From 421a937bd2ac9ebc3b916e9d46f50b1924ddc2e7 Mon Sep 17 00:00:00 2001 From: Yoshi Automation Date: Tue, 17 Dec 2024 07:10:20 +0000 Subject: [PATCH] feat(healthcare): update the api #### healthcare:v1 The following keys were added: - resources.projects.resources.locations.resources.datasets.resources.fhirStores.methods.applyAdminConsents (Total Keys: 12) - resources.projects.resources.locations.resources.datasets.resources.fhirStores.methods.applyConsents (Total Keys: 12) - resources.projects.resources.locations.resources.datasets.resources.fhirStores.methods.explainDataAccess (Total Keys: 13) - resources.projects.resources.locations.resources.datasets.resources.fhirStores.resources.fhir.methods.Consent-enforcement-status (Total Keys: 11) - resources.projects.resources.locations.resources.datasets.resources.fhirStores.resources.fhir.methods.Patient-consent-enforcement-status (Total Keys: 16) - schemas.AccessDeterminationLogConfig (Total Keys: 3) - schemas.AdminConsents (Total Keys: 4) - schemas.ApplyAdminConsentsErrorDetail (Total Keys: 6) - schemas.ApplyAdminConsentsRequest (Total Keys: 4) - schemas.ApplyAdminConsentsResponse (Total Keys: 8) - schemas.ApplyConsentsRequest (Total Keys: 5) - schemas.ApplyConsentsResponse (Total Keys: 10) - schemas.ConsentAccessorScope (Total Keys: 5) - schemas.ConsentConfig (Total Keys: 9) - schemas.ConsentErrors (Total Keys: 4) - schemas.ConsentHeaderHandling (Total Keys: 3) - schemas.ExplainDataAccessConsentInfo (Total Keys: 13) - schemas.ExplainDataAccessConsentScope (Total Keys: 8) - schemas.ExplainDataAccessResponse (Total Keys: 5) - schemas.FhirStore.properties.consentConfig.$ref (Total Keys: 1) - schemas.PatientScope (Total Keys: 4) - schemas.TimeRange (Total Keys: 4) #### healthcare:v1beta1 The following keys were added: - schemas.GoogleCloudHealthcareV1beta1FhirBigQueryDestination.properties.changeDataCaptureConfig.$ref (Total Keys: 1) - schemas.GoogleCloudHealthcareV1beta1FhirChangeDataCaptureConfig (Total Keys: 3) --- ...ts.locations.datasets.fhirStores.fhir.html | 58 ++ ...rojects.locations.datasets.fhirStores.html | 239 ++++++++ ...rojects.locations.datasets.fhirStores.html | 21 + .../documents/healthcare.v1.json | 542 +++++++++++++++++- .../documents/healthcare.v1beta1.json | 27 +- 5 files changed, 885 insertions(+), 2 deletions(-) diff --git a/docs/dyn/healthcare_v1.projects.locations.datasets.fhirStores.fhir.html b/docs/dyn/healthcare_v1.projects.locations.datasets.fhirStores.fhir.html index bf348aa256..7872963c41 100644 --- a/docs/dyn/healthcare_v1.projects.locations.datasets.fhirStores.fhir.html +++ b/docs/dyn/healthcare_v1.projects.locations.datasets.fhirStores.fhir.html @@ -86,6 +86,12 @@

Instance Methods

Binary_vread(name, x__xgafv=None)

Gets the contents of a version (current or historical) of a FHIR Binary resource by version ID. This method can be used to retrieve a Binary resource version either by using the FHIR JSON mimetype as the value for the Accept header, or as a raw data stream. If the FHIR Accept type is used this method will return a Binary resource with the data base64-encoded, regardless of how the resource version was created. The resource data can be retrieved in base64-decoded form if the Accept type of the request matches the value of the resource version's `contentType` field. The definition of the Binary REST API can be found at https://hl7.org/fhir/binary.html#rest.

+

+ Consent_enforcement_status(name, x__xgafv=None)

+

Returns the consent enforcement status of a single consent resource. On success, the response body contains a JSON-encoded representation of a `Parameters` (http://hl7.org/fhir/parameters.html) FHIR resource, containing the current enforcement status. Does not support DSTU2.

+

+ Patient_consent_enforcement_status(name, x__xgafv=None, x_count=None, x_page_token=None)

+

Returns the consent enforcement status of all consent resources for a patient. On success, the response body contains a JSON-encoded representation of a bundle of `Parameters` (http://hl7.org/fhir/parameters.html) FHIR resources, containing the current enforcement status for each consent resource of the patient. Does not support DSTU2.

Patient_everything(name, end=None, start=None, x__xgafv=None, x_count=None, x_page_token=None, x_since=None, x_type=None)

Retrieves a Patient resource and resources related to that patient. Implements the FHIR extended operation Patient-everything ([DSTU2](http://hl7.org/implement/standards/fhir/DSTU2/patient-operations.html#everything), [STU3](http://hl7.org/implement/standards/fhir/STU3/patient-operations.html#everything), [R4](http://hl7.org/implement/standards/fhir/R4/patient-operations.html#everything)). On success, the response body contains a JSON-encoded representation of a `Bundle` resource of type `searchset`, containing the results of the operation. Errors generated by the FHIR store contain a JSON-encoded `OperationOutcome` resource describing the reason for the error. If the request cannot be mapped to a valid API method on a FHIR store, a generic GCP error might be returned instead. The resources in scope for the response are: * The patient resource itself. * All the resources directly referenced by the patient resource. * Resources directly referencing the patient resource that meet the inclusion criteria. The inclusion criteria are based on the membership rules in the patient compartment definition ([DSTU2](http://hl7.org/fhir/DSTU2/compartment-patient.html), [STU3](http://www.hl7.org/fhir/stu3/compartmentdefinition-patient.html), [R4](http://hl7.org/fhir/R4/compartmentdefinition-patient.html)), which details the eligible resource types and referencing search parameters. For samples that show how to call `Patient-everything`, see [Getting all patient compartment resources](https://cloud.google.com/healthcare/docs/how-tos/fhir-resources#getting_all_patient_compartment_resources).

@@ -267,6 +273,58 @@

Method Details

} +
+ Consent_enforcement_status(name, x__xgafv=None) + 
Returns the consent enforcement status of a single consent resource. On success, the response body contains a JSON-encoded representation of a `Parameters` (http://hl7.org/fhir/parameters.html) FHIR resource, containing the current enforcement status. Does not support DSTU2.
+
+Args:
+  name: string, Required. The name of the consent resource to find enforcement status, in the format `projects/{project_id}/locations/{location_id}/datasets/{dataset_id}/fhirStores/{fhir_store_id}/fhir/Consent/{consent_id}` (required)
+  x__xgafv: string, V1 error format.
+    Allowed values
+      1 - v1 error format
+      2 - v2 error format
+
+Returns:
+  An object of the form:
+
+    { # Message that represents an arbitrary HTTP body. It should only be used for payload formats that can't be represented as JSON, such as raw binary or an HTML page. This message can be used both in streaming and non-streaming API methods in the request as well as the response. It can be used as a top-level request field, which is convenient if one wants to extract parameters from either the URL or HTTP template into the request fields and also want access to the raw HTTP body. Example: message GetResourceRequest { // A unique request id. string request_id = 1; // The raw HTTP body is bound to this field. google.api.HttpBody http_body = 2; } service ResourceService { rpc GetResource(GetResourceRequest) returns (google.api.HttpBody); rpc UpdateResource(google.api.HttpBody) returns (google.protobuf.Empty); } Example with streaming methods: service CaldavService { rpc GetCalendar(stream google.api.HttpBody) returns (stream google.api.HttpBody); rpc UpdateCalendar(stream google.api.HttpBody) returns (stream google.api.HttpBody); } Use of this type only changes how the request and response bodies are handled, all other features will continue to work unchanged.
+  "contentType": "A String", # The HTTP Content-Type header value specifying the content type of the body.
+  "data": "A String", # The HTTP request/response body as raw binary.
+  "extensions": [ # Application specific response metadata. Must be set in the first response for streaming APIs.
+    {
+      "a_key": "", # Properties of the object. Contains field @type with type URL.
+    },
+  ],
+}
+
+ +
+ Patient_consent_enforcement_status(name, x__xgafv=None, x_count=None, x_page_token=None) + 
Returns the consent enforcement status of all consent resources for a patient. On success, the response body contains a JSON-encoded representation of a bundle of `Parameters` (http://hl7.org/fhir/parameters.html) FHIR resources, containing the current enforcement status for each consent resource of the patient. Does not support DSTU2.
+
+Args:
+  name: string, Required. The name of the patient to find enforcement statuses, in the format `projects/{project_id}/locations/{location_id}/datasets/{dataset_id}/fhirStores/{fhir_store_id}/fhir/Patient/{patient_id}` (required)
+  x__xgafv: string, V1 error format.
+    Allowed values
+      1 - v1 error format
+      2 - v2 error format
+  x_count: integer, Optional. The maximum number of results on a page. If not specified, 100 is used. May not be larger than 1000.
+  x_page_token: string, Optional. Used to retrieve the first, previous, next, or last page of consent enforcement statuses when using pagination. Value should be set to the value of `_page_token` set in next or previous page links' URLs. Next and previous page are returned in the response bundle's links field, where `link.relation` is "previous" or "next". Omit `_page_token` if no previous request has been made.
+
+Returns:
+  An object of the form:
+
+    { # Message that represents an arbitrary HTTP body. It should only be used for payload formats that can't be represented as JSON, such as raw binary or an HTML page. This message can be used both in streaming and non-streaming API methods in the request as well as the response. It can be used as a top-level request field, which is convenient if one wants to extract parameters from either the URL or HTTP template into the request fields and also want access to the raw HTTP body. Example: message GetResourceRequest { // A unique request id. string request_id = 1; // The raw HTTP body is bound to this field. google.api.HttpBody http_body = 2; } service ResourceService { rpc GetResource(GetResourceRequest) returns (google.api.HttpBody); rpc UpdateResource(google.api.HttpBody) returns (google.protobuf.Empty); } Example with streaming methods: service CaldavService { rpc GetCalendar(stream google.api.HttpBody) returns (stream google.api.HttpBody); rpc UpdateCalendar(stream google.api.HttpBody) returns (stream google.api.HttpBody); } Use of this type only changes how the request and response bodies are handled, all other features will continue to work unchanged.
+  "contentType": "A String", # The HTTP Content-Type header value specifying the content type of the body.
+  "data": "A String", # The HTTP request/response body as raw binary.
+  "extensions": [ # Application specific response metadata. Must be set in the first response for streaming APIs.
+    {
+      "a_key": "", # Properties of the object. Contains field @type with type URL.
+    },
+  ],
+}
+
+
Patient_everything(name, end=None, start=None, x__xgafv=None, x_count=None, x_page_token=None, x_since=None, x_type=None) 
Retrieves a Patient resource and resources related to that patient. Implements the FHIR extended operation Patient-everything ([DSTU2](http://hl7.org/implement/standards/fhir/DSTU2/patient-operations.html#everything), [STU3](http://hl7.org/implement/standards/fhir/STU3/patient-operations.html#everything), [R4](http://hl7.org/implement/standards/fhir/R4/patient-operations.html#everything)). On success, the response body contains a JSON-encoded representation of a `Bundle` resource of type `searchset`, containing the results of the operation. Errors generated by the FHIR store contain a JSON-encoded `OperationOutcome` resource describing the reason for the error. If the request cannot be mapped to a valid API method on a FHIR store, a generic GCP error might be returned instead. The resources in scope for the response are: * The patient resource itself. * All the resources directly referenced by the patient resource. * Resources directly referencing the patient resource that meet the inclusion criteria. The inclusion criteria are based on the membership rules in the patient compartment definition ([DSTU2](http://hl7.org/fhir/DSTU2/compartment-patient.html), [STU3](http://www.hl7.org/fhir/stu3/compartmentdefinition-patient.html), [R4](http://hl7.org/fhir/R4/compartmentdefinition-patient.html)), which details the eligible resource types and referencing search parameters. For samples that show how to call `Patient-everything`, see [Getting all patient compartment resources](https://cloud.google.com/healthcare/docs/how-tos/fhir-resources#getting_all_patient_compartment_resources).
diff --git a/docs/dyn/healthcare_v1.projects.locations.datasets.fhirStores.html b/docs/dyn/healthcare_v1.projects.locations.datasets.fhirStores.html
index 85b8def224..22a8460f4c 100644
--- a/docs/dyn/healthcare_v1.projects.locations.datasets.fhirStores.html
+++ b/docs/dyn/healthcare_v1.projects.locations.datasets.fhirStores.html
@@ -79,6 +79,12 @@ 
Instance Methods

 

 
Returns the fhir Resource.

 
+

+  applyAdminConsents(name, body=None, x__xgafv=None)

+
Applies the admin Consent resources for the FHIR store and reindexes the underlying resources in the FHIR store according to the aggregate consents. This method also updates the `consent_config.enforced_admin_consents` field of the FhirStore unless `validate_only=true` in ApplyAdminConsentsRequest. Any admin Consent resource change after this operation execution (including deletion) requires you to call ApplyAdminConsents again for the change to take effect. This method returns an Operation that can be used to track the progress of the resources that were reindexed, by calling GetOperation. Upon completion, the ApplyAdminConsentsResponse additionally contains the number of resources that were reindexed. If at least one Consent resource contains an error or fails be be enforced for any reason, the method returns an error instead of an Operation. No resources will be reindexed and the `consent_config.enforced_admin_consents` field will be unchanged. To enforce a consent check for data access, `consent_config.access_enforced` must be set to true for the FhirStore.

+

+  applyConsents(name, body=None, x__xgafv=None)

+
Apply the Consent resources for the FHIR store and reindex the underlying resources in the FHIR store according to the aggregate consent. The aggregate consent of the patient in scope in this request replaces any previous call of this method. Any Consent resource change after this operation execution (including deletion) requires you to call ApplyConsents again to have effect. This method returns an Operation that can be used to track the progress of the consent resources that were processed by calling GetOperation. Upon completion, the ApplyConsentsResponse additionally contains the number of resources that was reindexed. Errors are logged to Cloud Logging (see [Viewing error logs in Cloud Logging](https://cloud.google.com/healthcare/docs/how-tos/logging)). To enforce consent check for data access, `consent_config.access_enforced` must be set to true for the FhirStore.

