FHIR Implementation Guides
Restricting Access to Patient Data
Create a CompartmentDefinition instance from a standard patient CompartmentDefinition:
1
PUT /fhir/CompartmentDefinition/Patient
2
Content-Type: application/json
3
4
{
5
"resourceType": "CompartmentDefinition",
6
"id": "Patient",
7
"url": "http://hl7.org/fhir/CompartmentDefinition/patient",
8
"name": "Base FHIR compartment definition for Patient",
9
"status": "draft",
10
"experimental": true,
11
"date": "2018-12-27T22:37:54+11:00",
12
"publisher": "FHIR Project Team",
13
"contact": [
14
{
15
"telecom": [
16
{
17
"system": "url",
18
"value": "http://hl7.org/fhir"
19
}
20
]
21
}
22
],
23
"description": "There is an instance of the patient compartment for each patient resource, and the identity of the compartment is the same as the patient. When a patient is linked to another patient, all the records associated with the linked patient are in the compartment associated with the target of the link.. The set of resources associated with a particular patient",
24
"code": "Patient",
25
"search": true,
26
"resource": [
27
{
28
"code": "Account",
29
"param": [
30
"subject"
31
]
32
},
33
{
34
"code": "ActivityDefinition"
35
},
36
{
37
"code": "AdverseEvent",
38
"param": [
39
"subject"
40
]
41
},
42
{
43
"code": "AllergyIntolerance",
44
"param": [
45
"patient",
46
"recorder",
47
"asserter"
48
]
49
},
50
{
51
"code": "Appointment",
52
"param": [
53
"actor"
54
]
55
},
56
{
57
"code": "AppointmentResponse",
58
"param": [
59
"actor"
60
]
61
},
62
{
63
"code": "AuditEvent",
64
"param": [
65
"patient"
66
]
67
},
68
{
69
"code": "Basic",
70
"param": [
71
"patient",
72
"author"
73
]
74
},
75
{
76
"code": "Binary"
77
},
78
{
79
"code": "BiologicallyDerivedProduct"
80
},
81
{
82
"code": "BodyStructure",
83
"param": [
84
"patient"
85
]
86
},
87
{
88
"code": "Bundle"
89
},
90
{
91
"code": "CapabilityStatement"
92
},
93
{
94
"code": "CarePlan",
95
"param": [
96
"patient",
97
"performer"
98
]
99
},
100
{
101
"code": "CareTeam",
102
"param": [
103
"patient",
104
"participant"
105
]
106
},
107
{
108
"code": "CatalogEntry"
109
},
110
{
111
"code": "ChargeItem",
112
"param": [
113
"subject"
114
]
115
},
116
{
117
"code": "ChargeItemDefinition"
118
},
119
{
120
"code": "Claim",
121
"param": [
122
"patient",
123
"payee"
124
]
125
},
126
{
127
"code": "ClaimResponse",
128
"param": [
129
"patient"
130
]
131
},
132
{
133
"code": "ClinicalImpression",
134
"param": [
135
"subject"
136
]
137
},
138
{
139
"code": "CodeSystem"
140
},
141
{
142
"code": "Communication",
143
"param": [
144
"subject",
145
"sender",
146
"recipient"
147
]
148
},
149
{
150
"code": "CommunicationRequest",
151
"param": [
152
"subject",
153
"sender",
154
"recipient",
155
"requester"
156
]
157
},
158
{
159
"code": "CompartmentDefinition"
160
},
161
{
162
"code": "Composition",
163
"param": [
164
"subject",
165
"author",
166
"attester"
167
]
168
},
169
{
170
"code": "ConceptMap"
171
},
172
{
173
"code": "Condition",
174
"param": [
175
"patient",
176
"asserter"
177
]
178
},
179
{
180
"code": "Consent",
181
"param": [
182
"patient"
183
]
184
},
185
{
186
"code": "Contract"
187
},
188
{
189
"code": "Coverage",
190
"param": [
191
"policy-holder",
192
"subscriber",
193
"beneficiary",
194
"payor"
195
]
196
},
197
{
198
"code": "CoverageEligibilityRequest",
199
"param": [
200
"patient"
201
]
202
},
203
{
204
"code": "CoverageEligibilityResponse",
205
"param": [
206
"patient"
207
]
208
},
209
{
210
"code": "DetectedIssue",
211
"param": [
212
"patient"
213
]
214
},
215
{
216
"code": "Device"
217
},
218
{
219
"code": "DeviceDefinition"
220
},
221
{
222
