---
title: Workflow of resource reader accessing the authorized resources
tags: FHIR_SkinLesionImageManagement
---
Workflow of resource reader accessing the authorized resources
===
<div style="text-align:justify;">This chapter describes the scheme of how the resource reader accesses the resources, that the resource owner grants to him.
**Examples:**
Patient A has granted access of his electronic medical record to Doctor B. Next, Doctor B wants to access Patient A's medical record to view the patient's medical history and help him determine the right clinical diagnosis. So, Doctor B needs to do the process of accessing the medical record (resource) that was granted by Patient A to him previously.
There are two different user on document sharing workflow:
- Resource owner: person who upload documents to the repository and index it using FHIR DocumentReference to the Portal. FHIR DocumentReference will contain the url to original document on document repository.
- Resource reader: person who is given acces to resource owner's document. Resource readers can use Portal generated tokens to access the original resources on the resources repository.
</div>
## Table of Contents
[TOC]
## 1. Scenario
Once the FHIR Consent is already created and stored in the Consent Management on the Portal. Furthermore, the resource reader can access the resource granted by the resource owner to it using a token.
## 2. Purpose
This chapter aims to make the reader understand the scheme of resource reader accessing resources that have been granted by the resource owner to him.
## 3. Block management on patient portal used
The scheme of accessing granted resources uses four patient portal managements. Some of these blocks include:
- Consent Management
Providing the list of consent for accessing resource owner resources that are granted to resource readers.
- Resource Management
Act as resource registry, which stores document references and provides a list of document resources with access has been granted on Consent.
- Personnel Management (Person, Institutional & Organizational)
Provide list of personnel information including person, practitioner, institutional, and organizational, which is used in querying consent by resource owner (the consent's performer).
- Autority Management
Providing the process of generating access token for accessing resource owner resources by resource reader.
## 4. FHIR Resource used
- FHIR Consent= a document that records the consent for access or restriction of resource owner resources to resource readers
- FHIR DocumentReference= Index of documents that reference to the actual granted document
- Personnel resources (FHIR Patient, PractitionerRole, Organization)= the resource owner and reader, ex: organization
- FHIR Document= the the actual granted document, can be structured report
### 4.1 Resource relation
Fhir Consent is composed of various information regarding the granting agreement of a resource access, including the resource owner, resource reader, and the document itself (DocumentReference).
DocumentReference contains the original document url, then through the url can access the whole information on the FHIR Document.
## 5. Workflow
### Prerequisite
1. [Personel management establishment](/rk3qR60Zo)
2. [Create FHIR DocumentReference to index document on Patient Portal](/rk3qR60Zo)
3. [Create FHIR Consent for granting resource access](SJY4cGIZj)
### 5.1 Resource reader get granted resource workflow
- User: person who want to access resources that granted to him, such as patient or practitioner
- Portal: the party that generates tokens which can be used to access resources
- Client: 3rd party web or window application used to display resources
- Cloud Healthcare Services and Server: resource server where to store the resource
### 5.1.1 Step by step:
1. First, the user is required to sign-in to the portal. Then the Portal will perform the authentication process based on the user input email and password
2. User select the role that will be used to perform the healthcare service. The portal will provide a list of services permitted to the user role.
Ex: User role is PractitionerRole, then the system will provide services to index document, create consent and get access to granted resources.
3. User selects service of get access to granted resources.
4. Portal list all consents granted to user. Portal provides function to filter consents based on input search parameters.
Ex: Get all consent granted to PractitionerRole/misac.practitionerrole01 (actor) by Patient/46179774-1a1e-4ae4-b626-9ff53fa080f4 (consentor)
5. User select consents to be accessed
6. Portal list selected consent DocumentReferences contained
7. User select DocumentReference to be accessed
8. Portal list selected DocumentReference Documents contained
DocumentReference contains a link url to the original document but it required access token to access the original document.
9. User select Document to be accessed
10. Portal generates JWT ID token to client as user authenticated meaning, besides that portal also generates access token to client so that client can access documents on resource server.
Q: JWT token "sub" claim: to record portal user id or user role id?
11. Pass the JWT ID & Access token to client
12. Client request access to the document on healthcare services and server using the access token
13. The healthcare service and server validate the access token and respond to the requested document to client
14. Client display the document to user
#### Example
The FHIR resource used in retrieving the granted document:
##### 1. Get granted of patient's skin lesion image access
Dr. Elon Must want to access the authorized Patient Will Smith's skin lesion image.
