Consents track patient agreements to privacy policies, treatment plans, research participation, and advance directives. The FHIR R4 Consent resource stores what the patient agreed to, when, under what provisions, and the current status of that agreement. Consents are linked to a patient and optionally to a performer (the practitioner who witnessed or recorded the consent).
Sign a consent
Use clinik.consents.sign to record a patient’s agreement:
// HIPAA privacy notice
const { data: hipaa } = await clinik.consents.sign({
patientId: 'pt_abc123',
status: 'active',
scope: 'patient-privacy',
category: 'hipaa-notice',
policyUri: 'https://clinic.com/hipaa-notice',
verification: {
verified: true,
verifiedWith: 'pt_abc123',
verificationDate: '2025-01-15T10:00:00Z',
},
});
// Treatment consent with a time-limited provision
const { data: treatment } = await clinik.consents.sign({
patientId: 'pt_abc123',
status: 'active',
scope: 'treatment',
category: ['treatment-consent', 'surgical-consent'],
performerId: 'prac_def456',
organizationId: 'org_ghi789',
provision: {
type: 'permit',
period: {
start: '2025-01-15',
end: '2025-07-15',
},
purpose: [
{ code: 'TREAT', display: 'Treatment' },
],
},
});
Consent scopes
| Scope | Description | Examples |
|---|
patient-privacy | Privacy and data sharing | HIPAA notice, data sharing agreement |
treatment | Treatment authorization | Surgical consent, procedure consent |
research | Research participation | Clinical trial enrollment |
adr | Advance directive | Living will, DNR |
Status lifecycle
draft → proposed → active → inactive
↘ rejected
| Status | Description |
|---|
draft | Being prepared |
proposed | Presented to patient |
active | Patient has agreed |
rejected | Patient declined |
inactive | Withdrawn or expired |
Read a consent
const { data: consent } = await clinik.consents.read('consent_abc123');
Revoke a consent
Set status: 'inactive' to record that a patient has withdrawn consent:
await clinik.consents.update('consent_abc123', {
status: 'inactive',
});
Delete a consent
await clinik.consents.delete('consent_abc123');
Deleting a consent record removes audit evidence that the patient agreed. Prefer setting status: 'inactive' over deletion to maintain a record trail.
Provisions
Provisions define exactly what is permitted or denied under the consent. Use type: 'permit' to explicitly allow actions, and type: 'deny' to prohibit specific uses:
// Permit data sharing for treatment and payment only
provision: {
type: 'permit',
period: { start: '2025-01-01', end: '2025-12-31' },
purpose: [
{ code: 'TREAT', display: 'Treatment' },
{ code: 'HPAYMT', display: 'Healthcare Payment' },
],
action: [
{ code: 'access', display: 'Access' },
{ code: 'use', display: 'Use' },
],
}
// Deny use of data for research
provision: {
type: 'deny',
purpose: [
{ code: 'HRESCH', display: 'Healthcare Research' },
],
}
Search consents
const { data } = await clinik.consents.search({
patientId: 'pt_abc123',
status: 'active',
});