Aidbox
Aidbox
Aidbox.Dev
Aidbox.Cloud
Aidbox.One
Fhirbase
Aidbox
Features
Editions & Pricing
Release Notes
Installation
Basics
Advanced
Auth
Access Control
Terminology
Aidbox SDK
Tutorials
Restricting Access to Patient Data
Getting Started with Box
Working with REST Console
Uploading Sample Data
REST API Access in Aidbox.Dev
Compartments
Custom Search
Authentication and Authorization
Working with Aidbox from .NET
Profiling and Validation
Patient CRUD SPA
Patient Encounter notification Application
Working with Extensions
SMART on FHIR
Sync Data From Aidbox
SDC with Custom Resources
Administration
Powered by GitBook

Restricting Access to Patient Data

TODO: this tutorial is a draft.

Create a CompartmentDefinition instance from a standard patient CompartmentDefinition:

PUT /fhir/CompartmentDefinition/Patient
Content-Type: application/json
​
{
    "resourceType": "CompartmentDefinition",
    "id": "Patient",
    "url": "http://hl7.org/fhir/CompartmentDefinition/patient",
    "name": "Base FHIR compartment definition for Patient",
    "status": "draft",
    "experimental": true,
    "date": "2018-12-27T22:37:54+11:00",
    "publisher": "FHIR Project Team",
    "contact": [
        {
            "telecom": [
                {
                    "system": "url",
                    "value": "http://hl7.org/fhir"
                }
            ]
        }
    ],
    "description": "There is an instance of the patient compartment for each patient resource, and the identity of the compartment is the same as the patient. When a patient is linked to another patient, all the records associated with the linked patient are in the compartment associated with the target of the link.. The set of resources associated with a particular patient",
    "code": "Patient",
    "search": true,
    "resource": [
        {
            "code": "Account",
            "param": [
                "subject"
            ]
        },
        {
            "code": "ActivityDefinition"
        },
        {
            "code": "AdverseEvent",
            "param": [
                "subject"
            ]
        },
        {
            "code": "AllergyIntolerance",
            "param": [
                "patient",
                "recorder",
                "asserter"
            ]
        },
        {
            "code": "Appointment",
            "param": [
                "actor"
            ]
        },
        {
            "code": "AppointmentResponse",
            "param": [
                "actor"
            ]
        },
        {
            "code": "AuditEvent",
            "param": [
                "patient"
            ]
        },
        {
            "code": "Basic",
            "param": [
                "patient",
                "author"
            ]
        },
        {
            "code": "Binary"
        },
        {
            "code": "BiologicallyDerivedProduct"
        },
        {
            "code": "BodyStructure",
            "param": [
                "patient"
            ]
        },
        {
            "code": "Bundle"
        },
        {
            "code": "CapabilityStatement"
        },
        {
            "code": "CarePlan",
            "param": [
                "patient",
                "performer"
            ]
        },
        {
            "code": "CareTeam",
            "param": [
                "patient",
                "participant"
            ]
        },
        {
            "code": "CatalogEntry"
        },
        {
            "code": "ChargeItem",
            "param": [
                "subject"
            ]
        },
        {
            "code": "ChargeItemDefinition"
        },
        {
            "code": "Claim",
            "param": [
                "patient",
                "payee"
            ]
        },
        {
            "code": "ClaimResponse",
            "param": [
                "patient"
            ]
        },
        {
            "code": "ClinicalImpression",
            "param": [
                "subject"
            ]
        },
        {
            "code": "CodeSystem"
        },
        {
            "code": "Communication",
            "param": [
                "subject",
                "sender",
                "recipient"
            ]
        },
        {
            "code": "CommunicationRequest",
            "param": [
                "subject",
                "sender",
                "recipient",
                "requester"
            ]
        },
        {
            "code": "CompartmentDefinition"
        },
        {
            "code": "Composition",
            "param": [
                "subject",
                "author",
                "attester"
            ]
        },
        {
            "code": "ConceptMap"
        },
        {
            "code": "Condition",
            "param": [
                "patient",
                "asserter"
            ]
        },
        {
            "code": "Consent",
            "param": [
                "patient"
            ]
        },
        {
            "code": "Contract"
        },
        {
            "code": "Coverage",
            "param": [
                "policy-holder",
                "subscriber",
                "beneficiary",
                "payor"
            ]
        },
        {
            "code": "CoverageEligibilityRequest",
            "param": [
                "patient"
            ]
        },
        {