 

   close()

 
Close httplib2 connections.

@@ -91,6 +97,9 @@ 
Instance Methods

 

   delete(name, x__xgafv=None)

 
Deletes the specified FHIR store and removes all resources within it.

+

+  explainDataAccess(name, resourceId=None, x__xgafv=None)

+
Explains all the permitted/denied actor, purpose and environment for a given resource.

 

   export(name, body=None, x__xgafv=None)

 
Export resources from the FHIR store to the specified destination. This method returns an Operation that can be used to track the status of the export by calling GetOperation. Immediate fatal errors appear in the error field, errors are also logged to Cloud Logging (see [Viewing error logs in Cloud Logging](https://cloud.google.com/healthcare/docs/how-tos/logging)). Otherwise, when the operation finishes, a detailed response of type ExportResourcesResponse is returned in the response field. The metadata field type for this operation is OperationMetadata.

@@ -125,6 +134,104 @@ 
Instance Methods

   testIamPermissions(resource, body=None, x__xgafv=None)

 
Returns permissions that a caller has on the specified resource. If the resource does not exist, this will return an empty set of permissions, not a `NOT_FOUND` error. Note: This operation is designed to be used for building permission-aware UIs and command-line tools, not for authorization checking. This operation may "fail open" without warning.

 
Method Details

+

+    applyAdminConsents(name, body=None, x__xgafv=None)
+  
Applies the admin Consent resources for the FHIR store and reindexes the underlying resources in the FHIR store according to the aggregate consents. This method also updates the `consent_config.enforced_admin_consents` field of the FhirStore unless `validate_only=true` in ApplyAdminConsentsRequest. Any admin Consent resource change after this operation execution (including deletion) requires you to call ApplyAdminConsents again for the change to take effect. This method returns an Operation that can be used to track the progress of the resources that were reindexed, by calling GetOperation. Upon completion, the ApplyAdminConsentsResponse additionally contains the number of resources that were reindexed. If at least one Consent resource contains an error or fails be be enforced for any reason, the method returns an error instead of an Operation. No resources will be reindexed and the `consent_config.enforced_admin_consents` field will be unchanged. To enforce a consent check for data access, `consent_config.access_enforced` must be set to true for the FhirStore.
+
+Args:
+  name: string, Required. The name of the FHIR store to enforce, in the format `projects/{project_id}/locations/{location_id}/datasets/{dataset_id}/fhirStores/{fhir_store_id}`. (required)
+  body: object, The request body.
+    The object takes the form of:
+
+{ # Request to apply the admin Consent resources for the specified FHIR store.
+  "newConsentsList": { # List of admin Consent resources to be applied. # A new list of admin Consent resources to be applied. Any existing enforced Consents, which are specified in `consent_config.enforced_admin_consents` of the FhirStore, that are not part of this list will be disabled. An empty list is equivalent to clearing or disabling all Consents enforced on the FHIR store. When a FHIR store has `disable_resource_versioning=true` and this list contains a Consent resource that exists in `consent_config.enforced_admin_consents`, the method enforces any updates to the existing resource since the last enforcement. If the existing resource hasn't been updated since the last enforcement, the resource is unaffected. After the method finishes, the resulting consent enforcement model is determined by the contents of the Consent resource(s) when the method was called: * When `disable_resource_versioning=true`, the result is identical to the current resource(s) in the FHIR store. * When `disable_resource_versioning=false`, the result is based on the historical version(s) of the Consent resource(s) at the point in time when the method was called. At most 200 Consents can be specified.
+    "names": [ # Optional. The versioned names of the admin Consent resource(s), in the format `projects/{project_id}/locations/{location}/datasets/{dataset_id}/fhirStores/{fhir_store_id}/fhir/Consent/{resource_id}/_history/{version_id}`. For FHIR stores with `disable_resource_versioning=true`, the format is `projects/{project_id}/locations/{location}/datasets/{dataset_id}/fhirStores/{fhir_store_id}/fhir/Consent/{resource_id}`.
+      "A String",
+    ],
+  },
+  "validateOnly": True or False, # Optional. If true, the method only validates Consent resources to make sure they are supported. Otherwise, the method applies the aggregate consent information to update the enforcement model and reindex the FHIR resources. If all Consent resources can be applied successfully, the ApplyAdminConsentsResponse is returned containing the following fields: * `consent_apply_success` to indicate the number of Consent resources applied. * `affected_resources` to indicate the number of resources that might have had their consent access changed. If, however, one or more Consent resources are unsupported or cannot be applied, the method fails and ApplyAdminConsentsErrorDetail is is returned with details about the unsupported Consent resources.
+}
+
+  x__xgafv: string, V1 error format.
+    Allowed values
+      1 - v1 error format
+      2 - v2 error format
+
+Returns:
+  An object of the form:
+
+    { # This resource represents a long-running operation that is the result of a network API call.
+  "done": True or False, # If the value is `false`, it means the operation is still in progress. If `true`, the operation is completed, and either `error` or `response` is available.
+  "error": { # The `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors). # The error result of the operation in case of failure or cancellation.
+    "code": 42, # The status code, which should be an enum value of google.rpc.Code.
+    "details": [ # A list of messages that carry the error details. There is a common set of message types for APIs to use.
+      {
+        "a_key": "", # Properties of the object. Contains field @type with type URL.
+      },
+    ],
+    "message": "A String", # A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.
+  },
+  "metadata": { # Service-specific metadata associated with the operation. It typically contains progress information and common metadata such as create time. Some services might not provide such metadata. Any method that returns a long-running operation should document the metadata type, if any.
+    "a_key": "", # Properties of the object. Contains field @type with type URL.
+  },
+  "name": "A String", # The server-assigned name, which is only unique within the same service that originally returns it. If you use the default HTTP mapping, the `name` should be a resource name ending with `operations/{unique_id}`.
+  "response": { # The normal, successful response of the operation. If the original method returns no data on success, such as `Delete`, the response is `google.protobuf.Empty`. If the original method is standard `Get`/`Create`/`Update`, the response should be the resource. For other methods, the response should have the type `XxxResponse`, where `Xxx` is the original method name. For example, if the original method name is `TakeSnapshot()`, the inferred response type is `TakeSnapshotResponse`.
+    "a_key": "", # Properties of the object. Contains field @type with type URL.
+  },
+}

+

+
+

+    applyConsents(name, body=None, x__xgafv=None)
+  
Apply the Consent resources for the FHIR store and reindex the underlying resources in the FHIR store according to the aggregate consent. The aggregate consent of the patient in scope in this request replaces any previous call of this method. Any Consent resource change after this operation execution (including deletion) requires you to call ApplyConsents again to have effect. This method returns an Operation that can be used to track the progress of the consent resources that were processed by calling GetOperation. Upon completion, the ApplyConsentsResponse additionally contains the number of resources that was reindexed. Errors are logged to Cloud Logging (see [Viewing error logs in Cloud Logging](https://cloud.google.com/healthcare/docs/how-tos/logging)). To enforce consent check for data access, `consent_config.access_enforced` must be set to true for the FhirStore.
+
+Args:
+  name: string, Required. The name of the FHIR store to enforce, in the format `projects/{project_id}/locations/{location_id}/datasets/{dataset_id}/fhirStores/{fhir_store_id}`. (required)
+  body: object, The request body.
+    The object takes the form of:
+
+{ # Request to apply the Consent resources for the specified FHIR store.
+  "patientScope": { # Apply consents given by a list of patients. # Optional. Scope down to a list of patients.
+    "patientIds": [ # Optional. The list of patient IDs whose Consent resources will be enforced. At most 10,000 patients can be specified. An empty list is equivalent to all patients (meaning the entire FHIR store).
+      "A String",
+    ],
+  },
+  "timeRange": { # Apply consents given by patients whose most recent consent changes are in the time range. Note that after identifying these patients, the server applies all Consent resources given by those patients, not just the Consent resources within the timestamp in the range. # Optional. Scope down to patients whose most recent consent changes are in the time range. Can only be used with a versioning store (i.e. when disable_resource_versioning is set to false).
+    "end": "A String", # Optional. The latest consent change time, in format YYYY-MM-DDThh:mm:ss.sss+zz:zz If not specified, the system uses the time when ApplyConsents was called.
+    "start": "A String", # Optional. The earliest consent change time, in format YYYY-MM-DDThh:mm:ss.sss+zz:zz If not specified, the system uses the FHIR store creation time.
+  },
+  "validateOnly": True or False, # Optional. If true, the method only validates Consent resources to make sure they are supported. When the operation completes, ApplyConsentsResponse is returned where `consent_apply_success` and `consent_apply_failure` indicate supported and unsupported (or invalid) Consent resources, respectively. Otherwise, the method propagates the aggregate consensual information to the patient's resources. Upon success, `affected_resources` in the ApplyConsentsResponse indicates the number of resources that may have consensual access changed.
+}
+
+  x__xgafv: string, V1 error format.
+    Allowed values
+      1 - v1 error format
+      2 - v2 error format
+
+Returns:
+  An object of the form:
+
+    { # This resource represents a long-running operation that is the result of a network API call.
+  "done": True or False, # If the value is `false`, it means the operation is still in progress. If `true`, the operation is completed, and either `error` or `response` is available.
+  "error": { # The `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors). # The error result of the operation in case of failure or cancellation.
+    "code": 42, # The status code, which should be an enum value of google.rpc.Code.
+    "details": [ # A list of messages that carry the error details. There is a common set of message types for APIs to use.
+      {
+        "a_key": "", # Properties of the object. Contains field @type with type URL.
+      },
+    ],
+    "message": "A String", # A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.
+  },
+  "metadata": { # Service-specific metadata associated with the operation. It typically contains progress information and common metadata such as create time. Some services might not provide such metadata. Any method that returns a long-running operation should document the metadata type, if any.
+    "a_key": "", # Properties of the object. Contains field @type with type URL.
+  },
+  "name": "A String", # The server-assigned name, which is only unique within the same service that originally returns it. If you use the default HTTP mapping, the `name` should be a resource name ending with `operations/{unique_id}`.
+  "response": { # The normal, successful response of the operation. If the original method returns no data on success, such as `Delete`, the response is `google.protobuf.Empty`. If the original method is standard `Get`/`Create`/`Update`, the response should be the resource. For other methods, the response should have the type `XxxResponse`, where `Xxx` is the original method name. For example, if the original method name is `TakeSnapshot()`, the inferred response type is `TakeSnapshotResponse`.
+    "a_key": "", # Properties of the object. Contains field @type with type URL.
+  },
+}

+

+
 

     close()
   
Close httplib2 connections.

@@ -141,6 +248,19 @@ 
Method Details

 
 { # Represents a FHIR store.
   "complexDataTypeReferenceParsing": "A String", # Optional. Enable parsing of references within complex FHIR data types such as Extensions. If this value is set to ENABLED, then features like referential integrity and Bundle reference rewriting apply to all references. If this flag has not been specified the behavior of the FHIR store will not change, references in complex data types will not be parsed. New stores will have this value set to ENABLED after a notification period. Warning: turning on this flag causes processing existing resources to fail if they contain references to non-existent resources.
+  "consentConfig": { # Configures whether to enforce consent for the FHIR store and which consent enforcement version is being used. # Optional. Specifies whether this store has consent enforcement. Not available for DSTU2 FHIR version due to absence of Consent resources.
+    "accessDeterminationLogConfig": { # Configures consent audit log config for FHIR create, read, update, and delete (CRUD) operations. Cloud audit log for healthcare API must be [enabled](https://cloud.google.com/logging/docs/audit/configure-data-access#config-console-enable). The consent-related logs are included as part of `protoPayload.metadata`. # Optional. Specifies how the server logs the consent-aware requests. If not specified, the `AccessDeterminationLogConfig.LogLevel.MINIMUM` option is used.
+      "logLevel": "A String", # Optional. Controls the amount of detail to include as part of the audit logs.
+    },
+    "accessEnforced": True or False, # Optional. The default value is false. If set to true, when accessing FHIR resources, the consent headers will be verified against consents given by patients. See the ConsentEnforcementVersion for the supported consent headers.
+    "consentHeaderHandling": { # How the server handles the consent header. # Optional. Different options to configure the behaviour of the server when handling the `X-Consent-Scope` header.
+      "profile": "A String", # Optional. Specifies the default server behavior when the header is empty. If not specified, the `ScopeProfile.PERMIT_EMPTY_SCOPE` option is used.
+    },
+    "enforcedAdminConsents": [ # Output only. The versioned names of the enforced admin Consent resource(s), in the format `projects/{project_id}/locations/{location}/datasets/{dataset_id}/fhirStores/{fhir_store_id}/fhir/Consent/{resource_id}/_history/{version_id}`. For FHIR stores with `disable_resource_versioning=true`, the format is `projects/{project_id}/locations/{location}/datasets/{dataset_id}/fhirStores/{fhir_store_id}/fhir/Consent/{resource_id}`. This field can only be updated using ApplyAdminConsents.
+      "A String",
+    ],
+    "version": "A String", # Required. Specifies which consent enforcement version is being used for this FHIR store. This field can only be set once by either CreateFhirStore or UpdateFhirStore. After that, you must call ApplyConsents to change the version.
+  },
   "defaultSearchHandlingStrict": True or False, # Optional. If true, overrides the default search behavior for this FHIR store to `handling=strict` which returns an error for unrecognized search parameters. If false, uses the FHIR specification default `handling=lenient` which ignores unrecognized search parameters. The handling can always be changed from the default on an individual API call by setting the HTTP header `Prefer: handling=strict` or `Prefer: handling=lenient`. Defaults to false.
   "disableReferentialIntegrity": True or False, # Immutable. Whether to disable referential integrity in this FHIR store. This field is immutable after FHIR store creation. The default value is false, meaning that the API enforces referential integrity and fails the requests that result in inconsistent state in the FHIR store. When this field is set to true, the API skips referential integrity checks. Consequently, operations that rely on references, such as GetPatientEverything, do not return all the results if broken references exist.
   "disableResourceVersioning": True or False, # Immutable. Whether to disable resource versioning for this FHIR store. This field can not be changed after the creation of FHIR store. If set to false, all write operations cause historical versions to be recorded automatically. The historical versions can be fetched through the history APIs, but cannot be updated. If set to true, no historical versions are kept. The server sends errors for attempts to read the historical versions. Defaults to false.
@@ -298,6 +418,19 @@ 
Method Details

