SMART Permission Tickets, published by . This guide is not an authorized publication; it is the continuous build for version 0.1.0 built by the FHIR (HL7® FHIR® Standard) CI Build. This version is based on the current content of https://github.com/jmandel/smart-permission-tickets-wip/ and changes regularly. See the Directory of published versions

Patient Self Access

This page defines one Permission Ticket type. The overview of all types is the Use Case Catalog; constraint definitions live on Access Constraints.

Status: Ready

Purpose

A patient uses a high-assurance Digital ID wallet to authorize an app to fetch their data from multiple hospitals.

The patient authorizes once, with the issuer, and the ticket carries that authorization to many Data Holders — including Data Holders where the patient has never created a portal account. This is the simplest ticket type: no third-party requester and no profile claims.

Typical Flow

Patient completes identity verification and authorization with the issuer → issuer mints a presenter-bound ticket → the patient's app presents the ticket at each Data Holder via token exchange → each Data Holder resolves the patient locally and issues a scoped access token.

Required Claims

• Subject: Patient (matched by demographics: name, DOB, identifiers), with subject_identity_evidence SHOULD — an embedded identity token the Data Holder can verify itself.
• Requester: None (self-access). The absence of requester is what marks the ticket as self-access. The patient is the requester, so identity is recorded once, on the subject side.
• Presenter binding: Required. Individual-access tickets must be bound to the presenting client.

Constraints

Draws from the constraint catalog. The authorizing party is the patient at the issuer's authorization screen; each definition's authorizing-party language is what that screen says.

• smart_scopes (required) — the record types the patient chose, one scope per choice.
• data_period (optional) — the time limit the patient set.
• data_holder_filter (optional) — the organizations or regions the patient selected.

Identity Evidence

The patient's verified identity is the basis of this grant, so the ticket SHOULD carry subject_identity_evidence: the high-assurance identity token (for example, an IAL2 ID token) from the verification step — whether the issuer signed the patient in as its own relying party or the app performed the sign-in and passed the token to the issuer during issuance. Embedding the token lets the Data Holder check the identity claims itself instead of taking the issuer's word for them. The base specification defines how issuers and Data Holders verify who the embedded ID token was issued to; this profile expects IAL2-grade assurance and enough demographics to match the patient. Trust frameworks MAY require the embedded token; subject.patient is present either way.

Policy Selection Inputs

One policy applies here: the Data Holder's patient self-access policy — the patient sees what they would see through the Data Holder's own patient-facing access. The only question the ticket fields answer is whether the Data Holder can confidently match the patient (subject.patient, strengthened by subject_identity_evidence when present).

Data Holder Processing

• Resolve the subject to a local patient record; reject with invalid_grant on zero or ambiguous matches. Deployments that support an interactive fallback for subject disambiguation may use Proposal 001.
• A valid ticket does not override local rules such as result-release holds or portal access restrictions, and it does not establish that the patient has ever received care here — zero matches is a normal outcome, not an error in the ticket.
• Grant access scoped by the intersection rules of the base specification.

Example

{
  "alg": "ES256",
  "kid": "nvOGRCsTz2QIQLsbl0ZQ_ux0tfyh5iave-jvNsANWv8"
}

{
  "iss": "https://trusted-issuer.org",
  "aud": "https://network.org",
  "aud_type": "trust_framework",
  "exp": 1782333550,
  "iat": 1782329950,
  "jti": "uc1-4b33cc1d-0f6b-44bf-bd33-80f6d7140f3e",
  "ticket_type": "https://smarthealthit.org/permission-ticket-type/patient-self-access-v1",
  "presenter_binding": {
    "method": "jkt",
    "jkt": "JuI6ibZHcMPQICaIZ55PbXpnsudQmKt00D0BiEXNrMc"
  },
  "subject": {
    "patient": {
      "resourceType": "Patient",
      "identifier": [
        {
          "system": "http://hospital.example.org/mrn",
          "value": "A12345"
        }
      ],
      "birthDate": "1989-09-14",
      "name": [
        {
          "family": "Reyes",
          "given": [
            "Elena"
          ]
        }
      ]
    }
  },
  "access": {
    "smart_scopes": [
      "patient/AllergyIntolerance.rs",
      "patient/Condition.rs",
      "patient/Observation.rs",
      "patient/MedicationRequest.rs"
    ],
    "data_period": {
      "start": "2021-01-01",
      "end": "2026-01-01"
    }
  }
}