"code": "DeviceMetric"
223
},
224
{
225
"code": "DeviceRequest",
226
"param": [
227
"subject",
228
"performer"
229
]
230
},
231
{
232
"code": "DeviceUseStatement",
233
"param": [
234
"subject"
235
]
236
},
237
{
238
"code": "DiagnosticReport",
239
"param": [
240
"subject"
241
]
242
},
243
{
244
"code": "DocumentManifest",
245
"param": [
246
"subject",
247
"author",
248
"recipient"
249
]
250
},
251
{
252
"code": "DocumentReference",
253
"param": [
254
"subject",
255
"author"
256
]
257
},
258
{
259
"code": "EffectEvidenceSynthesis"
260
},
261
{
262
"code": "Encounter",
263
"param": [
264
"patient"
265
]
266
},
267
{
268
"code": "Endpoint"
269
},
270
{
271
"code": "EnrollmentRequest",
272
"param": [
273
"subject"
274
]
275
},
276
{
277
"code": "EnrollmentResponse"
278
},
279
{
280
"code": "EpisodeOfCare",
281
"param": [
282
"patient"
283
]
284
},
285
{
286
"code": "EventDefinition"
287
},
288
{
289
"code": "Evidence"
290
},
291
{
292
"code": "EvidenceVariable"
293
},
294
{
295
"code": "ExampleScenario"
296
},
297
{
298
"code": "ExplanationOfBenefit",
299
"param": [
300
"patient",
301
"payee"
302
]
303
},
304
{
305
"code": "FamilyMemberHistory",
306
"param": [
307
"patient"
308
]
309
},
310
{
311
"code": "Flag",
312
"param": [
313
"patient"
314
]
315
},
316
{
317
"code": "Goal",
318
"param": [
319
"patient"
320
]
321
},
322
{
323
"code": "GraphDefinition"
324
},
325
{
326
"code": "Group",
327
"param": [
328
"member"
329
]
330
},
331
{
332
"code": "GuidanceResponse"
333
},
334
{
335
"code": "HealthcareService"
336
},
337
{
338
"code": "ImagingStudy",
339
"param": [
340
"patient"
341
]
342
},
343
{
344
"code": "Immunization",
345
"param": [
346
"patient"
347
]
348
},
349
{
350
"code": "ImmunizationEvaluation",
351
"param": [
352
"patient"
353
]
354
},
355
{
356
"code": "ImmunizationRecommendation",
357
"param": [
358
"patient"
359
]
360
},
361
{
362
"code": "ImplementationGuide"
363
},
364
{
365
"code": "InsurancePlan"
366
},
367
{
368
"code": "Invoice",
369
"param": [
370
"subject",
371
"patient",
372
"recipient"
373
]
374
},
375
{
376
"code": "Library"
377
},
378
{
379
"code": "Linkage"
380
},
381
{
382
"code": "List",
383
"param": [
384
"subject",
385
"source"
386
]
387
},
388
{
389
"code": "Location"
390
},
391
{
392
"code": "Measure"
393
},
394
{
395
"code": "MeasureReport",
396
"param": [
397
"patient"
398
]
399
},
400
{
401
"code": "Media",
402
"param": [
403
"subject"
404
]
405
},
406
{
407
"code": "Medication"
408
},
409
{
410
"code": "MedicationAdministration",
411
"param": [
412
"patient",
413
"performer",
414
"subject"
415
]
416
},
417
{
418
"code": "MedicationDispense",
419
"param": [
420
"subject",
421
"patient",
422
"receiver"
423
]
424
},
425
{
426
"code": "MedicationKnowledge"
427
},
428
{
429
"code": "MedicationRequest",
430
"param": [
431
"subject"
432
]
433
},
434
{
435
"code": "MedicationStatement",
436
"param": [
437
"subject"
438
]
439
},
440
{
441
"code": "MedicinalProduct"
442
},
443
{
444
"code": "MedicinalProductAuthorization"
445
},
446
{
447
"code": "MedicinalProductContraindication"
448
},
449
{
450
"code": "MedicinalProductIndication"
451
},
452
{
453
"code": "MedicinalProductIngredient"
454
},
455
{
456
"code": "MedicinalProductInteraction"
457
},
458
{
459
"code": "MedicinalProductManufactured"
460
},
461
{
462
"code": "MedicinalProductPackaged"
463
},
464
{
465
"code": "MedicinalProductPharmaceutical"
466
},
467
{
468
"code": "MedicinalProductUndesirableEffect"
469
},
470
{
471
"code": "MessageDefinition"
472
},
473
{
474
"code": "MessageHeader"
475
},
476
{
477
"code": "MolecularSequence",
478
"param": [
479
"patient"
480
]
481