 
     { # Represents a FHIR store.
   "complexDataTypeReferenceParsing": "A String", # Optional. Enable parsing of references within complex FHIR data types such as Extensions. If this value is set to ENABLED, then features like referential integrity and Bundle reference rewriting apply to all references. If this flag has not been specified the behavior of the FHIR store will not change, references in complex data types will not be parsed. New stores will have this value set to ENABLED after a notification period. Warning: turning on this flag causes processing existing resources to fail if they contain references to non-existent resources.
+  "consentConfig": { # Configures whether to enforce consent for the FHIR store and which consent enforcement version is being used. # Optional. Specifies whether this store has consent enforcement. Not available for DSTU2 FHIR version due to absence of Consent resources.
+    "accessDeterminationLogConfig": { # Configures consent audit log config for FHIR create, read, update, and delete (CRUD) operations. Cloud audit log for healthcare API must be [enabled](https://cloud.google.com/logging/docs/audit/configure-data-access#config-console-enable). The consent-related logs are included as part of `protoPayload.metadata`. # Optional. Specifies how the server logs the consent-aware requests. If not specified, the `AccessDeterminationLogConfig.LogLevel.MINIMUM` option is used.
+      "logLevel": "A String", # Optional. Controls the amount of detail to include as part of the audit logs.
+    },
+    "accessEnforced": True or False, # Optional. The default value is false. If set to true, when accessing FHIR resources, the consent headers will be verified against consents given by patients. See the ConsentEnforcementVersion for the supported consent headers.
+    "consentHeaderHandling": { # How the server handles the consent header. # Optional. Different options to configure the behaviour of the server when handling the `X-Consent-Scope` header.
+      "profile": "A String", # Optional. Specifies the default server behavior when the header is empty. If not specified, the `ScopeProfile.PERMIT_EMPTY_SCOPE` option is used.
+    },
+    "enforcedAdminConsents": [ # Output only. The versioned names of the enforced admin Consent resource(s), in the format `projects/{project_id}/locations/{location}/datasets/{dataset_id}/fhirStores/{fhir_store_id}/fhir/Consent/{resource_id}/_history/{version_id}`. For FHIR stores with `disable_resource_versioning=true`, the format is `projects/{project_id}/locations/{location}/datasets/{dataset_id}/fhirStores/{fhir_store_id}/fhir/Consent/{resource_id}`. This field can only be updated using ApplyAdminConsents.
+      "A String",
+    ],
+    "version": "A String", # Required. Specifies which consent enforcement version is being used for this FHIR store. This field can only be set once by either CreateFhirStore or UpdateFhirStore. After that, you must call ApplyConsents to change the version.
+  },
   "defaultSearchHandlingStrict": True or False, # Optional. If true, overrides the default search behavior for this FHIR store to `handling=strict` which returns an error for unrecognized search parameters. If false, uses the FHIR specification default `handling=lenient` which ignores unrecognized search parameters. The handling can always be changed from the default on an individual API call by setting the HTTP header `Prefer: handling=strict` or `Prefer: handling=lenient`. Defaults to false.
   "disableReferentialIntegrity": True or False, # Immutable. Whether to disable referential integrity in this FHIR store. This field is immutable after FHIR store creation. The default value is false, meaning that the API enforces referential integrity and fails the requests that result in inconsistent state in the FHIR store. When this field is set to true, the API skips referential integrity checks. Consequently, operations that rely on references, such as GetPatientEverything, do not return all the results if broken references exist.
   "disableResourceVersioning": True or False, # Immutable. Whether to disable resource versioning for this FHIR store. This field can not be changed after the creation of FHIR store. If set to false, all write operations cause historical versions to be recorded automatically. The historical versions can be fetched through the history APIs, but cannot be updated. If set to true, no historical versions are kept. The server sends errors for attempts to read the historical versions. Defaults to false.
@@ -606,6 +739,60 @@ 
Method Details

 }
+
+ explainDataAccess(name, resourceId=None, x__xgafv=None) + 
Explains all the permitted/denied actor, purpose and environment for a given resource.
+
+Args:
+  name: string, Required. The name of the FHIR store to enforce, in the format `projects/{project_id}/locations/{location_id}/datasets/{dataset_id}/fhirStores/{fhir_store_id}`. (required)
+  resourceId: string, Required. The ID (`{resourceType}/{id}`) of the resource to explain data access on.
+  x__xgafv: string, V1 error format.
+    Allowed values
+      1 - v1 error format
+      2 - v2 error format
+
+Returns:
+  An object of the form:
+
+    { # List of consent scopes that are applicable to the explained access on a given resource.
+  "consentScopes": [ # List of applicable consent scopes. Sorted in order of actor such that scopes belonging to the same actor will be adjacent to each other in the list.
+    { # A single consent scope that provides info on who has access to the requested resource scope for a particular purpose and environment, enforced by which consent.
+      "accessorScope": { # The accessor scope that describes who can access, for what purpose, in which environment. # The accessor scope that describes who can access, for what purpose, and in which environment.
+        "actor": "A String", # An individual, group, or access role that identifies the accessor or a characteristic of the accessor. This can be a resource ID (such as `{resourceType}/{id}`) or an external URI. This value must be present.
+        "environment": "A String", # An abstract identifier that describes the environment or conditions under which the accessor is acting. Can be "*" if it applies to all environments.
+        "purpose": "A String", # The intent of data use. Can be "*" if it applies to all purposes.
+      },
+      "decision": "A String", # Whether the current consent scope is permitted or denied access on the requested resource.
+      "enforcingConsents": [ # Metadata of the consent resources that enforce the consent scope's access.
+        { # The enforcing consent's metadata.
+          "cascadeOrigins": [ # The compartment base resources that matched a cascading policy. Each resource has the following format: `projects/{project_id}/locations/{location_id}/datasets/{dataset_id}/fhirStores/{fhir_store_id}/fhir/{resource_type}/{resource_id}`
+            "A String",
+          ],
+          "consentResource": "A String", # The resource name of this consent resource, in the format: `projects/{project_id}/locations/{location}/datasets/{dataset_id}/fhirStores/{fhir_store_id}/fhir/Consent/{resource_id}`.
+          "enforcementTime": "A String", # Last enforcement timestamp of this consent resource.
+          "matchingAccessorScopes": [ # A list of all the matching accessor scopes of this consent policy that enforced ExplainDataAccessConsentScope.accessor_scope.
+            { # The accessor scope that describes who can access, for what purpose, in which environment.
+              "actor": "A String", # An individual, group, or access role that identifies the accessor or a characteristic of the accessor. This can be a resource ID (such as `{resourceType}/{id}`) or an external URI. This value must be present.
+              "environment": "A String", # An abstract identifier that describes the environment or conditions under which the accessor is acting. Can be "*" if it applies to all environments.
+              "purpose": "A String", # The intent of data use. Can be "*" if it applies to all purposes.
+            },
+          ],
+          "patientConsentOwner": "A String", # The patient owning the consent (only applicable for patient consents), in the format: `projects/{project_id}/locations/{location_id}/datasets/{dataset_id}/fhirStores/{fhir_store_id}/fhir/Patient/{patient_id}`
+          "type": "A String", # The policy type of consent resource (e.g. PATIENT, ADMIN).
+          "variants": [ # The consent's variant combinations. A single consent may have multiple variants.
+            "A String",
+          ],
+        },
+      ],
+      "exceptions": [ # Other consent scopes that created exceptions within this scope.
+        # Object with schema name: ExplainDataAccessConsentScope
+      ],
+    },
+  ],
+  "warning": "A String", # Warnings associated with this response. It inform user with exceeded scope limit errors.
+}
+
+
export(name, body=None, x__xgafv=None) 
Export resources from the FHIR store to the specified destination. This method returns an Operation that can be used to track the status of the export by calling GetOperation. Immediate fatal errors appear in the error field, errors are also logged to Cloud Logging (see [Viewing error logs in Cloud Logging](https://cloud.google.com/healthcare/docs/how-tos/logging)). Otherwise, when the operation finishes, a detailed response of type ExportResourcesResponse is returned in the response field. The metadata field type for this operation is OperationMetadata.
@@ -681,6 +868,19 @@ 
Method Details

 
     { # Represents a FHIR store.
   "complexDataTypeReferenceParsing": "A String", # Optional. Enable parsing of references within complex FHIR data types such as Extensions. If this value is set to ENABLED, then features like referential integrity and Bundle reference rewriting apply to all references. If this flag has not been specified the behavior of the FHIR store will not change, references in complex data types will not be parsed. New stores will have this value set to ENABLED after a notification period. Warning: turning on this flag causes processing existing resources to fail if they contain references to non-existent resources.
+  "consentConfig": { # Configures whether to enforce consent for the FHIR store and which consent enforcement version is being used. # Optional. Specifies whether this store has consent enforcement. Not available for DSTU2 FHIR version due to absence of Consent resources.
+    "accessDeterminationLogConfig": { # Configures consent audit log config for FHIR create, read, update, and delete (CRUD) operations. Cloud audit log for healthcare API must be [enabled](https://cloud.google.com/logging/docs/audit/configure-data-access#config-console-enable). The consent-related logs are included as part of `protoPayload.metadata`. # Optional. Specifies how the server logs the consent-aware requests. If not specified, the `AccessDeterminationLogConfig.LogLevel.MINIMUM` option is used.
+      "logLevel": "A String", # Optional. Controls the amount of detail to include as part of the audit logs.
+    },
+    "accessEnforced": True or False, # Optional. The default value is false. If set to true, when accessing FHIR resources, the consent headers will be verified against consents given by patients. See the ConsentEnforcementVersion for the supported consent headers.
+    "consentHeaderHandling": { # How the server handles the consent header. # Optional. Different options to configure the behaviour of the server when handling the `X-Consent-Scope` header.
+      "profile": "A String", # Optional. Specifies the default server behavior when the header is empty. If not specified, the `ScopeProfile.PERMIT_EMPTY_SCOPE` option is used.
+    },
+    "enforcedAdminConsents": [ # Output only. The versioned names of the enforced admin Consent resource(s), in the format `projects/{project_id}/locations/{location}/datasets/{dataset_id}/fhirStores/{fhir_store_id}/fhir/Consent/{resource_id}/_history/{version_id}`. For FHIR stores with `disable_resource_versioning=true`, the format is `projects/{project_id}/locations/{location}/datasets/{dataset_id}/fhirStores/{fhir_store_id}/fhir/Consent/{resource_id}`. This field can only be updated using ApplyAdminConsents.
+      "A String",
+    ],
+    "version": "A String", # Required. Specifies which consent enforcement version is being used for this FHIR store. This field can only be set once by either CreateFhirStore or UpdateFhirStore. After that, you must call ApplyConsents to change the version.
+  },
   "defaultSearchHandlingStrict": True or False, # Optional. If true, overrides the default search behavior for this FHIR store to `handling=strict` which returns an error for unrecognized search parameters. If false, uses the FHIR specification default `handling=lenient` which ignores unrecognized search parameters. The handling can always be changed from the default on an individual API call by setting the HTTP header `Prefer: handling=strict` or `Prefer: handling=lenient`. Defaults to false.
   "disableReferentialIntegrity": True or False, # Immutable. Whether to disable referential integrity in this FHIR store. This field is immutable after FHIR store creation. The default value is false, meaning that the API enforces referential integrity and fails the requests that result in inconsistent state in the FHIR store. When this field is set to true, the API skips referential integrity checks. Consequently, operations that rely on references, such as GetPatientEverything, do not return all the results if broken references exist.
   "disableResourceVersioning": True or False, # Immutable. Whether to disable resource versioning for this FHIR store. This field can not be changed after the creation of FHIR store. If set to false, all write operations cause historical versions to be recorded automatically. The historical versions can be fetched through the history APIs, but cannot be updated. If set to true, no historical versions are kept. The server sends errors for attempts to read the historical versions. Defaults to false.
@@ -968,6 +1168,19 @@ 
Method Details

