AJ FHIR Consent Manager

v1.0.0 · Spring Boot 3.3 · HAPI FHIR 7.4 · Java 21 · Apache 2.0

The AJ FHIR Consent Manager is an open source Spring Boot module that enforces patient consent on every FHIR request, manages the full FHIR R4 Consent resource lifecycle, provides a patient self-service portal, and writes an IHE ATNA-compliant audit trail.

It runs as a set of HAPI interceptors registered on your existing HAPI FHIR JPA server — no separate FHIR server required.

GitHub: github.com/AKHester-Technologies/ajfhir-consent-manager
Licence: Apache 2.0
Community: FHIR Chat #consent

What it does

SMART App              Auth Server           HAPI FHIR
    │                       │                    │
    │── POST /token ────────►│                    │
    │◄─ access_token ────────│                    │
    │                        │                    │
    │── GET /fhir/Observation/obs-001 ──────────► │
    │                   ConsentEnforcementInterceptor
    │                        │  checks ConsentRecord
    │                        │  → PERMIT or DENY
    │◄─ 200 OK / 403 Forbidden ──────────────────│
    │                        │                    │
    │               AuditEvent written async ────►│

Every FHIR request passes through ConsentEnforcementInterceptor before HAPI processes it. The interceptor extracts the patient and actor identities from the Bearer token, queries the consent cache, and either allows the request or returns a 403 Forbidden with a regulatory-tagged message.

Key features

Feature	Detail
Deny-by-default enforcement	No consent record → access denied
Operation-level granularity	r read, s search, c create, u update, d delete as separate permission letters
FHIR R4 Consent resource	Bidirectional sync with HAPI FHIR JPA
IHE ATNA audit trail	DICOM 110110 AuditEvent, async, non-blocking
Patient self-service portal	Grant, edit, view history, detail, and revoke consents
Multi-issuer JWT	Test Epic + Keycloak simultaneously without restarting
Opaque token introspection	RFC 7662 fallback for non-JWT tokens (some Epic configs)
Consent lifecycle webhooks	HTTP POST on create / update / revoke
SMART v1 + v2 scopes	.read/.write and .rs/.cud letter scopes both handled
Epic / Cerner / Azure AD	Configurable JWT claim mapping, URL-based patient ID extraction
182 tests	Unit + integration, 179 active

Community vs Enterprise

The Community Edition (this documentation) is Apache 2.0 licensed and covers all features in the open source release.

Feature	Community	Enterprise
FHIR enforcement interceptor	✓	✓
REST API (CRUD + evaluate)	✓	✓
IHE ATNA audit trail	✓	✓
FHIR R4 bidirectional sync	✓	✓
patient/ scope enforcement	✓	✓
user/ scope enforcement (clinician-level)	✓	✓
system/ scope enforcement (backend services)	✓	✓
Multi-issuer JWT	✓	✓
Opaque token introspection (RFC 7662)	✓	✓
Consent lifecycle webhooks	✓	✓
Patient portal — grant new consent	✓	✓
Patient portal — edit existing consent	✓	✓
Patient portal — view, history, revoke	✓	✓
Epic / Cerner / Azure AD portability	✓	✓
OAuth2 consent screen (SMART app launch)	—	✓
Break-glass emergency access	—	✓
Break-glass compliance review workflow	—	✓
Admin / compliance portal	—	✓
Multi-tenant row-level isolation	—	✓
Certified EHR connector profiles	—	✓

Enterprise Edition: akhester.com

Regulatory coverage

Framework	What is covered
HIPAA § 164.508	Authorisation for non-routine uses and disclosures
HTI-1 / TEFCA	Patient consent for TEFCA-based data sharing
GDPR Art.9	Explicit consent for special category health data processing
GDPR Art.17	Right to withdraw — revocation effective immediately
DISHA (India)	Electronic health data access consent
My Health Record Act 2012 (AU)	Patient-controlled access model

Port and deployment

The Consent Manager runs on port 8082 alongside the platform:

Service	Port
HAPI FHIR JPA	8080
SMART Auth Server	9000
Consent Manager	8082

---

Next: Quick Start →