Authorization of the Related Person

OZO FHIR implementation guide
0.1.0 - ci-build

OZO FHIR implementation guide - Local Development build (v0.1.0) built by the FHIR (HL7® FHIR® Standard) Build Tools. See the Directory of published versions

Authorization rules of the RelatedPerson access

This table describes the access rules for a Practitioner role in a healthcare system, showing:

Entities: Various healthcare resources like Patient, CareTeam, Communication, etc.
Access conditions: When a Practitioner can access specific resources
CRUD permissions: Whether they can Create (C) and/or Read (R) the resources
Validation queries: The FHIR search queries used to validate read or create access

Entity	As RelatedPerson	CRUD	Read validation	Create validation
RelatedPerson	If the identity matches	R	RelatedPerson? identifier=system\|user_id
Patient	If the RelatedPerson.patient is the Patient	R	Patient? _has:RelatedPerson:patient:identifier=system\|user_id
Practitioner	If the RelatedPerson is in the same CareTeam as the Practitioner	R	Practitioner? _has:CareTeam:participant:participant=RelatedPerson/1
CareTeam	If the RelatedPerson is a participant of the CareTeam	R	CareTeam? participant:RelatedPerson=RelatedPerson/1
CommunicationRequest	If the RelatedPerson or the CareTeam of the RelatedPerson is the recipient	CR	CommunicationRequest? recipient=RelatedPerson/1,CareTeam/1	CommunicationRequest?requester=RelatedPerson/1
Communication	If the part-of matches the rule above	CR	Communication? part-of:CommunicationRequest.recipient=RelatedPerson/1,CareTeam/1	Communication?sender=RelatedPerson/1 AND Communication.recipient share a CareTeam
AuditEvent	If the agent.who is the RelatedPerson	CR	AuditEvent? agent.who[requester]=RelatedPerson/1	AuditEvent? agent.who[requester]=RelatedPerson/1
Task	If the owner is the RelatedPerson	R	Task?owner=RelatedPerson/1

IG © 2024+ Headease. Package fhir.ozo#0.1.0 based on FHIR 4.0.1. Generated 2025-10-20
Links: Table of Contents | QA Report