Skip to main content

PatientCompartment

The PatientCompartment validator restricts access to resources that belong to the authenticated patient's FHIR Patient compartment. This is the most commonly used validator for patient-facing applications.

How it works

The FHIR specification defines which resources belong to a patient's compartment through a set of reference fields. For example:

  • An Observation belongs to a patient's compartment if Observation.subject references that patient.
  • A MedicationRequest belongs if MedicationRequest.subject references that patient.
  • An Encounter belongs if Encounter.subject references that patient.

When a patient client performs a read, the validator checks that the target resource references the authenticated patient through one of these compartment fields. When the patient performs a search, Fire Arrow automatically narrows the query so that only resources within the patient's compartment are returned.

Example configuration

application.yaml
fire-arrow:
  authorization:
    validation-rules:
      - client-role: Patient
        resource: Observation
        operation: read
        validator: PatientCompartment

      - client-role: Patient
        resource: Observation
        operation: search
        validator: PatientCompartment

      - client-role: Patient
        resource: Condition
        operation: read
        validator: PatientCompartment

      - client-role: Patient
        resource: MedicationRequest
        operation: search
        validator: PatientCompartment

Real-world scenario

A patient portal mobile app authenticates as Patient/abc-123. The app searches for the patient's lab results:

GET /fhir/Observation?category=laboratory

Fire Arrow narrows this query to only return Observation resources where the subject is Patient/abc-123. The patient never sees lab results belonging to other patients.

Supported client roles

This validator only supports the Patient client role. Using it with any other role will result in an error.

When to choose this validator

PatientCompartment is the recommended default choice for patient-facing access rules. It is simple, fast, and covers most patient data access scenarios. Only reach for LegitimateInterest or CareTeam when you need access beyond the patient's own compartment, such as organizational resources or cross-patient care coordination.

Performance

The PatientCompartment validator adds negligible overhead to request processing. Compartment membership is evaluated using FHIR's built-in compartment rules, which resolve in constant time regardless of the total number of resources in the system. No additional database lookups are needed beyond the request itself.