本页介绍了如何使用 FHIR 同意资源确定 Cloud Healthcare API 中 FHIR 存储区的数据访问权限。
配置启用了 FHIR 访问权限控制的存储区
如需配置具有同意强制执行功能的 FHIR 存储区,请完成以下步骤:
如果您还没有 FHIR 存储区,请创建一个。
设置以下 FHIR 存储区的
ConsentConfig参数以启用同意强制执行:version:指定用于 FHIR 存储区的同意强制执行版本。此值只能通过CreateFhirStore或UpdateFhirStore设置一次。设置完毕后,您必须调用ApplyConsents或ApplyAdminConsents才能更改版本。access_enforced:如果设置为true,则在访问 FHIR 资源时,系统将根据使用方提供的同意指令验证提供的同意标头。consent_header_handling:如果设置为PERMIT_EMPTY_SCOPE(默认值),则服务器允许不带X-Consent-Scope标头(或空)的请求。如果设置为REQUIRED_ON_READ且access_enforced=true,则服务器会拒绝所有不带X-Consent-Scope标头(或X-Consent-Scope标头为空)的请求。
使用 ConsentConfig 设置新的 FHIR 存储区
curl -X POST \ -H "Authorization: Bearer $(gcloud auth application-default print-access-token)" \ -H "Content-Type: application/json" \ --data "{ 'version': 'R4', 'enableUpdateCreate': true, 'consentConfig': { 'version': 'V1', 'accessEnforced': true } }" "https://healthcare.googleapis.com/v1beta1/projects/PROJECT_ID/locations/LOCATION/datasets/DATASET_ID/fhirStores?fhirStoreId=FHIR_STORE_ID"
您应该收到类似以下内容的 JSON 响应:
{
"name": "projects/PROJECT_ID/locations/LOCATION/datasets/DATASET_ID/fhirStores/FHIR_STORE_ID",
"version": "R4",
"enableUpdateCreate": true,
"consentConfig": {
"version": "V1"
}
}
如果您已有现有存储区,请使用 UpdateFhirStore 将具有同意强制执行 version 的 ConsentConfig 设置为 V1,并将 accessEnforced 设置为 true。
curl -X PATCH \ -H "Authorization: Bearer $(gcloud auth application-default print-access-token)" \ -H "Content-Type: application/json" \ --data "{ 'consentConfig': { 'version': 'V1', 'accessEnforced': true } }" "https://healthcare.googleapis.com/v1beta1/projects/PROJECT_ID/locations/LOCATION/datasets/DATASET_ID/fhirStores/FHIR_STORE_ID?update_mask=consentConfig"
使用意见征求资源定义政策
政策通过意见征求资源表示。数据模型文档介绍了资源字段的用途和使用方式。
下面是可为此特定示例创建的所有资源的示例。
创建 FHIR 资源
以下示例展示了如何执行 [FHIR 软件包](/healthcare-api/docs/how-tos/fhir-bundles) 来填充以下资源:
- 名为 Jeffrey Brown 的从业者资源
- 名为 Darcy Smith 的患者资源
- 由 Happy Hospital 收集的显示 Darcy 血红蛋白测量值 (LOINC
718-7) 的观察结果资源 - 显示 Darcy 葡萄糖测量值 (LOINC
15074-8) 的观察结果资源。 - 来自 Darcy 的同意,允许 Jeffrey Brown 使用应用
App/123访问 Happy Hospital 收集的她的数据 - 来自 Darcy 的同意,允许 Jeffrey Brown 访问她的任何数据以进行紧急治疗 (
ETREAT) - 来自 Happy Hospital 的同意,允许 Jeffrey Brown 在使用应用
App/golden进行生物医学研究 (BIORCH) 时访问所有数据
cat > bundle.json << 'EOF' { "resourceType": "Bundle", "type": "transaction", "entry": [ { "request": {"method": "PUT", "url": "Practitioner/12942879-f89f-41ae-aa80-0b911b649833"}, "resource": { "active": true, "birthDate": "1970-05-23", "gender": "male", "id": "12942879-f89f-41ae-aa80-0b911b649833", "name": [{ "family": "Brown", "given": ["Jeffrey"], "use": "official" }], "resourceType": "Practitioner" } }, { "request": {"method": "PUT", "url": "Patient/3c6aa096-c054-4c22-b2b4-1e4a4d203de2"}, "resource": { "active": true, "birthDate": "1990-01-01", "gender": "female", "id": "3c6aa096-c054-4c22-b2b4-1e4a4d203de2", "name": [{ "family": "Smith", "given": ["Darcy"], "use": "official" }], "meta": { "tag": [{ "system": "http://terminology.hl7.org/CodeSystem/common-tags", "code": "employee" }] }, "resourceType": "Patient" } }, { "request": {"method": "PUT", "url": "Observation/7473784b-46a8-470c-b9a6-fe38a01025aa"}, "resource": { "id": "7473784b-46a8-470c-b9a6-fe38a01025aa", "meta": {"source": "http://example.com/HappyHospital"}, "code": { "coding": [{ "code": "718-7", "system": "http://loinc.org", "display": "Hemoglobin [Mass/volume] in