ACP+Home

=Access Consent Policy (ACP)= For questions, feedback, and open issues being addressed for this specification, visit the Implementer Questions and Feedback Page

Please visit the Nationwide Health Information Network Inventory page on the ONC website in order to access the latest version of this specification.

=Overview=

Specification Definition
Provides a standard language for expressing restrictions on access to health information. These restrictions are also known as Access Consent Policies (ACPs).

Transaction Standard
Adopts attributes defined by the Cross-Enterprise Security and Privacy Authorization (XSPA) Profile of XACML, and the mechanism described in HITSP TP30 "Manage Consent Directives" for the excahnge of Access Consent Policies among Nationwide Health Information Network Nodes.

TP30 adopts IHE's BPPC and limits the format of ACPs to CDA Document, which does not currently specify and access consent language. Nationwide Health Information Network has extended BPPC to allow the transactions described in TP30 to exchange ACPs formatted as XACML, using metadata defined in the Nationwide Health Information Network ACP Specification. ACPs formatted as CDA Documents (as described in BPPC), may also be exchanged via Nationwide Health Information Network using the transactions adopted in this specification.

HITSP C80 includes a section describing the document metadata that is to be used in exchanging ACPs through XDS document sharing protocols. This specification adopts the use of those document sharing protocols (as described in HITSP TP30), and consequently, adopts the vocabularies that are used for the document metadata (as described in C80).