New Zealand Rheumatic Fever FHIR Implementation Guide
1.0.0 - draft
New Zealand Rheumatic Fever FHIR Implementation Guide
1.0.0 - draft
New Zealand Rheumatic Fever FHIR Implementation Guide, published by Te Whatu Ora. This guide is not an authorized publication; it is the continuous build for version 1.0.0 built by the FHIR (HL7® FHIR® Standard) CI Build. This version is based on the current content of https://github.com/tewhatuora/fhir-rheumatic-fever/ and changes regularly. See the Directory of published versions
The Health New Zealand FHIR API server implements several access control mechanisms.
| FHIR data access control | Implementation tech/mech | - |
|---|---|---|
| authorize type of application requesting | 1. Digital Services Hub client authentication (Keycloak) 2. Cognito client authentication |
- |
| authorize based on identity of organization requesting | FHIRWorks tenanted data-partitioning based on tenant's client credentials | - |
| limit type of FHIR resource requested | FHIRWorks role-based access based on FHIR SMART scopes (OAUTH scopes) | - |
| limit kind of FHIR operation requested | FHIRWorks role-based access based on FHIR SMART scopes (OAUTH scopes) | - |
| limit scope of FHIR instances accessible | instance data access control based on FHIR SMART scopes (OAUTH scopes) | - |
| authorize based on patient consent status | Special data access logic based on FHIR Consent instance content/association | - |
Listed below are the full SMART scopes and audiences a client must acquire required to have full access to the Rheumatic Fever FHIR API.
Scope describes access in terms of FHIR resource type and operations, whereas audience further constrains access within resource type by IG profile (for selected types).
Scopes and audiences are issued by the Health NZ's OAUTH authorization server. At the time of writing, scopes have to be requested by the client in the token request whereas audiences are automatically assigned.
| FHIR resource type | OAUTH scope required for RFCCS access | OAUTH aud: (audience) required for RFCCS access | - |
|---|---|---|---|
Appointment |
system/Appointment.crus?_tag=https://fhir-ig.digital.health.nz/rheumatic-fever/CodeSystem/nz-rheumaticfever-codesystem\|rf-nz |
- | |
Bundle |
system/Bundle.crus |
- | |
CarePlan |
system/CarePlan.crus |
https://fhir-ig.digital.health.nz/rheumatic-fever/StructureDefinition/nz-rheumaticfever-careplan | |
CareTeam |
system/CareTeam.crus |
https://fhir-ig.digital.health.nz/rheumatic-fever/StructureDefinition/nz-rheumaticfever-careteam | |
Condition |
system/Condition.crus |
https://fhir-ig.digital.health.nz/rheumatic-fever/StructureDefinition/nz-rheumaticfever-condition | |
Consent |
system/Consent.crus |
- | |
Encounter |
system/Encounter.crus?_tag=https://fhir-ig.digital.health.nz/rheumatic-fever/CodeSystem/nz-rheumaticfever-codesystem\|rf-nz |
- | |
Medication |
system/Medication.crus |
- | |
MedicationRequest |
system/MedicationRequest.crus |
https://fhir-ig.digital.health.nz/rheumatic-fever/StructureDefinition/nz-rheumaticfever-medicationrequest | |
MedicationStatement |
system/MedicationStatement.crus?_tag=https://fhir-ig.digital.health.nz/rheumatic-fever/CodeSystem/nz-rheumaticfever-codesystem\|rf-nz |
- | |
Observation (DiagnosisGroup) |
system/Observation.crus |
https://fhir-ig.digital.health.nz/rheumatic-fever/StructureDefinition/nz-rheumaticfever-diagnosisgroup | |
Patient |
system/Patient.crus |
https://fhir-ig.digital.health.nz/rheumatic-fever/StructureDefinition/nz-rheumaticfever-patient | |
Questionnaire |
system/Questionnaire.rs |
- | |
QuestionnaireResponse |
system/QuestionnaireResponse.crus?_tag=https://fhir-ig.digital.health.nz/rheumatic-fever/CodeSystem/nz-rheumaticfever-codesystem\|rf-nz |
- |