Blood" }] }, "effectivePeriod": {"start": "2021-12-10T05:30:10+01:00"}, "issued": "2021-12-10T13:30:10+01:00", "resourceType": "Observation", "status": "final", "subject": {"reference": "Patient/3c6aa096-c054-4c22-b2b4-1e4a4d203de2"}, "valueQuantity": { "code": "g/dL", "system": "http://unitsofmeasure.org", "unit": "g/dl", "value": 7.2 } } }, { "request": {"method": "PUT", "url": "Observation/68583624-9921-4158-8754-2a306c689abd"}, "resource": { "id": "68583624-9921-4158-8754-2a306c689abd", "code": { "coding": [{ "code": "15074-8", "system": "http://loinc.org", "display": "Glucose [Moles/volume] in Blood" }] }, "effectivePeriod": {"start": "2021-12-01T05:30:10+01:00"}, "issued": "2021-12-01T13:30:10+01:00", "resourceType": "Observation", "status": "final", "subject": {"reference": "Patient/3c6aa096-c054-4c22-b2b4-1e4a4d203de2"}, "valueQuantity": { "code": "mmol/L", "system": "http://unitsofmeasure.org", "unit": "mmol/l", "value": 6.3 } } }, { "request": {"method": "PUT", "url": "Consent/10998b60-a252-405f-aa47-0702554ddc8e"}, "resource": { "category": [{ "coding": [{ "code": "59284-0", "system": "http://terminology.hl7.org/CodeSystem/consentcategorycodes" }] }], "id": "10998b60-a252-405f-aa47-0702554ddc8e", "patient": {"reference": "Patient/3c6aa096-c054-4c22-b2b4-1e4a4d203de2"}, "policyRule": { "coding": [{ "code": "OPTIN", "system": "http://terminology.hl7.org/CodeSystem/v3-ActCode" }] }, "provision": { "actor": [ { "reference": {"reference": "Practitioner/12942879-f89f-41ae-aa80-0b911b649833"}, "role": { "coding": [{ "code": "GRANTEE", "system": "http://terminology.hl7.org/CodeSystem/v3-RoleCode" }] } } ], "extension": [ { "url": "https://g.co/fhir/medicalrecords/Environment", "valueCodeableConcept": { "coding": [{ "code": "123", "system": "App" }] } }, { "url": "https://g.co/fhir/medicalrecords/DataSource", "valueUri": "http://example.com/HappyHospital" } ], "type": "permit" }, "resourceType": "Consent", "scope": { "coding": [{ "code": "patient-privacy", "system": "http://terminology.hl7.org/CodeSystem/consentscope" }] }, "status": "active" } }, { "request": {"method": "PUT", "url": "Consent/73c54e8d-2789-403b-9dee-13085c5d5e34"}, "resource": { "category": [{ "coding": [{ "code": "59284-0", "system": "http://terminology.hl7.org/CodeSystem/consentcategorycodes" }] }], "id": "73c54e8d-2789-403b-9dee-13085c5d5e34", "patient": {"reference": "Patient/3c6aa096-c054-4c22-b2b4-1e4a4d203de2"}, "policyRule": { "coding": [{ "code": "OPTIN", "system": "http://terminology.hl7.org/CodeSystem/v3-ActCode" }] }, "provision": { "actor": [ { "reference": {"reference": "Practitioner/12942879-f89f-41ae-aa80-0b911b649833"}, "role": { "coding": [{ "code": "GRANTEE", "system": "http://terminology.hl7.org/CodeSystem/v3-RoleCode" }] } } ], "purpose": [{ "code": "ETREAT", "system": "http://terminology.hl7.org/CodeSystem/v3-ActReason" }], "type": "permit" }, "resourceType": "Consent", "scope": { "coding": [{ "code": "patient-privacy", "system": "http://terminology.hl7.org/CodeSystem/consentscope" }] }, "status": "active" } }, { "request": {"method": "PUT", "url": "Consent/5c8e3f8a-9fd5-480d-a08e-f29b89feccde"}, "resource": { "category": [{ "coding": [{ "code": "57017-6", "system": "http://loinc.org" }] }], "id": "5c8e3f8a-9fd5-480d-a08e-f29b89feccde", "patient": {}, "extension": [{ "url": "https://g.co/fhir/medicalrecords/ConsentAdminPolicy" }], "policyRule": { "coding": [{ "code": "OPTIN", "system": "http://terminology.hl7.org/CodeSystem/v3-ActCode" }] }, "provision": { "actor": [ { "reference": {"reference": "Practitioner/12942879-f89f-41ae-aa80-0b911b649833"}, "role": { "coding": [{ "code": "GRANTEE", "system": "http://terminology.hl7.org/CodeSystem/v3-RoleCode" }] } } ], "purpose": [{ "code": "BIORCH", "system": "http://terminology.hl7.org/CodeSystem/v3-ActReason" }], "extension": [ { "url": "https://g.co/fhir/medicalrecords/Environment", "valueCodeableConcept": { "coding": [{ "code": "golden", "system": "App" }] } } ], "type": "permit" }, "resourceType": "Consent", "scope": {}, "status": "active" } } ] } EOF curl -X POST \ -H "Authorization: Bearer $(gcloud auth application-default print-access-token)" \ -H "Content-Type: application/fhir+json; charset=utf-8" \ --data @bundle.json \ "https://healthcare.googleapis.com/v1beta1/projects/PROJECT_ID/locations/LOCATION/datasets/DATASET_ID/fhirStores/FHIR_STORE_ID/fhir"
您应该收到类似以下内容的 JSON 响应:
{
"entry": [
{
"response": {
"etag": "W/\"VERSION_ID\"",
"lastModified": "2022-09-01T17:31:40.423469+00:00",
"location": "https://healthcare.googleapis.com/v1beta1/projects/PROJECT_ID/locations/LOCATION/datasets/DATASET_ID/fhirStores/FHIR_STORE_ID/fhir/Practitioner/12942879-f89f-41ae-aa80-0b911b649833/_history/VERSION_ID",
"status": "201 Created"
}
},
{
"response": {
"etag": "W/\"VERSION_ID\"",
"lastModified": "2022-09-01T17:31:40.423469+00:00",
"location": "https://healthcare.googleapis.com/v1beta1/projects/PROJECT_ID/locations/LOCATION/datasets/DATASET_ID/fhirStores/FHIR_STORE_ID/fhir/Patient/3c6aa096-c054-4c22-b2b4-1e4a4d203de2/_history/VERSION_ID",
"status": "201 Created"
}
},
{
"response": {
"etag": "W/\"VERSION_ID\"",
"lastModified": "2022-09-01T17:31:40.423469+00:00",
"location": "https://healthcare.googleapis.com/v1beta1/projects/PROJECT_ID/locations/LOCATION/datasets/DATASET_ID/fhirStores/FHIR_STORE_ID/fhir/Observation/7473784b-46a8-470c-b9a6-fe38a01025aa/_history/VERSION_ID",
"status": "201 Created"
}
},
{
"response": {
"etag": "W/\"VERSION_ID\"",
"lastModified": "2022-09-01T17:31:40.423469+00:00",
"location": "https://healthcare.googleapis.com/v1beta1/projects/PROJECT_ID/locations/LOCATION/datasets/DATASET_ID/fhirStores/FHIR_STORE_ID/fhir/Observation/68583624-9921-4158-8754-2a306c689abd/_history/VERSION_ID",
"status": "201 Created"
}
},
{
"response": {
"etag": "W/\"VERSION_ID\"",
"lastModified": "2022-09-01T17:31:40.423469+00:00",
"location": "https://healthcare.googleapis.com/v1beta1/projects/PROJECT_ID/locations/LOCATION/datasets/DATASET_ID/fhirStores/FHIR_STORE_ID/fhir/Consent/10998b60-a252-405f-aa47-0702554ddc8e/_history/VERSION_ID",
"status": "201 Created"
}
},
{
"response": {
"etag": "W/\"VERSION_ID\"",
"lastModified": "2022-09-01T17:31:40.423469+00:00",
"location": "https://healthcare.googleapis.com/v1beta1/projects/PROJECT_ID/locations/LOCATION/datasets/DATASET_ID/fhirStores/FHIR_STORE_ID/fhir/Consent/73c54e8d-2789-403b-9dee-13085c5d5e34/_history/VERSION_ID",
"status": "201 Created"
}
},
{
"response": {
"etag": "W/\"VERSION_ID\"",
"lastModified": "2022-09-01T17:31:40.423469+00:00",
"location": "https://healthcare.googleapis.com/v1beta1/projects/PROJECT_ID/locations/LOCATION/datasets/DATASET_ID/fhirStores/FHIR_STORE_ID/fhir/Consent/5c8e3f8a-9fd5-480d-a08e-f29b89feccde/_history/VERSION_ID",
"status": "201 Created"
}
}
],
"resourceType": "Bundle",
"type": "transaction-response"
}
以下是更多 R4 意见征求资源示例,展示了如何表示复杂的政策。
