RelatedPersonCompartment
The RelatedPersonCompartment validator restricts access to resources that belong to the authenticated related person's FHIR RelatedPerson compartment.
How it works
A RelatedPerson in FHIR represents someone who is involved in the care of a patient but is not a healthcare practitioner, such as a parent, guardian, spouse, or caregiver. The RelatedPerson compartment groups resources that reference the related person.
When the validator is applied, it checks that the target resource belongs to the related person's compartment before granting access.
Example configuration
fire-arrow:
authorization:
validation-rules:
- client-role: RelatedPerson
resource: Patient
operation: read
validator: RelatedPersonCompartment
- client-role: RelatedPerson
resource: Observation
operation: search
validator: RelatedPersonCompartment
Real-world scenario
A parent has a RelatedPerson resource linked to their child's Patient record. Using a caregiver app that authenticates as the RelatedPerson, the parent can view the child's observations and appointments. The access is more restricted than what the patient themselves would see, limited to what the RelatedPerson compartment definition permits.
Supported client roles
This validator only supports the RelatedPerson client role. Using it with any other role will result in an error.
Performance
The RelatedPersonCompartment validator adds negligible overhead to request processing. Compartment membership is evaluated using FHIR's built-in compartment rules, which resolve in constant time. No additional database lookups are needed beyond the request itself.