Configuring Read Access Tags
Configuring Read Access Tags
Before starting to configure anything, it is advised to take a look at the CodeSystem defined for the Read Access Tag and choose one of the codes from it:
<CodeSystem xmlns="http://hl7.org/fhir">
...
<url value="http://dsf.dev/fhir/CodeSystem/read-access-tag"/>
...
<concept>
<code value="LOCAL"/>
<display value="Local"/>
<definition value="Read access for local users"/>
</concept>
<concept>
<code value="ORGANIZATION"/>
<display value="Organization"/>
<definition value="Read access for organization specified via extension http://dsf.dev/fhir/StructureDefinition/extension-read-access-organization"/>
</concept>
<concept>
<code value="ROLE"/>
<display value="Role"/>
<definition value="Read access for member organizations with role in consortium (parent organization) specified via extension http://dsf.dev/fhir/StructureDefinition/extension-read-access-consortium-role"/>
</concept>
<concept>
<code value="ALL"/>
<display value="All"/>
<definition value="Read access for remote and local users"/>
</concept>
</CodeSystem>The codes LOCAL and ALL are trivial. Their Read Access Tag would look like this:
<meta>
<tag>
<system value="http://dsf.dev/fhir/CodeSystem/read-access-tag"/>
<code value="ALL"/> <!-- or value="LOCAL" respectively-->
</tag>
</meta>Now to configure a Read Access Tag whose code uses an extension. This example will use the code ROLE. It starts out the same way as before:
<meta>
<tag>
<system value="http://dsf.dev/fhir/CodeSystem/read-access-tag"/>
<code value="ROLE"/>
</tag>
</meta>The definition element of the ROLE code references an extension called dsf-extension-read-access-parent-organization-role.
The most important part of it is the differential statement. It uses element definitions to describe how the extensions needs to be implemented:
<StructureDefinition xmlns="http://hl7.org/fhir">
...
<differential>
<element id="Extension.extension">
<path value="Extension.extension" />
<slicing>
<discriminator>
<type value="value" />
<path value="url" />
</discriminator>
<rules value="open" />
</slicing>
</element>
<element id="Extension.extension:parentOrganization">
<path value="Extension.extension" />
<sliceName value="parentOrganization" />
<min value="1" />
<max value="1" />
</element>
<element id="Extension.extension:parentOrganization.url">
<path value="Extension.extension.url" />
<fixedUri value="parent-organization" />
</element>
<element id="Extension.extension:parentOrganization.value[x]">
<path value="Extension.extension.value[x]" />
<min value="1" />
<type>
<code value="Identifier" />
</type>
</element>
<element id="Extension.extension:parentOrganization.value[x].system">
<path value="Extension.extension.value[x].system" />
<min value="1" />
<fixedUri value="http://dsf.dev/sid/organization-identifier" />
</element>
<element id="Extension.extension:parentOrganization.value[x].value">
<path value="Extension.extension.value[x].value" />
<min value="1" />
</element>
<element id="Extension.extension:organizationRole">
<path value="Extension.extension" />
<sliceName value="organizationRole" />
<min value="1" />
<max value="1" />
</element>
<element id="Extension.extension:organizationRole.url">
<path value="Extension.extension.url" />
<fixedUri value="organization-role" />
</element>
<element id="Extension.extension:organizationRole.value[x]">
<path value="Extension.extension.value[x]" />
<min value="1" />
<type>
<code value="Coding" />
</type>
</element>
<element id="Extension.extension:organizationRole.value[x].system">
<path value="Extension.extension.value[x].system" />
<min value="1" />
</element>
<element id="Extension.extension:organizationRole.value[x].code">
<path value="Extension.extension.value[x].code" />
<min value="1" />
</element>
<element id="Extension.url">
<path value="Extension.url" />
<fixedUri value="http://dsf.dev/fhir/StructureDefinition/extension-read-access-parent-organization-role" />
</element>
<element id="Extension.value[x]">
<path value="Extension.value[x]" />
<max value="0" />
</element>
</differential>
</StructureDefinition>All extensions for the Read Access Tag CodeSystem are defined on the meta.tag.extension element through the extension's context element:
<context>
<type value="element" />
<expression value="Coding" /> <!-- meta.tag is of type Coding-->
</context>That is why the first element to be added to meta.tag is an extension element:
<meta>
<tag>
<extenion>
</extenion>
<system value="http://dsf.dev/fhir/CodeSystem/read-access-tag"/>
<code value="ROLE"/>
</tag>
</meta>Now to process the differential statement one element at a time, starting at the top:
<StructureDefinition xmlns="http://hl7.org/fhir">
...
