HL7 FHIR Implementation Guide: Data Access Policies
1.0.0-current - ci-build International flag

HL7 FHIR Implementation Guide: Data Access Policies, published by HL7 International / Security. This guide is not an authorized publication; it is the continuous build for version 1.0.0-current built by the FHIR (HL7® FHIR® Standard) CI Build. This version is based on the current content of https://github.com/HL7/data-access-policies/ and changes regularly. See the Directory of published versions

Table of Contents

Page standards status: Informative
.. 0 Table of Contents
... 1 Index
... 2 Non Patient
... 3 Consent
... 4 Residual
... 5 Overriding
... 6 Provider Directory Fine Grain
... 7 Patient Directory
... 8 Artifacts Summary
.... 8.1 Bundle with an imposed Permission
.... 8.2 Permission with K-Anonymity
.... 8.3 Permission with support for rule on Resource-Type
.... 8.4 Permission imposed K-Anonymity value
.... 8.5 Permission imposed on a Bundle
.... 8.6 Permission rule by Resource Type
.... 8.7 Tagged data elements to be excluded on Permit
.... 8.8 Current Roles in MyOrg
.... 8.9 MyOrg defined Roles CodeSystem
.... 8.10 A Permission for admin of the Directory
.... 8.11 A Permission with all the Directory rules
.... 8.12 A Permission with all the Patient Directory rules
.... 8.13 Alt2: Permission allowing data to be used, but don't expose sensitive location elements
.... 8.14 Consent Deny for Patient Directory
.... 8.15 Consent for Patient Directory
.... 8.16 Consent for Patient Directory by Clinican
.... 8.17 Consent that uses Overriding Permission for base rules
.... 8.18 Consent that uses Permission for rules
.... 8.19 Dummy MeasureReport example
.... 8.20 Dummy Organization example
.... 8.21 Dummy Patient example
.... 8.22 Dummy Patient example with Religion
.... 8.23 Dummy Practitioner de-sensitive example
.... 8.24 Dummy Practitioner example
.... 8.25 Dummy Practitioner sensitive example
.... 8.26 Example of a SearchSet Bundle with Permission
.... 8.27 Permission allowing data authored by a practitioner
.... 8.28 Permission allowing data authored by a practitioner
.... 8.29 Permission allowing data to be used, but don't expose sensitive location elements
.... 8.30 Permission allowing data to be used, but with redisclosure condition
.... 8.31 Permission allowing most sharing but NOT data authored by a practitioner
.... 8.32 Permission allowing most use but expires in a year
.... 8.33 Permission allowing most use but NOT a given practitioner
.... 8.34 Permission expressing an overriding policy using ABAC
.... 8.35 Permission expressing an overriding policy using RBAC with Resource first
.... 8.36 Permission expressing an overriding policy using RBAC with Role first
.... 8.37 Permission require exposure to meet a given k-anonymity value
.... 8.38 Permission showing how to allow only Doctors to be exposed
.... 8.39 PractitionerRole defining those that are Admin
.... 8.40 PractitionerRole defining those that are Dietician
.... 8.41 PractitionerRole defining those that are Doctors
.... 8.42 PractitionerRole defining those that are Janitor
.... 8.43 PractitionerRole defining those that are Registration
.... 8.44 Simple Permission of non-patient data