Permission-example-saner.xml - FHIR v6.0.0-ballot3

~~Release 5~~ R6 Ballot (3rd Draft)

This page is part of the FHIR Specification (v5.0.0: R5 - STU ). This is the current published version in it's permanent home (it will always be available at this URL). For a full list of available versions, see the Directory of published versions

Publish-box (todo)

Example Permission/example-saner (XML)

Security Work Group

Maturity Level : N/A

Standards Status : Informative

Compartments : No defined compartments

Raw XML ( canonical form + also see XML Format Specification )

Jump past Narrative

Example of permission for SANER (id = "example-saner")

<?xml version="1.0" encoding="UTF-8"?>


  
  
    
    
      
    Read-Only access to SANER report is authorized for PurposeOfUse of Public-Health
         compliance, from the Organizations.
    Access requests authorized shall be recorded.  
    
       
    TODO: expression help. No access is granted to previous historic revisions
         (only current report).
    
       
    TODO: authorize a Group/P1. 
    
    
  
  

  
    
  
  
  

  
    

    
      
      
      
    
    
    
      
        
      
      
        
          
          
        
      
      
        
          
          
        
      
    
    
      
        
        
      
    
  

<!--  
        <p>
      Given the importance of current public health information, only the latest
 version of the report is
  authorized for access.
      </p>
  <rule>
    <type value="deny" />
    <data>
      <expression>
        <language value="text/fhirpath" />
        <expression value="meta.versionId.exists() and meta.versionId != 'latest'"
 />
      </expression>
    </data>
  </rule>
    --><Permission xmlns="http://hl7.org/fhir">
  <id value="example-saner"/>   <text>     <status value="generated"/> <div xmlns="http://www.w3.org/1999/xhtml">      <p> 
        Read-Only access to a given SANER report is authorized for PurposeOfUse
         of Public-Health
        compliance, from the given Organization.
        Access requests authorized shall be recorded.
      </p>       <p> 
        Read-Only access to a given SANER report is authorized for PurposeOfUse
         of Public-Health
        compliance, from the given Group.
        Access requests authorized shall be recorded.
      </p>     </div>   </text>   <identifier>     <system value="http://example.org/identifiers"/>     <value value="saner-report"/>   </identifier>   <status value="active"/>   <asserter>     <reference value="Organization/f203"/>   </asserter>   <date value="2018-12-24"/>   <combining value="deny-overrides"/>   <rule>     <type value="permit"/>     <data>       <resource>         <meaning value="instance"/>         <reference>           <reference value="http://hl7.org/fhir/uv/saner/Measure/CDCHealthcareSupplyPathway"/>         </reference>       </resource>     </data>     <activity>       <actor>         <reference>           <reference value="Organization/f203"/>         </reference>       </actor>       <action>         <coding>           <system value="http://terminology.hl7.org/CodeSystem/consentaction"/>           <code value="access"/>         </coding>       </action>       <purpose>         <coding>           <system value="http://terminology.hl7.org/CodeSystem/v3-ActReason"/>           <code value="HCOMPL"/>         </coding>       </purpose>     </activity>     <limit>       <control>         <coding>           <system value="http://terminology.hl7.org/CodeSystem/v3-ActCode"/>           <code value="AUDIT"/>         </coding>       </control>     </limit>   </rule>   <rule>     <type value="permit"/>     <data>       <resource>         <meaning value="instance"/>         <reference>           <reference value="http://hl7.org/fhir/uv/saner/Measure/CDCHealthcareSupplyPathway"/>         </reference>       </resource>     </data>     <activity>       <actor>         <reference>           <reference value="Group/102"/>         </reference>       </actor>       <action>         <coding>           <system value="http://terminology.hl7.org/CodeSystem/consentaction"/>           <code value="access"/>         </coding>       </action>       <purpose>         <coding>           <system value="http://terminology.hl7.org/CodeSystem/v3-ActReason"/>           <code value="HCOMPL"/>         </coding>       </purpose>     </activity>     <limit>       <control>         <coding>           <system value="http://terminology.hl7.org/CodeSystem/v3-ActCode"/>           <code value="AUDIT"/>         </coding>       </control>     </limit>   </rule> 


</

Permission

>

Usage note: every effort has been made to ensure that the examples are correct and useful, but they are not a normative part of the specification.