HL7 FHIR Implementation Guide: Data Access Policies
1.0.0-current - ci-build International flag

HL7 FHIR Implementation Guide: Data Access Policies, published by HL7 International / Security. This guide is not an authorized publication; it is the continuous build for version 1.0.0-current built by the FHIR (HL7® FHIR® Standard) CI Build. This version is based on the current content of https://github.com/HL7/data-access-policies/ and changes regularly. See the Directory of published versions

Example Permission: Permission expressing an overriding policy using RBAC with Role first

Page standards status: Informative

Generated Narrative: Permission ex-overriding-rbac-by-role

status: Active

asserter: Organization nowhere

date: 2023-12-22

combining: Permit-overrides

rule

type: Deny

rule

type: Permit

data

data

data

activity

actor: PractitionerRole Doctor

action: Create, Read, Update

purpose: treatment

limit: audit

rule

type: Permit

data

data

data

data

data

data

data

Activities

-ActorActionPurpose
*PractitionerRole DoctorReadtreatment

limit: audit

rule

type: Permit

data

data

data

data

data

data

data

data

data

activity

actor: PractitionerRole Dietician

action: Read

purpose: treatment, healthcare operations

limit: audit

rule

type: Permit

data

data

data

activity

actor: PractitionerRole Registration Clerk

action: Create, Read, Update

purpose: healthcare operations

limit: audit

rule

type: Permit

data

data

data

data

Activities

-ActorActionPurpose
*PractitionerRole Registration ClerkReadhealthcare operations

limit: audit

rule

type: Permit

activity

actor: PractitionerRole Administration

action: Delete, Update

purpose: healthcare operations

limit: audit