Stream: implementers
Topic: Search Patient and protect PHI
Brian Reinhold (Apr 28 2019 at 10:44):
As far as I can tell searching on a Patient identifier (not id) is not required. How is one to find a Patient resource that does not expose Personal Health Information? I am assuming that the id is not known because that is created by the server and one must obtain the Patient resource by some means to find the logical id. In the PHD patient profile the only required entries (besides the meta.profile) is the identifier, as that can be an opaque but unique way of defining a patient. The dictionary that maps the identifier to a human being is known only to authorized personnel. It would seem like a search on a Patient identifier would need to be mandatory.
Michael Donnelly (May 01 2019 at 16:00):
If you have the patient ID, you can do a Patient read, you don't need to do a Patient search.
Michael Donnelly (May 01 2019 at 16:02):
[base]/Patient/24601 will have the same effect as [base]/Patient?_id=24601 (but without the Bundle).
Last updated: Apr 12 2022 at 19:14 UTC
