Validation Documentation

Welcome to the Medbackend Validation documentation! This guide covers the comprehensive validation and authorization system that ensures secure and compliant access to FHIR resources.

Recommended Reading Order

1. Authentication Architecture

   • Security layer components
   • JWT validation process
   • RBAC engine functionality
   • Core validation components
   • Query handler security
   • Settings configuration

2. Basic Validation Concepts

   • Role-based access control principles
   • Request validation workflow
   • Architecture overview
   • Validator types and usage
   • Default access configuration
   • Validation rules structure
   • RBAC scheme design

3. FHIR Compartments

   • Understanding FHIR compartments
   • HL7 FHIR compartment definitions
   • Visual examples
   • Compartment-based validation
   • Organization compartment
   • Custom compartment extensions

4. Validators Reference

   • Detailed validator documentation
   • PatientCompartment validator
   • PractitionerCompartment validator
   • RelatedPersonCompartment validator
   • EncounterCompartment validator
   • OrganizationCompartment validator
   • DeviceCompartment validator
   • LegitimateInterest validator
   • GeneralPractitioner validator
   • Allowed/Forbidden validators

Quick Start

1. Review Authentication Architecture to understand the security foundation
2. Learn Basic Validation Concepts for core RBAC principles
3. Understand FHIR Compartments for resource organization
4. Reference Validators Reference for detailed implementation

Key Components

Security Architecture

Validation Types

• Compartment Validators: Patient, Practitioner, RelatedPerson, Encounter, Organization, Device
• Policy Validators: LegitimateInterest, GeneralPractitioner
• Access Control: Allowed, Forbidden

FHIR Compartments

• Patient compartment
• Practitioner compartment
• Organization compartment
• Custom organization compartment extension

Configuration Examples

Default Access

{
    "rbac": {
        "default_access": "Forbidden",
        "validation_rules": []
    }
}

Validation Rule

{
    "client_role": "Patient",
    "entity_name": "DiagnosticReport",
    "operation": "search",
    "validator": "patient_compartment"
}

Security Best Practices

1. Set default access to "Forbidden"
2. Use compartment validators when possible
3. Implement proper JWT validation
4. Configure appropriate RBAC rules
5. Regular security audits
6. Monitor validation failures

Webhooks

You can extend any validation rule with webhooks to add custom logic:

• Pre-request hooks: Validate or transform data before FHIR operations
• Post-response hooks: Trigger workflows or sync external systems after operations

{
  "client_role": "Patient",
  "entity_name": "Patient",
  "operation": "create",
  "validator": "patient_compartment",
  "pre_request_hook": {
    "url": "https://your-service.com/webhooks/validate",
    "enabled": true
  }
}

See the Webhooks Documentation for full details on configuration and payload formats.

Additional Resources

• For authentication setup, see Auth Documentation
• For development setup, check Getting Started Guide
• For FHIR specifications, refer to HL7 FHIR Documentation

Support

If you need help with validation:

• Review the validator reference documentation
• Check the example configurations
• Contact the development team for specific issues