HL7 FHIR Implementation Guide: Data Access Policies
1.0.0-current -
HL7 FHIR Implementation Guide: Data Access Policies
1.0.0-current -
HL7 FHIR Implementation Guide: Data Access Policies, published by HL7 International / Security. This guide is not an authorized publication; it is the continuous build for version 1.0.0-current built by the FHIR (HL7® FHIR® Standard) CI Build. This version is based on the current content of https://github.com/HL7/data-access-policies/ and changes regularly. See the Directory of published versions
| Page standards status: Informative |
<Permission xmlns="http://hl7.org/fhir">
<id value="example-exclude"/>
<meta>
<security>
<system value="http://terminology.hl7.org/CodeSystem/v3-ActReason"/>
<code value="HTEST"/>
</security>
</meta>
<language value="en"/>
<text>
<status value="generated"/>
<div xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"><p class="res-header-id"><b>Generated Narrative: Permission example-exclude</b></p><a name="example-exclude"> </a><a name="hcexample-exclude"> </a><div style="display: inline-block; background-color: #d9e0e7; padding: 6px; margin: 4px; border: 1px solid #8da1b4; border-radius: 5px; line-height: 60%"><p style="margin-bottom: 0px">Language: en</p><p style="margin-bottom: 0px">Security Label: test health data (Details: ActReason code HTEST = 'test health data')</p></div><p><b>status</b>: Active</p><p><b>asserter</b>: <a href="Organization-ex-organization.html">Organization nowhere</a></p><p><b>date</b>: 2023-11-22</p><p><b>combining</b>: Deny-unless-permit</p><blockquote><p><b>rule</b></p><p><b>type</b>: Permit</p><blockquote><p><b>activity</b></p><p><b>action</b>: <span title="Codes:{http://hl7.org/fhir/audit-event-action C}">Create</span>, <span title="Codes:{http://hl7.org/fhir/audit-event-action R}">Read</span>, <span title="Codes:{http://hl7.org/fhir/audit-event-action U}">Update</span>, <span title="Codes:{http://hl7.org/fhir/audit-event-action D}">Delete</span>, <span title="Codes:{http://hl7.org/fhir/audit-event-action E}">Execute</span></p><p><b>purpose</b>: <span title="Codes:{http://terminology.hl7.org/CodeSystem/v3-ActReason HDIRECT}">directory</span>, <span title="Codes:{http://terminology.hl7.org/CodeSystem/v3-ActReason HSYSADMIN}">health system administration</span></p></blockquote></blockquote><blockquote><p><b>rule</b></p><p><b>type</b>: Permit</p><blockquote><p><b>activity</b></p><p><b>action</b>: <span title="Codes:{http://hl7.org/fhir/audit-event-action R}">Read</span>, <span title="Codes:{http://hl7.org/fhir/audit-event-action E}">Execute</span></p><p><b>purpose</b>: <span title="Codes:{http://terminology.hl7.org/CodeSystem/v3-ActReason TREAT}">treatment</span>, <span title="Codes:{http://terminology.hl7.org/CodeSystem/v3-ActReason HPAYMT}">healthcare payment</span>, <span title="Codes:{http://terminology.hl7.org/CodeSystem/v3-ActReason HOPERAT}">healthcare operations</span></p></blockquote><h3>Limits</h3><table class="grid"><tr><td style="display: none">-</td><td><b>Tag</b></td></tr><tr><td style="display: none">*</td><td><a href="http://terminology.hl7.org/6.5.0/CodeSystem-v3-ActCode.html#v3-ActCode-LOCIS">ActCode: LOCIS</a> (location information sensitivity)</td></tr></table></blockquote><blockquote><p><b>rule</b></p><p><b>type</b>: Permit</p><blockquote><p><b>data</b></p><h3>Expressions</h3><table class="grid"><tr><td style="display: none">-</td><td><b>Description</b></td><td><b>Language</b></td><td><b>Expression</b></td></tr><tr><td style="display: none">*</td><td>select all Practitioner resources where the Practitioner has a PractitionerRole with code of doctor</td><td>application/x-fhir-query</td><td>Practitioner?_has:PractitionerRole:practitioner:role=http://terminology.hl7.org/CodeSystem/practitioner-role|doctor</td></tr></table></blockquote><blockquote><p><b>activity</b></p><p><b>action</b>: <span title="Codes:{http://hl7.org/fhir/audit-event-action R}">Read</span>, <span title="Codes:{http://hl7.org/fhir/audit-event-action E}">Execute</span></p><p><b>purpose</b>: <span title="Codes:{http://terminology.hl7.org/CodeSystem/v3-ActReason PATRQT}">patient requested</span></p></blockquote><h3>Limits</h3><table class="grid"><tr><td style="display: none">-</td><td><b>Tag</b></td></tr><tr><td style="display: none">*</td><td><a href="http://terminology.hl7.org/6.5.0/CodeSystem-v3-ActCode.html#v3-ActCode-LOCIS">ActCode: LOCIS</a> (location information sensitivity)</td></tr></table></blockquote></div>
