MedBackend Role-Based Access Control System
FHIR-Compliant Authorization Framework with Multi-Tenant Support
B2C Healthcare Model: Single Organization Architecture
(Direct Patient Care Platforms)
Structural Components
Resource Relationships
-
Central Organization
- Single
Organizationresource acts as data controller - Example Identifier:
Organization/med-org-001 - FHIR Profile: US Core Organization
- Single
-
Patient Resources
- Contain mandatory reference to central org:
"managingOrganization": {
"reference": "Organization/med-org-001"
} - Validation: Patient compartment restricts access to self-owned data
- Contain mandatory reference to central org:
-
Care Team Structure
- Practitioners require active
PractitionerRolewith:"organization": {
"reference": "Organization/med-org-001"
}
- Practitioners require active
Access Validation Flow
Recommended Use Cases
- Direct-to-consumer telehealth platforms
- Single-clinic EHR systems
- Mobile health applications with centralized care teams
B2B2C Healthcare Model: Multi-Tenant Architecture
(Enterprise Health Platforms)
Structural Hierarchy
Role Coding System
Based on SNOMED CT codes:
| Role Code | SNOMED CT Reference | Access Privileges |
|---|---|---|
ict | 110462001 | User management, System configuration |
doctor | 158965000 | Clinical data access, Patient records |
Role Assignment Example
{
"resourceType": "PractitionerRole",
"code": [
{
"coding": [
{
"system": "http://snomed.info/sct",
"code": "158965000",
"display": "Medical practitioner"
}
]
}
]
}
Inheritance Configuration
{
"validators": {
"legitimate_interest": {
"role_inheritance_levels": 1,
"cross_organization_access": false
}
}
}
Inheritance Behavior
- Practitioners inherit privileges from parent organizations
- Maximum inheritance depth configurable (default=1)
- Example:
Hospital → Cardiology Department(1-level inheritance)
Custom Organization Compartment
Extended FHIR Access Control Mechanism
Implementation Details
Compartment Definition
{
"extension": [
{
"url": "https://medbackend.com/fhir/Extensions/organization-compartment",
"valueReference": {
"reference": "Organization/tenant-org-002"
}
}
]
}
Use Case Example - Shared Library Resource
{
"resourceType": "Library",
"extension": [
{
"url": "https://medbackend.com/fhir/Extensions/organization-compartment",
"valueReference": {
"reference": "Organization/research-org-005"
}
}
],
"status": "active",
"type": {
"coding": [
{
"system": "http://terminology.hl7.org/CodeSystem/library-type",
"code": "logic-library"
}
]
}
}
Access Control Matrix
| Resource Type | Default Compartment | Organization Compartment Required |
|---|---|---|
| Patient | Patient | No |
| Practitioner | Practitioner | Yes (for multi-tenant) |
| Library | N/A | Yes |
| Device | Device | Yes |
Security Best Practices
-
Role Assignment Rules
- Never assign
doctorrole at RootOrganization level - Minimum privilege principle for
ictroles - Regular role audits via FHIR's Provenance resource
- Never assign
-
Compartment Management
- Auto-tag resources during creation via Azure Functions
- Implement compartment validation middleware:
def validate_compartment(resource, organization):
if resource.meta.security != organization.compartment_tag:
raise AccessDeniedError("Invalid compartment access")
-
Audit Logging
{
"resourceType": "AuditEvent",
"type": {
"system": "http://terminology.hl7.org/CodeSystem/audit-event-type",
"code": "rest"
},
"action": "E",
"outcome": "0",
"recorded": "2023-07-15T12:34:56Z",
"agent": [
{
"type": {
"coding": [
{
"system": "http://terminology.hl7.org/CodeSystem/extra-security-role-type",
"code": "ict"
}
]
}
}
]
}
Implementation References
- FHIR Compartments: HL7 Compartment Definition
- SNOMED CT Roles: SNOMED Practitioner Roles
- Azure RBAC Patterns: Azure API Management Security