```
Consent?actor.name=Elon Musk
```
1.1 Constent of doctor Elon musk:
:::spoiler Consent/misac.consent01[(example)](https://203.64.84.150:58443/portaltest1/fhir/Consent/misac.consent01)
```gherkin=
{
"resourceType": "Consent",
"id": "misac.consent01",
"meta": {
"versionId": "1",
"lastUpdated": "2022-10-05T15:01:29.314+08:00"
},
"status": "active",
"scope": {
"coding": [
{
"system": "http://terminology.hl7.org/CodeSystem/consentscope",
"code": "patient-privacy"
}
]
},
"category": [
{
"coding": [
{
"system": "http://terminology.hl7.org/CodeSystem/v3-ActCode",
"code": "INFASO"
}
]
}
],
"patient": {
"reference": "Patient/46179774-1a1e-4ae4-b626-9ff53fa080f4",
"display": "Will Smith"
},
"dateTime": "2022-10-05",
"organization": [
{
"reference": "Organization/TCHospitalHualien",
"display": "Hualien Tzu Chi Hospital"
}
],
"policyRule": {
"coding": [
{
"system": "http://terminology.hl7.org/CodeSystem/v3-ActCode",
"code": "OPTOUT"
}
]
},
"provision": {
"type": "permit",
"actor": [
{
"role": {
"coding": [
{
"system": "http://terminology.hl7.org/CodeSystem/v3-ParticipationType",
"code": "CST"
}
]
},
"reference": {
"reference": "Organization/TCHospitalHualien",
"display": "Hualien Tzu Chi Hospital"
}
},
{
"role": {
"coding": [
{
"system": "http://terminology.hl7.org/CodeSystem/v3-ParticipationType",
"code": "PRCP"
}
]
},
"reference": {
"reference": "PractitionerRole/misac.practitionerrole01",
"display": "Elon Musk"
}
}
],
"action": [
{
"coding": [
{
"system": "http://terminology.hl7.org/CodeSystem/consentaction",
"code": "access"
}
]
}
],
"code": [
{
"coding": [
{
"system": "codesystem",
"code": "DermatologyImage"
}
]
}
],
"data": [
{
"meaning": "related",
"reference": {
"reference": "DocumentReference/misac.documentreference01"
}
}
]
}
}
```
:::
1.2 Access the FHIR DocumentReference:
:::spoiler DocumentReference/misac.documentreference01[(example)](https://203.64.84.150:58443/portaltest1/fhir/DocumentReference/misac.documentreference01)
```gherkin=
{
"resourceType": "DocumentReference",
"id": "misac.documentreference01",
"meta": {
"versionId": "1",
"lastUpdated": "2022-10-05T12:27:53.267+08:00"
},
"status": "current",
"date": "2022-10-05T12:24:39",
"author": [
{
"reference": "Patient/46179774-1a1e-4ae4-b626-9ff53fa080f4",
"display": "Will Smith"
}
],
"authenticator": {
"reference": "Organization/MIPatientPortal",
"display": "MI Patient Portal"
},
"custodian": {
"reference": "Organization/MIPatientPortal",
"display": "MI Patient Portal"
},
"content": [
{
"attachment": {
"url": "https://drive.google.com/uc?id=1l2Uxt4pXCETIlCFSuXtsq5TQwuIdWEQY&export=download",
"title": "BP_1"
}
}
]
}
```
:::
1.3 Access the document original
https://drive.google.com/uc?id=1l2Uxt4pXCETIlCFSuXtsq5TQwuIdWEQY&export=download
##### 2. Get granted of patient's image exam report access
1.1 Query the patient:
:::spoiler Patient/46179774-1a1e-4ae4-b626-9ff53fa080f4 [(example)](https://203.64.84.150:58443/portaltest1/fhir/Patient/46179774-1a1e-4ae4-b626-9ff53fa080f4)
```gherkin=
{
"resourceType": "Patient",
"id": "46179774-1a1e-4ae4-b626-9ff53fa080f4",
"meta": {
"versionId": "1",
"lastUpdated": "2022-08-30T16:45:53.199+08:00",
"source": "#2E1dW1HdBAatV1og"
},
"text": {
"status": "generated",
"div": "<div xmlns=\"http://www.w3.org/1999/xhtml\"><div class=\"hapiHeaderText\"/><table class=\"hapiPropertyTable\"><tbody><tr><td>Identifier</td><td>111316001</td></tr></tbody></table></div>"
},
"identifier": [ {
"system": "username",
"value": "111316001"
} ],
"active": true,
"name": [ {
"text": "Will Smith"
} ],
"managingOrganization": {
"reference": "Organization/MIPatientPortal",
"display": "MI Patient Portal"
}
}
```
:::