</text>
<status value="active"/>
<asserter>🔗
<reference value="Organization/ex-organization"/>
</asserter>
<date value="2023-11-22"/>
<!-- combining rule is deny-unless-permit, ANY permit authorizes access, so rules do not need to be exhaustively processed, but if no permit is found then access is denied. -->
<combining value="deny-unless-permit"/>
<rule>
<!-- rule is #permit for administrative actions on the directory. This enables maintenance by those with directory admin authorization -->
<type value="permit"/>
<activity>
<action>
<coding>
<system value="http://hl7.org/fhir/audit-event-action"/>
<code value="C"/>
</coding>
</action>
<action>
<coding>
<system value="http://hl7.org/fhir/audit-event-action"/>
<code value="R"/>
</coding>
</action>
<action>
<coding>
<system value="http://hl7.org/fhir/audit-event-action"/>
<code value="U"/>
</coding>
</action>
<action>
<coding>
<system value="http://hl7.org/fhir/audit-event-action"/>
<code value="D"/>
</coding>
</action>
<action>
<coding>
<system value="http://hl7.org/fhir/audit-event-action"/>
<code value="E"/>
</coding>
</action>
<purpose>
<coding>
<system value="http://terminology.hl7.org/CodeSystem/v3-ActReason"/>
<code value="HDIRECT"/>
</coding>
</purpose>
<purpose>
<coding>
<system value="http://terminology.hl7.org/CodeSystem/v3-ActReason"/>
<code value="HSYSADMIN"/>
</coding>
</purpose>
</activity>
</rule>
<rule>
<!-- When anyone that has TPO authority accesses the directory, they get access to all entries in the directory, but any data marked as Location Sensitive is excluded. Presumes Practitioner resources are tagged at the element level following DS4P Inline Security Labels that indicate the sensitive location elements using the LOCIS tag -->
<type value="permit"/>
<activity>
<action>
<coding>
<system value="http://hl7.org/fhir/audit-event-action"/>
<code value="R"/>
</coding>
</action>
<action>
<coding>
<system value="http://hl7.org/fhir/audit-event-action"/>
<code value="E"/>
</coding>
</action>
<purpose>
<coding>
<system value="http://terminology.hl7.org/CodeSystem/v3-ActReason"/>
<code value="TREAT"/>
</coding>
</purpose>
<purpose>
<coding>
<system value="http://terminology.hl7.org/CodeSystem/v3-ActReason"/>
<code value="HPAYMT"/>
</coding>
</purpose>
<purpose>
<coding>
<system value="http://terminology.hl7.org/CodeSystem/v3-ActReason"/>
<code value="HOPERAT"/>
</coding>
</purpose>
</activity>
<limit>
<tag>
<system value="http://terminology.hl7.org/CodeSystem/v3-ActCode"/>
<code value="LOCIS"/>
</tag>
</limit>
</rule>
<rule>
<!-- When a Patient accesses the directory, it will be with PurposeOfUse of PATRQT. They only get access to Doctors, and only non-sensitive data. So not access to kitchen staff, janitor, nurses, etc. -->
<type value="permit"/>
<data>
<expression>
<description
value="select all Practitioner resources where the Practitioner has a PractitionerRole with code of doctor"/>
<language value="application/x-fhir-query"/>
<expression
value="Practitioner?_has:PractitionerRole:practitioner:role=http://terminology.hl7.org/CodeSystem/practitioner-role|doctor"/>
</expression>
</data>
<activity>
<action>
<coding>
<system value="http://hl7.org/fhir/audit-event-action"/>
<code value="R"/>
</coding>
</action>
<action>
<coding>
<system value="http://hl7.org/fhir/audit-event-action"/>
<code value="E"/>
</coding>
</action>
<purpose>
<coding>
<system value="http://terminology.hl7.org/CodeSystem/v3-ActReason"/>
<code value="PATRQT"/>
</coding>
</purpose>
</activity>
<limit>
<tag>
<system value="http://terminology.hl7.org/CodeSystem/v3-ActCode"/>
<code value="LOCIS"/>
</tag>
</limit>
</rule>
</Permission>
IG © 2023+ HL7 International / Security.
Package hl7.fhir.uv.dap#1.0.0-current based on FHIR 6.0.0-ballot3.
Generated 2025-11-07
Links: Table of Contents |
QA Report
| Version History |
|
Propose a change