My team is currently modeling FHIR resources to make Patient and Practitioner relationships, so that only related practitioners is able to view/edit the specific patient, to avoid VIP patients (e.g. politicians, famous actors) won’t be exposed to all practitioners in the hospital.
The Patient.generalPractitioner attribute seems like a match, but is there more appropriate attribute?
It would be great if you share us any hints / tips.
Thank you!
You might want to look at CareTeam. Patient.generalPractitioner identifies the “primary” care provider of different types (GP, psychologist, preferred pharmacy) but doesn’t identify everyone who’s providing care. CareTeams will cover a wider set of folks - and you can have multiple CareTeam instances - one for each ‘type’ of care being delivered. Note that I wouldn’t necessarily prohibit access from those who aren’t included in the CareTeam - that might interfere with legitimate care or even put the patient at risk. However, access by someone outside the CareTeam would presumably be a trigger for more intense audit.
In addition to @lloyd’s suggestion you may want to also look into the fact that each FHIR resource has a ‘meta’ element that can hold security-labels (inclusive of privacy labels) .
Such tags could then be used in an Access Control engine to inform the decision of whether a practitioner has access to the resource or not.