It's come to my attention that HIFIS behaves in a problematic way when Declined - Anonymous consent records are set to automatically expire.

In general, Declined - Anonymous works fine so long as it remains active. When Declined - Anonymous consent expires then the protection offered by the Declined - Anonymous, i.e. not visible to other service providers, goes away.

Except that in some communities, they have indicated that consent records expire automatically after X number of days. And generally speaking, when consent expires it's often because you haven't seen a client in a while and are unable to re-obtain consent, which is probably more likely for people who declined consent to begin with.

Anyways, it seems to be an oversight that Declined - Anonymous consent offers privacy for clients that might automatically end, while the whole concept of automatically expiring consent is designed to protect clients into the future.

My easy fix suggestion is when you have a consent expiry set, that should not apply to Declined - Anonymous clients. So even though your Explicit consents might expire after 365 days, when a user is adding a Declined - Anonymous consent, the End Date field should be blank to begin with.

There could be a fancier solution figured out later, but that'll put a bandaid on the immediate problem.