CareTeam questions

Greetings. I am analyzing the essence of CareTeam and many questions have arisen. Please help me understand

1. Does FHIR imply that some CareTeam member role gives them the right to administer the CareTeam entity (add/remove members, change status, etc.). If yes, what is this role? Could several participants have such a role? If not, is it fair to say that any member can do the steps above with CareTeam? Or can only the CareTeam author (the person who created the CareTeam entity) perform such actions?
2. Does FHIR mean that some CareTeam member roles give them the right to create medical records, while others only have the right to view records? For example, I am a surgeon and I usually keep records of patient consultations, but as a member of a certain CareTeam with a role, let’s say “X”, I can only view patient data that the attending physician has registered and recommend a certain examination or treatment that will be recorded Therapist. And if I was registered with the role “H” in CareTeam, I would have the right to register my consultation for this patient myself.
   If so, which roles have which rights?
   If not, is it correct to say that the right to create records is governed by the standard rules for the Practitioner, and the role of a CareTeam member does not affect this?
3. There is a claim that CareTeam members have access to certain patient data. How does FHIR govern what data CareTeam members can access? Is this all patient data? Or is it the data of the entity that refers to the CareTeam and other entities that are associated (in context) with this entity?
4. How does FHIR regulate the process of removing a member from a team (recording him as a member is removed from the CareTeam.participant block? Or by setting the value of the expiration date of the member in the CareTeam.participant.period? field? Another option.

1. Rules around who’s allowed to change what are driven by business requirements. The FHIR core spec doesn’t define such business rules. In a community that has a shared set of business rules, those rules could be documented in a FHIR implementation guide to make them explicit to new people joining the community.
2. See #1. Membership in a CareTeam can certainly be used as part of the criteria for access permissions, and there are organizations who use it for that purpose. But there are no standard rules.
3. FHIR defines the data structures from which rules engines can determine access rules. Access can be based on: past relationship with patient, practitioner role, patient consent, assignment to a capitation group, security tags on resources, being listed in Patient care-team, being listed in Patient.practitioners, being associated with an Encounter, EpisodeOfCare, or CarePlan, hard-coded permission lists, the phase of the moon, …
4. Removing someone or setting an expiration date are both possible. Which you use depends on whether it’s useful to surface the fact that someone was (or will be) part of the team but isn’t right now.

thank you very much for your reply