{
  "package" : "hl7.terminology.r4@6.3.0",
  "definition" : "Authorisation policies are essentially security policies related to access-control and specify what activities a subject is permitted or forbidden to do, to a set of target objects. They are designed to protect target objects so are interpreted by access control agents or the run-time systems at the target system.\\r\\n\\r\\nA positive authorisation policy defines the actions that a subject is permitted to perform on a target. A negative authorisation policy specifies the actions that a subject is forbidden to perform on a target. Positive authorisation policies may also include filters to transform the parameters associated with their actions. (Based on PONDERS)",
  "system" : "http://terminology.hl7.org/CodeSystem/v3-ActCode",
  "property" : [ {
    "_uri" : "http://hl7.org/fhir/concept-properties#status",
    "code" : "status",
    "valueCode" : "active"
  }, {
    "_uri" : "http://terminology.hl7.org/CodeSystem/utg-concept-properties#v3-internal-id",
    "code" : "internalId",
    "valueCode" : "23934"
  }, {
    "_uri" : "http://hl7.org/fhir/concept-properties#parent",
    "code" : "subsumedBy",
    "valueCode" : "SecurityPolicy"
  } ],
  "codesystem" : "cbab4a87-49ca-5502-88d6-f33b5f07237f",
  "concept_id" : "44eef56a-32cd-5ca2-8759-2774b68a3407",
  "ancestors" : {
    "AUTHPOL" : 0,
    "SecurityPolicy" : 1,
    "_ActPolicyType" : 2
  },
  "id" : "a4f48caf-172a-47ab-bb7b-33d8b1deb260",
  "code" : "AUTHPOL",
  "display" : "authorization policy",
  "version" : "9.0.0"
}