OASIS Example 3: “Policy for any medical record in the http://www.med.example.com/schemas/record.xsd namespace. A physician may write [read] any medical element in a record for which he or she is the designated primary care physician, provided an email is sent to the patient.”
[This rulesheet would be identified by a composite key that included a problem space of “http://www.med.example.com/schemas/record.xsd”. A single stakeholder could certainly combine the policy from several of these examples into a single rulesheet.]

default-rule
	id:
		1
	apply-outcomes:
		mask

rule
	id:
		2
	apply-outcomes:
		disclose
		email-notification-of-disclosure
			address-list:
				disclosure.bulletin.board@fauxclinicaldatamonitor.org
			subject:
				Disclosure Control Gatepoint Alert
			body:
				Medical record information was disclosed at {current-time}
		obligation-of-disclosure
			text:
				You are obliged to email patient within four hours that the medical record was accessed by identified physician.
	for-content:
		* present-item has-similar-caption-with “/md:record/md:medical”
	for-conditions:
		* all-true
			* user's-roles contain-something-with-value “physician”
			* these-have-every-value-in-common
				* “/md:record/md:primaryCarePhysician/md:registrationID” being-captions-within present-document 
				* “physician-id” being-captions-within user's-identity-attributes