            "code": "CoverageEligibilityResponse",
            "param": [
                "patient"
            ]
        },
        {
            "code": "DetectedIssue",
            "param": [
                "patient"
            ]
        },
        {
            "code": "Device"
        },
        {
            "code": "DeviceDefinition"
        },
        {
            "code": "DeviceMetric"
        },
        {
            "code": "DeviceRequest",
            "param": [
                "subject",
                "performer"
            ]
        },
        {
            "code": "DeviceUseStatement",
            "param": [
                "subject"
            ]
        },
        {
            "code": "DiagnosticReport",
            "param": [
                "subject"
            ]
        },
        {
            "code": "DocumentManifest",
            "param": [
                "subject",
                "author",
                "recipient"
            ]
        },
        {
            "code": "DocumentReference",
            "param": [
                "subject",
                "author"
            ]
        },
        {
            "code": "EffectEvidenceSynthesis"
        },
        {
            "code": "Encounter",
            "param": [
                "patient"
            ]
        },
        {
            "code": "Endpoint"
        },
        {
            "code": "EnrollmentRequest",
            "param": [
                "subject"
            ]
        },
        {
            "code": "EnrollmentResponse"
        },
        {
            "code": "EpisodeOfCare",
            "param": [
                "patient"
            ]
        },
        {
            "code": "EventDefinition"
        },
        {
            "code": "Evidence"
        },
        {
            "code": "EvidenceVariable"
        },
        {
            "code": "ExampleScenario"
        },
        {
            "code": "ExplanationOfBenefit",
            "param": [
                "patient",
                "payee"
            ]
        },
        {
            "code": "FamilyMemberHistory",
            "param": [
                "patient"
            ]
        },
        {
            "code": "Flag",
            "param": [
                "patient"
            ]
        },
        {
            "code": "Goal",
            "param": [
                "patient"
            ]
        },
        {
            "code": "GraphDefinition"
        },
        {
            "code": "Group",
            "param": [
                "member"
            ]
        },
        {
            "code": "GuidanceResponse"
        },
        {
            "code": "HealthcareService"
        },
        {
            "code": "ImagingStudy",
            "param": [
                "patient"
            ]
        },
        {
            "code": "Immunization",
            "param": [
                "patient"
            ]
        },
        {
            "code": "ImmunizationEvaluation",
            "param": [
                "patient"
            ]
        },
        {
            "code": "ImmunizationRecommendation",
            "param": [
                "patient"
            ]
        },
        {
            "code": "ImplementationGuide"
        },
        {
            "code": "InsurancePlan"
        },
        {
            "code": "Invoice",
            "param": [
                "subject",
                "patient",
                "recipient"
            ]
        },
        {
            "code": "Library"
        },
        {
            "code": "Linkage"
        },
        {
            "code": "List",
            "param": [
                "subject",
                "source"
            ]
        },
        {
            "code": "Location"
        },
        {
            "code": "Measure"
        },
        {
            "code": "MeasureReport",
            "param": [
                "patient"
            ]
        },
        {
            "code": "Media",
            "param": [
                "subject"
            ]
        },
        {
            "code": "Medication"
        },
        {
            "code": "MedicationAdministration",
            "param": [
                "patient",
                "performer",
                "subject"
            ]
        },
        {
            "code": "MedicationDispense",
            "param": [
                "subject",
                "patient",
                "receiver"
            ]
        },
        {
            "code": "MedicationKnowledge"
        },
        {
            "code": "MedicationRequest",
            "param": [
                "subject"
            ]
        },
        {
            "code": "MedicationStatement",
            "param": [
                "subject"
            ]
        },
        {
            "code": "MedicinalProduct"
        },
        {
            "code": "MedicinalProductAuthorization"
        },
        {
            "code": "MedicinalProductContraindication"
        },
        {
            "code": "MedicinalProductIndication"
        },
        {
            "code": "MedicinalProductIngredient"
        },
        {
            "code": "MedicinalProductInteraction"
        },
        {
            "code": "MedicinalProductManufactured"
        },
        {
            "code": "MedicinalProductPackaged"
        },
        {
            "code": "MedicinalProductPharmaceutical"
        },
        {
