HL7 FHIR Implementation Guide: Data Access Policies, published by HL7 International / Security. This guide is not an authorized publication; it is the continuous build for version 1.0.0-current built by the FHIR (HL7® FHIR® Standard) CI Build. This version is based on the current content of https://github.com/HL7/data-access-policies/ and changes regularly. See the Directory of published versions

Table of Contents

0 Table of Contents

1 Index

2 Non Patient

3 Consent

4 Residual

5 Overriding

6 Artifacts Summary

6.1 Bundle with an imposed Permission

6.2 Permission with K-Anonymity

6.3 Permission with support for rule on Resource-Type

6.4 Permission imposed K-Anonymity value

6.5 Permission imposed on a Bundle

6.6 Permission rule by Resource Type

6.7 Current Roles in MyOrg

6.8 MyOrg defined Roles CodeSystem

6.9 Dummy MeasureReport example

6.10 Dummy Organization example

6.11 Dummy Patient example

6.12 Dummy Practitioner example

6.13 Example of a SearchSet Bundle with Permission

6.14 Permission allowing data authored by a practitioner

6.15 Permission allowing data to be used, but with redisclosure condition

6.16 Permission allowing most sharing but NOT data authored by a practitioner

6.17 Permission allowing most use but expires in a year

6.18 Permission allowing most use but NOT a given practitioner

6.19 Permission expressing an overriding policy using ABAC

6.20 Permission expressing an overriding policy using RBAC with Resource first

6.21 Permission expressing an overriding policy using RBAC with Role first

6.22 Permission require exposure to meet a given k-anonymity value

6.23 PractitionerRole defining those that are Admin

6.24 PractitionerRole defining those that are Dietician

6.25 PractitionerRole defining those that are Doctors

6.26 PractitionerRole defining those that are Janitor

6.27 PractitionerRole defining those that are Registration

6.28 Simple Permission of non-patient data