   "fhirStores": [ # The returned FHIR stores. Won't be more FHIR stores than the value of page_size in the request.
     { # Represents a FHIR store.
       "complexDataTypeReferenceParsing": "A String", # Optional. Enable parsing of references within complex FHIR data types such as Extensions. If this value is set to ENABLED, then features like referential integrity and Bundle reference rewriting apply to all references. If this flag has not been specified the behavior of the FHIR store will not change, references in complex data types will not be parsed. New stores will have this value set to ENABLED after a notification period. Warning: turning on this flag causes processing existing resources to fail if they contain references to non-existent resources.
+      "consentConfig": { # Configures whether to enforce consent for the FHIR store and which consent enforcement version is being used. # Optional. Specifies whether this store has consent enforcement. Not available for DSTU2 FHIR version due to absence of Consent resources.
+        "accessDeterminationLogConfig": { # Configures consent audit log config for FHIR create, read, update, and delete (CRUD) operations. Cloud audit log for healthcare API must be [enabled](https://cloud.google.com/logging/docs/audit/configure-data-access#config-console-enable). The consent-related logs are included as part of `protoPayload.metadata`. # Optional. Specifies how the server logs the consent-aware requests. If not specified, the `AccessDeterminationLogConfig.LogLevel.MINIMUM` option is used.
+          "logLevel": "A String", # Optional. Controls the amount of detail to include as part of the audit logs.
+        },
+        "accessEnforced": True or False, # Optional. The default value is false. If set to true, when accessing FHIR resources, the consent headers will be verified against consents given by patients. See the ConsentEnforcementVersion for the supported consent headers.
+        "consentHeaderHandling": { # How the server handles the consent header. # Optional. Different options to configure the behaviour of the server when handling the `X-Consent-Scope` header.
+          "profile": "A String", # Optional. Specifies the default server behavior when the header is empty. If not specified, the `ScopeProfile.PERMIT_EMPTY_SCOPE` option is used.
+        },
+        "enforcedAdminConsents": [ # Output only. The versioned names of the enforced admin Consent resource(s), in the format `projects/{project_id}/locations/{location}/datasets/{dataset_id}/fhirStores/{fhir_store_id}/fhir/Consent/{resource_id}/_history/{version_id}`. For FHIR stores with `disable_resource_versioning=true`, the format is `projects/{project_id}/locations/{location}/datasets/{dataset_id}/fhirStores/{fhir_store_id}/fhir/Consent/{resource_id}`. This field can only be updated using ApplyAdminConsents.
+          "A String",
+        ],
+        "version": "A String", # Required. Specifies which consent enforcement version is being used for this FHIR store. This field can only be set once by either CreateFhirStore or UpdateFhirStore. After that, you must call ApplyConsents to change the version.
+      },
       "defaultSearchHandlingStrict": True or False, # Optional. If true, overrides the default search behavior for this FHIR store to `handling=strict` which returns an error for unrecognized search parameters. If false, uses the FHIR specification default `handling=lenient` which ignores unrecognized search parameters. The handling can always be changed from the default on an individual API call by setting the HTTP header `Prefer: handling=strict` or `Prefer: handling=lenient`. Defaults to false.
       "disableReferentialIntegrity": True or False, # Immutable. Whether to disable referential integrity in this FHIR store. This field is immutable after FHIR store creation. The default value is false, meaning that the API enforces referential integrity and fails the requests that result in inconsistent state in the FHIR store. When this field is set to true, the API skips referential integrity checks. Consequently, operations that rely on references, such as GetPatientEverything, do not return all the results if broken references exist.
       "disableResourceVersioning": True or False, # Immutable. Whether to disable resource versioning for this FHIR store. This field can not be changed after the creation of FHIR store. If set to false, all write operations cause historical versions to be recorded automatically. The historical versions can be fetched through the history APIs, but cannot be updated. If set to true, no historical versions are kept. The server sends errors for attempts to read the historical versions. Defaults to false.
@@ -1143,6 +1356,19 @@ 
Method Details

 
 { # Represents a FHIR store.
   "complexDataTypeReferenceParsing": "A String", # Optional. Enable parsing of references within complex FHIR data types such as Extensions. If this value is set to ENABLED, then features like referential integrity and Bundle reference rewriting apply to all references. If this flag has not been specified the behavior of the FHIR store will not change, references in complex data types will not be parsed. New stores will have this value set to ENABLED after a notification period. Warning: turning on this flag causes processing existing resources to fail if they contain references to non-existent resources.
+  "consentConfig": { # Configures whether to enforce consent for the FHIR store and which consent enforcement version is being used. # Optional. Specifies whether this store has consent enforcement. Not available for DSTU2 FHIR version due to absence of Consent resources.
+    "accessDeterminationLogConfig": { # Configures consent audit log config for FHIR create, read, update, and delete (CRUD) operations. Cloud audit log for healthcare API must be [enabled](https://cloud.google.com/logging/docs/audit/configure-data-access#config-console-enable). The consent-related logs are included as part of `protoPayload.metadata`. # Optional. Specifies how the server logs the consent-aware requests. If not specified, the `AccessDeterminationLogConfig.LogLevel.MINIMUM` option is used.
+      "logLevel": "A String", # Optional. Controls the amount of detail to include as part of the audit logs.
+    },
+    "accessEnforced": True or False, # Optional. The default value is false. If set to true, when accessing FHIR resources, the consent headers will be verified against consents given by patients. See the ConsentEnforcementVersion for the supported consent headers.
+    "consentHeaderHandling": { # How the server handles the consent header. # Optional. Different options to configure the behaviour of the server when handling the `X-Consent-Scope` header.
+      "profile": "A String", # Optional. Specifies the default server behavior when the header is empty. If not specified, the `ScopeProfile.PERMIT_EMPTY_SCOPE` option is used.
+    },
+    "enforcedAdminConsents": [ # Output only. The versioned names of the enforced admin Consent resource(s), in the format `projects/{project_id}/locations/{location}/datasets/{dataset_id}/fhirStores/{fhir_store_id}/fhir/Consent/{resource_id}/_history/{version_id}`. For FHIR stores with `disable_resource_versioning=true`, the format is `projects/{project_id}/locations/{location}/datasets/{dataset_id}/fhirStores/{fhir_store_id}/fhir/Consent/{resource_id}`. This field can only be updated using ApplyAdminConsents.
+      "A String",
+    ],
+    "version": "A String", # Required. Specifies which consent enforcement version is being used for this FHIR store. This field can only be set once by either CreateFhirStore or UpdateFhirStore. After that, you must call ApplyConsents to change the version.
+  },
   "defaultSearchHandlingStrict": True or False, # Optional. If true, overrides the default search behavior for this FHIR store to `handling=strict` which returns an error for unrecognized search parameters. If false, uses the FHIR specification default `handling=lenient` which ignores unrecognized search parameters. The handling can always be changed from the default on an individual API call by setting the HTTP header `Prefer: handling=strict` or `Prefer: handling=lenient`. Defaults to false.
   "disableReferentialIntegrity": True or False, # Immutable. Whether to disable referential integrity in this FHIR store. This field is immutable after FHIR store creation. The default value is false, meaning that the API enforces referential integrity and fails the requests that result in inconsistent state in the FHIR store. When this field is set to true, the API skips referential integrity checks. Consequently, operations that rely on references, such as GetPatientEverything, do not return all the results if broken references exist.
   "disableResourceVersioning": True or False, # Immutable. Whether to disable resource versioning for this FHIR store. This field can not be changed after the creation of FHIR store. If set to false, all write operations cause historical versions to be recorded automatically. The historical versions can be fetched through the history APIs, but cannot be updated. If set to true, no historical versions are kept. The server sends errors for attempts to read the historical versions. Defaults to false.
@@ -1300,6 +1526,19 @@ 
Method Details

 
     { # Represents a FHIR store.
   "complexDataTypeReferenceParsing": "A String", # Optional. Enable parsing of references within complex FHIR data types such as Extensions. If this value is set to ENABLED, then features like referential integrity and Bundle reference rewriting apply to all references. If this flag has not been specified the behavior of the FHIR store will not change, references in complex data types will not be parsed. New stores will have this value set to ENABLED after a notification period. Warning: turning on this flag causes processing existing resources to fail if they contain references to non-existent resources.
+  "consentConfig": { # Configures whether to enforce consent for the FHIR store and which consent enforcement version is being used. # Optional. Specifies whether this store has consent enforcement. Not available for DSTU2 FHIR version due to absence of Consent resources.
+    "accessDeterminationLogConfig": { # Configures consent audit log config for FHIR create, read, update, and delete (CRUD) operations. Cloud audit log for healthcare API must be [enabled](https://cloud.google.com/logging/docs/audit/configure-data-access#config-console-enable). The consent-related logs are included as part of `protoPayload.metadata`. # Optional. Specifies how the server logs the consent-aware requests. If not specified, the `AccessDeterminationLogConfig.LogLevel.MINIMUM` option is used.
+      "logLevel": "A String", # Optional. Controls the amount of detail to include as part of the audit logs.
+    },
+    "accessEnforced": True or False, # Optional. The default value is false. If set to true, when accessing FHIR resources, the consent headers will be verified against consents given by patients. See the ConsentEnforcementVersion for the supported consent headers.
+    "consentHeaderHandling": { # How the server handles the consent header. # Optional. Different options to configure the behaviour of the server when handling the `X-Consent-Scope` header.
+      "profile": "A String", # Optional. Specifies the default server behavior when the header is empty. If not specified, the `ScopeProfile.PERMIT_EMPTY_SCOPE` option is used.
+    },
+    "enforcedAdminConsents": [ # Output only. The versioned names of the enforced admin Consent resource(s), in the format `projects/{project_id}/locations/{location}/datasets/{dataset_id}/fhirStores/{fhir_store_id}/fhir/Consent/{resource_id}/_history/{version_id}`. For FHIR stores with `disable_resource_versioning=true`, the format is `projects/{project_id}/locations/{location}/datasets/{dataset_id}/fhirStores/{fhir_store_id}/fhir/Consent/{resource_id}`. This field can only be updated using ApplyAdminConsents.
+      "A String",
+    ],
+    "version": "A String", # Required. Specifies which consent enforcement version is being used for this FHIR store. This field can only be set once by either CreateFhirStore or UpdateFhirStore. After that, you must call ApplyConsents to change the version.
+  },
   "defaultSearchHandlingStrict": True or False, # Optional. If true, overrides the default search behavior for this FHIR store to `handling=strict` which returns an error for unrecognized search parameters. If false, uses the FHIR specification default `handling=lenient` which ignores unrecognized search parameters. The handling can always be changed from the default on an individual API call by setting the HTTP header `Prefer: handling=strict` or `Prefer: handling=lenient`. Defaults to false.
   "disableReferentialIntegrity": True or False, # Immutable. Whether to disable referential integrity in this FHIR store. This field is immutable after FHIR store creation. The default value is false, meaning that the API enforces referential integrity and fails the requests that result in inconsistent state in the FHIR store. When this field is set to true, the API skips referential integrity checks. Consequently, operations that rely on references, such as GetPatientEverything, do not return all the results if broken references exist.
   "disableResourceVersioning": True or False, # Immutable. Whether to disable resource versioning for this FHIR store. This field can not be changed after the creation of FHIR store. If set to false, all write operations cause historical versions to be recorded automatically. The historical versions can be fetched through the history APIs, but cannot be updated. If set to true, no historical versions are kept. The server sends errors for attempts to read the historical versions. Defaults to false.
diff --git a/docs/dyn/healthcare_v1beta1.projects.locations.datasets.fhirStores.html b/docs/dyn/healthcare_v1beta1.projects.locations.datasets.fhirStores.html
index 23cae37af8..1cadb79b10 100644
--- a/docs/dyn/healthcare_v1beta1.projects.locations.datasets.fhirStores.html
+++ b/docs/dyn/healthcare_v1beta1.projects.locations.datasets.fhirStores.html
@@ -346,6 +346,9 @@ 
Method Details

   "streamConfigs": [ # A list of streaming configs that configure the destinations of streaming export for every resource mutation in this FHIR store. Each store is allowed to have up to 10 streaming configs. After a new config is added, the next resource mutation is streamed to the new location in addition to the existing ones. When a location is removed from the list, the server stops streaming to that location. Before adding a new config, you must add the required [`bigquery.dataEditor`](https://cloud.google.com/bigquery/docs/access-control#bigquery.dataEditor) role to your project's **Cloud Healthcare Service Agent** [service account](https://cloud.google.com/iam/docs/service-accounts). Some lag (typically on the order of dozens of seconds) is expected before the results show up in the streaming destination.
     { # Contains configuration for streaming FHIR export.
       "bigqueryDestination": { # The configuration for exporting to BigQuery. # The destination BigQuery structure that contains both the dataset location and corresponding schema config. The output is organized in one table per resource type. The server reuses the existing tables (if any) that are named after the resource types, e.g. "Patient", "Observation". When there is no existing table for a given resource type, the server attempts to create one. When a table schema doesn't align with the schema config, either because of existing incompatible schema or out of band incompatible modification, the server does not stream in new data. One resolution in this case is to delete the incompatible table and let the server recreate one, though the newly created table only contains data after the table recreation. BigQuery imposes a 1 MB limit on streaming insert row size, therefore any resource mutation that generates more than 1 MB of BigQuery data will not be streamed. Results are written to BigQuery tables according to the parameters in BigQueryDestination.WriteDisposition. Different versions of the same resource are distinguishable by the meta.versionId and meta.lastUpdated columns. The operation (CREATE/UPDATE/DELETE) that results in the new version is recorded in the meta.tag. The tables contain all historical resource versions since streaming was enabled. For query convenience, the server also creates one view per table of the same name containing only the current resource version. The streamed data in the BigQuery dataset is not guaranteed to be completely unique. The combination of the id and meta.versionId columns should ideally identify a single unique row. But in rare cases, duplicates may exist. At query time, users may use the SQL select statement to keep only one of the duplicate rows given an id and meta.versionId pair. Alternatively, the server created view mentioned above also filters out duplicates. If a resource mutation cannot be streamed to BigQuery, errors will be logged to Cloud Logging (see [Viewing error logs in Cloud Logging](https://cloud.google.com/healthcare/docs/how-tos/logging)).
+        "changeDataCaptureConfig": { # BigQuery Change Data Capture configuration. # Optional. Setting this field will enable BigQuery's Change Data Capture (CDC) on the destination tables. Use this field if you: - Want to only keep the latest version of each resource. Updates and deletes to an existing resource will overwrite the corresponding row. - Have a store with enabled history modifications and want to keep the entire history of resource versions but want the history to be mutable. Updates and deletes to a specific resource version will overwrite the corresponding row. See https://cloud.google.com/bigquery/docs/change-data-capture for details.
+          "historyMode": "A String", # Optional. Configures how historical versions of FHIR resources will be reflected in the destination table through updates and deletes. Defaults to `HistoryMode.KEEP_LATEST_VERSION` if unspecified.
+        },
         "datasetUri": "A String", # BigQuery URI to an existing dataset, up to 2000 characters long, in the format `bq://projectId.bqDatasetId`.
         "force": True or False, # Use `write_disposition` instead. If `write_disposition` is specified, this parameter is ignored. force=false is equivalent to write_disposition=WRITE_EMPTY and force=true is equivalent to write_disposition=WRITE_TRUNCATE.
         "schemaConfig": { # Configuration for the FHIR BigQuery schema. Determines how the server generates the schema. # The configuration for the exported BigQuery schema.
@@ -633,6 +636,9 @@ 
Method Details

