Hello all, my first post here so please excuse any mistake. I also should say I am a beginner in the topic so this is a quite fundamental question, but your help is highly appreciated as your input is the only form of expert input I have available.
I am using SMART + Azure FHIR API, but I am struggling to understand how an authenticated account (say a hotmail user) can be paired to a specific patient and therefore access the resources.
For example, email@example.com should only be able to access Patient/1234. Does it mean that:
- The patient ID needs to equal the e-mail address?
- A server admin needs to enable the resource manually for each user somehow?
- The patient itself needs to know his/her own resource ID?
Again, your help is much appreciated and necessary! Thanks in advance.