<differential>
<element id="Extension.extension">
<path value="Extension.extension" />
<slicing>
<discriminator>
<type value="value" />
<path value="url" />
</discriminator>
<rules value="open" />
</slicing>
</element>
...
</differential>
</StructureDefinition>It defines a slicing for the Extension.extension element, meaning this is a nested extension. The discriminator element defines that slices will be identified by the value of their url attribute. A rules element with value open means other types of slices may be added later on e.g. when creating a profile. This element is not added to the meta.tag.extension element it only serves the purpose of defining the discriminator. Next up is the first slice called parentOrganization:
<StructureDefinition xmlns="http://hl7.org/fhir">
...
<differential>
...
<element id="Extension.extension:parentOrganization">
<path value="Extension.extension" />
<sliceName value="parentOrganization" />
<min value="1" />
<max value="1" />
</element>
<element id="Extension.extension:parentOrganization.url">
<path value="Extension.extension.url" />
<fixedUri value="parent-organization" />
</element>
<element id="Extension.extension:parentOrganization.value[x]">
<path value="Extension.extension.value[x]" />
<min value="1" />
<type>
<code value="Identifier" />
</type>
</element>
<element id="Extension.extension:parentOrganization.value[x].system">
<path value="Extension.extension.value[x].system" />
<min value="1" />
<fixedUri value="http://dsf.dev/sid/organization-identifier" />
</element>
<element id="Extension.extension:parentOrganization.value[x].value">
<path value="Extension.extension.value[x].value" />
<min value="1" />
</element>
...
</differential>
</StructureDefinition>The first element defines a slice called parentOrganization on the Extension.extension element with cardinality 1..1. The second element defines the url attribute of the parentOrganization slice to be fixed to the value parent-organization. With this information the next element can be added to meta.tag. Since it is defined on Extension.extension it will be added it to meta.tag.extension.extension like this:
<meta>
<tag>
<extension>
<extension url="parent-organization">
</extension>
</extension>
<system value="http://dsf.dev/fhir/CodeSystem/read-access-tag"/>
<code value="ROLE"/>
</tag>
</meta>After that, it defines parentOrganization.value[x] to occur at least once and have a type of Identifier. To turn this into an element to add to meta.tag.extension.extension requires replacing [x] with the code in value[x].type, which in this case is Identifier. It is important to note, that value[x] should be camel cased after replacement. This means there will be a meta.tag.extension.extension.valueIdentifier element:
<meta>
<tag>
<extension>
<extension url="parent-organization">
<valueIdentifier>
</valueIdentifier>
</extension>
</extension>
<system value="http://dsf.dev/fhir/CodeSystem/read-access-tag"/>
<code value="ROLE"/>
</tag>
</meta>The last two elements define a system element with a fixed value and value element that can be freely set, since it does not have any constraints applied. Notice that the element definition still uses value[x].system and value[x].value. The replacement mentioned earlier does not happen in the element definition, but since value[x] is defined to have the type Identifier, it is inferred that Identifier.system and Identifier.value are referenced. The example will use an arbitrary Identifier value, but real application should be using an actual organization identifier depending on which organization has read access to the resource.
<meta>
<tag>
<extension>
<extension url="parent-organization">
<valueIdentifier>
<system value="http://dsf.dev/sid/organization-identifier"/>
<value value="My_Organization"/>
</valueIdentifier>
</extension>
</extension>
<system value="http://dsf.dev/fhir/CodeSystem/read-access-tag"/>
<code value="ROLE"/>
</tag>
</meta>Next is the slice is called organizationRole:
<StructureDefinition xmlns="http://hl7.org/fhir">
...