1.2 Query the physician:
:::spoiler PractitionerRole/misac.practitionerrole01[(example)](https://203.64.84.150:58443/portaltest1/fhir/PractitionerRole/misac.practitionerrole01)
```gherkin=
{
"resourceType": "PractitionerRole",
"id": "misac.practitionerrole01",
"meta": {
"versionId": "1",
"lastUpdated": "2022-10-05T13:55:56.806+08:00"
},
"identifier": [
{
"system": "PractitionerID",
"value": "P0002"
}
],
"active": true,
"practitioner": {
"reference": "Practitioner/4",
"display": "Elon Musk"
},
"organization": {
"reference": "Organization/TCHospitalHualien",
"display": "Hualien Tzu Chi Hospital"
},
"code": [
{
"coding": [
{
"system": "http://hl7.org/fhir/R4/valueset-practitioner-role.html",
"code": "doctor",
"display": "Doctor"
}
]
}
],
"telecom": [
{
"system": "email",
"value": "elonmusk@oxfuni.com",
"use": "work"
}
]
}
```
:::
1.3 Query the consent:
:::spoiler Consent/misac.consent01[(example)](https://203.64.84.150:58443/portaltest1/fhir/Consent/misac.consent01)
```gherkin=
{
"resourceType": "Consent",
"id": "misac.consent01",
"meta": {
"versionId": "1",
"lastUpdated": "2022-10-05T15:01:29.314+08:00"
},
"status": "active",
"scope": {
"coding": [
{
"system": "http://terminology.hl7.org/CodeSystem/consentscope",
"code": "patient-privacy"
}
]
},
"category": [
{
"coding": [
{
"system": "http://terminology.hl7.org/CodeSystem/v3-ActCode",
"code": "INFASO"
}
]
}
],
"patient": {
"reference": "Patient/46179774-1a1e-4ae4-b626-9ff53fa080f4",
"display": "Will Smith"
},
"dateTime": "2022-10-05",
"organization": [
{
"reference": "Organization/TCHospitalHualien",
"display": "Hualien Tzu Chi Hospital"
}
],
"policyRule": {
"coding": [
{
"system": "http://terminology.hl7.org/CodeSystem/v3-ActCode",
"code": "OPTOUT"
}
]
},
"provision": {
"type": "permit",
"actor": [
{
"role": {
"coding": [
{
"system": "http://terminology.hl7.org/CodeSystem/v3-ParticipationType",
"code": "CST"
}
]
},
"reference": {
"reference": "Organization/TCHospitalHualien",
"display": "Hualien Tzu Chi Hospital"
}
},
{
"role": {
"coding": [
{
"system": "http://terminology.hl7.org/CodeSystem/v3-ParticipationType",
"code": "PRCP"
}
]
},
"reference": {
"reference": "PractitionerRole/misac.practitionerrole01",
"display": "Elon Musk"
}
}
],
"action": [
{
"coding": [
{
"system": "http://terminology.hl7.org/CodeSystem/consentaction",
"code": "access"
}
]
}
],
"code": [
{
"coding": [
{
"system": "codesystem",
"code": "DermatologyImage"
}
]
}
],
"data": [
{
"meaning": "related",
"reference": {
"reference": "DocumentReference/misac.documentreference01"
}
}
]
}
}
```
:::
1.4 Query the document reference:
:::spoiler DocumentReference/misac.documentreference01[(example)](https://203.64.84.150:58443/portaltest1/fhir/DocumentReference/misac.documentreference01)
```gherkin=
{
"resourceType": "DocumentReference",
"id": "misac.documentreference01",
"meta": {
"versionId": "1",
"lastUpdated": "2022-10-05T12:27:53.267+08:00"
},
"status": "current",
"date": "2022-10-05T12:24:39",
"author": [
{
"reference": "Patient/46179774-1a1e-4ae4-b626-9ff53fa080f4",
"display": "Will Smith"
}
],
"authenticator": {
"reference": "Organization/MIPatientPortal",
"display": "MI Patient Portal"
},
"custodian": {
"reference": "Organization/MIPatientPortal",
"display": "MI Patient Portal"
},
"content": [
{
"attachment": {
"url": "https://drive.google.com/uc?id=1l2Uxt4pXCETIlCFSuXtsq5TQwuIdWEQY&export=download",
"title": "BP_1"
}
}
]
}
```
:::
1.5 Query the document:
:::spoiler Document/misac.document01
```
```
:::
## 5. Reference
https://fhirblog.com/2013/11/05/fhir-and-xds-an-overview/
https://smilecdr.com/docs/smart/smart_on_fhir_introduction.html
Sign in with Wallet
Connect another wallet