FHIR Chat · Practitioner access right · implementers

Stream: implementers

Topic: Practitioner access right

view this post on Zulip Nicolas Riss | Arkhn (Mar 16 2021 at 09:32):

Hello everyone,

I'm looking for a resource to explicit that a Practitioner have the access right to all data about an organization (associated Patients, Encounters...).
According to you, what's the best method to implement the information "the Practitioner have access to Organization A and Organization B associated data" ?

We had multiple ideas:

  • use PractitionerRole to say that practitioner have an access to an organization
  • use Group to list the practitioners that are allowed to access data from an organization
  • use Consent resource

Thanks!

view this post on Zulip John Moehrke (Mar 16 2021 at 12:30):

The Consent resource has this in scope, where the subject is the practitioner. This was a 'feature' added with some use-cases around provider directories. It doesn't 'feel right' as there is no consent act, and likely has nothing to do with consent.

So, we are working on a more generalized resource in R5 - Permission. It is developing slowly due to many other things the people interested are working on. That said, it can develop much faster with resources. What we first need is explicitly defined use-cases, and examples of how that use-case might look given the Permission resource. Following that would be adjustments to the model. We know of a few adjustments driven by some use-cases. So, please feel free to help develop this for R5.

view this post on Zulip David Pyke (Mar 16 2021 at 13:12):

Th Consent resource has that in it's use cases. Australia used Consent for their practitioner database. By using a custom Consent.scope and setting the subject to Practitioner, you can use that exact information

view this post on Zulip Nicolas Riss | Arkhn (Mar 23 2021 at 08:32):

Thanks for your answer :)
The use case is to create a tool to search for patient and visualise patient hospital journey, the goal was to limit the practitioner access to his organization and all related resources.
Finally, we decided to use PractitionerRole, which says like "he has a research role on this organization and have the right to access data". We will then adapt the implementation with the R5 Permission resource when released.

Last updated: Apr 12 2022 at 19:14 UTC


An HL7 Website -