FHIR Belgium Base IG - Local Development build (v0.1.0). See the Directory of published versions
This is a list of use cases supported by this specification. These use cases will be further detailed.
Access to read or change FHIR resources, or elements, or a set of elements, must depend on a set of rules and criteria (Requirement 1). Therefore, the actors (patients themselves, regulators, or practitioners) must have their access based on those rules, and must be able to consult those rules (Requirement 2). These access rules are managed by other actors, and access to these access rules is itself depending on the rules defined by the actors.
There are different justifications for data exchange, namely those in GDPR. When addressing health data, which is sensitive information, special safeguards are to be put in place, and the consent by the patient has to be considered in the context – in a context of care, patients are usually not in a position to give explicit, specific and free consent.
Different access permissions to data:
Patient roles can access their demographics and personal data
Setting of simple access rules
Grant access to certain roles
Remove access to any role*
Evaluate impact of my consented access
Patients roles have access to clinical data (e.g. AllergyIntolerance)
Rules apply to different resource types, as determined by the roles and purposes – must distinguish between primary and secondary data.
Rules should be dependent on profile or transaction, because the same resource (e.g. CarePlan, Observations) can be used in different contexts with different sensitivity constraints
Patients can grant access for specific purposes only
GPs can see the access the data but of patients only if they are their family doctors
Access control must be extended to sub-roles and relations
As care giver I cannot access the NISS number of the patient, only the name
Access to some fields may be restricted
As a care giver I cannot access patient health data marked as “private”
Need to classify the data elements, sets of elements, or resources
As a care giver I can search for data, but I cannot obtain data that is beyond my access level
Not allowed:
AllergyIntolerance?subject.address=Privéstraat
AllergyIntolerance?subject.SSIN=123456789
Allowed
/AllergyIntolerance?code=Hay fever
/AllergyIntolerance?subject.family=Janssens
Access to system and access managers:
Access managers can see the content of the Personal Data Access Rules
Some rules are enabled but not visible to the patient - e.g. if the law requires some data to be shared with or without consent, the patient may not see that.
Example cases:
Mandatory reporting of infectious diseases
Court-ordered access to data
Patients can see the content of the personal data access rules (the rules that they are allowed to see)
Patients can see which individuals (not only roles) has access to their data
Patients can refuse consent to data by some users (note that refusing consent is not the same as blocking access)
Access managers’ access to the Personal Data Access Rules is itself limited by a set of rules (Access Control Rules)
Any change of access (from the any of the actors) must be checked for errors – if a user tries to change a rule outside their permissions, or a conflicting rule, this will be logged
Users and access managers must have a User Interface to monitor their permissions (in the scope of their visibility to them)