eyJhbGciOiJFUzI1NiIsImtpZCI6Im52T0dSQ3NUejJRSVFMc2JsMFpRX3V4MHRmeWg1aWF2ZS1qdk5zQU5XdjgifQ.eyJpc3MiOiJodHRwczovL3RydXN0ZWQtaXNzdWVyLm9yZyIsImF1ZCI6Imh0dHBzOi8vbmV0d29yay5vcmciLCJhdWRfdHlwZSI6InRydXN0X2ZyYW1ld29yayIsImV4cCI6MTc4MjMzMzU1MCwiaWF0IjoxNzgyMzI5OTUwLCJqdGkiOiJ1YzEtNGIzM2NjMWQtMGY2Yi00NGJmLWJkMzMtODBmNmQ3MTQwZjNlIiwidGlja2V0X3R5cGUiOiJodHRwczovL3NtYXJ0aGVhbHRoaXQub3JnL3Blcm1pc3Npb24tdGlja2V0LXR5cGUvcGF0aWVudC1zZWxmLWFjY2Vzcy12MSIsInByZXNlbnRlcl9iaW5kaW5nIjp7Im1ldGhvZCI6ImprdCIsImprdCI6Ikp1STZpYlpIY01QUUlDYUlaNTVQYlhwbnN1ZFFtS3QwMEQwQmlFWE5yTWMifSwic3ViamVjdCI6eyJwYXRpZW50Ijp7InJlc291cmNlVHlwZSI6IlBhdGllbnQiLCJpZGVudGlmaWVyIjpbeyJzeXN0ZW0iOiJodHRwOi8vaG9zcGl0YWwuZXhhbXBsZS5vcmcvbXJuIiwidmFsdWUiOiJBMTIzNDUifV0sImJpcnRoRGF0ZSI6IjE5ODktMDktMTQiLCJuYW1lIjpbeyJmYW1pbHkiOiJSZXllcyIsImdpdmVuIjpbIkVsZW5hIl19XX19LCJhY2Nlc3MiOnsic21hcnRfc2NvcGVzIjpbInBhdGllbnQvQWxsZXJneUludG9sZXJhbmNlLnJzIiwicGF0aWVudC9Db25kaXRpb24ucnMiLCJwYXRpZW50L09ic2VydmF0aW9uLnJzIiwicGF0aWVudC9NZWRpY2F0aW9uUmVxdWVzdC5ycyJdLCJkYXRhX3BlcmlvZCI6eyJzdGFydCI6IjIwMjEtMDEtMDEiLCJlbmQiOiIyMDI2LTAxLTAxIn19fQ.UWNhtqzSvkRkuHSmStrcLCiXmdbLnnG9Z8xn4o2nXBvG6SS7mA-F6OaWTygTS3BfmrWeqc3WspzI8TPvxhCJ-g

Variant: with identity evidence

The same ticket carrying subject_identity_evidence. The embedded ID token's demographics match subject.patient, and its aud identifies the ticket issuer's OIDC client at the evidence issuer. A token from the app's own sign-in would carry the app's OIDC client identifier instead, and the issuer would verify that mapping before embedding it:

