HL7 FHIR Implementation Guide: Data Access Policies
1.0.0-current - ci-build International flag

HL7 FHIR Implementation Guide: Data Access Policies, published by HL7 International / Security. This guide is not an authorized publication; it is the continuous build for version 1.0.0-current built by the FHIR (HL7® FHIR® Standard) CI Build. This version is based on the current content of https://github.com/HL7/data-access-policies/ and changes regularly. See the Directory of published versions

Example Permission: Permission expressing an overriding policy using ABAC

Page standards status: Informative

Generated Narrative: Permission ex-overriding-abac-by-tag

status: Active

asserter: Organization nowhere

date: 2023-12-22

combining: Permit-overrides

rule

type: Deny

rule

type: Permit

Data

-Security
*Confidentiality N: normal

activity

actor: PractitionerRole Doctor

action: Create, Read, Update

purpose: treatment

activity

actor: PractitionerRole Dietician

action: Read

purpose: treatment, healthcare operations

activity

actor: PractitionerRole Administration

action: Delete, Update

purpose: healthcare operations

limit: audit

rule

type: Permit

Data

-Security
*Confidentiality R: restricted

activity

actor: PractitionerRole Doctor

action: Create, Read, Update

purpose: Emergency Treatment

activity

actor: PractitionerRole Administration

action: Delete, Update

purpose: healthcare operations

limit: audit

rule

type: Permit

Data

-Security
*Confidentiality L: low

activity

actor: PractitionerRole Doctor

action: Read

purpose: treatment

activity

actor: PractitionerRole Dietician

action: Read

purpose: treatment, healthcare operations

activity

actor: PractitionerRole Registration Clerk

action: Read

purpose: healthcare operations

activity

actor: PractitionerRole Administration

action: Delete, Update

purpose: healthcare operations

limit: audit

rule

type: Permit

Data

-Security
*Confidentiality M: moderate

activity

actor: PractitionerRole Doctor

action: Read

purpose: treatment

activity

actor: PractitionerRole Dietician

action: Read

purpose: treatment, healthcare operations

activity

actor: PractitionerRole Registration Clerk

action: Create, Read, Update

purpose: healthcare operations

activity

actor: PractitionerRole Administration

action: Delete, Update

purpose: healthcare operations

limit: audit