interoperability by eliminating the need for implementers to prohibit the presence of extensions. For further information, see the definition of modifier extensions.

    Alternate Namesextensions, user content, modifiers
    Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
    ext-1: Must have either extensions or value[x], not both (extension.exists() != value.exists())
    30. Consent.policy.authority
    Definition

    Entity or Organization having regulatory jurisdiction or accountability for enforcing policies pertaining to Consent Directives.

    ShortCơ quan ban hànhEnforcement source for policy
    Control0..1
    This element is affected by the following invariants: ppc-1
    Typeuri
    Is Modifierfalse
    Primitive ValueThis primitive element may be present, or absent, or replaced by an extension
    Summaryfalse
    Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
    32. Consent.policy.uri
    Definition

    URL/URI văn bản pháp luật (VD: Luật 91/2025/QH15, NĐ 356/2025/NĐ-CP, TT 13/2025/TT-BYT).


    The references to the policies that are included in this consent scope. Policies may be organizational, but are often defined jurisdictionally, or in law.

    ShortURL văn bản pháp lýSpecific policy covered by this consent
    Comments

    This element is for discoverability / documentation and does not modify or qualify the policy rules.

    Control0..1
    This element is affected by the following invariants: ppc-1
    Typeuri
    Is Modifierfalse
    Primitive ValueThis primitive element may be present, or absent, or replaced by an extension
    Must Supporttrue
    Summaryfalse
    Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
    34. Consent.provision
    Definition

    Quy tắc cho phép/từ chối xử lý dữ liệu theo mục đích, đối tượng, thời hạn cụ thể.


    An exception to the base policy of this consent. An exception can be an addition or removal of access permissions.

    ShortQuy tắc đồng ý chi tiếtConstraints to the base Consent.policyRule
    Control0..1
    TypeBackboneElement
    Is Modifierfalse
    Must Supporttrue
    Summarytrue
    Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
    36. Consent.provision.modifierExtension
    Definition

    May be used to represent additional information that is not part of the basic definition of the element and that modifies the understanding of the element in which it is contained and/or the understanding of the containing element's descendants. Usually modifier elements provide negation or qualification. To make the use of extensions safe and manageable, there is a strict set of governance applied to the definition and use of extensions. Though any implementer can define an extension, there is a set of requirements that SHALL be met as part of the definition of the extension. Applications processing a resource are required to check for modifier extensions.

    Modifier extensions SHALL NOT change the meaning of any elements on Resource or DomainResource (including cannot change the meaning of modifierExtension itself).

    ShortExtensions that cannot be ignored even if unrecognized
    Comments

    There can be no stigma associated with the use of extensions by any application, project, or standard - regardless of the institution or jurisdiction that uses or defines the extensions. The use of extensions is what allows the FHIR specification to retain a core level of simplicity for everyone.

    Control0..*
    TypeExtension
    Is Modifiertrue because Modifier extensions are expected to modify the meaning or interpretation of the element that contains them
    Summarytrue
    Requirements

    Modifier extensions allow for extensions that cannot be safely ignored to be clearly distinguished from the vast majority of extensions which can be safely ignored. This promotes interoperability by eliminating the need for implementers to prohibit the presence of extensions. For further information, see the definition of modifier extensions.

    Alternate Namesextensions, user content, modifiers
    Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
    ext-1: Must have either extensions or value[x], not both (extension.exists() != value.exists())
    38. Consent.provision.type
    Definition

    Action to take - permit or deny - when the rule conditions are met. Not permitted in root rule, required in all nested rules.

    Shortdeny | permit
    Comments

    R4: type không được dùng ở root rule — root chỉ là khung; mọi rule permit/deny nằm ở provision.provision (vn-consent-provision-structure).

    Control0..01
    BindingThe codes SHALL be taken from ConsentProvisionTypehttp://hl7.org/fhir/ValueSet/consent-provision-type|4.0.1
    (required to http://hl7.org/fhir/ValueSet/consent-provision-type|4.0.1)

    How a rule statement is applied, such as adding additional consent or removing consent.

    Typecode
    Is Modifierfalse
    Primitive ValueThis primitive element may be present, or absent, or replaced by an extension
    Summarytrue
    Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
    40. Consent.provision.period
    Definition

    Thời hạn đồng ý (nếu chủ thể ấn định). Chủ thể có quyền yêu cầu rút lại/hạn chế xử lý theo Luật 91/2025/QH15 Điều 10 (trừ trường hợp Điều 19 hoặc pháp luật quy định khác); hệ thống lưu bằng chứng thời hạn và việc rút lại theo NĐ 356/2025/NĐ-CP Điều 6 khoản 2.


    The timeframe in this rule is valid.

    ShortThời hạn hiệu lựcTimeframe for this rule
    Comments

    KHÔNG bắt buộc period.end: sự đồng ý vô thời hạn là hợp pháp — có hiệu lực cho đến khi chủ thể thay đổi (Luật 91/2025/QH15 Điều 9 khoản 4 điểm c). Invariant vn-consent-period-end-required (≤0.7.0) đã gỡ vì mâu thuẫn điều khoản này.

    Control0..1
    TypePeriod
    Is Modifierfalse
    Must Supporttrue
    Summarytrue
    Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
    42. Consent.provision.actor
    Definition

    Bên được phép/từ chối xử lý: CSKCB, BHXH, cơ quan y tế dự phòng, người đại diện, v.v. LƯU Ý Điều 26 khoản 2 Luật 91/2025/QH15: cấm cung cấp DLCN cho bên thứ ba là tổ chức CSSK/bảo hiểm khác trừ khi chủ thể yêu cầu bằng văn bản hoặc thuộc Điều 19 khoản 1 — mô hình mặc định là deny với bên thứ ba.


    Who or what is controlled by this rule. Use group to identify a set of actors by some property they share (e.g. 'admitting officers').

    ShortBên liên quanWho|what controlled by this rule (or group, by role)
    Control0..*
    TypeBackboneElement
    Is Modifierfalse
    Summaryfalse
    Meaning if MissingThere is no specific actor associated with the exception
    Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
    44. Consent.provision.actor.modifierExtension
    Definition

    May be used to represent additional information that is not part of the basic definition of the element and that modifies the understanding of the element in which it is contained and/or the understanding of the containing element's descendants. Usually modifier elements provide negation or qualification. To make the use of extensions safe and manageable, there is a strict set of governance applied to the definition and use of extensions. Though any implementer can define an extension, there is a set of requirements that SHALL be met as part of the definition of the extension. Applications processing a resource are required to check for modifier extensions.

    Modifier extensions SHALL NOT change the meaning of any elements on Resource or DomainResource (including cannot change the meaning of modifierExtension itself).

    ShortExtensions that cannot be ignored even if unrecognized
    Comments

    There can be no stigma associated with the use of extensions by any application, project, or standard - regardless of the institution or jurisdiction that uses or defines the extensions. The use of extensions is what allows the FHIR specification to retain a core level of simplicity for everyone.

    Control0..*
    TypeExtension
    Is Modifiertrue because Modifier extensions are expected to modify the meaning or interpretation of the element that contains them
    Summarytrue
    Requirements

    Modifier extensions allow for extensions that cannot be safely ignored to be clearly distinguished from the vast majority of extensions which can be safely ignored. This promotes interoperability by eliminating the need for implementers to prohibit the presence of extensions. For further information, see the definition of modifier extensions.

    Alternate Namesextensions, user content, modifiers
    Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
    ext-1: Must have either extensions or value[x], not both (extension.exists() != value.exists())
    46. Consent.provision.actor.role
    Definition

    How the individual is involved in the resources content that is described in the exception.

    ShortHow the actor is involved
    Control1..1
    BindingUnless not suitable, these codes SHALL be taken from SecurityRoleTypehttp://hl7.org/fhir/ValueSet/security-role-type|4.0.1
    (extensible to http://hl7.org/fhir/ValueSet/security-role-type|4.0.1)

    How an actor is involved in the consent considerations.

    TypeCodeableConcept
    Is Modifierfalse
    Summaryfalse
    Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
    48. Consent.provision.actor.reference
    Definition

    The resource that identifies the actor. To identify actors by type, use group to identify a set of actors by some property they share (e.g. 'admitting officers').

    ShortResource for the actor (or group, by role)
    Control1..1
    TypeReference(Device, Group, CareTeam, Organization, Patient, Practitioner, RelatedPerson, PractitionerRole)
    Is Modifierfalse
    Summaryfalse
    Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
    50. Consent.provision.purpose
    Definition

    Mục đích cụ thể: khám chữa bệnh, BHYT, y tế công cộng, nghiên cứu, bệnh án điện tử, chia sẻ hồ sơ. Sự đồng ý thể hiện theo TỪNG mục đích — Luật 91/2025/QH15 Điều 9 khoản 4 điểm a; không được kèm điều kiện ép đồng ý mục đích khác (điểm b).


    The context of the activities a user is taking - why the user is accessing the data - that are controlled by this rule.

    ShortMục đích xử lýContext of activities covered by this rule
    Comments

    When the purpose of use tag is on the data, access request purpose of use shall not conflict.

    Control0..*
    BindingUnless not suitable, these codes SHALL be taken from Mục đích xử lý dữ liệu y tế — VN Consent Purpose ValueSethttp://terminology.hl7.org/ValueSet/v3-PurposeOfUse
    (extensible to http://fhir.hl7.org.vn/core/ValueSet/vn-consent-purpose-vs)
    TypeCoding
    Is Modifierfalse
    Must Supporttrue
    Summarytrue
    Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
    52. Consent.provision.class
    Definition

    Loại resource FHIR được phép/từ chối: Condition, Observation, Claim, v.v.


    The class of information covered by this rule. The type can be a FHIR resource type, a profile on a type, or a CDA document, or some other type that indicates what sort of information the consent relates to.

    ShortLoại dữ liệue.g. Resource Type, Profile, CDA, etc.
    Comments

    Multiple types are or'ed together. The intention of the contentType element is that the codes refer to profiles or document types defined in a standard or an implementation guide somewhere.

    Control0..*
    BindingUnless not suitable, these codes SHALL be taken from ConsentContentClasshttp://hl7.org/fhir/ValueSet/consent-content-class|4.0.1
    (extensible to http://hl7.org/fhir/ValueSet/consent-content-class|4.0.1)

    The class (type) of information a consent rule covers.

    TypeCoding
    Is Modifierfalse
    Summarytrue
    Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
    54. Consent.provision.provision
    Definition

    Rules which provide exceptions to the base rule or subrules.

    ShortCác rule permit/denyNested Exception Rules
    Control0..*
    TypeBackboneElement
    Is Modifierfalse
    Must Supporttrue
    Summaryfalse
    Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
    56. Consent.provision.provision.modifierExtension
    Definition

    May be used to represent additional information that is not part of the basic definition of the element and that modifies the understanding of the element in which it is contained and/or the understanding of the containing element's descendants. Usually modifier elements provide negation or qualification. To make the use of extensions safe and manageable, there is a strict set of governance applied to the definition and use of extensions. Though any implementer can define an extension, there is a set of requirements that SHALL be met as part of the definition of the extension. Applications processing a resource are required to check for modifier extensions.

    Modifier extensions SHALL NOT change the meaning of any elements on Resource or DomainResource (including cannot change the meaning of modifierExtension itself).

    ShortExtensions that cannot be ignored even if unrecognized
    Comments

    There can be no stigma associated with the use of extensions by any application, project, or standard - regardless of the institution or jurisdiction that uses or defines the extensions. The use of extensions is what allows the FHIR specification to retain a core level of simplicity for everyone.

    Control0..*
    TypeExtension
    Is Modifiertrue because Modifier extensions are expected to modify the meaning or interpretation of the element that contains them
    Summarytrue
    Requirements

    Modifier extensions allow for extensions that cannot be safely ignored to be clearly distinguished from the vast majority of extensions which can be safely ignored. This promotes interoperability by eliminating the need for implementers to prohibit the presence of extensions. For further information, see the definition of modifier extensions.

    Alternate Namesextensions, user content, modifiers
    Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
    ext-1: Must have either extensions or value[x], not both (extension.exists() != value.exists())
    58. Consent.provision.provision.type
    Definition

    permit = cho phép xử lý, deny = từ chối xử lý. Quyền đồng ý/không đồng ý/rút lại theo Luật 91/2025/QH15 Điều 4 khoản 1 điểm b; với thông tin sức khỏe, đồng ý là bắt buộc trừ Điều 19 khoản 1 (Điều 26 khoản 1 điểm a). Từ chối đang hiệu lực = status active + rule deny (nested).