   "streamConfigs": [ # A list of streaming configs that configure the destinations of streaming export for every resource mutation in this FHIR store. Each store is allowed to have up to 10 streaming configs. After a new config is added, the next resource mutation is streamed to the new location in addition to the existing ones. When a location is removed from the list, the server stops streaming to that location. Before adding a new config, you must add the required [`bigquery.dataEditor`](https://cloud.google.com/bigquery/docs/access-control#bigquery.dataEditor) role to your project's **Cloud Healthcare Service Agent** [service account](https://cloud.google.com/iam/docs/service-accounts). Some lag (typically on the order of dozens of seconds) is expected before the results show up in the streaming destination.
     { # Contains configuration for streaming FHIR export.
       "bigqueryDestination": { # The configuration for exporting to BigQuery. # The destination BigQuery structure that contains both the dataset location and corresponding schema config. The output is organized in one table per resource type. The server reuses the existing tables (if any) that are named after the resource types, e.g. "Patient", "Observation". When there is no existing table for a given resource type, the server attempts to create one. When a table schema doesn't align with the schema config, either because of existing incompatible schema or out of band incompatible modification, the server does not stream in new data. One resolution in this case is to delete the incompatible table and let the server recreate one, though the newly created table only contains data after the table recreation. BigQuery imposes a 1 MB limit on streaming insert row size, therefore any resource mutation that generates more than 1 MB of BigQuery data will not be streamed. Results are written to BigQuery tables according to the parameters in BigQueryDestination.WriteDisposition. Different versions of the same resource are distinguishable by the meta.versionId and meta.lastUpdated columns. The operation (CREATE/UPDATE/DELETE) that results in the new version is recorded in the meta.tag. The tables contain all historical resource versions since streaming was enabled. For query convenience, the server also creates one view per table of the same name containing only the current resource version. The streamed data in the BigQuery dataset is not guaranteed to be completely unique. The combination of the id and meta.versionId columns should ideally identify a single unique row. But in rare cases, duplicates may exist. At query time, users may use the SQL select statement to keep only one of the duplicate rows given an id and meta.versionId pair. Alternatively, the server created view mentioned above also filters out duplicates. If a resource mutation cannot be streamed to BigQuery, errors will be logged to Cloud Logging (see [Viewing error logs in Cloud Logging](https://cloud.google.com/healthcare/docs/how-tos/logging)).
+        "changeDataCaptureConfig": { # BigQuery Change Data Capture configuration. # Optional. Setting this field will enable BigQuery's Change Data Capture (CDC) on the destination tables. Use this field if you: - Want to only keep the latest version of each resource. Updates and deletes to an existing resource will overwrite the corresponding row. - Have a store with enabled history modifications and want to keep the entire history of resource versions but want the history to be mutable. Updates and deletes to a specific resource version will overwrite the corresponding row. See https://cloud.google.com/bigquery/docs/change-data-capture for details.
+          "historyMode": "A String", # Optional. Configures how historical versions of FHIR resources will be reflected in the destination table through updates and deletes. Defaults to `HistoryMode.KEEP_LATEST_VERSION` if unspecified.
+        },
         "datasetUri": "A String", # BigQuery URI to an existing dataset, up to 2000 characters long, in the format `bq://projectId.bqDatasetId`.
         "force": True or False, # Use `write_disposition` instead. If `write_disposition` is specified, this parameter is ignored. force=false is equivalent to write_disposition=WRITE_EMPTY and force=true is equivalent to write_disposition=WRITE_TRUNCATE.
         "schemaConfig": { # Configuration for the FHIR BigQuery schema. Determines how the server generates the schema. # The configuration for the exported BigQuery schema.
@@ -1202,6 +1208,9 @@ 
Method Details

   "_since": "A String", # If provided, only resources updated after this time are exported. The time uses the format YYYY-MM-DDThh:mm:ss.sss+zz:zz. For example, `2015-02-07T13:28:17.239+02:00` or `2017-01-01T00:00:00Z`. The time must be specified to the second and include a time zone.
   "_type": "A String", # String of comma-delimited FHIR resource types. If provided, only resources of the specified resource type(s) are exported.
   "bigqueryDestination": { # The configuration for exporting to BigQuery. # The BigQuery output destination. The Cloud Healthcare Service Agent requires two IAM roles on the BigQuery location: `roles/bigquery.dataEditor` and `roles/bigquery.jobUser`. The output is one BigQuery table per resource type. Unlike when setting `BigQueryDestination` for `StreamConfig`, `ExportResources` does not create BigQuery views.
+    "changeDataCaptureConfig": { # BigQuery Change Data Capture configuration. # Optional. Setting this field will enable BigQuery's Change Data Capture (CDC) on the destination tables. Use this field if you: - Want to only keep the latest version of each resource. Updates and deletes to an existing resource will overwrite the corresponding row. - Have a store with enabled history modifications and want to keep the entire history of resource versions but want the history to be mutable. Updates and deletes to a specific resource version will overwrite the corresponding row. See https://cloud.google.com/bigquery/docs/change-data-capture for details.
+      "historyMode": "A String", # Optional. Configures how historical versions of FHIR resources will be reflected in the destination table through updates and deletes. Defaults to `HistoryMode.KEEP_LATEST_VERSION` if unspecified.
+    },
     "datasetUri": "A String", # BigQuery URI to an existing dataset, up to 2000 characters long, in the format `bq://projectId.bqDatasetId`.
     "force": True or False, # Use `write_disposition` instead. If `write_disposition` is specified, this parameter is ignored. force=false is equivalent to write_disposition=WRITE_EMPTY and force=true is equivalent to write_disposition=WRITE_TRUNCATE.
     "schemaConfig": { # Configuration for the FHIR BigQuery schema. Determines how the server generates the schema. # The configuration for the exported BigQuery schema.
@@ -1355,6 +1364,9 @@ 
Method Details

   "streamConfigs": [ # A list of streaming configs that configure the destinations of streaming export for every resource mutation in this FHIR store. Each store is allowed to have up to 10 streaming configs. After a new config is added, the next resource mutation is streamed to the new location in addition to the existing ones. When a location is removed from the list, the server stops streaming to that location. Before adding a new config, you must add the required [`bigquery.dataEditor`](https://cloud.google.com/bigquery/docs/access-control#bigquery.dataEditor) role to your project's **Cloud Healthcare Service Agent** [service account](https://cloud.google.com/iam/docs/service-accounts). Some lag (typically on the order of dozens of seconds) is expected before the results show up in the streaming destination.
     { # Contains configuration for streaming FHIR export.
       "bigqueryDestination": { # The configuration for exporting to BigQuery. # The destination BigQuery structure that contains both the dataset location and corresponding schema config. The output is organized in one table per resource type. The server reuses the existing tables (if any) that are named after the resource types, e.g. "Patient", "Observation". When there is no existing table for a given resource type, the server attempts to create one. When a table schema doesn't align with the schema config, either because of existing incompatible schema or out of band incompatible modification, the server does not stream in new data. One resolution in this case is to delete the incompatible table and let the server recreate one, though the newly created table only contains data after the table recreation. BigQuery imposes a 1 MB limit on streaming insert row size, therefore any resource mutation that generates more than 1 MB of BigQuery data will not be streamed. Results are written to BigQuery tables according to the parameters in BigQueryDestination.WriteDisposition. Different versions of the same resource are distinguishable by the meta.versionId and meta.lastUpdated columns. The operation (CREATE/UPDATE/DELETE) that results in the new version is recorded in the meta.tag. The tables contain all historical resource versions since streaming was enabled. For query convenience, the server also creates one view per table of the same name containing only the current resource version. The streamed data in the BigQuery dataset is not guaranteed to be completely unique. The combination of the id and meta.versionId columns should ideally identify a single unique row. But in rare cases, duplicates may exist. At query time, users may use the SQL select statement to keep only one of the duplicate rows given an id and meta.versionId pair. Alternatively, the server created view mentioned above also filters out duplicates. If a resource mutation cannot be streamed to BigQuery, errors will be logged to Cloud Logging (see [Viewing error logs in Cloud Logging](https://cloud.google.com/healthcare/docs/how-tos/logging)).
+        "changeDataCaptureConfig": { # BigQuery Change Data Capture configuration. # Optional. Setting this field will enable BigQuery's Change Data Capture (CDC) on the destination tables. Use this field if you: - Want to only keep the latest version of each resource. Updates and deletes to an existing resource will overwrite the corresponding row. - Have a store with enabled history modifications and want to keep the entire history of resource versions but want the history to be mutable. Updates and deletes to a specific resource version will overwrite the corresponding row. See https://cloud.google.com/bigquery/docs/change-data-capture for details.
+          "historyMode": "A String", # Optional. Configures how historical versions of FHIR resources will be reflected in the destination table through updates and deletes. Defaults to `HistoryMode.KEEP_LATEST_VERSION` if unspecified.
+        },
         "datasetUri": "A String", # BigQuery URI to an existing dataset, up to 2000 characters long, in the format `bq://projectId.bqDatasetId`.
         "force": True or False, # Use `write_disposition` instead. If `write_disposition` is specified, this parameter is ignored. force=false is equivalent to write_disposition=WRITE_EMPTY and force=true is equivalent to write_disposition=WRITE_TRUNCATE.
         "schemaConfig": { # Configuration for the FHIR BigQuery schema. Determines how the server generates the schema. # The configuration for the exported BigQuery schema.
@@ -1818,6 +1830,9 @@ 
Method Details

       "streamConfigs": [ # A list of streaming configs that configure the destinations of streaming export for every resource mutation in this FHIR store. Each store is allowed to have up to 10 streaming configs. After a new config is added, the next resource mutation is streamed to the new location in addition to the existing ones. When a location is removed from the list, the server stops streaming to that location. Before adding a new config, you must add the required [`bigquery.dataEditor`](https://cloud.google.com/bigquery/docs/access-control#bigquery.dataEditor) role to your project's **Cloud Healthcare Service Agent** [service account](https://cloud.google.com/iam/docs/service-accounts). Some lag (typically on the order of dozens of seconds) is expected before the results show up in the streaming destination.
         { # Contains configuration for streaming FHIR export.
           "bigqueryDestination": { # The configuration for exporting to BigQuery. # The destination BigQuery structure that contains both the dataset location and corresponding schema config. The output is organized in one table per resource type. The server reuses the existing tables (if any) that are named after the resource types, e.g. "Patient", "Observation". When there is no existing table for a given resource type, the server attempts to create one. When a table schema doesn't align with the schema config, either because of existing incompatible schema or out of band incompatible modification, the server does not stream in new data. One resolution in this case is to delete the incompatible table and let the server recreate one, though the newly created table only contains data after the table recreation. BigQuery imposes a 1 MB limit on streaming insert row size, therefore any resource mutation that generates more than 1 MB of BigQuery data will not be streamed. Results are written to BigQuery tables according to the parameters in BigQueryDestination.WriteDisposition. Different versions of the same resource are distinguishable by the meta.versionId and meta.lastUpdated columns. The operation (CREATE/UPDATE/DELETE) that results in the new version is recorded in the meta.tag. The tables contain all historical resource versions since streaming was enabled. For query convenience, the server also creates one view per table of the same name containing only the current resource version. The streamed data in the BigQuery dataset is not guaranteed to be completely unique. The combination of the id and meta.versionId columns should ideally identify a single unique row. But in rare cases, duplicates may exist. At query time, users may use the SQL select statement to keep only one of the duplicate rows given an id and meta.versionId pair. Alternatively, the server created view mentioned above also filters out duplicates. If a resource mutation cannot be streamed to BigQuery, errors will be logged to Cloud Logging (see [Viewing error logs in Cloud Logging](https://cloud.google.com/healthcare/docs/how-tos/logging)).
+            "changeDataCaptureConfig": { # BigQuery Change Data Capture configuration. # Optional. Setting this field will enable BigQuery's Change Data Capture (CDC) on the destination tables. Use this field if you: - Want to only keep the latest version of each resource. Updates and deletes to an existing resource will overwrite the corresponding row. - Have a store with enabled history modifications and want to keep the entire history of resource versions but want the history to be mutable. Updates and deletes to a specific resource version will overwrite the corresponding row. See https://cloud.google.com/bigquery/docs/change-data-capture for details.
+              "historyMode": "A String", # Optional. Configures how historical versions of FHIR resources will be reflected in the destination table through updates and deletes. Defaults to `HistoryMode.KEEP_LATEST_VERSION` if unspecified.
+            },
             "datasetUri": "A String", # BigQuery URI to an existing dataset, up to 2000 characters long, in the format `bq://projectId.bqDatasetId`.
             "force": True or False, # Use `write_disposition` instead. If `write_disposition` is specified, this parameter is ignored. force=false is equivalent to write_disposition=WRITE_EMPTY and force=true is equivalent to write_disposition=WRITE_TRUNCATE.
             "schemaConfig": { # Configuration for the FHIR BigQuery schema. Determines how the server generates the schema. # The configuration for the exported BigQuery schema.
@@ -2123,6 +2138,9 @@ 
Method Details

