Glossary
What is FHIR Consent?
FHIR Consent is the resource type that records a patient's choices about how their data may be accessed, used, or disclosed, including provisions and exceptions.
In context
Consent captures the patient's preferences in machine-actionable form. Fields cover the scope (privacy, treatment, research), the policy under which the consent was given, the period the consent applies for, and granular provisions (which data, which actors, which actions are permitted or excluded).
Consent enforcement is a separate question from Consent storage. The store records what the patient chose; the access layer reads the relevant Consent resources and applies the rules.
How Fire Arrow handles it
Fire Arrow stores Consent as a standard FHIR resource. Enforcement integrates through the rule chain: rules can reference Consent state through identity filters or through a downstream check before permitting access to the resources the consent applies to.