    Action to take - permit or deny - when the rule conditions are met. Not permitted in root rule, required in all nested rules.

    ShortCho phép / Từ chốideny | permit
    Control10..1
    BindingThe codes SHALL be taken from ConsentProvisionTypehttp://hl7.org/fhir/ValueSet/consent-provision-type|4.0.1
    (required to http://hl7.org/fhir/ValueSet/consent-provision-type|4.0.1)

    How a rule statement is applied, such as adding additional consent or removing consent.

    Typecode
    Is Modifierfalse
    Primitive ValueThis primitive element may be present, or absent, or replaced by an extension
    Must Supporttrue
    Summarytrue
    Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
    60. Consent.provision.provision.actor
    Definition

    Who or what is controlled by this rule. Use group to identify a set of actors by some property they share (e.g. 'admitting officers').

    ShortWho|what controlled by this rule (or group, by role)
    Control0..*
    TypeBackboneElement
    Is Modifierfalse
    Summaryfalse
    Meaning if MissingThere is no specific actor associated with the exception
    Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
    SlicingThis element introduces a set of slices on Consent.provision.provision.actor. The slices areUnordered and Open, and can be differentiated using the following discriminators:
    • exists @ extension('http://fhir.hl7.org.vn/core/StructureDefinition/vn-ext-representation-authority')
    • 62. Consent.provision.provision.actor.modifierExtension
      Definition

      May be used to represent additional information that is not part of the basic definition of the element and that modifies the understanding of the element in which it is contained and/or the understanding of the containing element's descendants. Usually modifier elements provide negation or qualification. To make the use of extensions safe and manageable, there is a strict set of governance applied to the definition and use of extensions. Though any implementer can define an extension, there is a set of requirements that SHALL be met as part of the definition of the extension. Applications processing a resource are required to check for modifier extensions.

      Modifier extensions SHALL NOT change the meaning of any elements on Resource or DomainResource (including cannot change the meaning of modifierExtension itself).

      ShortExtensions that cannot be ignored even if unrecognized
      Comments

      There can be no stigma associated with the use of extensions by any application, project, or standard - regardless of the institution or jurisdiction that uses or defines the extensions. The use of extensions is what allows the FHIR specification to retain a core level of simplicity for everyone.

      Control0..*
      TypeExtension
      Is Modifiertrue because Modifier extensions are expected to modify the meaning or interpretation of the element that contains them
      Summarytrue
      Requirements

      Modifier extensions allow for extensions that cannot be safely ignored to be clearly distinguished from the vast majority of extensions which can be safely ignored. This promotes interoperability by eliminating the need for implementers to prohibit the presence of extensions. For further information, see the definition of modifier extensions.

      Alternate Namesextensions, user content, modifiers
      Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
      ext-1: Must have either extensions or value[x], not both (extension.exists() != value.exists())
      64. Consent.provision.provision.actor.role
      Definition

      How the individual is involved in the resources content that is described in the exception.

      ShortHow the actor is involved
      Control1..1
      BindingUnless not suitable, these codes SHALL be taken from SecurityRoleTypehttp://hl7.org/fhir/ValueSet/security-role-type|4.0.1
      (extensible to http://hl7.org/fhir/ValueSet/security-role-type|4.0.1)

      How an actor is involved in the consent considerations.

      TypeCodeableConcept
      Is Modifierfalse
      Summaryfalse
      Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
      66. Consent.provision.provision.actor.reference
      Definition

      The resource that identifies the actor. To identify actors by type, use group to identify a set of actors by some property they share (e.g. 'admitting officers').

      ShortResource for the actor (or group, by role)
      Control1..1
      TypeReference(Device, Group, CareTeam, Organization, Patient, Practitioner, RelatedPerson, PractitionerRole)
      Is Modifierfalse
      Summaryfalse
      Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
      68. Consent.provision.provision.actor:representative
      Slice Namerepresentative
      Definition

      Actor là người đại diện theo pháp luật/giám hộ/được ủy quyền (Luật 91/2025/QH15 Điều 24 khoản 2). BẮT BUỘC gắn extension vn-ext-representation-authority ngay tại actor này — PDP resolve token thẩm quyền (type/source/verifiedDate/period) và quyết định permit/deny THEO rule chứa actor: hạn chế lớp dữ liệu biểu diễn bằng rule type=deny + securityLabel (vn-data-sensitivity-class-vs), thay cho sub-extension restrictedSensitivity đã xóa ở 0.8.0.


      Who or what is controlled by this rule. Use group to identify a set of actors by some property they share (e.g. 'admitting officers').

      ShortNgười đại diện/giám hộ — mang token thẩm quyềnWho|what controlled by this rule (or group, by role)
      Control0..*
      TypeBackboneElement
      Is Modifierfalse
      Must Supporttrue
      Summaryfalse
      Meaning if MissingThere is no specific actor associated with the exception
      Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
      70. Consent.provision.provision.actor:representative.extension
      Definition

      An Extension


      May be used to represent additional information that is not part of the basic definition of the element. To make the use of extensions safe and manageable, there is a strict set of governance applied to the definition and use of extensions. Though any implementer can define an extension, there is a set of requirements that SHALL be met as part of the definition of the extension.

      ShortExtensionAdditional content defined by implementations
      Comments

      There can be no stigma associated with the use of extensions by any application, project, or standard - regardless of the institution or jurisdiction that uses or defines the extensions. The use of extensions is what allows the FHIR specification to retain a core level of simplicity for everyone.

      Control10..*
      TypeExtension
      Is Modifierfalse
      Summaryfalse
      Alternate Namesextensions, user content
      Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
      ext-1: Must have either extensions or value[x], not both (extension.exists() != value.exists())
      SlicingThis element introduces a set of slices on Consent.provision.provision.actor.extension. The slices areUnordered and Open, and can be differentiated using the following discriminators:
      • value @ url
      • 72. Consent.provision.provision.actor:representative.extension:representationAuthority
        Slice NamerepresentationAuthority
        Definition

        Extension ghi nhận THẨM QUYỀN PHÁP LÝ để một người đại diện/giám hộ/được uỷ quyền truy cập dữ liệu y tế thay người khác (vd cha/mẹ xem Sổ SKĐT của con qua VNeID). Mô hình hoá 'token đại diện' phục vụ Policy Decision Point (PDP): loại thẩm quyền, nguồn xác minh, thời điểm xác minh, thời hạn. PDP deny-by-default khi quan hệ mâu thuẫn/hết hạn. THAY ĐỔI 0.8.0 (breaking — hậu kiểm toán Codex): sub-extension restrictedSensitivity đã XÓA — ngữ nghĩa hạn chế truy cập là QUYẾT ĐỊNH CHÍNH SÁCH, không phải thuộc tính token: biểu diễn bằng VNCoreConsent.provision (type=deny + securityLabel theo vn-data-sensitivity-class-vs + actor[representative] gắn chính extension này để link token↔consent — PDP resolve một chiều qua Consent). Căn cứ: Bộ luật Dân sự 2015 (đại diện/giám hộ/uỷ quyền); Luật Căn cước 2023 (quan hệ nhân thân CSDLQGDC); Luật 91/2025/QH15 Điều 24 (đại diện theo pháp luật) + Luật Trẻ em 2016 (dữ liệu trẻ em, lớp nhạy cảm).

        ShortThẩm quyền đại diện truy cập dữ liệu — Representation Authority Extension
        Control1..1
        This element is affected by the following invariants: ele-1
        TypeExtension(Thẩm quyền đại diện truy cập dữ liệu — Representation Authority Extension) (Complex Extension)
        Is Modifierfalse
        Must Supporttrue
        Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
        ext-1: Must have either extensions or value[x], not both (extension.exists() != value.exists())
        74. Consent.provision.provision.actor:representative.modifierExtension
        Definition

        May be used to represent additional information that is not part of the basic definition of the element and that modifies the understanding of the element in which it is contained and/or the understanding of the containing element's descendants. Usually modifier elements provide negation or qualification. To make the use of extensions safe and manageable, there is a strict set of governance applied to the definition and use of extensions. Though any implementer can define an extension, there is a set of requirements that SHALL be met as part of the definition of the extension. Applications processing a resource are required to check for modifier extensions.

        Modifier extensions SHALL NOT change the meaning of any elements on Resource or DomainResource (including cannot change the meaning of modifierExtension itself).

        ShortExtensions that cannot be ignored even if unrecognized
        Comments

        There can be no stigma associated with the use of extensions by any application, project, or standard - regardless of the institution or jurisdiction that uses or defines the extensions. The use of extensions is what allows the FHIR specification to retain a core level of simplicity for everyone.

        Control0..*
        TypeExtension
        Is Modifiertrue because Modifier extensions are expected to modify the meaning or interpretation of the element that contains them
        Summarytrue
        Requirements

        Modifier extensions allow for extensions that cannot be safely ignored to be clearly distinguished from the vast majority of extensions which can be safely ignored. This promotes interoperability by eliminating the need for implementers to prohibit the presence of extensions. For further information, see the definition of modifier extensions.

        Alternate Namesextensions, user content, modifiers
        Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
        ext-1: Must have either extensions or value[x], not both (extension.exists() != value.exists())
        76. Consent.provision.provision.actor:representative.role
        Definition

        How the individual is involved in the resources content that is described in the exception.

        ShortHow the actor is involved
        Control1..1
        BindingUnless not suitable, these codes SHALL be taken from SecurityRoleTypehttp://hl7.org/fhir/ValueSet/security-role-type|4.0.1
        (extensible to http://hl7.org/fhir/ValueSet/security-role-type|4.0.1)

        How an actor is involved in the consent considerations.

        TypeCodeableConcept
        Is Modifierfalse
        Summaryfalse
        Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
        78. Consent.provision.provision.actor:representative.reference
        Definition

        The resource that identifies the actor. To identify actors by type, use group to identify a set of actors by some property they share (e.g. 'admitting officers').

        ShortResource for the actor (or group, by role)
        Control1..1
        TypeReference(Người liên quan/người giám hộ VN Core — VN Core RelatedPerson Profile, Device, Group, CareTeam, Organization, Patient, Practitioner, RelatedPerson, PractitionerRole)
        Is Modifierfalse
        Summaryfalse
        Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
        80. Consent.provision.provision.securityLabel
        Definition

        Lớp nhạy cảm dữ liệu (vn-data-sensitivity-class-vs) mà rule áp dụng. Mô hình hạn chế theo lớp: permit theo lớp cơ bản + provision con type=deny với securityLabel lớp bị hạn chế (vd special-protection với người đại diện của vị thành niên — thay sub-extension restrictedSensitivity đã xóa 0.8.0). PDP deny-by-default: không có provision permit phủ lớp dữ liệu → từ chối.


        A security label, comprised of 0..* security label fields (Privacy tags), which define which resources are controlled by this exception.

        ShortLớp nhạy cảm dữ liệu áp cho ruleSecurity Labels that define affected resources
        Comments

        If the consent specifies a security label of "R" then it applies to all resources that are labeled "R" or lower. E.g. for Confidentiality, it's a high water mark. For other kinds of security labels, subsumption logic applies. When the purpose of use tag is on the data, access request purpose of use shall not conflict.

        Control0..*
        BindingUnless not suitable, these codes SHALL be taken from Lớp nhạy cảm dữ liệu y tế — Vietnam Health Data Sensitivity Class ValueSethttp://hl7.org/fhir/ValueSet/security-labels|4.0.1
        (extensible to http://fhir.hl7.org.vn/core/ValueSet/vn-data-sensitivity-class-vs)
        TypeCoding
        Is Modifierfalse
        Must Supporttrue
        Summarytrue
        Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))

        Guidance on how to interpret the contents of this table can be foundhere

        0. Consent
        Invariantsvn-consent-rejected-not-permit: Bản ghi status=rejected (từ chối ngay từ đầu) không được chứa rule permit ở BẤT KỲ độ sâu nested nào — cho phép đang hiệu lực phải dùng status=active ((status = 'rejected') implies provision.repeat(provision).type.where($this = 'permit').empty())
        vn-consent-provision-structure: Theo R4: root rule (Consent.provision) KHÔNG mang type; mọi rule permit/deny khai ở nested (provision.provision[*]) và bắt buộc có type (provision.exists() implies (provision.type.empty() and provision.provision.exists() and provision.repeat(provision).all(type.exists())))
        2. Consent.extension
        SlicingThis element introduces a set of slices on Consent.extension. The slices areUnordered and Open, and can be differentiated using the following discriminators:
        • value @ url
        • 4. Consent.extension:processingLegalBasis
          Slice NameprocessingLegalBasis
          Definition

          Khi việc xử lý dữ liệu diễn ra KHÔNG qua sự đồng ý (cấp cứu, hoạt động cơ quan nhà nước...), ghi căn cứ Điều 19 khoản 1 tại đây thay vì dùng category miễn trừ (mô hình cũ ≤0.7.0 đã deprecated). Bên viện dẫn điểm a chịu nghĩa vụ chứng minh; hệ thống lưu bằng chứng qua AuditEvent (Điều 19 khoản 2).