<differential>
...
<element id="Extension.extension:organizationRole">
<path value="Extension.extension" />
<sliceName value="organizationRole" />
<min value="1" />
<max value="1" />
</element>
<element id="Extension.extension:organizationRole.url">
<path value="Extension.extension.url" />
<fixedUri value="organization-role" />
</element>
<element id="Extension.extension:organizationRole.value[x]">
<path value="Extension.extension.value[x]" />
<min value="1" />
<type>
<code value="Coding" />
</type>
</element>
<element id="Extension.extension:organizationRole.value[x].system">
<path value="Extension.extension.value[x].system" />
<min value="1" />
</element>
<element id="Extension.extension:organizationRole.value[x].code">
<path value="Extension.extension.value[x].code" />
<min value="1" />
</element>
...
</differential>
</StructureDefinition>Like with parentOrganization, an extension element to meta.tag.extension is added with the fixed url value defined above:
<meta>
<tag>
<extension>
<extension url="parent-organization">
<valueIdentifier>
<system value="http://dsf.dev/sid/organization-identifier"/>
<value value="My_Organization"/>
</valueIdentifier>
</extension>
<extension url="organization-role">
</extension>
</extension>
<system value="http://dsf.dev/fhir/CodeSystem/read-access-tag"/>
<code value="ROLE"/>
</tag>
</meta>Instead of Identifier, the value[x] element is now defined as a Coding type. This the next element to add will be valueCoding:
<meta>
<tag>
<extension>
<extension url="parent-organization">
<valueIdentifier>
<system value="http://dsf.dev/sid/organization-identifier"/>
<value value="My_Organization"/>
</valueIdentifier>
</extension>
<extension url="organization-role">
<valueCoding>
</valueCoding>
</extension>
</extension>
<system value="http://dsf.dev/fhir/CodeSystem/read-access-tag"/>
<code value="ROLE"/>
</tag>
</meta>A Coding has to belong to some CodeSystem. The DSF has a CodeSystem called dsf-organization-role. Before creating new CodeSystems, it is worth taking a look at it to see if an appropriate role already exists for an organization. The example will be using the DIC role:
<meta>
<tag>
<extension>
<extension url="parent-organization">
<valueIdentifier>
<system value="http://dsf.dev/sid/organization-identifier"/>
<value value="My_Organization"/>
</valueIdentifier>
</extension>
<extension url="organization-role">
<valueCoding>
<system value="http://dsf.dev/fhir/CodeSystem/organization-role"/>
<code value="DIC"/>
</valueCoding>
</extension>
</extension>
<system value="http://dsf.dev/fhir/CodeSystem/read-access-tag"/>
<code value="ROLE"/>
</tag>
</meta>Now there is only two elements left in the differential statement:
<StructureDefinition xmlns="http://hl7.org/fhir">
...
<differential>
...
<element id="Extension.url">
<path value="Extension.url" />
<fixedUri value="http://dsf.dev/fhir/StructureDefinition/extension-read-access-parent-organization-role" />
</element>
<element id="Extension.value[x]">
<path value="Extension.value[x]" />
<max value="0" />
</element>
</differential>
</StructureDefinition>The Extension.url element requires a url attribute to be added to meta.tag.extension. The last element defines that there must not be a meta.tag.extension.value[x] element. This results in this final Read Access Tag:
<meta>
<tag>
<extension url="http://dsf.dev/fhir/StructureDefinition/extension-read-access-parent-organization-role">
<extension url="parent-organization">
<valueIdentifier>
<system value="http://dsf.dev/sid/organization-identifier"/>
<value value="My_Organization"/>
</valueIdentifier>
</extension>
<extension url="organization-role">
<valueCoding>
<system value="http://dsf.dev/fhir/CodeSystem/organization-role"/>
<code value="DIC"/>
</valueCoding>
</extension>
</extension>
<system value="http://dsf.dev/fhir/CodeSystem/read-access-tag"/>
<code value="ROLE"/>
</tag>
</meta>