$purview Operationhttps://www.hl7.org/fhir/STU3/operations.html https://www.hl7.org/fhir/STU3/operationdefinition.html OverviewThe grantee of a Consent record is always of one of the following types:
A Consent record will apply to an authenticated User if and only if the Consent record's grantee matches the User's Purview. Difference between a User and their Purview A patient never grants a Privacy Label to a Team Professional, but instead they grant them to the Team itself. Conversely, Privacy Labels can be granted directly to an Individual Professional or a Patient (acting as a carer).For example, let's imagine there are two Professionals.
Doctor Jones cannot search for Consent records assign to himself, because Patient 1 cannot assign a Consent record to a Team Professional. Instead, Patient 1 has granted Privacy Labels to Team One, knowing that these will apply to Doctor Jones. So the Consent record query filter which Doctor Jones needs to use is: grantee = Team One Doctor Smith, however, does not have a Team. Instead, as an Individual Professional, Patient 1 will have granted Privacy Labels directly to him. The Consent record query filter he needs to use is: grantee = Doctor Smith To prevent authenticated callers of the FHIR® API needing to be aware of this logic, they can determine their Purview by calling the $purview operation. This will perform the necessary logic for them and return a single reference to a grantee, which will be of one of the 3 types outlined above. The caller can then use this reference to determine whether any given Consent record will apply to them. A Consent record will apply to them if and only if the response from $purview matches Consent.actor How a User's Purview is determined The purview of a caller is calculated based on their user type, as indicated in the table below.
Endpoints
|