          ShortCăn cứ xử lý không cần đồng ý (Luật 91/2025/QH15 Điều 19 khoản 1)
          Control0..1
          TypeExtension(Căn cứ xử lý không cần đồng ý — Processing Legal Basis Extension) (Extension Type: CodeableConcept)
          Must Supporttrue
          6. Consent.status
          Definition

          Trạng thái theo ma trận Luật 91/2025/QH15: active (bản ghi đang hiệu lực — kể cả từ chối chủ động qua rule nested provision.provision.type=deny), rejected (đề nghị đồng ý bị từ chối ngay từ đầu theo Điều 4 khoản 1 điểm b), inactive (đã chấm dứt: rút lại theo Điều 10, hết thời hạn, hoặc bị thay thế).

          ShortTrạng thái đồng ý
          Comments

          KHÔNG dùng rejected cho việc rút lại — rút lại sự đồng ý đang hiệu lực (Điều 10) chuyển bản ghi sang inactive; bản chép mới ghi nhận từ chối tiếp theo (nếu có) dùng active + rule nested deny.

          Must Supporttrue
          8. Consent.scope
          Definition

          Phạm vi đồng ý — mặc định patient-privacy cho DLCN y tế nhạy cảm.

          ShortPhạm vi đồng ý
          Must Supporttrue
          10. Consent.category
          Definition

          Phân loại chỉ thị đồng ý: quyền riêng tư, điều trị, nghiên cứu, đồng ý qua đại diện. Theo Luật 91/2025/QH15 Điều 9 (sự đồng ý), Điều 24 (đại diện theo pháp luật). Các trường hợp KHÔNG cần đồng ý (Điều 19) không phải loại đồng ý — dùng extension[processingLegalBasis].

          ShortLoại đồng ý
          BindingUnless not suitable, these codes SHALL be taken from Loại đồng ý — VN Consent Category ValueSet
          (extensible to http://fhir.hl7.org.vn/core/ValueSet/vn-consent-category-vs)
          Must Supporttrue
          12. Consent.patient
          Definition

          Bệnh nhân — chủ thể dữ liệu cá nhân theo Luật 91/2025/QH15 Điều 2 khoản 5.

          ShortChủ thể dữ liệu
          Control1..?
          TypeReference(Bệnh nhân VN Core — VN Core Patient Profile)
          Must Supporttrue
          14. Consent.dateTime
          Definition

          Thời điểm ghi nhận sự đồng ý hoặc từ chối. Hình thức đồng ý phải rõ ràng, cụ thể, kiểm chứng được theo Luật 91/2025/QH15 Điều 9 khoản 3.

          ShortThời điểm đồng ý
          Control1..?
          Must Supporttrue
          16. Consent.performer
          Definition

          Người thực hiện đồng ý: bệnh nhân, hoặc người đại diện theo pháp luật đối với trẻ em/người bị mất hoặc hạn chế năng lực hành vi dân sự (Luật 91/2025/QH15 Điều 24 khoản 2). Trẻ em từ đủ 07 tuổi: công bố thông tin đời tư cần đồng ý của CẢ trẻ và người đại diện.

          ShortNgười đồng ý
          TypeReference(Bệnh nhân VN Core — VN Core Patient Profile, Người liên quan/người giám hộ VN Core — VN Core RelatedPerson Profile, Nhân viên y tế VN Core — VN Core Practitioner Profile)
          Must Supporttrue
          Must Support TypesNo must-support rules about the choice of types/profiles
          18. Consent.organization
          Definition

          Cơ sở khám chữa bệnh — bên kiểm soát dữ liệu (Luật 91/2025/QH15 Điều 2 khoản 7) hoặc bên kiểm soát và xử lý dữ liệu (Điều 2 khoản 9) khi tự vận hành hệ thống. Chịu nghĩa vụ lưu trữ và chứng minh sự đồng ý theo NĐ 356/2025/NĐ-CP Điều 6 khoản 2.

          ShortCSKCB quản lý đồng ý
          TypeReference(Cơ sở y tế VN Core — VN Core Organization Profile)
          Must Supporttrue
          20. Consent.source[x]
          Definition

          Tài liệu gốc: bản scan chữ ký, phiếu đồng ý điện tử, hoặc ghi nhận khác kiểm chứng được (5 phương thức theo NĐ 356/2025/NĐ-CP Điều 6 khoản 1 — xem vn-ext-consent-method). Bên kiểm soát PHẢI lưu trữ sự đồng ý và chịu trách nhiệm chứng minh khi tranh chấp (NĐ 356/2025/NĐ-CP Điều 6 khoản 2). Im lặng/không phản hồi không được coi là đồng ý (Luật 91/2025/QH15 Điều 9 khoản 4 điểm d); cấm thiết lập mặc định đồng ý (NĐ 356/2025/NĐ-CP Điều 6 khoản 3).

          ShortBản gốc đồng ý
          [x] NoteSeeChoice of Data Typesfor further information about how to use [x]
          Must Supporttrue
          22. Consent.policy
          Definition

          Tham chiếu đến văn bản pháp luật làm căn cứ cho đồng ý.

          ShortCăn cứ pháp lý
          Must Supporttrue
          24. Consent.policy.authority
          ShortCơ quan ban hành
          26. Consent.policy.uri
          Definition

          URL/URI văn bản pháp luật (VD: Luật 91/2025/QH15, NĐ 356/2025/NĐ-CP, TT 13/2025/TT-BYT).

          ShortURL văn bản pháp lý
          Must Supporttrue
          28. Consent.provision
          Definition

          Quy tắc cho phép/từ chối xử lý dữ liệu theo mục đích, đối tượng, thời hạn cụ thể.

          ShortQuy tắc đồng ý chi tiết
          Must Supporttrue
          30. Consent.provision.type
          Comments

          R4: type không được dùng ở root rule — root chỉ là khung; mọi rule permit/deny nằm ở provision.provision (vn-consent-provision-structure).

          Control0..0
          32. Consent.provision.period
          Definition

          Thời hạn đồng ý (nếu chủ thể ấn định). Chủ thể có quyền yêu cầu rút lại/hạn chế xử lý theo Luật 91/2025/QH15 Điều 10 (trừ trường hợp Điều 19 hoặc pháp luật quy định khác); hệ thống lưu bằng chứng thời hạn và việc rút lại theo NĐ 356/2025/NĐ-CP Điều 6 khoản 2.

          ShortThời hạn hiệu lực
          Comments

          KHÔNG bắt buộc period.end: sự đồng ý vô thời hạn là hợp pháp — có hiệu lực cho đến khi chủ thể thay đổi (Luật 91/2025/QH15 Điều 9 khoản 4 điểm c). Invariant vn-consent-period-end-required (≤0.7.0) đã gỡ vì mâu thuẫn điều khoản này.

          Must Supporttrue
          34. Consent.provision.actor
          Definition

          Bên được phép/từ chối xử lý: CSKCB, BHXH, cơ quan y tế dự phòng, người đại diện, v.v. LƯU Ý Điều 26 khoản 2 Luật 91/2025/QH15: cấm cung cấp DLCN cho bên thứ ba là tổ chức CSSK/bảo hiểm khác trừ khi chủ thể yêu cầu bằng văn bản hoặc thuộc Điều 19 khoản 1 — mô hình mặc định là deny với bên thứ ba.

          ShortBên liên quan
          36. Consent.provision.purpose
          Definition

          Mục đích cụ thể: khám chữa bệnh, BHYT, y tế công cộng, nghiên cứu, bệnh án điện tử, chia sẻ hồ sơ. Sự đồng ý thể hiện theo TỪNG mục đích — Luật 91/2025/QH15 Điều 9 khoản 4 điểm a; không được kèm điều kiện ép đồng ý mục đích khác (điểm b).

          ShortMục đích xử lý
          BindingUnless not suitable, these codes SHALL be taken from Mục đích xử lý dữ liệu y tế — VN Consent Purpose ValueSet
          (extensible to http://fhir.hl7.org.vn/core/ValueSet/vn-consent-purpose-vs)
          Must Supporttrue
          38. Consent.provision.class
          Definition

          Loại resource FHIR được phép/từ chối: Condition, Observation, Claim, v.v.

          ShortLoại dữ liệu
          40. Consent.provision.provision
          ShortCác rule permit/deny
          TypeBackboneElement
          Must Supporttrue
          42. Consent.provision.provision.type
          Definition

          permit = cho phép xử lý, deny = từ chối xử lý. Quyền đồng ý/không đồng ý/rút lại theo Luật 91/2025/QH15 Điều 4 khoản 1 điểm b; với thông tin sức khỏe, đồng ý là bắt buộc trừ Điều 19 khoản 1 (Điều 26 khoản 1 điểm a). Từ chối đang hiệu lực = status active + rule deny (nested).

          ShortCho phép / Từ chối
          Control1..?
          Must Supporttrue
          44. Consent.provision.provision.actor
          SlicingThis element introduces a set of slices on Consent.provision.provision.actor. The slices areUnordered and Open, and can be differentiated using the following discriminators:
          • exists @ extension('http://fhir.hl7.org.vn/core/StructureDefinition/vn-ext-representation-authority')
          • 46. Consent.provision.provision.actor:representative
            Slice Namerepresentative
            Definition

            Actor là người đại diện theo pháp luật/giám hộ/được ủy quyền (Luật 91/2025/QH15 Điều 24 khoản 2). BẮT BUỘC gắn extension vn-ext-representation-authority ngay tại actor này — PDP resolve token thẩm quyền (type/source/verifiedDate/period) và quyết định permit/deny THEO rule chứa actor: hạn chế lớp dữ liệu biểu diễn bằng rule type=deny + securityLabel (vn-data-sensitivity-class-vs), thay cho sub-extension restrictedSensitivity đã xóa ở 0.8.0.

            ShortNgười đại diện/giám hộ — mang token thẩm quyền
            Control0..*
            Must Supporttrue
            48. Consent.provision.provision.actor:representative.extension
            Control1..?
            SlicingThis element introduces a set of slices on Consent.provision.provision.actor.extension. The slices areUnordered and Open, and can be differentiated using the following discriminators:
            • value @ url
            • 50. Consent.provision.provision.actor:representative.extension:representationAuthority
              Slice NamerepresentationAuthority
              Control1..1
              TypeExtension(Thẩm quyền đại diện truy cập dữ liệu — Representation Authority Extension) (Complex Extension)
              Must Supporttrue
              52. Consent.provision.provision.actor:representative.reference
              TypeReference(Người liên quan/người giám hộ VN Core — VN Core RelatedPerson Profile)
              54. Consent.provision.provision.securityLabel
              Definition

              Lớp nhạy cảm dữ liệu (vn-data-sensitivity-class-vs) mà rule áp dụng. Mô hình hạn chế theo lớp: permit theo lớp cơ bản + provision con type=deny với securityLabel lớp bị hạn chế (vd special-protection với người đại diện của vị thành niên — thay sub-extension restrictedSensitivity đã xóa 0.8.0). PDP deny-by-default: không có provision permit phủ lớp dữ liệu → từ chối.

              ShortLớp nhạy cảm dữ liệu áp cho rule
              BindingUnless not suitable, these codes SHALL be taken from Lớp nhạy cảm dữ liệu y tế — Vietnam Health Data Sensitivity Class ValueSet
              (extensible to http://fhir.hl7.org.vn/core/ValueSet/vn-data-sensitivity-class-vs)
              Must Supporttrue

              Guidance on how to interpret the contents of this table can be foundhere

              0. Consent
              Definition

              A record of a healthcare consumer’s choices, which permits or denies identified recipient(s) or recipient role(s) to perform one or more actions within a given policy context, for specific purposes and periods of time.

              ShortA healthcare consumer's choices to permit or deny recipients or roles to perform actions for specific purposes and periods of time
              Comments

              Broadly, there are 3 key areas of consent for patients: Consent around sharing information (aka Privacy Consent Directive - Authorization to Collect, Use, or Disclose information), consent for specific treatment, or kinds of treatment, and general advance care directives.