{
  "alg": "ES256",
  "kid": "nvOGRCsTz2QIQLsbl0ZQ_ux0tfyh5iave-jvNsANWv8"
}

{
  "iss": "https://trusted-issuer.org",
  "aud": "https://network.org",
  "aud_type": "trust_framework",
  "exp": 1782333550,
  "iat": 1782329950,
  "jti": "uc1-ev-9f1c2b6a-3a77-4d09-9c4e-5a0d2f81c3b7",
  "ticket_type": "https://smarthealthit.org/permission-ticket-type/patient-self-access-v1",
  "presenter_binding": {
    "method": "jkt",
    "jkt": "JuI6ibZHcMPQICaIZ55PbXpnsudQmKt00D0BiEXNrMc"
  },
  "subject": {
    "patient": {
      "resourceType": "Patient",
      "identifier": [
        {
          "system": "http://hospital.example.org/mrn",
          "value": "A12345"
        }
      ],
      "birthDate": "1989-09-14",
      "name": [
        {
          "family": "Reyes",
          "given": [
            "Elena"
          ]
        }
      ]
    }
  },
  "access": {
    "smart_scopes": [
      "patient/AllergyIntolerance.rs",
      "patient/Condition.rs",
      "patient/Observation.rs",
      "patient/MedicationRequest.rs"
    ],
    "data_period": {
      "start": "2021-01-01",
      "end": "2026-01-01"
    }
  },
  "subject_identity_evidence": {
    "source": "embedded",
    "token_type": "id_token",
    "jwt": "eyJhbGciOiJFUzI1NiIsImtpZCI6ImYtU1NKamJDV1BJMnJtU2hXSjUwNHpLQy1Mb01tWGlyVnV0SWtrcmxuZmcifQ.eyJpc3MiOiJodHRwczovL2lkLmV4YW1wbGUtY3NwLm9yZyIsImF1ZCI6InRydXN0ZWQtaXNzdWVyLWFwcCIsInN1YiI6ImNzcC11c2VyLTdkMmYwYTQ0IiwiZ2l2ZW5fbmFtZSI6IkVsZW5hIiwiZmFtaWx5X25hbWUiOiJSZXllcyIsImJpcnRoZGF0ZSI6IjE5ODktMDktMTQiLCJhY3IiOiJodHRwczovL2lkLmV4YW1wbGUtY3NwLm9yZy9hc3N1cmFuY2UvaWFsMiIsImlhdCI6MTc4MjMyOTk1MCwiZXhwIjoxNzgyMzMwMjUwfQ.8cQluzM_txRbRXFvaQaIQjdI_93hqUCqBArVA894Qjb4L4ovj_kewjxt5Qv0FbBXHNiJlqCUf3-YOOzJfUFo1w"
  }
}

