encounter-compartment
encounter_compartment Validator Documentation
FHIR Compartment-Based Access Control for Encounter-Associated Resources
Intent
The encounter_compartment validator restricts access to resources explicitly tied to a specific FHIR Encounter. This ensures users (e.g., clinicians, temporary roles) can only interact with data relevant to a time-bound clinical context, such as an emergency visit, surgery, or inpatient stay.
Key Use Cases:
- Emergency department staff accessing resources tied to an active patient encounter.
- Surgical teams updating records during an operation.
- Temporary access to lab results or imaging studies generated during a specific encounter.
Key Features
- Role Enforcement:
- Validates that the client has the
Encounterrole (or a role mapped to an encounter context, e.g.,Surgeonwith encounter-scoped permissions).
- Validates that the client has the
- Compartment Membership Check:
- Confirms the requested resource type belongs to the FHIR Encounter compartment (e.g.,
Procedure,Observation,Encounteritself).
- Confirms the requested resource type belongs to the FHIR Encounter compartment (e.g.,
- Reference Validation:
- For
create/updateoperations, ensures the resource references the encounter’s ID (e.g.,Procedure.context.reference = Encounter/<id>).
- For
Validation Logic
| Step | Action | Error If Failed |
|---|---|---|
| 1 | Check client_role is mapped to an encounter (e.g., Encounter role or a role with encounter context). | 403 Forbidden (Invalid role/context) |
| 2 | Verify resource type is in the Encounter compartment. | 403 Forbidden (Invalid compartment) |
| 3 | For write operations, validate encounter ID in relevant fields (e.g., context, encounter). | 403 Forbidden (Reference mismatch) |
Example Configurations
1. Read Access to Procedures Linked to an Encounter
{
"client_role": "Encounter",
"entity_name": "Procedure",
"operation": "read",
"validator": "encounter_compartment"
}
Explanation: A user with encounter-scoped access can read Procedure resources only if Procedure.context.reference matches Encounter/<encounter_id>.
2. Create an Observation During an Inpatient Stay
{
"client_role": "Encounter",
"entity_name": "Observation",
"operation": "create",
"validator": "encounter_compartment"
}
Requirements: The Observation body must include:
"context": {
"reference": "Encounter/<encounter_id>"
}
Otherwise, the request is denied.
FHIR References
- Encounter Compartment Definition:
FHIR R4 Encounter Compartment (Official HL7 documentation). - Resource Examples:
Use Case: Emergency Department Workflow
- Temporary Access: A triage nurse with the
Encounterrole can:- View
Observationresources (e.g., vital signs) tied to the active encounter. - Update
Encounter.statusto reflect patient progress.
- View
- Audit Compliance: All actions are automatically scoped to the encounter, simplifying audit trails.
Error Handling:
- A clinician attempting to access a
DiagnosticReportoutside the encounter’s time window receives403 Forbidden.
Assumptions & Notes
- If your system does not use a dedicated
Encounterrole, replaceclient_rolewith roles that inherit encounter context (e.g.,EmergencyClinicianwith metadata linking to an encounter). - The compartment is ephemeral: Access expires when the encounter is marked as
finished.