              Control0..*
              Is Modifierfalse
              Summaryfalse
              Invariantsdom-2: If the resource is contained in another resource, it SHALL NOT contain nested Resources (contained.contained.empty())
              dom-3: If the resource is contained in another resource, it SHALL be referred to from elsewhere in the resource or SHALL refer to the containing resource (contained.where((('#'+id in (%resource.descendants().reference | %resource.descendants().as(canonical) | %resource.descendants().as(uri) | %resource.descendants().as(url))) or descendants().where(reference = '#').exists() or descendants().where(as(canonical) = '#').exists() or descendants().where(as(canonical) = '#').exists()).not()).trace('unmatched', id).empty())
              dom-4: If a resource is contained in another resource, it SHALL NOT have a meta.versionId or a meta.lastUpdated (contained.meta.versionId.empty() and contained.meta.lastUpdated.empty())
              dom-5: If a resource is contained in another resource, it SHALL NOT have a security label (contained.meta.security.empty())
              dom-6: A resource should have narrative for robust management (text.`div`.exists())
              ppc-1: Either a Policy or PolicyRule (policy.exists() or policyRule.exists())
              ppc-2: IF Scope=privacy, there must be a patient (patient.exists() or scope.coding.where(system='something' and code='patient-privacy').exists().not())
              ppc-3: IF Scope=research, there must be a patient (patient.exists() or scope.coding.where(system='something' and code='research').exists().not())
              ppc-4: IF Scope=adr, there must be a patient (patient.exists() or scope.coding.where(system='something' and code='adr').exists().not())
              ppc-5: IF Scope=treatment, there must be a patient (patient.exists() or scope.coding.where(system='something' and code='treatment').exists().not())
              vn-consent-rejected-not-permit: Bản ghi status=rejected (từ chối ngay từ đầu) không được chứa rule permit ở BẤT KỲ độ sâu nested nào — cho phép đang hiệu lực phải dùng status=active ((status = 'rejected') implies provision.repeat(provision).type.where($this = 'permit').empty())
              vn-consent-provision-structure: Theo R4: root rule (Consent.provision) KHÔNG mang type; mọi rule permit/deny khai ở nested (provision.provision[*]) và bắt buộc có type (provision.exists() implies (provision.type.empty() and provision.provision.exists() and provision.repeat(provision).all(type.exists())))
              2. Consent.id
              Definition

              The logical id of the resource, as used in the URL for the resource. Once assigned, this value never changes.

              ShortLogical id of this artifact
              Comments

              The only time that a resource does not have an id is when it is being submitted to the server using a create operation.

              Control0..1
              Typeid
              Is Modifierfalse
              Summarytrue
              4. Consent.meta
              Definition

              The metadata about the resource. This is content that is maintained by the infrastructure. Changes to the content might not always be associated with version changes to the resource.

              ShortMetadata about the resource
              Control0..1
              TypeMeta
              Is Modifierfalse
              Summarytrue
              Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
              6. Consent.implicitRules
              Definition

              A reference to a set of rules that were followed when the resource was constructed, and which must be understood when processing the content. Often, this is a reference to an implementation guide that defines the special rules along with other profiles etc.

              ShortA set of rules under which this content was created
              Comments

              Asserting this rule set restricts the content to be only understood by a limited set of trading partners. This inherently limits the usefulness of the data in the long term. However, the existing health eco-system is highly fractured, and not yet ready to define, collect, and exchange data in a generally computable sense. Wherever possible, implementers and/or specification writers should avoid using this element. Often, when used, the URL is a reference to an implementation guide that defines these special rules as part of it's narrative along with other profiles, value sets, etc.

              Control0..1
              Typeuri
              Is Modifiertrue because This element is labeled as a modifier because the implicit rules may provide additional knowledge about the resource that modifies it's meaning or interpretation
              Primitive ValueThis primitive element may be present, or absent, or replaced by an extension
              Summarytrue
              Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
              8. Consent.language
              Definition

              The base language in which the resource is written.

              ShortLanguage of the resource content
              Comments

              Language is provided to support indexing and accessibility (typically, services such as text to speech use the language tag). The html language tag in the narrative applies to the narrative. The language tag on the resource may be used to specify the language of other presentations generated from the data in the resource. Not all the content has to be in the base language. The Resource.language should not be assumed to apply to the narrative automatically. If a language is specified, it should it also be specified on the div element in the html (see rules in HTML5 for information about the relationship between xml:lang and the html lang attribute).

              Control0..1
              BindingThe codes SHOULD be taken from CommonLanguages
              (preferred to http://hl7.org/fhir/ValueSet/languages|4.0.1)

              A human language.

              Additional BindingsPurpose
              AllLanguagesMax Binding
              Typecode
              Is Modifierfalse
              Primitive ValueThis primitive element may be present, or absent, or replaced by an extension
              Summaryfalse
              Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
              10. Consent.text
              Definition

              A human-readable narrative that contains a summary of the resource and can be used to represent the content of the resource to a human. The narrative need not encode all the structured data, but is required to contain sufficient detail to make it "clinically safe" for a human to just read the narrative. Resource definitions may define what content should be represented in the narrative to ensure clinical safety.

              ShortText summary of the resource, for human interpretation
              Comments

              Contained resources do not have narrative. Resources that are not contained SHOULD have a narrative. In some cases, a resource may only have text with little or no additional discrete data (as long as all minOccurs=1 elements are satisfied). This may be necessary for data from legacy systems where information is captured as a "text blob" or where text is additionally entered raw or narrated and encoded information is added later.

              Control0..1
              TypeNarrative
              Is Modifierfalse
              Summaryfalse
              Alternate Namesnarrative, html, xhtml, display
              Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
              12. Consent.contained
              Definition

              These resources do not have an independent existence apart from the resource that contains them - they cannot be identified independently, and nor can they have their own independent transaction scope.

              ShortContained, inline Resources
              Comments

              This should never be done when the content can be identified properly, as once identification is lost, it is extremely difficult (and context dependent) to restore it again. Contained resources may have profiles and tags In their meta elements, but SHALL NOT have security labels.

              Control0..*
              TypeResource
              Is Modifierfalse
              Summaryfalse
              Alternate Namesinline resources, anonymous resources, contained resources
              14. Consent.extension
              Definition

              An Extension

              ShortExtension
              Control0..*
              TypeExtension
              Is Modifierfalse
              Summaryfalse
              Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
              ext-1: Must have either extensions or value[x], not both (extension.exists() != value.exists())
              SlicingThis element introduces a set of slices on Consent.extension. The slices areUnordered and Open, and can be differentiated using the following discriminators:
              • value @ url
              • 16. Consent.extension:processingLegalBasis
                Slice NameprocessingLegalBasis
                Definition

                Khi việc xử lý dữ liệu diễn ra KHÔNG qua sự đồng ý (cấp cứu, hoạt động cơ quan nhà nước...), ghi căn cứ Điều 19 khoản 1 tại đây thay vì dùng category miễn trừ (mô hình cũ ≤0.7.0 đã deprecated). Bên viện dẫn điểm a chịu nghĩa vụ chứng minh; hệ thống lưu bằng chứng qua AuditEvent (Điều 19 khoản 2).

                ShortCăn cứ xử lý không cần đồng ý (Luật 91/2025/QH15 Điều 19 khoản 1)
                Control0..1
                This element is affected by the following invariants: ele-1
                TypeExtension(Căn cứ xử lý không cần đồng ý — Processing Legal Basis Extension) (Extension Type: CodeableConcept)
                Is Modifierfalse
                Must Supporttrue
                Summaryfalse
                Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                ext-1: Must have either extensions or value[x], not both (extension.exists() != value.exists())
                18. Consent.modifierExtension
                Definition

                May be used to represent additional information that is not part of the basic definition of the resource and that modifies the understanding of the element that contains it and/or the understanding of the containing element's descendants. Usually modifier elements provide negation or qualification. To make the use of extensions safe and manageable, there is a strict set of governance applied to the definition and use of extensions. Though any implementer is allowed to define an extension, there is a set of requirements that SHALL be met as part of the definition of the extension. Applications processing a resource are required to check for modifier extensions.

                Modifier extensions SHALL NOT change the meaning of any elements on Resource or DomainResource (including cannot change the meaning of modifierExtension itself).

                ShortExtensions that cannot be ignored
                Comments

                There can be no stigma associated with the use of extensions by any application, project, or standard - regardless of the institution or jurisdiction that uses or defines the extensions. The use of extensions is what allows the FHIR specification to retain a core level of simplicity for everyone.

                Control0..*
                TypeExtension
                Is Modifiertrue because Modifier extensions are expected to modify the meaning or interpretation of the resource that contains them
                Summaryfalse
                Requirements

                Modifier extensions allow for extensions that cannot be safely ignored to be clearly distinguished from the vast majority of extensions which can be safely ignored. This promotes interoperability by eliminating the need for implementers to prohibit the presence of extensions. For further information, see the definition of modifier extensions.

                Alternate Namesextensions, user content
                Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                ext-1: Must have either extensions or value[x], not both (extension.exists() != value.exists())
                20. Consent.identifier
                Definition

                Unique identifier for this copy of the Consent Statement.

                ShortIdentifier for this record (external references)
                Comments

                This identifier identifies this copy of the consent. Where this identifier is also used elsewhere as the identifier for a consent record (e.g. a CDA consent document) then the consent details are expected to be the same.

                NoteThis is a business identifier, not a resource identifier (see discussion)
                Control0..*
                TypeIdentifier
                Is Modifierfalse
                Summarytrue
                ExampleGeneral: { "system" : "http://acme.org/identifier/local/eCMS", "value" : "Local eCMS identifier" }
                Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                22. Consent.status
                Definition

                Trạng thái theo ma trận Luật 91/2025/QH15: active (bản ghi đang hiệu lực — kể cả từ chối chủ động qua rule nested provision.provision.type=deny), rejected (đề nghị đồng ý bị từ chối ngay từ đầu theo Điều 4 khoản 1 điểm b), inactive (đã chấm dứt: rút lại theo Điều 10, hết thời hạn, hoặc bị thay thế).

                ShortTrạng thái đồng ý
                Comments

                KHÔNG dùng rejected cho việc rút lại — rút lại sự đồng ý đang hiệu lực (Điều 10) chuyển bản ghi sang inactive; bản chép mới ghi nhận từ chối tiếp theo (nếu có) dùng active + rule nested deny.

                Control1..1
                BindingThe codes SHALL be taken from ConsentState
                (required to http://hl7.org/fhir/ValueSet/consent-state-codes|4.0.1)

                Indicates the state of the consent.

                Typecode
                Is Modifiertrue because This element is labelled as a modifier because it is a status element that contains status entered-in-error which means that the resource should not be treated as valid
                Primitive ValueThis primitive element may be present, or absent, or replaced by an extension
                Must Supporttrue
                Summarytrue
                Requirements

                The Consent Directive that is pointed to might be in various lifecycle states, e.g., a revoked Consent Directive.

                Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                24. Consent.scope
                Definition

                Phạm vi đồng ý — mặc định patient-privacy cho DLCN y tế nhạy cảm.

                ShortPhạm vi đồng ý
                Control1..1
                BindingUnless not suitable, these codes SHALL be taken from ConsentScopeCodes
                (extensible to http://hl7.org/fhir/ValueSet/consent-scope|4.0.1)

                The four anticipated uses for the Consent Resource.

                TypeCodeableConcept
                Is Modifiertrue because Allows changes to codes based on scope selection
                Must Supporttrue
                Summarytrue
                Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                26. Consent.category
                Definition

                Phân loại chỉ thị đồng ý: quyền riêng tư, điều trị, nghiên cứu, đồng ý qua đại diện. Theo Luật 91/2025/QH15 Điều 9 (sự đồng ý), Điều 24 (đại diện theo pháp luật). Các trường hợp KHÔNG cần đồng ý (Điều 19) không phải loại đồng ý — dùng extension[processingLegalBasis].

                ShortLoại đồng ý
                Control1..*
                BindingUnless not suitable, these codes SHALL be taken from Loại đồng ý — VN Consent Category ValueSet
                (extensible to http://fhir.hl7.org.vn/core/ValueSet/vn-consent-category-vs)
                TypeCodeableConcept
                Is Modifierfalse
                Must Supporttrue
                Summarytrue
                Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                28. Consent.patient
                Definition

                Bệnh nhân — chủ thể dữ liệu cá nhân theo Luật 91/2025/QH15 Điều 2 khoản 5.

                ShortChủ thể dữ liệu
                Comments

                Commonly, the patient the consent pertains to is the author, but for young and old people, it may be some other person.