            "code": "MedicinalProductUndesirableEffect"
        },
        {
            "code": "MessageDefinition"
        },
        {
            "code": "MessageHeader"
        },
        {
            "code": "MolecularSequence",
            "param": [
                "patient"
            ]
        },
        {
            "code": "NamingSystem"
        },
        {
            "code": "NutritionOrder",
            "param": [
                "patient"
            ]
        },
        {
            "code": "Observation",
            "param": [
                "subject",
                "performer"
            ]
        },
        {
            "code": "ObservationDefinition"
        },
        {
            "code": "OperationDefinition"
        },
        {
            "code": "OperationOutcome"
        },
        {
            "code": "Organization"
        },
        {
            "code": "OrganizationAffiliation"
        },
        {
            "code": "Patient",
            "param": [
                "link"
            ]
        },
        {
            "code": "PaymentNotice"
        },
        {
            "code": "PaymentReconciliation"
        },
        {
            "code": "Person",
            "param": [
                "patient"
            ]
        },
        {
            "code": "PlanDefinition"
        },
        {
            "code": "Practitioner"
        },
        {
            "code": "PractitionerRole"
        },
        {
            "code": "Procedure",
            "param": [
                "patient",
                "performer"
            ]
        },
        {
            "code": "Provenance",
            "param": [
                "patient"
            ]
        },
        {
            "code": "Questionnaire"
        },
        {
            "code": "QuestionnaireResponse",
            "param": [
                "subject",
                "author"
            ]
        },
        {
            "code": "RelatedPerson",
            "param": [
                "patient"
            ]
        },
        {
            "code": "RequestGroup",
            "param": [
                "subject",
                "participant"
            ]
        },
        {
            "code": "ResearchDefinition"
        },
        {
            "code": "ResearchElementDefinition"
        },
        {
            "code": "ResearchStudy"
        },
        {
            "code": "ResearchSubject",
            "param": [
                "individual"
            ]
        },
        {
            "code": "RiskAssessment",
            "param": [
                "subject"
            ]
        },
        {
            "code": "RiskEvidenceSynthesis"
        },
        {
            "code": "Schedule",
            "param": [
                "actor"
            ]
        },
        {
            "code": "SearchParameter"
        },
        {
            "code": "ServiceRequest",
            "param": [
                "subject",
                "performer"
            ]
        },
        {
            "code": "Slot"
        },
        {
            "code": "Specimen",
            "param": [
                "subject"
            ]
        },
        {
            "code": "SpecimenDefinition"
        },
        {
            "code": "StructureDefinition"
        },
        {
            "code": "StructureMap"
        },
        {
            "code": "Subscription"
        },
        {
            "code": "Substance"
        },
        {
            "code": "SubstanceNucleicAcid"
        },
        {
            "code": "SubstancePolymer"
        },
        {
            "code": "SubstanceProtein"
        },
        {
            "code": "SubstanceReferenceInformation"
        },
        {
            "code": "SubstanceSourceMaterial"
        },
        {
            "code": "SubstanceSpecification"
        },
        {
            "code": "SupplyDelivery",
            "param": [
                "patient"
            ]
        },
        {
            "code": "SupplyRequest",
            "param": [
                "subject"
            ]
        },
        {
            "code": "Task"
        },
        {
            "code": "TerminologyCapabilities"
        },
        {
            "code": "TestReport"
        },
        {
            "code": "TestScript"
        },
        {
            "code": "ValueSet"
        },
        {
            "code": "VerificationResult"
        },
        {
            "code": "VisionPrescription",
            "param": [
                "patient"
            ]
        }
    ]
}

Create AccessPolicy resource which will allow all GET requests for /fhir/Patient/*

PUT /AccessPolicy/allow-to-get-patient-compartment
Content-Type: application/json
​
{
    "resourceType": "AccessPolicy",
    "id": "allow-to-get-patient-compartment",
    "engine": "json-schema",
    "schema": {
        "type": "object",
        "properties": {
            "uri": {
              "type": "string",
              "pattern": "^/fhir/Patient/"
            },
            "params": {
                "type": "object",
                "required": ["resource/id"],
                "properties": {
                    "resource/id": {"constant": {"$data": "#/jwt/pid"}}
                }
            }
        }
    }
}

Put your patient ID value into the pid claim of your JWT. Congratulations, that's all.

Previous
Tutorials
Next
Getting Started with Box
Last updated 6 months ago