   "streamConfigs": [ # A list of streaming configs that configure the destinations of streaming export for every resource mutation in this FHIR store. Each store is allowed to have up to 10 streaming configs. After a new config is added, the next resource mutation is streamed to the new location in addition to the existing ones. When a location is removed from the list, the server stops streaming to that location. Before adding a new config, you must add the required [`bigquery.dataEditor`](https://cloud.google.com/bigquery/docs/access-control#bigquery.dataEditor) role to your project's **Cloud Healthcare Service Agent** [service account](https://cloud.google.com/iam/docs/service-accounts). Some lag (typically on the order of dozens of seconds) is expected before the results show up in the streaming destination.
     { # Contains configuration for streaming FHIR export.
       "bigqueryDestination": { # The configuration for exporting to BigQuery. # The destination BigQuery structure that contains both the dataset location and corresponding schema config. The output is organized in one table per resource type. The server reuses the existing tables (if any) that are named after the resource types, e.g. "Patient", "Observation". When there is no existing table for a given resource type, the server attempts to create one. When a table schema doesn't align with the schema config, either because of existing incompatible schema or out of band incompatible modification, the server does not stream in new data. One resolution in this case is to delete the incompatible table and let the server recreate one, though the newly created table only contains data after the table recreation. BigQuery imposes a 1 MB limit on streaming insert row size, therefore any resource mutation that generates more than 1 MB of BigQuery data will not be streamed. Results are written to BigQuery tables according to the parameters in BigQueryDestination.WriteDisposition. Different versions of the same resource are distinguishable by the meta.versionId and meta.lastUpdated columns. The operation (CREATE/UPDATE/DELETE) that results in the new version is recorded in the meta.tag. The tables contain all historical resource versions since streaming was enabled. For query convenience, the server also creates one view per table of the same name containing only the current resource version. The streamed data in the BigQuery dataset is not guaranteed to be completely unique. The combination of the id and meta.versionId columns should ideally identify a single unique row. But in rare cases, duplicates may exist. At query time, users may use the SQL select statement to keep only one of the duplicate rows given an id and meta.versionId pair. Alternatively, the server created view mentioned above also filters out duplicates. If a resource mutation cannot be streamed to BigQuery, errors will be logged to Cloud Logging (see [Viewing error logs in Cloud Logging](https://cloud.google.com/healthcare/docs/how-tos/logging)).
+        "changeDataCaptureConfig": { # BigQuery Change Data Capture configuration. # Optional. Setting this field will enable BigQuery's Change Data Capture (CDC) on the destination tables. Use this field if you: - Want to only keep the latest version of each resource. Updates and deletes to an existing resource will overwrite the corresponding row. - Have a store with enabled history modifications and want to keep the entire history of resource versions but want the history to be mutable. Updates and deletes to a specific resource version will overwrite the corresponding row. See https://cloud.google.com/bigquery/docs/change-data-capture for details.
+          "historyMode": "A String", # Optional. Configures how historical versions of FHIR resources will be reflected in the destination table through updates and deletes. Defaults to `HistoryMode.KEEP_LATEST_VERSION` if unspecified.
+        },
         "datasetUri": "A String", # BigQuery URI to an existing dataset, up to 2000 characters long, in the format `bq://projectId.bqDatasetId`.
         "force": True or False, # Use `write_disposition` instead. If `write_disposition` is specified, this parameter is ignored. force=false is equivalent to write_disposition=WRITE_EMPTY and force=true is equivalent to write_disposition=WRITE_TRUNCATE.
         "schemaConfig": { # Configuration for the FHIR BigQuery schema. Determines how the server generates the schema. # The configuration for the exported BigQuery schema.
@@ -2410,6 +2428,9 @@ 
Method Details