                Control1..1
                TypeReference(Bệnh nhân VN Core — VN Core Patient Profile)
                Is Modifierfalse
                Must Supporttrue
                Summarytrue
                Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                30. Consent.dateTime
                Definition

                Thời điểm ghi nhận sự đồng ý hoặc từ chối. Hình thức đồng ý phải rõ ràng, cụ thể, kiểm chứng được theo Luật 91/2025/QH15 Điều 9 khoản 3.

                ShortThời điểm đồng ý
                Comments

                This is not the time of the original consent, but the time that this statement was made or derived.

                Control1..1
                TypedateTime
                Is Modifierfalse
                Primitive ValueThis primitive element may be present, or absent, or replaced by an extension
                Must Supporttrue
                Summarytrue
                Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                32. Consent.performer
                Definition

                Người thực hiện đồng ý: bệnh nhân, hoặc người đại diện theo pháp luật đối với trẻ em/người bị mất hoặc hạn chế năng lực hành vi dân sự (Luật 91/2025/QH15 Điều 24 khoản 2). Trẻ em từ đủ 07 tuổi: công bố thông tin đời tư cần đồng ý của CẢ trẻ và người đại diện.

                ShortNgười đồng ý
                Comments

                Commonly, the patient the consent pertains to is the consentor, but particularly for young and old people, it may be some other person - e.g. a legal guardian.

                Control0..*
                TypeReference(Bệnh nhân VN Core — VN Core Patient Profile, Người liên quan/người giám hộ VN Core — VN Core RelatedPerson Profile, Nhân viên y tế VN Core — VN Core Practitioner Profile)
                Is Modifierfalse
                Must Supporttrue
                Must Support TypesNo must-support rules about the choice of types/profiles
                Summarytrue
                Alternate Namesconsentor
                Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                34. Consent.organization
                Definition

                Cơ sở khám chữa bệnh — bên kiểm soát dữ liệu (Luật 91/2025/QH15 Điều 2 khoản 7) hoặc bên kiểm soát và xử lý dữ liệu (Điều 2 khoản 9) khi tự vận hành hệ thống. Chịu nghĩa vụ lưu trữ và chứng minh sự đồng ý theo NĐ 356/2025/NĐ-CP Điều 6 khoản 2.

                ShortCSKCB quản lý đồng ý
                Control0..*
                TypeReference(Cơ sở y tế VN Core — VN Core Organization Profile)
                Is Modifierfalse
                Must Supporttrue
                Summarytrue
                Alternate Namescustodian
                Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                36. Consent.source[x]
                Definition

                Tài liệu gốc: bản scan chữ ký, phiếu đồng ý điện tử, hoặc ghi nhận khác kiểm chứng được (5 phương thức theo NĐ 356/2025/NĐ-CP Điều 6 khoản 1 — xem vn-ext-consent-method). Bên kiểm soát PHẢI lưu trữ sự đồng ý và chịu trách nhiệm chứng minh khi tranh chấp (NĐ 356/2025/NĐ-CP Điều 6 khoản 2). Im lặng/không phản hồi không được coi là đồng ý (Luật 91/2025/QH15 Điều 9 khoản 4 điểm d); cấm thiết lập mặc định đồng ý (NĐ 356/2025/NĐ-CP Điều 6 khoản 3).

                ShortBản gốc đồng ý
                Comments

                The source can be contained inline (Attachment), referenced directly (Consent), referenced in a consent repository (DocumentReference), or simply by an identifier (Identifier), e.g. a CDA document id.

                Control0..1
                TypeChoice of: Attachment, Reference(Consent, DocumentReference, Contract, QuestionnaireResponse)
                [x] NoteSeeChoice of Data Typesfor further information about how to use [x]
                Is Modifierfalse
                Must Supporttrue
                Must Support TypesNo must-support rules about the choice of types/profiles
                Summarytrue
                Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                38. Consent.policy
                Definition

                Tham chiếu đến văn bản pháp luật làm căn cứ cho đồng ý.

                ShortCăn cứ pháp lý
                Control0..*
                TypeBackboneElement
                Is Modifierfalse
                Must Supporttrue
                Summaryfalse
                Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                40. Consent.policy.id
                Definition

                Unique id for the element within a resource (for internal references). This may be any string value that does not contain spaces.

                ShortUnique id for inter-element referencing
                Control0..1
                Typestring
                Is Modifierfalse
                XML FormatIn the XML format, this property is represented as an attribute.
                Summaryfalse
                42. Consent.policy.extension
                Definition

                May be used to represent additional information that is not part of the basic definition of the element. To make the use of extensions safe and manageable, there is a strict set of governance applied to the definition and use of extensions. Though any implementer can define an extension, there is a set of requirements that SHALL be met as part of the definition of the extension.

                ShortAdditional content defined by implementations
                Comments

                There can be no stigma associated with the use of extensions by any application, project, or standard - regardless of the institution or jurisdiction that uses or defines the extensions. The use of extensions is what allows the FHIR specification to retain a core level of simplicity for everyone.

                Control0..*
                TypeExtension
                Is Modifierfalse
                Summaryfalse
                Alternate Namesextensions, user content
                Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                ext-1: Must have either extensions or value[x], not both (extension.exists() != value.exists())
                44. Consent.policy.modifierExtension
                Definition

                May be used to represent additional information that is not part of the basic definition of the element and that modifies the understanding of the element in which it is contained and/or the understanding of the containing element's descendants. Usually modifier elements provide negation or qualification. To make the use of extensions safe and manageable, there is a strict set of governance applied to the definition and use of extensions. Though any implementer can define an extension, there is a set of requirements that SHALL be met as part of the definition of the extension. Applications processing a resource are required to check for modifier extensions.

                Modifier extensions SHALL NOT change the meaning of any elements on Resource or DomainResource (including cannot change the meaning of modifierExtension itself).

                ShortExtensions that cannot be ignored even if unrecognized
                Comments

                There can be no stigma associated with the use of extensions by any application, project, or standard - regardless of the institution or jurisdiction that uses or defines the extensions. The use of extensions is what allows the FHIR specification to retain a core level of simplicity for everyone.

                Control0..*
                TypeExtension
                Is Modifiertrue because Modifier extensions are expected to modify the meaning or interpretation of the element that contains them
                Summarytrue
                Requirements

                Modifier extensions allow for extensions that cannot be safely ignored to be clearly distinguished from the vast majority of extensions which can be safely ignored. This promotes interoperability by eliminating the need for implementers to prohibit the presence of extensions. For further information, see the definition of modifier extensions.

                Alternate Namesextensions, user content, modifiers
                Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                ext-1: Must have either extensions or value[x], not both (extension.exists() != value.exists())
                46. Consent.policy.authority
                Definition

                Entity or Organization having regulatory jurisdiction or accountability for enforcing policies pertaining to Consent Directives.

                ShortCơ quan ban hành
                Control0..1
                This element is affected by the following invariants: ppc-1
                Typeuri
                Is Modifierfalse
                Primitive ValueThis primitive element may be present, or absent, or replaced by an extension
                Summaryfalse
                Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                48. Consent.policy.uri
                Definition

                URL/URI văn bản pháp luật (VD: Luật 91/2025/QH15, NĐ 356/2025/NĐ-CP, TT 13/2025/TT-BYT).

                ShortURL văn bản pháp lý
                Comments

                This element is for discoverability / documentation and does not modify or qualify the policy rules.

                Control0..1
                This element is affected by the following invariants: ppc-1
                Typeuri
                Is Modifierfalse
                Primitive ValueThis primitive element may be present, or absent, or replaced by an extension
                Must Supporttrue
                Summaryfalse
                Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                50. Consent.policyRule
                Definition

                A reference to the specific base computable regulation or policy.

                ShortRegulation that this consents to
                Comments

                If the policyRule is absent, computable consent would need to be constructed from the elements of the Consent resource.

                Control0..1
                This element is affected by the following invariants: ppc-1
                BindingUnless not suitable, these codes SHALL be taken from ConsentPolicyRuleCodes
                (extensible to http://hl7.org/fhir/ValueSet/consent-policy|4.0.1)

                Regulatory policy examples.

                TypeCodeableConcept
                Is Modifierfalse
                Summarytrue
                Requirements

                Might be a unique identifier of a policy set in XACML, or other rules engine.

                Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                52. Consent.verification
                Definition

                Whether a treatment instruction (e.g. artificial respiration yes or no) was verified with the patient, his/her family or another authorized person.

                ShortConsent Verified by patient or family
                Control0..*
                TypeBackboneElement
                Is Modifierfalse
                Summarytrue
                Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                54. Consent.verification.id
                Definition

                Unique id for the element within a resource (for internal references). This may be any string value that does not contain spaces.

                ShortUnique id for inter-element referencing
                Control0..1
                Typestring
                Is Modifierfalse
                XML FormatIn the XML format, this property is represented as an attribute.
                Summaryfalse
                56. Consent.verification.extension
                Definition

                May be used to represent additional information that is not part of the basic definition of the element. To make the use of extensions safe and manageable, there is a strict set of governance applied to the definition and use of extensions. Though any implementer can define an extension, there is a set of requirements that SHALL be met as part of the definition of the extension.

                ShortAdditional content defined by implementations
                Comments

                There can be no stigma associated with the use of extensions by any application, project, or standard - regardless of the institution or jurisdiction that uses or defines the extensions. The use of extensions is what allows the FHIR specification to retain a core level of simplicity for everyone.

                Control0..*
                TypeExtension
                Is Modifierfalse
                Summaryfalse
                Alternate Namesextensions, user content
                Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                ext-1: Must have either extensions or value[x], not both (extension.exists() != value.exists())
                58. Consent.verification.modifierExtension
                Definition

                May be used to represent additional information that is not part of the basic definition of the element and that modifies the understanding of the element in which it is contained and/or the understanding of the containing element's descendants. Usually modifier elements provide negation or qualification. To make the use of extensions safe and manageable, there is a strict set of governance applied to the definition and use of extensions. Though any implementer can define an extension, there is a set of requirements that SHALL be met as part of the definition of the extension. Applications processing a resource are required to check for modifier extensions.

                Modifier extensions SHALL NOT change the meaning of any elements on Resource or DomainResource (including cannot change the meaning of modifierExtension itself).

                ShortExtensions that cannot be ignored even if unrecognized
                Comments

                There can be no stigma associated with the use of extensions by any application, project, or standard - regardless of the institution or jurisdiction that uses or defines the extensions. The use of extensions is what allows the FHIR specification to retain a core level of simplicity for everyone.

                Control0..*
                TypeExtension
                Is Modifiertrue because Modifier extensions are expected to modify the meaning or interpretation of the element that contains them
                Summarytrue
                Requirements

                Modifier extensions allow for extensions that cannot be safely ignored to be clearly distinguished from the vast majority of extensions which can be safely ignored. This promotes interoperability by eliminating the need for implementers to prohibit the presence of extensions. For further information, see the definition of modifier extensions.

                Alternate Namesextensions, user content, modifiers
                Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                ext-1: Must have either extensions or value[x], not both (extension.exists() != value.exists())
                60. Consent.verification.verified
                Definition

                Has the instruction been verified.

                ShortHas been verified
                Control1..1
                Typeboolean
                Is Modifierfalse
                Primitive ValueThis primitive element may be present, or absent, or replaced by an extension
                Summarytrue
                Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                62. Consent.verification.verifiedWith
                Definition

                Who verified the instruction (Patient, Relative or other Authorized Person).

                ShortPerson who verified
                Control0..1
                TypeReference(Patient, RelatedPerson)
                Is Modifierfalse
                Summaryfalse
                Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                64. Consent.verification.verificationDate
                Definition

                Date verification was collected.

                ShortWhen consent verified
                Control0..1
                TypedateTime
                Is Modifierfalse
                Primitive ValueThis primitive element may be present, or absent, or replaced by an extension
                Summaryfalse
                Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                66. Consent.provision
                Definition

                Quy tắc cho phép/từ chối xử lý dữ liệu theo mục đích, đối tượng, thời hạn cụ thể.

                ShortQuy tắc đồng ý chi tiết
                Control0..1
                TypeBackboneElement
                Is Modifierfalse
                Must Supporttrue
                Summarytrue
                Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                68. Consent.provision.id
                Definition

                Unique id for the element within a resource (for internal references). This may be any string value that does not contain spaces.

                ShortUnique id for inter-element referencing
                Control0..1
                Typestring
                Is Modifierfalse
                XML FormatIn the XML format, this property is represented as an attribute.
                Summaryfalse
                70. Consent.provision.extension
                Definition

                May be used to represent additional information that is not part of the basic definition of the element. To make the use of extensions safe and manageable, there is a strict set of governance applied to the definition and use of extensions. Though any implementer can define an extension, there is a set of requirements that SHALL be met as part of the definition of the extension.

