Stream: implementers
Topic: use Practitioner for Security
Domina Tang (Jun 09 2020 at 15:14):
Is it a anti-pattern using Practitioner and PractitionerRole resources for application's user and user roles management? I think user and userRoles are related to application security infrastructure and should store outside FHIR.
Lloyd McKenzie (Jun 09 2020 at 15:40):
It depends on who your users are. Practitioner is intended to reflect individuals working in their professional capacity. Using Practitioner to represent a Patient or RelatedPerson would certainly not be desirable.
Domina Tang (Jun 09 2020 at 15:50):
In a referral form, the physician who refers the patient is a practitioner. However, if we develop an application which has user login and permission control, use Practitioner and Practitioner Role resources as the way to management application's users.. is it a improper usage of these two resources?
Lloyd McKenzie (Jun 09 2020 at 16:02):
The intention is that notions of 'user', 'user role', 'permission', etc. are managed outside FHIR given that they're not healthcare specific and there are other RESTful standards that cover them.
Domina Tang (Jun 09 2020 at 18:06):
@Lloyd McKenzie , thanks for the feedback!
John Moehrke (Jun 10 2020 at 12:58):
this was so excellent I put it in as a CR https://jira.hl7.org/browse/FHIR-27802
Last updated: Apr 12 2022 at 19:14 UTC
