Consent enforcement

How it works

AJ Consent Manager stores FHIR R4 Consent resources. Before JamBridge writes any FHIR resource, it checks whether the patient has permitted:

The actor (sending facility Organization) to
Write a specific resource type for
A specific purpose (TREAT / RESEARCH / PUBLIC-HEALTH)

For a hospital chain deployment, seed a chain-internal sharing consent for each enrolled patient:

{
  "resourceType": "Consent",
  "status": "active",
  "scope": {"coding": [{"code": "patient-privacy"}]},
  "category": [{"coding": [{"code": "INFA"}]}],
  "patient": {"reference": "Patient/GOLDEN-00441"},
  "provision": {
    "type": "permit",
    "actor": [{"role": {"coding": [{"code": "PROV"}]}, "reference": {"reference": "Organization/chain-all"}}],
    "class": [
      {"code": "Patient"}, {"code": "Encounter"}, {"code": "Observation"},
      {"code": "MedicationRequest"}, {"code": "DiagnosticReport"}
    ],
    "purpose": [{"code": "TREAT"}]
  }
}

Organization/chain-all is a special sentinel Organization that matches any facility in the chain.

To block external pharmacy access to a patient's MedicationRequest:

{
  "provision": {
    "type": "deny",
    "actor": [{"reference": {"reference": "Organization/ext-pharmacy"}}],
    "class": [{"code": "MedicationRequest"}]
  }
}

JamBridge will return MSA|AE for any RDE message from ext-pharmacy for this patient.

When consent.fail-closed: true and no Consent resource exists for a patient-actor combination:

The request is denied — no Consent = no permit
JamBridge generates MSA|AE
AuditEvent written with outcome = 8 (serious failure)

This is the correct clinical default. Access must be explicitly granted.

How it works​

Seeding consent policies​

Deny consent for external actors​

Default policy (no Consent resource)​

How it works

Seeding consent policies

Deny consent for external actors

Default policy (no Consent resource)