                ShortAdditional content defined by implementations
                Comments

                There can be no stigma associated with the use of extensions by any application, project, or standard - regardless of the institution or jurisdiction that uses or defines the extensions. The use of extensions is what allows the FHIR specification to retain a core level of simplicity for everyone.

                Control0..*
                TypeExtension
                Is Modifierfalse
                Summaryfalse
                Alternate Namesextensions, user content
                Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                ext-1: Must have either extensions or value[x], not both (extension.exists() != value.exists())
                72. Consent.provision.modifierExtension
                Definition

                May be used to represent additional information that is not part of the basic definition of the element and that modifies the understanding of the element in which it is contained and/or the understanding of the containing element's descendants. Usually modifier elements provide negation or qualification. To make the use of extensions safe and manageable, there is a strict set of governance applied to the definition and use of extensions. Though any implementer can define an extension, there is a set of requirements that SHALL be met as part of the definition of the extension. Applications processing a resource are required to check for modifier extensions.

                Modifier extensions SHALL NOT change the meaning of any elements on Resource or DomainResource (including cannot change the meaning of modifierExtension itself).

                ShortExtensions that cannot be ignored even if unrecognized
                Comments

                There can be no stigma associated with the use of extensions by any application, project, or standard - regardless of the institution or jurisdiction that uses or defines the extensions. The use of extensions is what allows the FHIR specification to retain a core level of simplicity for everyone.

                Control0..*
                TypeExtension
                Is Modifiertrue because Modifier extensions are expected to modify the meaning or interpretation of the element that contains them
                Summarytrue
                Requirements

                Modifier extensions allow for extensions that cannot be safely ignored to be clearly distinguished from the vast majority of extensions which can be safely ignored. This promotes interoperability by eliminating the need for implementers to prohibit the presence of extensions. For further information, see the definition of modifier extensions.

                Alternate Namesextensions, user content, modifiers
                Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                ext-1: Must have either extensions or value[x], not both (extension.exists() != value.exists())
                74. Consent.provision.type
                Definition

                Action to take - permit or deny - when the rule conditions are met. Not permitted in root rule, required in all nested rules.

                Shortdeny | permit
                Comments

                R4: type không được dùng ở root rule — root chỉ là khung; mọi rule permit/deny nằm ở provision.provision (vn-consent-provision-structure).

                Control0..0
                BindingThe codes SHALL be taken from ConsentProvisionType
                (required to http://hl7.org/fhir/ValueSet/consent-provision-type|4.0.1)

                How a rule statement is applied, such as adding additional consent or removing consent.

                Typecode
                Is Modifierfalse
                Primitive ValueThis primitive element may be present, or absent, or replaced by an extension
                Summarytrue
                Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                76. Consent.provision.period
                Definition

                Thời hạn đồng ý (nếu chủ thể ấn định). Chủ thể có quyền yêu cầu rút lại/hạn chế xử lý theo Luật 91/2025/QH15 Điều 10 (trừ trường hợp Điều 19 hoặc pháp luật quy định khác); hệ thống lưu bằng chứng thời hạn và việc rút lại theo NĐ 356/2025/NĐ-CP Điều 6 khoản 2.

                ShortThời hạn hiệu lực
                Comments

                KHÔNG bắt buộc period.end: sự đồng ý vô thời hạn là hợp pháp — có hiệu lực cho đến khi chủ thể thay đổi (Luật 91/2025/QH15 Điều 9 khoản 4 điểm c). Invariant vn-consent-period-end-required (≤0.7.0) đã gỡ vì mâu thuẫn điều khoản này.

                Control0..1
                TypePeriod
                Is Modifierfalse
                Must Supporttrue
                Summarytrue
                Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                78. Consent.provision.actor
                Definition

                Bên được phép/từ chối xử lý: CSKCB, BHXH, cơ quan y tế dự phòng, người đại diện, v.v. LƯU Ý Điều 26 khoản 2 Luật 91/2025/QH15: cấm cung cấp DLCN cho bên thứ ba là tổ chức CSSK/bảo hiểm khác trừ khi chủ thể yêu cầu bằng văn bản hoặc thuộc Điều 19 khoản 1 — mô hình mặc định là deny với bên thứ ba.

                ShortBên liên quan
                Control0..*
                TypeBackboneElement
                Is Modifierfalse
                Summaryfalse
                Meaning if MissingThere is no specific actor associated with the exception
                Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                80. Consent.provision.actor.id
                Definition

                Unique id for the element within a resource (for internal references). This may be any string value that does not contain spaces.

                ShortUnique id for inter-element referencing
                Control0..1
                Typestring
                Is Modifierfalse
                XML FormatIn the XML format, this property is represented as an attribute.
                Summaryfalse
                82. Consent.provision.actor.extension
                Definition

                May be used to represent additional information that is not part of the basic definition of the element. To make the use of extensions safe and manageable, there is a strict set of governance applied to the definition and use of extensions. Though any implementer can define an extension, there is a set of requirements that SHALL be met as part of the definition of the extension.

                ShortAdditional content defined by implementations
                Comments

                There can be no stigma associated with the use of extensions by any application, project, or standard - regardless of the institution or jurisdiction that uses or defines the extensions. The use of extensions is what allows the FHIR specification to retain a core level of simplicity for everyone.

                Control0..*
                TypeExtension
                Is Modifierfalse
                Summaryfalse
                Alternate Namesextensions, user content
                Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                ext-1: Must have either extensions or value[x], not both (extension.exists() != value.exists())
                84. Consent.provision.actor.modifierExtension
                Definition

                May be used to represent additional information that is not part of the basic definition of the element and that modifies the understanding of the element in which it is contained and/or the understanding of the containing element's descendants. Usually modifier elements provide negation or qualification. To make the use of extensions safe and manageable, there is a strict set of governance applied to the definition and use of extensions. Though any implementer can define an extension, there is a set of requirements that SHALL be met as part of the definition of the extension. Applications processing a resource are required to check for modifier extensions.

                Modifier extensions SHALL NOT change the meaning of any elements on Resource or DomainResource (including cannot change the meaning of modifierExtension itself).

                ShortExtensions that cannot be ignored even if unrecognized
                Comments

                There can be no stigma associated with the use of extensions by any application, project, or standard - regardless of the institution or jurisdiction that uses or defines the extensions. The use of extensions is what allows the FHIR specification to retain a core level of simplicity for everyone.

                Control0..*
                TypeExtension
                Is Modifiertrue because Modifier extensions are expected to modify the meaning or interpretation of the element that contains them
                Summarytrue
                Requirements

                Modifier extensions allow for extensions that cannot be safely ignored to be clearly distinguished from the vast majority of extensions which can be safely ignored. This promotes interoperability by eliminating the need for implementers to prohibit the presence of extensions. For further information, see the definition of modifier extensions.

                Alternate Namesextensions, user content, modifiers
                Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                ext-1: Must have either extensions or value[x], not both (extension.exists() != value.exists())
                86. Consent.provision.actor.role
                Definition

                How the individual is involved in the resources content that is described in the exception.

                ShortHow the actor is involved
                Control1..1
                BindingUnless not suitable, these codes SHALL be taken from SecurityRoleType
                (extensible to http://hl7.org/fhir/ValueSet/security-role-type|4.0.1)

                How an actor is involved in the consent considerations.

                TypeCodeableConcept
                Is Modifierfalse
                Summaryfalse
                Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                88. Consent.provision.actor.reference
                Definition

                The resource that identifies the actor. To identify actors by type, use group to identify a set of actors by some property they share (e.g. 'admitting officers').

                ShortResource for the actor (or group, by role)
                Control1..1
                TypeReference(Device, Group, CareTeam, Organization, Patient, Practitioner, RelatedPerson, PractitionerRole)
                Is Modifierfalse
                Summaryfalse
                Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                90. Consent.provision.action
                Definition

                Actions controlled by this Rule.

                ShortActions controlled by this rule
                Comments

                Note that this is the direct action (not the grounds for the action covered in the purpose element). At present, the only action in the understood and tested scope of this resource is 'read'.

                Control0..*
                BindingFor example codes, see ConsentActionCodes
                (example to http://hl7.org/fhir/ValueSet/consent-action|4.0.1)

                Detailed codes for the consent action.

                TypeCodeableConcept
                Is Modifierfalse
                Summarytrue
                Meaning if Missingall actions
                Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                92. Consent.provision.securityLabel
                Definition

                A security label, comprised of 0..* security label fields (Privacy tags), which define which resources are controlled by this exception.

                ShortSecurity Labels that define affected resources
                Comments

                If the consent specifies a security label of "R" then it applies to all resources that are labeled "R" or lower. E.g. for Confidentiality, it's a high water mark. For other kinds of security labels, subsumption logic applies. When the purpose of use tag is on the data, access request purpose of use shall not conflict.

                Control0..*
                BindingUnless not suitable, these codes SHALL be taken from All Security Labels
                (extensible to http://hl7.org/fhir/ValueSet/security-labels|4.0.1)

                Security Labels from the Healthcare Privacy and Security Classification System.

                TypeCoding
                Is Modifierfalse
                Summarytrue
                Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                94. Consent.provision.purpose
                Definition

                Mục đích cụ thể: khám chữa bệnh, BHYT, y tế công cộng, nghiên cứu, bệnh án điện tử, chia sẻ hồ sơ. Sự đồng ý thể hiện theo TỪNG mục đích — Luật 91/2025/QH15 Điều 9 khoản 4 điểm a; không được kèm điều kiện ép đồng ý mục đích khác (điểm b).

                ShortMục đích xử lý
                Comments

                When the purpose of use tag is on the data, access request purpose of use shall not conflict.

                Control0..*
                BindingUnless not suitable, these codes SHALL be taken from Mục đích xử lý dữ liệu y tế — VN Consent Purpose ValueSet
                (extensible to http://fhir.hl7.org.vn/core/ValueSet/vn-consent-purpose-vs)
                TypeCoding
                Is Modifierfalse
                Must Supporttrue
                Summarytrue
                Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                96. Consent.provision.class
                Definition

                Loại resource FHIR được phép/từ chối: Condition, Observation, Claim, v.v.

                ShortLoại dữ liệu
                Comments

                Multiple types are or'ed together. The intention of the contentType element is that the codes refer to profiles or document types defined in a standard or an implementation guide somewhere.

                Control0..*
                BindingUnless not suitable, these codes SHALL be taken from ConsentContentClass
                (extensible to http://hl7.org/fhir/ValueSet/consent-content-class|4.0.1)

                The class (type) of information a consent rule covers.

                TypeCoding
                Is Modifierfalse
                Summarytrue
                Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                98. Consent.provision.code
                Definition

                If this code is found in an instance, then the rule applies.

                Shorte.g. LOINC or SNOMED CT code, etc. in the content
                Comments

                Typical use of this is a Document code with class = CDA.

                Control0..*
                BindingFor example codes, see ConsentContentCodes
                (example to http://hl7.org/fhir/ValueSet/consent-content-code|4.0.1)

                If this code is found in an instance, then the exception applies.

                TypeCodeableConcept
                Is Modifierfalse
                Summarytrue
                Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                100. Consent.provision.dataPeriod
                Definition

                Clinical or Operational Relevant period of time that bounds the data controlled by this rule.

                ShortTimeframe for data controlled by this rule
                Comments

                This has a different sense to the Consent.period - that is when the consent agreement holds. This is the time period of the data that is controlled by the agreement.

                Control0..1
                TypePeriod
                Is Modifierfalse
                Summarytrue
                Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                102. Consent.provision.data
                Definition

                The resources controlled by this rule if specific resources are referenced.

                ShortData controlled by this rule
                Control0..*
                TypeBackboneElement
                Is Modifierfalse
                Summarytrue
                Meaning if Missingall data
                Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                104. Consent.provision.data.id
                Definition

                Unique id for the element within a resource (for internal references). This may be any string value that does not contain spaces.

                ShortUnique id for inter-element referencing
                Control0..1
                Typestring
                Is Modifierfalse
                XML FormatIn the XML format, this property is represented as an attribute.
                Summaryfalse
                106. Consent.provision.data.extension
                Definition

                May be used to represent additional information that is not part of the basic definition of the element. To make the use of extensions safe and manageable, there is a strict set of governance applied to the definition and use of extensions. Though any implementer can define an extension, there is a set of requirements that SHALL be met as part of the definition of the extension.

                ShortAdditional content defined by implementations
                Comments

                There can be no stigma associated with the use of extensions by any application, project, or standard - regardless of the institution or jurisdiction that uses or defines the extensions. The use of extensions is what allows the FHIR specification to retain a core level of simplicity for everyone.

