SHARES Consent Engine (FHIR + CQL)
Deterministic, auditable granular sensitive data segmentation using FHIR R5 Consent and CQL.
Why I Built This
Healthcare policy and software implementation are often misaligned, especially for sensitive data sharing. I built this engine to make consent logic explicit, testable, and repeatable so policy intent can be enforced at runtime with clear provenance. The motivation came from seeing how often privacy protections fail when rules are implicit or inconsistently applied.
Engine Capabilities
- Loads configurable sensitivity rules with contextual metadata.
- Evaluates relevant consent context for each invocation.
- Emits sensitivity decisions and applies redaction when configured.
- Supports CDS Hooks-style invocation patterns and FHIR R5-aligned processing.
Implementation Notes
Designed as a stateless service pattern with container-friendly deployment and CQL helper tooling for artifact workflows.
Links
- AMIA demo: Symposium gallery entry
- Related reference service: asushares/cds
- Related CLI tooling: cql-cli