},
482
{
483
"code": "NamingSystem"
484
},
485
{
486
"code": "NutritionOrder",
487
"param": [
488
"patient"
489
]
490
},
491
{
492
"code": "Observation",
493
"param": [
494
"subject",
495
"performer"
496
]
497
},
498
{
499
"code": "ObservationDefinition"
500
},
501
{
502
"code": "OperationDefinition"
503
},
504
{
505
"code": "OperationOutcome"
506
},
507
{
508
"code": "Organization"
509
},
510
{
511
"code": "OrganizationAffiliation"
512
},
513
{
514
"code": "Patient",
515
"param": [
516
"link"
517
]
518
},
519
{
520
"code": "PaymentNotice"
521
},
522
{
523
"code": "PaymentReconciliation"
524
},
525
{
526
"code": "Person",
527
"param": [
528
"patient"
529
]
530
},
531
{
532
"code": "PlanDefinition"
533
},
534
{
535
"code": "Practitioner"
536
},
537
{
538
"code": "PractitionerRole"
539
},
540
{
541
"code": "Procedure",
542
"param": [
543
"patient",
544
"performer"
545
]
546
},
547
{
548
"code": "Provenance",
549
"param": [
550
"patient"
551
]
552
},
553
{
554
"code": "Questionnaire"
555
},
556
{
557
"code": "QuestionnaireResponse",
558
"param": [
559
"subject",
560
"author"
561
]
562
},
563
{
564
"code": "RelatedPerson",
565
"param": [
566
"patient"
567
]
568
},
569
{
570
"code": "RequestGroup",
571
"param": [
572
"subject",
573
"participant"
574
]
575
},
576
{
577
"code": "ResearchDefinition"
578
},
579
{
580
"code": "ResearchElementDefinition"
581
},
582
{
583
"code": "ResearchStudy"
584
},
585
{
586
"code": "ResearchSubject",
587
"param": [
588
"individual"
589
]
590
},
591
{
592
"code": "RiskAssessment",
593
"param": [
594
"subject"
595
]
596
},
597
{
598
"code": "RiskEvidenceSynthesis"
599
},
600
{
601
"code": "Schedule",
602
"param": [
603
"actor"
604
]
605
},
606
{
607
"code": "SearchParameter"
608
},
609
{
610
"code": "ServiceRequest",
611
"param": [
612
"subject",
613
"performer"
614
]
615
},
616
{
617
"code": "Slot"
618
},
619
{
620
"code": "Specimen",
621
"param": [
622
"subject"
623
]
624
},
625
{
626
"code": "SpecimenDefinition"
627
},
628
{
629
"code": "StructureDefinition"
630
},
631
{
632
"code": "StructureMap"
633
},
634
{
635
"code": "Subscription"
636
},
637
{
638
"code": "Substance"
639
},
640
{
641
"code": "SubstanceNucleicAcid"
642
},
643
{
644
"code": "SubstancePolymer"
645
},
646
{
647
"code": "SubstanceProtein"
648
},
649
{
650
"code": "SubstanceReferenceInformation"
651
},
652
{
653
"code": "SubstanceSourceMaterial"
654
},
655
{
656
"code": "SubstanceSpecification"
657
},
658
{
659
"code": "SupplyDelivery",
660
"param": [
661
"patient"
662
]
663
},
664
{
665
"code": "SupplyRequest",
666
"param": [
667
"subject"
668
]
669
},
670
{
671
"code": "Task"
672
},
673
{
674
"code": "TerminologyCapabilities"
675
},
676
{
677
"code": "TestReport"
678
},
679
{
680
"code": "TestScript"
681
},
682
{
683
"code": "ValueSet"
684
},
685
{
686
"code": "VerificationResult"
687
},
688
{
689
"code": "VisionPrescription",
690
"param": [
691
"patient"
692
]
693
}
694
]
695
}
Copied!
Create AccessPolicy resource which will allow all GET requests for /fhir/Patient/*
1
PUT /AccessPolicy/allow-to-get-patient-compartment
2
Content-Type: application/json
3
4
{
5
"resourceType": "AccessPolicy",
6
"id": "allow-to-get-patient-compartment",
7
"engine": "json-schema",
8
"schema": {
9
"type": "object",
10
"properties": {
11
"uri": {
12
"type": "string",
13
"pattern": "^/fhir/Patient/"
14
},
15
"params": {
16
"type": "object",
17
"required": ["resource/id"],
18
"properties": {
19
"resource/id": {"constant": {"$data": "#/jwt/pid"}}
20
}
21
}
22
}
23
}
24
}
Copied!
Put your patient ID value into the pid claim of your JWT. Congratulations, that's all.
Copy link