                Control0..*
                TypeExtension
                Is Modifierfalse
                Summaryfalse
                Alternate Namesextensions, user content
                Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                ext-1: Must have either extensions or value[x], not both (extension.exists() != value.exists())
                108. Consent.provision.data.modifierExtension
                Definition

                May be used to represent additional information that is not part of the basic definition of the element and that modifies the understanding of the element in which it is contained and/or the understanding of the containing element's descendants. Usually modifier elements provide negation or qualification. To make the use of extensions safe and manageable, there is a strict set of governance applied to the definition and use of extensions. Though any implementer can define an extension, there is a set of requirements that SHALL be met as part of the definition of the extension. Applications processing a resource are required to check for modifier extensions.

                Modifier extensions SHALL NOT change the meaning of any elements on Resource or DomainResource (including cannot change the meaning of modifierExtension itself).

                ShortExtensions that cannot be ignored even if unrecognized
                Comments

                There can be no stigma associated with the use of extensions by any application, project, or standard - regardless of the institution or jurisdiction that uses or defines the extensions. The use of extensions is what allows the FHIR specification to retain a core level of simplicity for everyone.

                Control0..*
                TypeExtension
                Is Modifiertrue because Modifier extensions are expected to modify the meaning or interpretation of the element that contains them
                Summarytrue
                Requirements

                Modifier extensions allow for extensions that cannot be safely ignored to be clearly distinguished from the vast majority of extensions which can be safely ignored. This promotes interoperability by eliminating the need for implementers to prohibit the presence of extensions. For further information, see the definition of modifier extensions.

                Alternate Namesextensions, user content, modifiers
                Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                ext-1: Must have either extensions or value[x], not both (extension.exists() != value.exists())
                110. Consent.provision.data.meaning
                Definition

                How the resource reference is interpreted when testing consent restrictions.

                Shortinstance | related | dependents | authoredby
                Control1..1
                BindingThe codes SHALL be taken from ConsentDataMeaning
                (required to http://hl7.org/fhir/ValueSet/consent-data-meaning|4.0.1)

                How a resource reference is interpreted when testing consent restrictions.

                Typecode
                Is Modifierfalse
                Primitive ValueThis primitive element may be present, or absent, or replaced by an extension
                Summarytrue
                Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                112. Consent.provision.data.reference
                Definition

                A reference to a specific resource that defines which resources are covered by this consent.

                ShortThe actual data reference
                Control1..1
                TypeReference(Resource)
                Is Modifierfalse
                Summarytrue
                Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                114. Consent.provision.provision
                Definition

                Rules which provide exceptions to the base rule or subrules.

                ShortCác rule permit/deny
                Control0..*
                TypeBackboneElement
                Is Modifierfalse
                Must Supporttrue
                Summaryfalse
                Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                116. Consent.provision.provision.id
                Definition

                Unique id for the element within a resource (for internal references). This may be any string value that does not contain spaces.

                ShortUnique id for inter-element referencing
                Control0..1
                Typestring
                Is Modifierfalse
                XML FormatIn the XML format, this property is represented as an attribute.
                Summaryfalse
                118. Consent.provision.provision.extension
                Definition

                May be used to represent additional information that is not part of the basic definition of the element. To make the use of extensions safe and manageable, there is a strict set of governance applied to the definition and use of extensions. Though any implementer can define an extension, there is a set of requirements that SHALL be met as part of the definition of the extension.

                ShortAdditional content defined by implementations
                Comments

                There can be no stigma associated with the use of extensions by any application, project, or standard - regardless of the institution or jurisdiction that uses or defines the extensions. The use of extensions is what allows the FHIR specification to retain a core level of simplicity for everyone.

                Control0..*
                TypeExtension
                Is Modifierfalse
                Summaryfalse
                Alternate Namesextensions, user content
                Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                ext-1: Must have either extensions or value[x], not both (extension.exists() != value.exists())
                120. Consent.provision.provision.modifierExtension
                Definition

                May be used to represent additional information that is not part of the basic definition of the element and that modifies the understanding of the element in which it is contained and/or the understanding of the containing element's descendants. Usually modifier elements provide negation or qualification. To make the use of extensions safe and manageable, there is a strict set of governance applied to the definition and use of extensions. Though any implementer can define an extension, there is a set of requirements that SHALL be met as part of the definition of the extension. Applications processing a resource are required to check for modifier extensions.

                Modifier extensions SHALL NOT change the meaning of any elements on Resource or DomainResource (including cannot change the meaning of modifierExtension itself).

                ShortExtensions that cannot be ignored even if unrecognized
                Comments

                There can be no stigma associated with the use of extensions by any application, project, or standard - regardless of the institution or jurisdiction that uses or defines the extensions. The use of extensions is what allows the FHIR specification to retain a core level of simplicity for everyone.

                Control0..*
                TypeExtension
                Is Modifiertrue because Modifier extensions are expected to modify the meaning or interpretation of the element that contains them
                Summarytrue
                Requirements

                Modifier extensions allow for extensions that cannot be safely ignored to be clearly distinguished from the vast majority of extensions which can be safely ignored. This promotes interoperability by eliminating the need for implementers to prohibit the presence of extensions. For further information, see the definition of modifier extensions.

                Alternate Namesextensions, user content, modifiers
                Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                ext-1: Must have either extensions or value[x], not both (extension.exists() != value.exists())
                122. Consent.provision.provision.type
                Definition

                permit = cho phép xử lý, deny = từ chối xử lý. Quyền đồng ý/không đồng ý/rút lại theo Luật 91/2025/QH15 Điều 4 khoản 1 điểm b; với thông tin sức khỏe, đồng ý là bắt buộc trừ Điều 19 khoản 1 (Điều 26 khoản 1 điểm a). Từ chối đang hiệu lực = status active + rule deny (nested).

                ShortCho phép / Từ chối
                Control1..1
                BindingThe codes SHALL be taken from ConsentProvisionType
                (required to http://hl7.org/fhir/ValueSet/consent-provision-type|4.0.1)

                How a rule statement is applied, such as adding additional consent or removing consent.

                Typecode
                Is Modifierfalse
                Primitive ValueThis primitive element may be present, or absent, or replaced by an extension
                Must Supporttrue
                Summarytrue
                Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                124. Consent.provision.provision.period
                Definition

                The timeframe in this rule is valid.

                ShortTimeframe for this rule
                Control0..1
                TypePeriod
                Is Modifierfalse
                Summarytrue
                Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                126. Consent.provision.provision.actor
                Definition

                Who or what is controlled by this rule. Use group to identify a set of actors by some property they share (e.g. 'admitting officers').

                ShortWho|what controlled by this rule (or group, by role)
                Control0..*
                TypeBackboneElement
                Is Modifierfalse
                Summaryfalse
                Meaning if MissingThere is no specific actor associated with the exception
                Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                SlicingThis element introduces a set of slices on Consent.provision.provision.actor. The slices areUnordered and Open, and can be differentiated using the following discriminators:
                • exists @ extension('http://fhir.hl7.org.vn/core/StructureDefinition/vn-ext-representation-authority')
                • 128. Consent.provision.provision.actor.id
                  Definition

                  Unique id for the element within a resource (for internal references). This may be any string value that does not contain spaces.

                  ShortUnique id for inter-element referencing
                  Control0..1
                  Typestring
                  Is Modifierfalse
                  XML FormatIn the XML format, this property is represented as an attribute.
                  Summaryfalse
                  130. Consent.provision.provision.actor.extension
                  Definition

                  May be used to represent additional information that is not part of the basic definition of the element. To make the use of extensions safe and manageable, there is a strict set of governance applied to the definition and use of extensions. Though any implementer can define an extension, there is a set of requirements that SHALL be met as part of the definition of the extension.

                  ShortAdditional content defined by implementations
                  Comments

                  There can be no stigma associated with the use of extensions by any application, project, or standard - regardless of the institution or jurisdiction that uses or defines the extensions. The use of extensions is what allows the FHIR specification to retain a core level of simplicity for everyone.

                  Control0..*
                  TypeExtension
                  Is Modifierfalse
                  Summaryfalse
                  Alternate Namesextensions, user content
                  Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                  ext-1: Must have either extensions or value[x], not both (extension.exists() != value.exists())
                  132. Consent.provision.provision.actor.modifierExtension
                  Definition

                  May be used to represent additional information that is not part of the basic definition of the element and that modifies the understanding of the element in which it is contained and/or the understanding of the containing element's descendants. Usually modifier elements provide negation or qualification. To make the use of extensions safe and manageable, there is a strict set of governance applied to the definition and use of extensions. Though any implementer can define an extension, there is a set of requirements that SHALL be met as part of the definition of the extension. Applications processing a resource are required to check for modifier extensions.

                  Modifier extensions SHALL NOT change the meaning of any elements on Resource or DomainResource (including cannot change the meaning of modifierExtension itself).

                  ShortExtensions that cannot be ignored even if unrecognized
                  Comments

                  There can be no stigma associated with the use of extensions by any application, project, or standard - regardless of the institution or jurisdiction that uses or defines the extensions. The use of extensions is what allows the FHIR specification to retain a core level of simplicity for everyone.

                  Control0..*
                  TypeExtension
                  Is Modifiertrue because Modifier extensions are expected to modify the meaning or interpretation of the element that contains them
                  Summarytrue
                  Requirements

                  Modifier extensions allow for extensions that cannot be safely ignored to be clearly distinguished from the vast majority of extensions which can be safely ignored. This promotes interoperability by eliminating the need for implementers to prohibit the presence of extensions. For further information, see the definition of modifier extensions.

                  Alternate Namesextensions, user content, modifiers
                  Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                  ext-1: Must have either extensions or value[x], not both (extension.exists() != value.exists())
                  134. Consent.provision.provision.actor.role
                  Definition

                  How the individual is involved in the resources content that is described in the exception.

                  ShortHow the actor is involved
                  Control1..1
                  BindingUnless not suitable, these codes SHALL be taken from SecurityRoleType
                  (extensible to http://hl7.org/fhir/ValueSet/security-role-type|4.0.1)

                  How an actor is involved in the consent considerations.

                  TypeCodeableConcept
                  Is Modifierfalse
                  Summaryfalse
                  Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                  136. Consent.provision.provision.actor.reference
                  Definition

                  The resource that identifies the actor. To identify actors by type, use group to identify a set of actors by some property they share (e.g. 'admitting officers').

                  ShortResource for the actor (or group, by role)
                  Control1..1
                  TypeReference(Device, Group, CareTeam, Organization, Patient, Practitioner, RelatedPerson, PractitionerRole)
                  Is Modifierfalse
                  Summaryfalse
                  Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                  138. Consent.provision.provision.actor:representative
                  Slice Namerepresentative
                  Definition

                  Actor là người đại diện theo pháp luật/giám hộ/được ủy quyền (Luật 91/2025/QH15 Điều 24 khoản 2). BẮT BUỘC gắn extension vn-ext-representation-authority ngay tại actor này — PDP resolve token thẩm quyền (type/source/verifiedDate/period) và quyết định permit/deny THEO rule chứa actor: hạn chế lớp dữ liệu biểu diễn bằng rule type=deny + securityLabel (vn-data-sensitivity-class-vs), thay cho sub-extension restrictedSensitivity đã xóa ở 0.8.0.

                  ShortNgười đại diện/giám hộ — mang token thẩm quyền
                  Control0..*
                  TypeBackboneElement
                  Is Modifierfalse
                  Must Supporttrue
                  Summaryfalse
                  Meaning if MissingThere is no specific actor associated with the exception
                  Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                  140. Consent.provision.provision.actor:representative.id
                  Definition

                  Unique id for the element within a resource (for internal references). This may be any string value that does not contain spaces.

