Policy that enforce rules on compartment resources

[sherryyuan-gcp]

Use case: want to permit certain access to all compartment data that belongs to patients tagged as employee

currently google cloud support this use case through an extension: https://cloud.google.com/healthcare-api/docs/fhir-consent#expandable-4

From last meeting:

1. PACIO is the group to each out to for sharing patient data
2. Patient compartment is related to consent, but there are other compartments related to business (e.g. encounter compartment)

Extension question:

1. how do we control which particular compartment data to apply to? e.g. permit access to compartment data with tag restricted that belongs to patient tagged as employee

[JohnMoehrke]

Compartment should be understood today, at least with data defined in an instance of CompartmentDefinition (vs the implied compartments such as patient).

Given a CompartmentDefinition c1

Permission

• rule[0].type = permit
• rule[0].data.resource.meaning = related
• rule[0].data.resource.reference = Reference(c1)

Unless you think this use of the meaning of related is not the right code? Should we add a code? or should we just explain this use of related when the reference is a Compartment?

I would guess that the .expression could also be used, but I don't understand expression.

Or should we have a new element in .data specific to compartment as it is a rather specific concept that is common for security to leverage. This element might recognize the implied compartments in addition to CompartmentDefinition