Configuring Read Access Tags
Configuring Read Access Tags
To start off, you want to take a look at the CodeSystem defined for the Read Access Tag and choose one of the codes from it:
<CodeSystem xmlns="http://hl7.org/fhir">
...
<url value="http://dsf.dev/fhir/CodeSystem/read-access-tag"/>
...
<concept>
<code value="LOCAL"/>
<display value="Local"/>
<definition value="Read access for local users"/>
</concept>
<concept>
<code value="ORGANIZATION"/>
<display value="Organization"/>
<definition value="Read access for organization specified via extension http://dsf.dev/fhir/StructureDefinition/extension-read-access-organization"/>
</concept>
<concept>
<code value="ROLE"/>
<display value="Role"/>
<definition value="Read access for member organizations with role in consortium (parent organization) specified via extension http://dsf.dev/fhir/StructureDefinition/extension-read-access-consortium-role"/>
</concept>
<concept>
<code value="ALL"/>
<display value="All"/>
<definition value="Read access for remote and local users"/>
</concept>
</CodeSystem>
The codes LOCAL
and ALL
are trivial. Their Read Access Tag would look like this:
<meta>
<tag>
<system value="http://dsf.dev/fhir/CodeSystem/read-access-tag"/>
<code value="ALL"/> <!-- or value="LOCAL" respectively-->
</tag>
</meta>
Let us try to configure a Read Access Tag whose code uses an extension. We will choose ROLE
for this example. We start out the same way as before:
<meta>
<tag>
<system value="http://dsf.dev/fhir/CodeSystem/read-access-tag"/>
<code value="ROLE"/>
</tag>
</meta>
The definition
element of the ROLE
code references an extension called dsf-extension-read-access-parent-organization-role.
The most important part of it is the differential
statement. It uses element definitions to describe how we need to implement the extension:
<StructureDefinition xmlns="http://hl7.org/fhir">
...
<differential>
<element id="Extension.extension">
<path value="Extension.extension" />
<slicing>
<discriminator>
<type value="value" />
<path value="url" />
</discriminator>
<rules value="open" />
</slicing>
</element>
<element id="Extension.extension:parentOrganization">
<path value="Extension.extension" />
<sliceName value="parentOrganization" />
<min value="1" />
<max value="1" />
</element>
<element id="Extension.extension:parentOrganization.url">
<path value="Extension.extension.url" />
<fixedUri value="parent-organization" />
</element>
<element id="Extension.extension:parentOrganization.value[x]">
<path value="Extension.extension.value[x]" />
<min value="1" />
<type>
<code value="Identifier" />
</type>
</element>
<element id="Extension.extension:parentOrganization.value[x].system">
<path value="Extension.extension.value[x].system" />
<min value="1" />
<fixedUri value="http://dsf.dev/sid/organization-identifier" />
</element>
<element id="Extension.extension:parentOrganization.value[x].value">
<path value="Extension.extension.value[x].value" />
<min value="1" />
</element>
<element id="Extension.extension:organizationRole">
<path value="Extension.extension" />
<sliceName value="organizationRole" />
<min value="1" />
<max value="1" />
</element>
<element id="Extension.extension:organizationRole.url">
<path value="Extension.extension.url" />
<fixedUri value="organization-role" />
</element>
<element id="Extension.extension:organizationRole.value[x]">
<path value="Extension.extension.value[x]" />
<min value="1" />
<type>
<code value="Coding" />
</type>
</element>
<element id="Extension.extension:organizationRole.value[x].system">
<path value="Extension.extension.value[x].system" />
<min value="1" />
</element>
<element id="Extension.extension:organizationRole.value[x].code">
<path value="Extension.extension.value[x].code" />
<min value="1" />
</element>
<element id="Extension.url">
<path value="Extension.url" />
<fixedUri value="http://dsf.dev/fhir/StructureDefinition/extension-read-access-parent-organization-role" />
</element>
<element id="Extension.value[x]">
<path value="Extension.value[x]" />
<max value="0" />
</element>
</differential>
</StructureDefinition>
All extensions for the Read Access Tag CodeSystem are defined on the meta.tag.extension
element through the extension's context
element:
<context>
<type value="element" />
<expression value="Coding" /> <!-- meta.tag is of type Coding-->
</context>
That is why the first element we are adding to meta.tag
is an extension
element:
<meta>
<tag>
<extenion>
</extenion>
<system value="http://dsf.dev/fhir/CodeSystem/read-access-tag"/>
<code value="ROLE"/>
</tag>
</meta>
We will now go through the differential
statement one element at a time, starting at the top:
<StructureDefinition xmlns="http://hl7.org/fhir">
...