   "streamConfigs": [ # A list of streaming configs that configure the destinations of streaming export for every resource mutation in this FHIR store. Each store is allowed to have up to 10 streaming configs. After a new config is added, the next resource mutation is streamed to the new location in addition to the existing ones. When a location is removed from the list, the server stops streaming to that location. Before adding a new config, you must add the required [`bigquery.dataEditor`](https://cloud.google.com/bigquery/docs/access-control#bigquery.dataEditor) role to your project's **Cloud Healthcare Service Agent** [service account](https://cloud.google.com/iam/docs/service-accounts). Some lag (typically on the order of dozens of seconds) is expected before the results show up in the streaming destination.
     { # Contains configuration for streaming FHIR export.
       "bigqueryDestination": { # The configuration for exporting to BigQuery. # The destination BigQuery structure that contains both the dataset location and corresponding schema config. The output is organized in one table per resource type. The server reuses the existing tables (if any) that are named after the resource types, e.g. "Patient", "Observation". When there is no existing table for a given resource type, the server attempts to create one. When a table schema doesn't align with the schema config, either because of existing incompatible schema or out of band incompatible modification, the server does not stream in new data. One resolution in this case is to delete the incompatible table and let the server recreate one, though the newly created table only contains data after the table recreation. BigQuery imposes a 1 MB limit on streaming insert row size, therefore any resource mutation that generates more than 1 MB of BigQuery data will not be streamed. Results are written to BigQuery tables according to the parameters in BigQueryDestination.WriteDisposition. Different versions of the same resource are distinguishable by the meta.versionId and meta.lastUpdated columns. The operation (CREATE/UPDATE/DELETE) that results in the new version is recorded in the meta.tag. The tables contain all historical resource versions since streaming was enabled. For query convenience, the server also creates one view per table of the same name containing only the current resource version. The streamed data in the BigQuery dataset is not guaranteed to be completely unique. The combination of the id and meta.versionId columns should ideally identify a single unique row. But in rare cases, duplicates may exist. At query time, users may use the SQL select statement to keep only one of the duplicate rows given an id and meta.versionId pair. Alternatively, the server created view mentioned above also filters out duplicates. If a resource mutation cannot be streamed to BigQuery, errors will be logged to Cloud Logging (see [Viewing error logs in Cloud Logging](https://cloud.google.com/healthcare/docs/how-tos/logging)).
+        "changeDataCaptureConfig": { # BigQuery Change Data Capture configuration. # Optional. Setting this field will enable BigQuery's Change Data Capture (CDC) on the destination tables. Use this field if you: - Want to only keep the latest version of each resource. Updates and deletes to an existing resource will overwrite the corresponding row. - Have a store with enabled history modifications and want to keep the entire history of resource versions but want the history to be mutable. Updates and deletes to a specific resource version will overwrite the corresponding row. See https://cloud.google.com/bigquery/docs/change-data-capture for details.
+          "historyMode": "A String", # Optional. Configures how historical versions of FHIR resources will be reflected in the destination table through updates and deletes. Defaults to `HistoryMode.KEEP_LATEST_VERSION` if unspecified.
+        },
         "datasetUri": "A String", # BigQuery URI to an existing dataset, up to 2000 characters long, in the format `bq://projectId.bqDatasetId`.
         "force": True or False, # Use `write_disposition` instead. If `write_disposition` is specified, this parameter is ignored. force=false is equivalent to write_disposition=WRITE_EMPTY and force=true is equivalent to write_disposition=WRITE_TRUNCATE.
         "schemaConfig": { # Configuration for the FHIR BigQuery schema. Determines how the server generates the schema. # The configuration for the exported BigQuery schema.
diff --git a/googleapiclient/discovery_cache/documents/healthcare.v1.json b/googleapiclient/discovery_cache/documents/healthcare.v1.json
index 6eabd17873..2d6ebd713e 100644
--- a/googleapiclient/discovery_cache/documents/healthcare.v1.json
+++ b/googleapiclient/discovery_cache/documents/healthcare.v1.json
@@ -2942,6 +2942,64 @@
 },
 "fhirStores": {
 "methods": {
+"applyAdminConsents": {
+"description": "Applies the admin Consent resources for the FHIR store and reindexes the underlying resources in the FHIR store according to the aggregate consents. This method also updates the `consent_config.enforced_admin_consents` field of the FhirStore unless `validate_only=true` in ApplyAdminConsentsRequest. Any admin Consent resource change after this operation execution (including deletion) requires you to call ApplyAdminConsents again for the change to take effect. This method returns an Operation that can be used to track the progress of the resources that were reindexed, by calling GetOperation. Upon completion, the ApplyAdminConsentsResponse additionally contains the number of resources that were reindexed. If at least one Consent resource contains an error or fails be be enforced for any reason, the method returns an error instead of an Operation. No resources will be reindexed and the `consent_config.enforced_admin_consents` field will be unchanged. To enforce a consent check for data access, `consent_config.access_enforced` must be set to true for the FhirStore.",
+"flatPath": "v1/projects/{projectsId}/locations/{locationsId}/datasets/{datasetsId}/fhirStores/{fhirStoresId}:applyAdminConsents",
+"httpMethod": "POST",
+"id": "healthcare.projects.locations.datasets.fhirStores.applyAdminConsents",
+"parameterOrder": [
+"name"
+],
+"parameters": {
+"name": {
+"description": "Required. The name of the FHIR store to enforce, in the format `projects/{project_id}/locations/{location_id}/datasets/{dataset_id}/fhirStores/{fhir_store_id}`.",
+"location": "path",
+"pattern": "^projects/[^/]+/locations/[^/]+/datasets/[^/]+/fhirStores/[^/]+$",
+"required": true,
+"type": "string"
+}
+},
+"path": "v1/{+name}:applyAdminConsents",
+"request": {
+"$ref": "ApplyAdminConsentsRequest"
+},
+"response": {
+"$ref": "Operation"
+},
+"scopes": [
+"https://www.googleapis.com/auth/cloud-healthcare",
+"https://www.googleapis.com/auth/cloud-platform"
+]
+},
+"applyConsents": {
+"description": "Apply the Consent resources for the FHIR store and reindex the underlying resources in the FHIR store according to the aggregate consent. The aggregate consent of the patient in scope in this request replaces any previous call of this method. Any Consent resource change after this operation execution (including deletion) requires you to call ApplyConsents again to have effect. This method returns an Operation that can be used to track the progress of the consent resources that were processed by calling GetOperation. Upon completion, the ApplyConsentsResponse additionally contains the number of resources that was reindexed. Errors are logged to Cloud Logging (see [Viewing error logs in Cloud Logging](https://cloud.google.com/healthcare/docs/how-tos/logging)). To enforce consent check for data access, `consent_config.access_enforced` must be set to true for the FhirStore.",
+"flatPath": "v1/projects/{projectsId}/locations/{locationsId}/datasets/{datasetsId}/fhirStores/{fhirStoresId}:applyConsents",
+"httpMethod": "POST",
+"id": "healthcare.projects.locations.datasets.fhirStores.applyConsents",
+"parameterOrder": [
+"name"
+],
+"parameters": {
+"name": {
+"description": "Required. The name of the FHIR store to enforce, in the format `projects/{project_id}/locations/{location_id}/datasets/{dataset_id}/fhirStores/{fhir_store_id}`.",
+"location": "path",
+"pattern": "^projects/[^/]+/locations/[^/]+/datasets/[^/]+/fhirStores/[^/]+$",
+"required": true,
+"type": "string"
+}
+},
+"path": "v1/{+name}:applyConsents",
+"request": {
+"$ref": "ApplyConsentsRequest"
+},
+"response": {
+"$ref": "Operation"
+},
+"scopes": [
+"https://www.googleapis.com/auth/cloud-healthcare",
+"https://www.googleapis.com/auth/cloud-platform"
+]
+},
 "create": {
 "description": "Creates a new FHIR store within the parent dataset.",
 "flatPath": "v1/projects/{projectsId}/locations/{locationsId}/datasets/{datasetsId}/fhirStores",
@@ -3031,6 +3089,37 @@
 "https://www.googleapis.com/auth/cloud-platform"
 ]
 },
+"explainDataAccess": {
+"description": "Explains all the permitted/denied actor, purpose and environment for a given resource.",
+"flatPath": "v1/projects/{projectsId}/locations/{locationsId}/datasets/{datasetsId}/fhirStores/{fhirStoresId}:explainDataAccess",
+"httpMethod": "GET",
+"id": "healthcare.projects.locations.datasets.fhirStores.explainDataAccess",
+"parameterOrder": [
+"name"
+],
+"parameters": {
+"name": {
+"description": "Required. The name of the FHIR store to enforce, in the format `projects/{project_id}/locations/{location_id}/datasets/{dataset_id}/fhirStores/{fhir_store_id}`.",
+"location": "path",
+"pattern": "^projects/[^/]+/locations/[^/]+/datasets/[^/]+/fhirStores/[^/]+$",
+"required": true,
+"type": "string"
+},
+"resourceId": {
+"description": "Required. The ID (`{resourceType}/{id}`) of the resource to explain data access on.",
+"location": "query",
+"type": "string"
+}
+},
+"path": "v1/{+name}:explainDataAccess",
+"response": {
+"$ref": "ExplainDataAccessResponse"
+},
+"scopes": [
+"https://www.googleapis.com/auth/cloud-healthcare",
+"https://www.googleapis.com/auth/cloud-platform"
+]
+},
 "export": {
 "description": "Export resources from the FHIR store to the specified destination. This method returns an Operation that can be used to track the status of the export by calling GetOperation. Immediate fatal errors appear in the error field, errors are also logged to Cloud Logging (see [Viewing error logs in Cloud Logging](https://cloud.google.com/healthcare/docs/how-tos/logging)). Otherwise, when the operation finishes, a detailed response of type ExportResourcesResponse is returned in the response field. The metadata field type for this operation is OperationMetadata.",
 "flatPath": "v1/projects/{projectsId}/locations/{locationsId}/datasets/{datasetsId}/fhirStores/{fhirStoresId}:export",
@@ -3451,6 +3540,69 @@
 "https://www.googleapis.com/auth/cloud-platform"
 ]
 },
+"Consent-enforcement-status": {
+"description": "Returns the consent enforcement status of a single consent resource. On success, the response body contains a JSON-encoded representation of a `Parameters` (http://hl7.org/fhir/parameters.html) FHIR resource, containing the current enforcement status. Does not support DSTU2.",
+"flatPath": "v1/projects/{projectsId}/locations/{locationsId}/datasets/{datasetsId}/fhirStores/{fhirStoresId}/fhir/Consent/{ConsentId}/$consent-enforcement-status",
+"httpMethod": "GET",
+"id": "healthcare.projects.locations.datasets.fhirStores.fhir.Consent-enforcement-status",
+"parameterOrder": [
+"name"
+],
+"parameters": {
+"name": {
+"description": "Required. The name of the consent resource to find enforcement status, in the format `projects/{project_id}/locations/{location_id}/datasets/{dataset_id}/fhirStores/{fhir_store_id}/fhir/Consent/{consent_id}`",
+"location": "path",
+"pattern": "^projects/[^/]+/locations/[^/]+/datasets/[^/]+/fhirStores/[^/]+/fhir/Consent/[^/]+$",
+"required": true,
+"type": "string"
+}
+},
+"path": "v1/{+name}/$consent-enforcement-status",
+"response": {
+"$ref": "HttpBody"
+},
+"scopes": [
+"https://www.googleapis.com/auth/cloud-healthcare",
+"https://www.googleapis.com/auth/cloud-platform"
+]
+},
+"Patient-consent-enforcement-status": {
+"description": "Returns the consent enforcement status of all consent resources for a patient. On success, the response body contains a JSON-encoded representation of a bundle of `Parameters` (http://hl7.org/fhir/parameters.html) FHIR resources, containing the current enforcement status for each consent resource of the patient. Does not support DSTU2.",
+"flatPath": "v1/projects/{projectsId}/locations/{locationsId}/datasets/{datasetsId}/fhirStores/{fhirStoresId}/fhir/Patient/{PatientId}/$consent-enforcement-status",
+"httpMethod": "GET",
+"id": "healthcare.projects.locations.datasets.fhirStores.fhir.Patient-consent-enforcement-status",
+"parameterOrder": [
+"name"
+],
+"parameters": {
+"_count": {
+"description": "Optional. The maximum number of results on a page. If not specified, 100 is used. May not be larger than 1000.",
+"format": "int32",
+"location": "query",
+"type": "integer"
+},
+"_page_token": {
+"description": "Optional. Used to retrieve the first, previous, next, or last page of consent enforcement statuses when using pagination. Value should be set to the value of `_page_token` set in next or previous page links' URLs. Next and previous page are returned in the response bundle's links field, where `link.relation` is \"previous\" or \"next\". Omit `_page_token` if no previous request has been made.",
+"location": "query",
+"type": "string"
+},
+"name": {
+"description": "Required. The name of the patient to find enforcement statuses, in the format `projects/{project_id}/locations/{location_id}/datasets/{dataset_id}/fhirStores/{fhir_store_id}/fhir/Patient/{patient_id}`",
+"location": "path",
+"pattern": "^projects/[^/]+/locations/[^/]+/datasets/[^/]+/fhirStores/[^/]+/fhir/Patient/[^/]+$",
+"required": true,
+"type": "string"
+}
+},
+"path": "v1/{+name}/$consent-enforcement-status",
+"response": {
+"$ref": "HttpBody"
+},
+"scopes": [
+"https://www.googleapis.com/auth/cloud-healthcare",
+"https://www.googleapis.com/auth/cloud-platform"
+]
+},
 "Patient-everything": {
 "description": "Retrieves a Patient resource and resources related to that patient. Implements the FHIR extended operation Patient-everything ([DSTU2](http://hl7.org/implement/standards/fhir/DSTU2/patient-operations.html#everything), [STU3](http://hl7.org/implement/standards/fhir/STU3/patient-operations.html#everything), [R4](http://hl7.org/implement/standards/fhir/R4/patient-operations.html#everything)). On success, the response body contains a JSON-encoded representation of a `Bundle` resource of type `searchset`, containing the results of the operation. Errors generated by the FHIR store contain a JSON-encoded `OperationOutcome` resource describing the reason for the error. If the request cannot be mapped to a valid API method on a FHIR store, a generic GCP error might be returned instead. The resources in scope for the response are: * The patient resource itself. * All the resources directly referenced by the patient resource. * Resources directly referencing the patient resource that meet the inclusion criteria. The inclusion criteria are based on the membership rules in the patient compartment definition ([DSTU2](http://hl7.org/fhir/DSTU2/compartment-patient.html), [STU3](http://www.hl7.org/fhir/stu3/compartmentdefinition-patient.html), [R4](http://hl7.org/fhir/R4/compartmentdefinition-patient.html)), which details the eligible resource types and referencing search parameters. For samples that show how to call `Patient-everything`, see [Getting all patient compartment resources](https://cloud.google.com/healthcare/docs/how-tos/fhir-resources#getting_all_patient_compartment_resources).",
 "flatPath": "v1/projects/{projectsId}/locations/{locationsId}/datasets/{datasetsId}/fhirStores/{fhirStoresId}/fhir/Patient/{PatientId}/$everything",
@@ -4783,9 +4935,32 @@
 }
 }
 },
-"revision": "20241115",
+"revision": "20241205",
 "rootUrl": "https://healthcare.googleapis.com/",
 "schemas": {
+"AccessDeterminationLogConfig": {
+"description": "Configures consent audit log config for FHIR create, read, update, and delete (CRUD) operations. Cloud audit log for healthcare API must be [enabled](https://cloud.google.com/logging/docs/audit/configure-data-access#config-console-enable). The consent-related logs are included as part of `protoPayload.metadata`.",
+"id": "AccessDeterminationLogConfig",
+"properties": {
+"logLevel": {
+"description": "Optional. Controls the amount of detail to include as part of the audit logs.",
+"enum": [
+"LOG_LEVEL_UNSPECIFIED",
+"DISABLED",
+"MINIMUM",
+"VERBOSE"
+],
+"enumDescriptions": [
+"No log level specified. This value is unused.",
+"No additional consent-related logging is added to audit logs.",
+"The following information is included: * One of the following [`consentMode`](https://cloud.google.com/healthcare-api/docs/fhir-consent#audit_logs) fields: (`off`|`emptyScope`|`enforced`|`btg`|`bypass`). * The accessor's request headers * The `log_level` of the AccessDeterminationLogConfig * The final consent evaluation (`PERMIT`, `DENY`, or `NO_CONSENT`) * A human-readable summary of the evaluation",
+"Includes `MINIMUM` and, for each resource owner, returns: * The resource owner's name * Most specific part of the `X-Consent-Scope` resulting in consensual determination * Timestamp of the applied enforcement leading to the decision * Enforcement version at the time the applicable consents were applied * The Consent resource name * The timestamp of the Consent resource used for enforcement * Policy type (`PATIENT` or `ADMIN`) Note that this mode adds some overhead to CRUD operations."
+],
+"type": "string"
+}
+},
+"type": "object"
+},
 "ActivateConsentRequest": {
 "description": "Activates the latest revision of the specified Consent by committing a new revision with `state` updated to `ACTIVE`. If the latest revision of the given Consent is in the `ACTIVE` state, no new revision is committed. A FAILED_PRECONDITION error occurs if the latest revision of the given consent is in the `REJECTED` or `REVOKED` state.",
 "id": "ActivateConsentRequest",
@@ -4807,6 +4982,20 @@
 },
 "type": "object"
 },
+"AdminConsents": {
+"description": "List of admin Consent resources to be applied.",
+"id": "AdminConsents",
+"properties": {
+"names": {
+"description": "Optional. The versioned names of the admin Consent resource(s), in the format `projects/{project_id}/locations/{location}/datasets/{dataset_id}/fhirStores/{fhir_store_id}/fhir/Consent/{resource_id}/_history/{version_id}`. For FHIR stores with `disable_resource_versioning=true`, the format is `projects/{project_id}/locations/{location}/datasets/{dataset_id}/fhirStores/{fhir_store_id}/fhir/Consent/{resource_id}`.",
+"items": {
+"type": "string"
+},
+"type": "array"
+}
+},
+"type": "object"
+},
 "AnalyzeEntitiesRequest": {
 "description": "The request to analyze healthcare entities in a document.",
 "id": "AnalyzeEntitiesRequest",
@@ -4879,6 +5068,108 @@
 },
 "type": "object"
 },
+"ApplyAdminConsentsErrorDetail": {
+"description": "Contains the error details of the unsupported admin Consent resources for when the ApplyAdminConsents method fails to apply one or more Consent resources.",
+"id": "ApplyAdminConsentsErrorDetail",
+"properties": {
+"consentErrors": {
+"description": "The list of Consent resources that are unsupported or cannot be applied and the error associated with each of them.",
+"items": {
+"$ref": "ConsentErrors"
+},
+"type": "array"
+},
+"existingOperationId": {
+"description": "The currently in progress non-validate-only ApplyAdminConsents operation ID if exist.",
+"format": "uint64",
+"type": "string"
+}
+},
+"type": "object"
+},
+"ApplyAdminConsentsRequest": {
+"description": "Request to apply the admin Consent resources for the specified FHIR store.",
+"id": "ApplyAdminConsentsRequest",
+"properties": {
+"newConsentsList": {
+"$ref": "AdminConsents",
+"description": "A new list of admin Consent resources to be applied. Any existing enforced Consents, which are specified in `consent_config.enforced_admin_consents` of the FhirStore, that are not part of this list will be disabled. An empty list is equivalent to clearing or disabling all Consents enforced on the FHIR store. When a FHIR store has `disable_resource_versioning=true` and this list contains a Consent resource that exists in `consent_config.enforced_admin_consents`, the method enforces any updates to the existing resource since the last enforcement. If the existing resource hasn't been updated since the last enforcement, the resource is unaffected. After the method finishes, the resulting consent enforcement model is determined by the contents of the Consent resource(s) when the method was called: * When `disable_resource_versioning=true`, the result is identical to the current resource(s) in the FHIR store. * When `disable_resource_versioning=false`, the result is based on the historical version(s) of the Consent resource(s) at the point in time when the method was called. At most 200 Consents can be specified."
