The Privacy Consent on FHIR (PCF) Profile provides support for patient privacy consents and access control where a FHIR API is used to access Document Sharing Health Information Exchanges. This profile includes both Consent profiling and access controls profiling of oAuth access token.
I'm not sure all of these are actual issues, but I wanted to bring them up just in case.
In the volume 1 intro, should the other profiles be linked?
There's a TODO at the bottom about another diagram
capitalize: 1:53.1.2.2 implied enforcement
Typo: 1:53.4.2.4 Implicit Content
also in this section it refers to the option as Implicit Option and Implicit Consent Option. In the options, it just calls it Implicit so should Consent be in the option name here?
capitalize: 1:53.4.2.4.2 Permit all Authorized
1:53.4.2.5 Basic Consent Content
I'm now not sure the previous (1:53.4.2.4) is a typo, but left it for review anyway.
Should this header be Explicit Basic Content?
Should the bolded option names in this section have Explicit? I guess this may apply to all the bolded option names through the text to be sure they are consistent.
Should the various message semantics (requests for create/update, responses for search/read/vread) point at the various Consent resource profiles? Or maybe just to Volume 3? The search request calls it out in "2:3.108.4.2.2.1 Consent Resource Contents" but no link. I didn't see it in the others, but I may have read through too quickly.
I'm not sure all of these are actual issues, but I wanted to bring them up just in case.