Stores and serves consent/TPO decisions to EMR, FHIR apps, and exchange gateways; logs every decision event.
Benefits
- Consistent privacy decisions
- Simpler integration
- Auditable outcomes
Capabilities
- API policy service
- FHIR/EMR hooks
- Decision provenance
Purpose: Central source of truth for consent directives (opt-in/out, segmentation flags), TPO boundaries, sharing restrictions, and emergency exceptions, served as a low-latency policy API to EMRs, FHIR apps, HIE/QHIN gateways, and analytics.
Policy Service
- Decision API: subject, requester, purpose, and context → allow/deny/mask + reason.
- Scopes: encounter-bounded vs. longitudinal; sensitive concepts (SUD, behavioral health, reproductive).
- Provenance: every decision event stored with inputs, policy version, and outcome.
Integration & Standards
- EMR hooks, FHIR pre-filters, API gateway plug-ins, and HIE edge calls.
- Supports granular masking (resource/field) and “deny with explanation” messages.
Operations
- Registry UI for managing directives (patient-submitted, court orders, parental proxies).
- Bulk import/export; audit views by patient, org, or purpose.