+},
+"validateOnly": {
+"description": "Optional. If true, the method only validates Consent resources to make sure they are supported. Otherwise, the method applies the aggregate consent information to update the enforcement model and reindex the FHIR resources. If all Consent resources can be applied successfully, the ApplyAdminConsentsResponse is returned containing the following fields: * `consent_apply_success` to indicate the number of Consent resources applied. * `affected_resources` to indicate the number of resources that might have had their consent access changed. If, however, one or more Consent resources are unsupported or cannot be applied, the method fails and ApplyAdminConsentsErrorDetail is is returned with details about the unsupported Consent resources.",
+"type": "boolean"
+}
+},
+"type": "object"
+},
+"ApplyAdminConsentsResponse": {
+"description": "Response when all admin Consent resources in scope were processed and all affected resources were reindexed successfully. This structure will be included in the response when the operation finishes successfully.",
+"id": "ApplyAdminConsentsResponse",
+"properties": {
+"affectedResources": {
+"description": "The number of resources (including the Consent resources) that may have consent access change.",
+"format": "int64",
+"type": "string"
+},
+"consentApplySuccess": {
+"description": "If `validate_only=false` in ApplyAdminConsentsRequest, this counter contains the number of Consent resources that were successfully applied. Otherwise, it is the number of Consent resources that are supported.",
+"format": "int64",
+"type": "string"
+},
+"failedResources": {
+"description": "The number of resources (including the Consent resources) that ApplyAdminConsents failed to re-index.",
+"format": "int64",
+"type": "string"
+}
+},
+"type": "object"
+},
+"ApplyConsentsRequest": {
+"description": "Request to apply the Consent resources for the specified FHIR store.",
+"id": "ApplyConsentsRequest",
+"properties": {
+"patientScope": {
+"$ref": "PatientScope",
+"description": "Optional. Scope down to a list of patients."
+},
+"timeRange": {
+"$ref": "TimeRange",
+"description": "Optional. Scope down to patients whose most recent consent changes are in the time range. Can only be used with a versioning store (i.e. when disable_resource_versioning is set to false)."
+},
+"validateOnly": {
+"description": "Optional. If true, the method only validates Consent resources to make sure they are supported. When the operation completes, ApplyConsentsResponse is returned where `consent_apply_success` and `consent_apply_failure` indicate supported and unsupported (or invalid) Consent resources, respectively. Otherwise, the method propagates the aggregate consensual information to the patient's resources. Upon success, `affected_resources` in the ApplyConsentsResponse indicates the number of resources that may have consensual access changed.",
+"type": "boolean"
+}
+},
+"type": "object"
+},
+"ApplyConsentsResponse": {
+"description": "Response when all Consent resources in scope were processed and all affected resources were reindexed successfully. This structure is included in the response when the operation finishes successfully.",
+"id": "ApplyConsentsResponse",
+"properties": {
+"affectedResources": {
+"description": "The number of resources (including the Consent resources) that may have consensual access change.",
+"format": "int64",
+"type": "string"
+},
+"consentApplyFailure": {
+"description": "If `validate_only = false` in ApplyConsentsRequest, this counter is the number of Consent resources that were failed to apply. Otherwise, it is the number of Consent resources that are not supported or invalid.",
+"format": "int64",
+"type": "string"
+},
+"consentApplySuccess": {
+"description": "If `validate_only = false` in ApplyConsentsRequest, this counter is the number of Consent resources that were successfully applied. Otherwise, it is the number of Consent resources that are supported.",
+"format": "int64",
+"type": "string"
+},
+"failedResources": {
+"description": "The number of resources (including the Consent resources) that ApplyConsents failed to re-index.",
+"format": "int64",
+"type": "string"
+}
+},
+"type": "object"
+},
 "ArchiveUserDataMappingRequest": {
 "description": "Archives the specified User data mapping.",
 "id": "ArchiveUserDataMappingRequest",
@@ -5231,6 +5522,25 @@
 },
 "type": "object"
 },
+"ConsentAccessorScope": {
+"description": "The accessor scope that describes who can access, for what purpose, in which environment.",
+"id": "ConsentAccessorScope",
+"properties": {
+"actor": {
+"description": "An individual, group, or access role that identifies the accessor or a characteristic of the accessor. This can be a resource ID (such as `{resourceType}/{id}`) or an external URI. This value must be present.",
+"type": "string"
+},
+"environment": {
+"description": "An abstract identifier that describes the environment or conditions under which the accessor is acting. Can be \"*\" if it applies to all environments.",
+"type": "string"
+},
+"purpose": {
+"description": "The intent of data use. Can be \"*\" if it applies to all purposes.",
+"type": "string"
+}
+},
+"type": "object"
+},
 "ConsentArtifact": {
 "description": "Documentation of a user's consent.",
 "id": "ConsentArtifact",
@@ -5276,6 +5586,60 @@
 },
 "type": "object"
 },
+"ConsentConfig": {
+"description": "Configures whether to enforce consent for the FHIR store and which consent enforcement version is being used.",
+"id": "ConsentConfig",
+"properties": {
+"accessDeterminationLogConfig": {
+"$ref": "AccessDeterminationLogConfig",
+"description": "Optional. Specifies how the server logs the consent-aware requests. If not specified, the `AccessDeterminationLogConfig.LogLevel.MINIMUM` option is used."
+},
+"accessEnforced": {
+"description": "Optional. The default value is false. If set to true, when accessing FHIR resources, the consent headers will be verified against consents given by patients. See the ConsentEnforcementVersion for the supported consent headers.",
+"type": "boolean"
+},
+"consentHeaderHandling": {
+"$ref": "ConsentHeaderHandling",
+"description": "Optional. Different options to configure the behaviour of the server when handling the `X-Consent-Scope` header."
+},
+"enforcedAdminConsents": {
+"description": "Output only. The versioned names of the enforced admin Consent resource(s), in the format `projects/{project_id}/locations/{location}/datasets/{dataset_id}/fhirStores/{fhir_store_id}/fhir/Consent/{resource_id}/_history/{version_id}`. For FHIR stores with `disable_resource_versioning=true`, the format is `projects/{project_id}/locations/{location}/datasets/{dataset_id}/fhirStores/{fhir_store_id}/fhir/Consent/{resource_id}`. This field can only be updated using ApplyAdminConsents.",
+"items": {
+"type": "string"
+},
+"readOnly": true,
+"type": "array"
+},
+"version": {
+"description": "Required. Specifies which consent enforcement version is being used for this FHIR store. This field can only be set once by either CreateFhirStore or UpdateFhirStore. After that, you must call ApplyConsents to change the version.",
+"enum": [
+"CONSENT_ENFORCEMENT_VERSION_UNSPECIFIED",
+"V1"
+],
+"enumDescriptions": [
+"Users must specify an enforcement version or an error is returned.",
+"Enforcement version 1. See the [FHIR Consent resources in the Cloud Healthcare API](https://cloud.google.com/healthcare-api/docs/fhir-consent) guide for more details."
+],
+"type": "string"
+}
+},
+"type": "object"
+},
+"ConsentErrors": {
+"description": "The Consent resource name and error.",
+"id": "ConsentErrors",
+"properties": {
+"error": {
+"$ref": "Status",
+"description": "The error code and message."
+},
+"name": {
+"description": "The versioned name of the admin Consent resource, in the format `projects/{project_id}/locations/{location}/datasets/{dataset_id}/fhirStores/{fhir_store_id}/fhir/Consent/{resource_id}/_history/{version_id}`. For FHIR stores with `disable_resource_versioning=true`, the format is `projects/{project_id}/locations/{location}/datasets/{dataset_id}/fhirStores/{fhir_store_id}/fhir/Consent/{resource_id}`.",
+"type": "string"
+}
+},
+"type": "object"
+},
 "ConsentEvaluation": {
 "description": "The detailed evaluation of a particular Consent.",
 "id": "ConsentEvaluation",
@@ -5301,6 +5665,27 @@
 },
 "type": "object"
 },
+"ConsentHeaderHandling": {
+"description": "How the server handles the consent header.",
+"id": "ConsentHeaderHandling",
+"properties": {
+"profile": {
+"description": "Optional. Specifies the default server behavior when the header is empty. If not specified, the `ScopeProfile.PERMIT_EMPTY_SCOPE` option is used.",
+"enum": [
+"SCOPE_PROFILE_UNSPECIFIED",
+"PERMIT_EMPTY_SCOPE",
+"REQUIRED_ON_READ"
+],
+"enumDescriptions": [
+"If not specified, the default value `PERMIT_EMPTY_SCOPE` is used.",
+"When no consent scopes are provided (for example, if there's an empty or missing header), then consent check is disabled, similar to when `access_enforced` is `false`. You can use audit logs to differentiate these two cases by looking at the value of `protopayload.metadata.consentMode`. If consents scopes are present, they must be valid and within the allowed limits, otherwise the request will be rejected with a `4xx` code.",
+"The consent header must be non-empty when performing read and search operations, otherwise the request is rejected with a `4xx` code. Additionally, invalid consent scopes or scopes exceeding the allowed limits are rejected."
+],
+"type": "string"
+}
+},
+"type": "object"
+},
 "ConsentList": {
 "description": "List of resource names of Consent resources.",
 "id": "ConsentList",
@@ -5805,6 +6190,128 @@
 },
 "type": "object"
 },
+"ExplainDataAccessConsentInfo": {
+"description": "The enforcing consent's metadata.",
+"id": "ExplainDataAccessConsentInfo",
+"properties": {
+"cascadeOrigins": {
+"description": "The compartment base resources that matched a cascading policy. Each resource has the following format: `projects/{project_id}/locations/{location_id}/datasets/{dataset_id}/fhirStores/{fhir_store_id}/fhir/{resource_type}/{resource_id}`",
+"items": {
+"type": "string"
+},
+"type": "array"
+},
+"consentResource": {
+"description": "The resource name of this consent resource, in the format: `projects/{project_id}/locations/{location}/datasets/{dataset_id}/fhirStores/{fhir_store_id}/fhir/Consent/{resource_id}`.",
+"type": "string"
+},
+"enforcementTime": {
+"description": "Last enforcement timestamp of this consent resource.",
+"format": "google-datetime",
+"type": "string"
+},
+"matchingAccessorScopes": {
+"description": "A list of all the matching accessor scopes of this consent policy that enforced ExplainDataAccessConsentScope.accessor_scope.",
+"items": {
+"$ref": "ConsentAccessorScope"
+},
+"type": "array"
+},
+"patientConsentOwner": {
+"description": "The patient owning the consent (only applicable for patient consents), in the format: `projects/{project_id}/locations/{location_id}/datasets/{dataset_id}/fhirStores/{fhir_store_id}/fhir/Patient/{patient_id}`",
+"type": "string"
+},
+"type": {
+"description": "The policy type of consent resource (e.g. PATIENT, ADMIN).",
+"enum": [
+"CONSENT_POLICY_TYPE_UNSPECIFIED",
+"CONSENT_POLICY_TYPE_PATIENT",
+"CONSENT_POLICY_TYPE_ADMIN"
+],
+"enumDescriptions": [
+"Unspecified policy type.",
+"Consent represent a patient consent.",
+"Consent represent an admin consent."
+],
+"type": "string"
+},
+"variants": {
+"description": "The consent's variant combinations. A single consent may have multiple variants.",
+"items": {
+"enum": [
+"CONSENT_VARIANT_UNSPECIFIED",
+"CONSENT_VARIANT_STANDARD",
+"CONSENT_VARIANT_CASCADE"
+],
+"enumDescriptions": [
+"Consent variant unspecified.",
+"Consent is a standard patient or admin consent.",
+"Consent is a cascading consent."
+],
+"type": "string"
+},
+"type": "array"
+}
+},
+"type": "object"
+},
+"ExplainDataAccessConsentScope": {
+"description": "A single consent scope that provides info on who has access to the requested resource scope for a particular purpose and environment, enforced by which consent.",
+"id": "ExplainDataAccessConsentScope",
+"properties": {
+"accessorScope": {
+"$ref": "ConsentAccessorScope",
+"description": "The accessor scope that describes who can access, for what purpose, and in which environment."
+},
+"decision": {
+"description": "Whether the current consent scope is permitted or denied access on the requested resource.",
+"enum": [
+"CONSENT_DECISION_TYPE_UNSPECIFIED",
+"CONSENT_DECISION_TYPE_PERMIT",
+"CONSENT_DECISION_TYPE_DENY"
+],
+"enumDescriptions": [
+"Unspecified consent decision type.",
+"Consent permitted access.",
+"Consent denied access."
+],
+"type": "string"
+},
+"enforcingConsents": {
+"description": "Metadata of the consent resources that enforce the consent scope's access.",
+"items": {
+"$ref": "ExplainDataAccessConsentInfo"
+},
+"type": "array"
+},
+"exceptions": {
+"description": "Other consent scopes that created exceptions within this scope.",
+"items": {
+"$ref": "ExplainDataAccessConsentScope"
+},
+"type": "array"
+}
+},
+"type": "object"
+},
+"ExplainDataAccessResponse": {
+"description": "List of consent scopes that are applicable to the explained access on a given resource.",
+"id": "ExplainDataAccessResponse",
+"properties": {
+"consentScopes": {
+"description": "List of applicable consent scopes. Sorted in order of actor such that scopes belonging to the same actor will be adjacent to each other in the list.",
+"items": {
+"$ref": "ExplainDataAccessConsentScope"
+},
+"type": "array"
+},
+"warning": {
+"description": "Warnings associated with this response. It inform user with exceeded scope limit errors.",
+"type": "string"
+}
+},
+"type": "object"
+},
 "ExportDicomDataRequest": {
 "description": "Exports data from the specified DICOM store. If a given resource, such as a DICOM object with the same SOPInstance UID, already exists in the output, it is overwritten with the version in the source dataset. Exported DICOM data persists when the DICOM store from which it was exported is deleted.",
 "id": "ExportDicomDataRequest",
@@ -5995,6 +6502,10 @@
 ],
 "type": "string"
 },
+"consentConfig": {
+"$ref": "ConsentConfig",
+"description": "Optional. Specifies whether this store has consent enforcement. Not available for DSTU2 FHIR version due to absence of Consent resources."
+},
 "defaultSearchHandlingStrict": {
 "description": "Optional. If true, overrides the default search behavior for this FHIR store to `handling=strict` which returns an error for unrecognized search parameters. If false, uses the FHIR specification default `handling=lenient` which ignores unrecognized search parameters. The handling can always be changed from the default on an individual API call by setting the HTTP header `Prefer: handling=strict` or `Prefer: handling=lenient`. Defaults to false.",
 "type": "boolean"
@@ -7223,6 +7734,20 @@
 },
 "type": "object"
 },
+"PatientScope": {
+"description": "Apply consents given by a list of patients.",
+"id": "PatientScope",
+"properties": {
+"patientIds": {
+"description": "Optional. The list of patient IDs whose Consent resources will be enforced. At most 10,000 patients can be specified. An empty list is equivalent to all patients (meaning the entire FHIR store).",
+"items": {
+"type": "string"
+},
+"type": "array"
+}
+},
+"type": "object"
+},
 "Policy": {
 "description": "An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members`, or principals, to a single `role`. Principals can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** ``` { \"bindings\": [ { \"role\": \"roles/resourcemanager.organizationAdmin\", \"members\": [ \"user:mike@example.com\", \"group:admins@example.com\", \"domain:google.com\", \"serviceAccount:my-project-id@appspot.gserviceaccount.com\" ] }, { \"role\": \"roles/resourcemanager.organizationViewer\", \"members\": [ \"user:eve@example.com\" ], \"condition\": { \"title\": \"expirable access\", \"description\": \"Does not grant access after Sep 2020\", \"expression\": \"request.time < timestamp('2020-10-01T00:00:00.000Z')\", } } ], \"etag\": \"BwWWja0YfJA=\", \"version\": 3 } ``` **YAML example:** ``` bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 ``` For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/).",
 "id": "Policy",
@@ -8059,6 +8584,21 @@
 },
 "type": "object"
 },
+"TimeRange": {
+"description": "Apply consents given by patients whose most recent consent changes are in the time range. Note that after identifying these patients, the server applies all Consent resources given by those patients, not just the Consent resources within the timestamp in the range.",
+"id": "TimeRange",
+"properties": {
+"end": {
+"description": "Optional. The latest consent change time, in format YYYY-MM-DDThh:mm:ss.sss+zz:zz If not specified, the system uses the time when ApplyConsents was called.",
+"type": "string"
+},
+"start": {
+"description": "Optional. The earliest consent change time, in format YYYY-MM-DDThh:mm:ss.sss+zz:zz If not specified, the system uses the FHIR store creation time.",
+"type": "string"
+}
+},
+"type": "object"
+},
 "Type": {
 "description": "A type definition for some HL7v2 type (incl. Segments and Datatypes).",
 "id": "Type",
diff --git a/googleapiclient/discovery_cache/documents/healthcare.v1beta1.json b/googleapiclient/discovery_cache/documents/healthcare.v1beta1.json
index 4e4c9156b4..cf2066eda9 100644
--- a/googleapiclient/discovery_cache/documents/healthcare.v1beta1.json
+++ b/googleapiclient/discovery_cache/documents/healthcare.v1beta1.json
@@ -5858,7 +5858,7 @@
 }
 }
 },
-"revision": "20241115",
+"revision": "20241205",
 "rootUrl": "https://healthcare.googleapis.com/",
 "schemas": {
 "AccessDeterminationLogConfig": {
@@ -8383,6 +8383,10 @@
 "description": "The configuration for exporting to BigQuery.",
 "id": "GoogleCloudHealthcareV1beta1FhirBigQueryDestination",
 "properties": {
+"changeDataCaptureConfig": {
+"$ref": "GoogleCloudHealthcareV1beta1FhirChangeDataCaptureConfig",
+"description": "Optional. Setting this field will enable BigQuery's Change Data Capture (CDC) on the destination tables. Use this field if you: - Want to only keep the latest version of each resource. Updates and deletes to an existing resource will overwrite the corresponding row. - Have a store with enabled history modifications and want to keep the entire history of resource versions but want the history to be mutable. Updates and deletes to a specific resource version will overwrite the corresponding row. See https://cloud.google.com/bigquery/docs/change-data-capture for details."
+},
 "datasetUri": {
 "description": "BigQuery URI to an existing dataset, up to 2000 characters long, in the format `bq://projectId.bqDatasetId`.",
 "type": "string"
@@ -8414,6 +8418,27 @@
 },
 "type": "object"
 },
+"GoogleCloudHealthcareV1beta1FhirChangeDataCaptureConfig": {
+"description": "BigQuery Change Data Capture configuration.",
+"id": "GoogleCloudHealthcareV1beta1FhirChangeDataCaptureConfig",
+"properties": {
+"historyMode": {
+"description": "Optional. Configures how historical versions of FHIR resources will be reflected in the destination table through updates and deletes. Defaults to `HistoryMode.KEEP_LATEST_VERSION` if unspecified.",
+"enum": [
+"HISTORY_MODE_UNSPECIFIED",
+"KEEP_LATEST_VERSION",
+"KEEP_ALL_VERSIONS"
+],
+"enumDescriptions": [
+"Default behavior is the same as KEEP_LATEST_VERSION.",
+"The table will have a unique entry for each resource ID. Updates and deletes will overwrite the row matching the resource ID if it exists in the table.",
+"Historical versions of resources will be maintained. However, history mutation is allowed. Updates will overwrite the row matching the resource ID and version if it exists in the table. This option is only supported for stores with history enabled."
+],
+"type": "string"
+}
+},
+"type": "object"
+},
 "GoogleCloudHealthcareV1beta1FhirExportResourcesResponse": {
 "description": "Response when all resources export successfully. This structure is included in the response to describe the detailed outcome after the operation finishes successfully.",
 "id": "GoogleCloudHealthcareV1beta1FhirExportResourcesResponse",