eyJhbGciOiJFUzI1NiIsImtpZCI6Im52T0dSQ3NUejJRSVFMc2JsMFpRX3V4MHRmeWg1aWF2ZS1qdk5zQU5XdjgifQ.eyJpc3MiOiJodHRwczovL3RydXN0ZWQtaXNzdWVyLm9yZyIsImF1ZCI6Imh0dHBzOi8vbmV0d29yay5vcmciLCJhdWRfdHlwZSI6InRydXN0X2ZyYW1ld29yayIsImV4cCI6MTc4MjMzMzU1MCwiaWF0IjoxNzgyMzI5OTUwLCJqdGkiOiJ1YzEtZXYtOWYxYzJiNmEtM2E3Ny00ZDA5LTljNGUtNWEwZDJmODFjM2I3IiwidGlja2V0X3R5cGUiOiJodHRwczovL3NtYXJ0aGVhbHRoaXQub3JnL3Blcm1pc3Npb24tdGlja2V0LXR5cGUvcGF0aWVudC1zZWxmLWFjY2Vzcy12MSIsInByZXNlbnRlcl9iaW5kaW5nIjp7Im1ldGhvZCI6ImprdCIsImprdCI6Ikp1STZpYlpIY01QUUlDYUlaNTVQYlhwbnN1ZFFtS3QwMEQwQmlFWE5yTWMifSwic3ViamVjdCI6eyJwYXRpZW50Ijp7InJlc291cmNlVHlwZSI6IlBhdGllbnQiLCJpZGVudGlmaWVyIjpbeyJzeXN0ZW0iOiJodHRwOi8vaG9zcGl0YWwuZXhhbXBsZS5vcmcvbXJuIiwidmFsdWUiOiJBMTIzNDUifV0sImJpcnRoRGF0ZSI6IjE5ODktMDktMTQiLCJuYW1lIjpbeyJmYW1pbHkiOiJSZXllcyIsImdpdmVuIjpbIkVsZW5hIl19XX19LCJhY2Nlc3MiOnsic21hcnRfc2NvcGVzIjpbInBhdGllbnQvQWxsZXJneUludG9sZXJhbmNlLnJzIiwicGF0aWVudC9Db25kaXRpb24ucnMiLCJwYXRpZW50L09ic2VydmF0aW9uLnJzIiwicGF0aWVudC9NZWRpY2F0aW9uUmVxdWVzdC5ycyJdLCJkYXRhX3BlcmlvZCI6eyJzdGFydCI6IjIwMjEtMDEtMDEiLCJlbmQiOiIyMDI2LTAxLTAxIn19LCJzdWJqZWN0X2lkZW50aXR5X2V2aWRlbmNlIjp7InNvdXJjZSI6ImVtYmVkZGVkIiwidG9rZW5fdHlwZSI6ImlkX3Rva2VuIiwiand0IjoiZXlKaGJHY2lPaUpGVXpJMU5pSXNJbXRwWkNJNkltWXRVMU5LYW1KRFYxQkpNbkp0VTJoWFNqVXdOSHBMUXkxTWIwMXRXR2x5Vm5WMFNXdHJjbXh1Wm1jaWZRLmV5SnBjM01pT2lKb2RIUndjem92TDJsa0xtVjRZVzF3YkdVdFkzTndMbTl5WnlJc0ltRjFaQ0k2SW5SeWRYTjBaV1F0YVhOemRXVnlMV0Z3Y0NJc0luTjFZaUk2SW1OemNDMTFjMlZ5TFRka01tWXdZVFEwSWl3aVoybDJaVzVmYm1GdFpTSTZJa1ZzWlc1aElpd2labUZ0YVd4NVgyNWhiV1VpT2lKU1pYbGxjeUlzSW1KcGNuUm9aR0YwWlNJNklqRTVPRGt0TURrdE1UUWlMQ0poWTNJaU9pSm9kSFJ3Y3pvdkwybGtMbVY0WVcxd2JHVXRZM053TG05eVp5OWhjM04xY21GdVkyVXZhV0ZzTWlJc0ltbGhkQ0k2TVRjNE1qTXlPVGsxTUN3aVpYaHdJam94TnpneU16TXdNalV3ZlEuOGNRbHV6TV90eFJiUlhGdmFRYUlRamRJXzkzaHFVQ3FCQXJWQTg5NFFqYjRMNG92al9rZXdqeHQ1UXYwRmJCWEhOaUpscUNVZjMtWU9PekpmVUZvMXcifX0.kjfOYKqBo6x1YrGWhjBJ-m-Wod6juG3ghaJIB8LAAiJIYd4rnTRKiPVPcX2DSBab4DPVsehm_MR5V-D2l5HeEw

The embedded ID token decodes to:

{
  "alg": "ES256",
  "kid": "f-SSJjbCWPI2rmShWJ504zKC-LoMmXirVutIkkrlnfg"
}

{
  "iss": "https://id.example-csp.org",
  "aud": "trusted-issuer-app",
  "sub": "csp-user-7d2f0a44",
  "given_name": "Elena",
  "family_name": "Reyes",
  "birthdate": "1989-09-14",
  "acr": "https://id.example-csp.org/assurance/ial2",
  "iat": 1782329950,
  "exp": 1782330250
}

eyJhbGciOiJFUzI1NiIsImtpZCI6ImYtU1NKamJDV1BJMnJtU2hXSjUwNHpLQy1Mb01tWGlyVnV0SWtrcmxuZmcifQ.eyJpc3MiOiJodHRwczovL2lkLmV4YW1wbGUtY3NwLm9yZyIsImF1ZCI6InRydXN0ZWQtaXNzdWVyLWFwcCIsInN1YiI6ImNzcC11c2VyLTdkMmYwYTQ0IiwiZ2l2ZW5fbmFtZSI6IkVsZW5hIiwiZmFtaWx5X25hbWUiOiJSZXllcyIsImJpcnRoZGF0ZSI6IjE5ODktMDktMTQiLCJhY3IiOiJodHRwczovL2lkLmV4YW1wbGUtY3NwLm9yZy9hc3N1cmFuY2UvaWFsMiIsImlhdCI6MTc4MjMyOTk1MCwiZXhwIjoxNzgyMzMwMjUwfQ.8cQluzM_txRbRXFvaQaIQjdI_93hqUCqBArVA894Qjb4L4ovj_kewjxt5Qv0FbBXHNiJlqCUf3-YOOzJfUFo1w