<differential>
<element id="Extension.extension">
<path value="Extension.extension" />
<slicing>
<discriminator>
<type value="value" />
<path value="url" />
</discriminator>
<rules value="open" />
</slicing>
</element>
...
</differential>
</StructureDefinition>
It defines a slicing for the Extension.extension
element, meaning we are dealing with a nested extension. The discriminator
element tells us that slices will be identified by the value of their url
attribute. A rules
element with value open
means other types of slices may be added later on e.g. when creating a profile. We do not have to add any elements from here to the meta.tag.extension
element. Next up is the first slice called parentOrganization
:
<StructureDefinition xmlns="http://hl7.org/fhir">
...
<differential>
...
<element id="Extension.extension:parentOrganization">
<path value="Extension.extension" />
<sliceName value="parentOrganization" />
<min value="1" />
<max value="1" />
</element>
<element id="Extension.extension:parentOrganization.url">
<path value="Extension.extension.url" />
<fixedUri value="parent-organization" />
</element>
<element id="Extension.extension:parentOrganization.value[x]">
<path value="Extension.extension.value[x]" />
<min value="1" />
<type>
<code value="Identifier" />
</type>
</element>
<element id="Extension.extension:parentOrganization.value[x].system">
<path value="Extension.extension.value[x].system" />
<min value="1" />
<fixedUri value="http://dsf.dev/sid/organization-identifier" />
</element>
<element id="Extension.extension:parentOrganization.value[x].value">
<path value="Extension.extension.value[x].value" />
<min value="1" />
</element>
...
</differential>
</StructureDefinition>
The first element defines a slice called parentOrganization
on the Extension.extension
element with cardinality 1..1
. The second element defines the url attribute of the parentOrganization
slice to be fixed to the value parent-organization
. With this information we can add the next element to meta.tag
. Since it is defined on Extension.extension
we will add it to meta.tag.extension.extension
like this:
<meta>
<tag>
<extension>
<extension url="parent-organization">
</extension>
</extension>
<system value="http://dsf.dev/fhir/CodeSystem/read-access-tag"/>
<code value="ROLE"/>
</tag>
</meta>
After that, it defines parentOrganization.value[x]
to occur at least once and have a type of Identifier
. To turn this into an element to add to meta.tag.extension.extension
we have to replace [x]
with our code in value[x].type
, which in this case is Identifier
. It is important to note, that should the value in the code element be lowercase, you will have make it uppercase before replacement. In our case this means we will have a meta.tag.extension.extension.valueIdentifier
element:
<meta>
<tag>
<extension>
<extension url="parent-organization">
<valueIdentifier>
</valueIdentifier>
</extension>
</extension>
<system value="http://dsf.dev/fhir/CodeSystem/read-access-tag"/>
<code value="ROLE"/>
</tag>
</meta>
The last two elements define a system
element with a fixed value and value
element we can fill in on our own, since it does not have any constraints applied. Notice that the element definition still uses value[x].system
and value[x].value
. The replacement mentioned earlier does not happen in the element definition, but since value[x]
is defined to have the type Identifier
it is inferred that we mean to reference Identifier.system
and Identifier.value
. We will choose an arbitrary Idenfier
value, but you should be using an actual organization identifier depending on who you want to allow read access to the resource.
<meta>
<tag>
<extension>
<extension url="parent-organization">
<valueIdentifier>
<system value="http://dsf.dev/sid/organization-identifier"/>
<value value="My_Organization"/>
</valueIdentifier>
</extension>
</extension>
<system value="http://dsf.dev/fhir/CodeSystem/read-access-tag"/>
<code value="ROLE"/>
</tag>
</meta>
Next is the slice is called organizationRole
:
<StructureDefinition xmlns="http://hl7.org/fhir">
...