                  ShortUnique id for inter-element referencing
                  Control0..1
                  Typestring
                  Is Modifierfalse
                  XML FormatIn the XML format, this property is represented as an attribute.
                  Summaryfalse
                  142. Consent.provision.provision.actor:representative.extension
                  Definition

                  An Extension

                  ShortExtension
                  Control1..*
                  TypeExtension
                  Is Modifierfalse
                  Summaryfalse
                  Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                  ext-1: Must have either extensions or value[x], not both (extension.exists() != value.exists())
                  SlicingThis element introduces a set of slices on Consent.provision.provision.actor.extension. The slices areUnordered and Open, and can be differentiated using the following discriminators:
                  • value @ url
                  • 144. Consent.provision.provision.actor:representative.extension:representationAuthority
                    Slice NamerepresentationAuthority
                    Definition

                    Extension ghi nhận THẨM QUYỀN PHÁP LÝ để một người đại diện/giám hộ/được uỷ quyền truy cập dữ liệu y tế thay người khác (vd cha/mẹ xem Sổ SKĐT của con qua VNeID). Mô hình hoá 'token đại diện' phục vụ Policy Decision Point (PDP): loại thẩm quyền, nguồn xác minh, thời điểm xác minh, thời hạn. PDP deny-by-default khi quan hệ mâu thuẫn/hết hạn. THAY ĐỔI 0.8.0 (breaking — hậu kiểm toán Codex): sub-extension restrictedSensitivity đã XÓA — ngữ nghĩa hạn chế truy cập là QUYẾT ĐỊNH CHÍNH SÁCH, không phải thuộc tính token: biểu diễn bằng VNCoreConsent.provision (type=deny + securityLabel theo vn-data-sensitivity-class-vs + actor[representative] gắn chính extension này để link token↔consent — PDP resolve một chiều qua Consent). Căn cứ: Bộ luật Dân sự 2015 (đại diện/giám hộ/uỷ quyền); Luật Căn cước 2023 (quan hệ nhân thân CSDLQGDC); Luật 91/2025/QH15 Điều 24 (đại diện theo pháp luật) + Luật Trẻ em 2016 (dữ liệu trẻ em, lớp nhạy cảm).

                    ShortThẩm quyền đại diện truy cập dữ liệu — Representation Authority Extension
                    Control1..1
                    This element is affected by the following invariants: ele-1
                    TypeExtension(Thẩm quyền đại diện truy cập dữ liệu — Representation Authority Extension) (Complex Extension)
                    Is Modifierfalse
                    Must Supporttrue
                    Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                    ext-1: Must have either extensions or value[x], not both (extension.exists() != value.exists())
                    146. Consent.provision.provision.actor:representative.modifierExtension
                    Definition

                    May be used to represent additional information that is not part of the basic definition of the element and that modifies the understanding of the element in which it is contained and/or the understanding of the containing element's descendants. Usually modifier elements provide negation or qualification. To make the use of extensions safe and manageable, there is a strict set of governance applied to the definition and use of extensions. Though any implementer can define an extension, there is a set of requirements that SHALL be met as part of the definition of the extension. Applications processing a resource are required to check for modifier extensions.

                    Modifier extensions SHALL NOT change the meaning of any elements on Resource or DomainResource (including cannot change the meaning of modifierExtension itself).

                    ShortExtensions that cannot be ignored even if unrecognized
                    Comments

                    There can be no stigma associated with the use of extensions by any application, project, or standard - regardless of the institution or jurisdiction that uses or defines the extensions. The use of extensions is what allows the FHIR specification to retain a core level of simplicity for everyone.

                    Control0..*
                    TypeExtension
                    Is Modifiertrue because Modifier extensions are expected to modify the meaning or interpretation of the element that contains them
                    Summarytrue
                    Requirements

                    Modifier extensions allow for extensions that cannot be safely ignored to be clearly distinguished from the vast majority of extensions which can be safely ignored. This promotes interoperability by eliminating the need for implementers to prohibit the presence of extensions. For further information, see the definition of modifier extensions.

                    Alternate Namesextensions, user content, modifiers
                    Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                    ext-1: Must have either extensions or value[x], not both (extension.exists() != value.exists())
                    148. Consent.provision.provision.actor:representative.role
                    Definition

                    How the individual is involved in the resources content that is described in the exception.

                    ShortHow the actor is involved
                    Control1..1
                    BindingUnless not suitable, these codes SHALL be taken from SecurityRoleType
                    (extensible to http://hl7.org/fhir/ValueSet/security-role-type|4.0.1)

                    How an actor is involved in the consent considerations.

                    TypeCodeableConcept
                    Is Modifierfalse
                    Summaryfalse
                    Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                    150. Consent.provision.provision.actor:representative.reference
                    Definition

                    The resource that identifies the actor. To identify actors by type, use group to identify a set of actors by some property they share (e.g. 'admitting officers').

                    ShortResource for the actor (or group, by role)
                    Control1..1
                    TypeReference(Người liên quan/người giám hộ VN Core — VN Core RelatedPerson Profile)
                    Is Modifierfalse
                    Summaryfalse
                    Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                    152. Consent.provision.provision.action
                    Definition

                    Actions controlled by this Rule.

                    ShortActions controlled by this rule
                    Comments

                    Note that this is the direct action (not the grounds for the action covered in the purpose element). At present, the only action in the understood and tested scope of this resource is 'read'.

                    Control0..*
                    BindingFor example codes, see ConsentActionCodes
                    (example to http://hl7.org/fhir/ValueSet/consent-action|4.0.1)

                    Detailed codes for the consent action.

                    TypeCodeableConcept
                    Is Modifierfalse
                    Summarytrue
                    Meaning if Missingall actions
                    Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                    154. Consent.provision.provision.securityLabel
                    Definition

                    Lớp nhạy cảm dữ liệu (vn-data-sensitivity-class-vs) mà rule áp dụng. Mô hình hạn chế theo lớp: permit theo lớp cơ bản + provision con type=deny với securityLabel lớp bị hạn chế (vd special-protection với người đại diện của vị thành niên — thay sub-extension restrictedSensitivity đã xóa 0.8.0). PDP deny-by-default: không có provision permit phủ lớp dữ liệu → từ chối.

                    ShortLớp nhạy cảm dữ liệu áp cho rule
                    Comments

                    If the consent specifies a security label of "R" then it applies to all resources that are labeled "R" or lower. E.g. for Confidentiality, it's a high water mark. For other kinds of security labels, subsumption logic applies. When the purpose of use tag is on the data, access request purpose of use shall not conflict.

                    Control0..*
                    BindingUnless not suitable, these codes SHALL be taken from Lớp nhạy cảm dữ liệu y tế — Vietnam Health Data Sensitivity Class ValueSet
                    (extensible to http://fhir.hl7.org.vn/core/ValueSet/vn-data-sensitivity-class-vs)
                    TypeCoding
                    Is Modifierfalse
                    Must Supporttrue
                    Summarytrue
                    Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                    156. Consent.provision.provision.purpose
                    Definition

                    The context of the activities a user is taking - why the user is accessing the data - that are controlled by this rule.

                    ShortContext of activities covered by this rule
                    Comments

                    When the purpose of use tag is on the data, access request purpose of use shall not conflict.

                    Control0..*
                    BindingUnless not suitable, these codes SHALL be taken from PurposeOfUse
                    (extensible to http://terminology.hl7.org/ValueSet/v3-PurposeOfUse)

                    What purposes of use are controlled by this exception. If more than one label is specified, operations must have all the specified labels.

                    TypeCoding
                    Is Modifierfalse
                    Summarytrue
                    Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                    158. Consent.provision.provision.class
                    Definition

                    The class of information covered by this rule. The type can be a FHIR resource type, a profile on a type, or a CDA document, or some other type that indicates what sort of information the consent relates to.

                    Shorte.g. Resource Type, Profile, CDA, etc.
                    Comments

                    Multiple types are or'ed together. The intention of the contentType element is that the codes refer to profiles or document types defined in a standard or an implementation guide somewhere.

                    Control0..*
                    BindingUnless not suitable, these codes SHALL be taken from ConsentContentClass
                    (extensible to http://hl7.org/fhir/ValueSet/consent-content-class|4.0.1)

                    The class (type) of information a consent rule covers.

                    TypeCoding
                    Is Modifierfalse
                    Summarytrue
                    Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                    160. Consent.provision.provision.code
                    Definition

                    If this code is found in an instance, then the rule applies.

                    Shorte.g. LOINC or SNOMED CT code, etc. in the content
                    Comments

                    Typical use of this is a Document code with class = CDA.

                    Control0..*
                    BindingFor example codes, see ConsentContentCodes
                    (example to http://hl7.org/fhir/ValueSet/consent-content-code|4.0.1)

                    If this code is found in an instance, then the exception applies.

                    TypeCodeableConcept
                    Is Modifierfalse
                    Summarytrue
                    Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                    162. Consent.provision.provision.dataPeriod
                    Definition

                    Clinical or Operational Relevant period of time that bounds the data controlled by this rule.

                    ShortTimeframe for data controlled by this rule
                    Comments

                    This has a different sense to the Consent.period - that is when the consent agreement holds. This is the time period of the data that is controlled by the agreement.

                    Control0..1
                    TypePeriod
                    Is Modifierfalse
                    Summarytrue
                    Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                    164. Consent.provision.provision.data
                    Definition

                    The resources controlled by this rule if specific resources are referenced.

                    ShortData controlled by this rule
                    Control0..*
                    TypeBackboneElement
                    Is Modifierfalse
                    Summarytrue
                    Meaning if Missingall data
                    Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                    166. Consent.provision.provision.data.id
                    Definition

                    Unique id for the element within a resource (for internal references). This may be any string value that does not contain spaces.

                    ShortUnique id for inter-element referencing
                    Control0..1
                    Typestring
                    Is Modifierfalse
                    XML FormatIn the XML format, this property is represented as an attribute.
                    Summaryfalse
                    168. Consent.provision.provision.data.extension
                    Definition

                    May be used to represent additional information that is not part of the basic definition of the element. To make the use of extensions safe and manageable, there is a strict set of governance applied to the definition and use of extensions. Though any implementer can define an extension, there is a set of requirements that SHALL be met as part of the definition of the extension.

                    ShortAdditional content defined by implementations
                    Comments

                    There can be no stigma associated with the use of extensions by any application, project, or standard - regardless of the institution or jurisdiction that uses or defines the extensions. The use of extensions is what allows the FHIR specification to retain a core level of simplicity for everyone.

                    Control0..*
                    TypeExtension
                    Is Modifierfalse
                    Summaryfalse
                    Alternate Namesextensions, user content
                    Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                    ext-1: Must have either extensions or value[x], not both (extension.exists() != value.exists())
                    170. Consent.provision.provision.data.modifierExtension
                    Definition

                    May be used to represent additional information that is not part of the basic definition of the element and that modifies the understanding of the element in which it is contained and/or the understanding of the containing element's descendants. Usually modifier elements provide negation or qualification. To make the use of extensions safe and manageable, there is a strict set of governance applied to the definition and use of extensions. Though any implementer can define an extension, there is a set of requirements that SHALL be met as part of the definition of the extension. Applications processing a resource are required to check for modifier extensions.

                    Modifier extensions SHALL NOT change the meaning of any elements on Resource or DomainResource (including cannot change the meaning of modifierExtension itself).

                    ShortExtensions that cannot be ignored even if unrecognized
                    Comments

                    There can be no stigma associated with the use of extensions by any application, project, or standard - regardless of the institution or jurisdiction that uses or defines the extensions. The use of extensions is what allows the FHIR specification to retain a core level of simplicity for everyone.

                    Control0..*
                    TypeExtension
                    Is Modifiertrue because Modifier extensions are expected to modify the meaning or interpretation of the element that contains them
                    Summarytrue
                    Requirements

                    Modifier extensions allow for extensions that cannot be safely ignored to be clearly distinguished from the vast majority of extensions which can be safely ignored. This promotes interoperability by eliminating the need for implementers to prohibit the presence of extensions. For further information, see the definition of modifier extensions.

                    Alternate Namesextensions, user content, modifiers
                    Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                    ext-1: Must have either extensions or value[x], not both (extension.exists() != value.exists())
                    172. Consent.provision.provision.data.meaning
                    Definition

                    How the resource reference is interpreted when testing consent restrictions.

                    Shortinstance | related | dependents | authoredby
                    Control1..1
                    BindingThe codes SHALL be taken from ConsentDataMeaning
                    (required to http://hl7.org/fhir/ValueSet/consent-data-meaning|4.0.1)

                    How a resource reference is interpreted when testing consent restrictions.

                    Typecode
                    Is Modifierfalse
                    Primitive ValueThis primitive element may be present, or absent, or replaced by an extension
                    Summarytrue
                    Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                    174. Consent.provision.provision.data.reference
                    Definition

                    A reference to a specific resource that defines which resources are covered by this consent.

                    ShortThe actual data reference
                    Control1..1
                    TypeReference(Resource)
                    Is Modifierfalse
                    Summarytrue
                    Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))
                    176. Consent.provision.provision.provision
                    Definition

                    Rules which provide exceptions to the base rule or subrules.

                    ShortNested Exception Rules
                    Control0..*
                    TypeSeettp://hl7.org/fhir/StructureDefinition/Consent#Consent.provision
                    Is Modifierfalse
                    Summaryfalse
                    Invariantsele-1: All FHIR elements must have a @value or children (hasValue() or (children().count() > id.count()))