<differential>
...
<element id="Extension.extension:organizationRole">
<path value="Extension.extension" />
<sliceName value="organizationRole" />
<min value="1" />
<max value="1" />
</element>
<element id="Extension.extension:organizationRole.url">
<path value="Extension.extension.url" />
<fixedUri value="organization-role" />
</element>
<element id="Extension.extension:organizationRole.value[x]">
<path value="Extension.extension.value[x]" />
<min value="1" />
<type>
<code value="Coding" />
</type>
</element>
<element id="Extension.extension:organizationRole.value[x].system">
<path value="Extension.extension.value[x].system" />
<min value="1" />
</element>
<element id="Extension.extension:organizationRole.value[x].code">
<path value="Extension.extension.value[x].code" />
<min value="1" />
</element>
...
</differential>
</StructureDefinition>
Like with parentOrganization
, we will add an extension element to meta.tag.extension
with the fixed url value defined above:
<meta>
<tag>
<extension>
<extension url="parent-organization">
<valueIdentifier>
<system value="http://dsf.dev/sid/organization-identifier"/>
<value value="My_Organization"/>
</valueIdentifier>
</extension>
<extension url="organization-role">
</extension>
</extension>
<system value="http://dsf.dev/fhir/CodeSystem/read-access-tag"/>
<code value="ROLE"/>
</tag>
</meta>
Instead of Identifier
, the value[x]
element is now defined as a Coding
type. This means we will add a valueCoding
element to the extension:
<meta>
<tag>
<extension>
<extension url="parent-organization">
<valueIdentifier>
<system value="http://dsf.dev/sid/organization-identifier"/>
<value value="My_Organization"/>
</valueIdentifier>
</extension>
<extension url="organization-role">
<valueCoding>
</valueCoding>
</extension>
</extension>
<system value="http://dsf.dev/fhir/CodeSystem/read-access-tag"/>
<code value="ROLE"/>
</tag>
</meta>
A Coding
has to belong to some CodeSystem. The DSF has a CodeSystem called dsf-organization-role. Before creating your own CodeSystem, it is worth taking a look at it to see if an appropriate role already exists for your organization. For demonstration purposes, we will be using the DIC
role:
<meta>
<tag>
<extension>
<extension url="parent-organization">
<valueIdentifier>
<system value="http://dsf.dev/sid/organization-identifier"/>
<value value="My_Organization"/>
</valueIdentifier>
</extension>
<extension url="organization-role">
<valueCoding>
<system value="http://dsf.dev/fhir/CodeSystem/organization-role"/>
<code value="DIC"/>
</valueCoding>
</extension>
</extension>
<system value="http://dsf.dev/fhir/CodeSystem/read-access-tag"/>
<code value="ROLE"/>
</tag>
</meta>
Now we only have two elements left in the differential
statement:
<StructureDefinition xmlns="http://hl7.org/fhir">
...
<differential>
...
<element id="Extension.url">
<path value="Extension.url" />
<fixedUri value="http://dsf.dev/fhir/StructureDefinition/extension-read-access-parent-organization-role" />
</element>
<element id="Extension.value[x]">
<path value="Extension.value[x]" />
<max value="0" />
</element>
</differential>
</StructureDefinition>
The Extension.url
element tells us to add a url attribute to meta.tag.extension
. The last element makes it so we must not add a meta.tag.extension.value[x]
element. This leaves us with this final Read Access Tag:
<meta>
<tag>
<extension url="http://dsf.dev/fhir/StructureDefinition/extension-read-access-parent-organization-role">
<extension url="parent-organization">
<valueIdentifier>
<system value="http://dsf.dev/sid/organization-identifier"/>
<value value="My_Organization"/>
</valueIdentifier>
</extension>
<extension url="organization-role">
<valueCoding>
<system value="http://dsf.dev/fhir/CodeSystem/organization-role"/>
<code value="DIC"/>
</valueCoding>
</extension>
</extension>
<system value="http://dsf.dev/fhir/CodeSystem/read-access-tag"/>
<code value="ROLE"/>
</tag>
</meta>
You can follow the same method to configure the other types of Read Access Tags as well.