患者同意指令示例
{ "resourceType": "Consent", "id": "patient-consent-example", "patient": { "reference": "Patient/f001" }, "category": [ { "coding": [ { "system": "http://loinc.org", "code": "59284-0" } ] } ], "scope": { "coding": [ { "system": "http://terminology.hl7.org/CodeSystem/consentscope", "code": "patient-privacy" } ] }, "policyRule": { "coding": [ { "system": "http://terminology.hl7.org/CodeSystem/v3-ActCode", "code": "OPTIN" } ] }, "status": "active", "provision": { "type": "permit", "actor": [ { "reference": { "reference": "Practitioner/f002" }, "role": { "coding": [ { "system": "http://terminology.hl7.org/CodeSystem/v3-RoleCode", "code": "GRANTEE" } ] } } ], "purpose": [ { "system": "http://terminology.hl7.org/CodeSystem/v3-ActReason", "code": "TREAT" } ], "class": [ { "system": "http://hl7.org/fhir/resource-types", "code": "Encounter" } ], "data": [ { "meaning": "instance", "reference": { "reference": "Encounter/e001" } } ], "extension": [ { "url": "https://g.co/fhir/medicalrecords/Environment", "valueCodeableConcept": { "coding": [ { "system": "iso3166-1", "code": "CA" } ] } }, { "url": "https://g.co/fhir/medicalrecords/DataTag", "valueCoding": { "system": "http://terminology.hl7.org/CodeSystem/common-tags", "code": "actionable" } }, { "url": "https://g.co/fhir/medicalrecords/DataTag", "extension": [ { "url": "https://g.co/fhir/medicalrecords/DataTag", "valueCoding": { "system": "http://example.com/custom-tags", "code": "archived" } }, { "url": "https://g.co/fhir/medicalrecords/DataTag", "valueCoding": { "system": "http://example.com/custom-tags", "code": "insensitive" } } ] }, { "url": "https://g.co/fhir/medicalrecords/DataSource", "valueUri": "http://somesystem.example.org/foo" } ], "securityLabel": [ { "system": "http://terminology.hl7.org/CodeSystem/v3-Confidentiality", "code": "R" }, { "system": "http://terminology.hl7.org/CodeSystem/v3-ActCode", "code": "PSY" } ] } }
上面的示例表示一个患者同意资源,其中患者 f001 向从业者 f002 授予权限,其目的是提供由 TREAT 表示的定期治疗。从业者位于地理位置 iso3166-1/CA。该同意资源允许从业者在患者数据满足以下所有条件的情况下访问患者数据。
- 它是 ID 为
Encounter/e001的Encounter类型。 - 它来自来源
http://somesystem.example.org/foo。 - 它满足至少以下一个标记条件(可以通过设置 Meta.tag 的
system和code字段来为资源添加代码): - 具有标记(
system=http://terminology.hl7.org/CodeSystem/common-tags和code=actionable) - 同时具有两个标记(
system=http://example.com/custom-tags和code=archived)以及(system=http://example.com/custom-tags和code=insensitive) - 它至少具有以下某个安全标签
system=http://terminology.hl7.org/CodeSystem/v3-Confidentiality且code是R、N、M、L、U之一。system=http://terminology.hl7.org/CodeSystem/v3-ActCode且code=PSY。
管理员政策指令示例
{ "resourceType": "Consent", "id": "admin-policy-example", "patient": {}, "extension": [{ "url": "https://g.co/fhir/medicalrecords/ConsentAdminPolicy" }], "category": [ { "coding": [ { "system": "http://loinc.org", "code": "57017-6" } ] } ], "scope": {}, "policyRule": { "coding": [ { "system": "http://terminology.hl7.org/CodeSystem/v3-ActCode", "code": "OPTIN" } ] }, "status": "active", "provision": { "type": "permit", "actor": [ { "reference": { "reference": "Practitioner/f002" }, "role": { "coding": [ { "system": "http://terminology.hl7.org/CodeSystem/v3-RoleCode", "code": "GRANTEE" } ] } } ], "purpose": [ { "system": "http://terminology.hl7.org/CodeSystem/v3-ActReason", "code": "TREAT" } ], "class": [ { "system": "http://hl7.org/fhir/resource-types", "code": "Encounter" } ], "data": [ { "meaning": "instance", "reference": { "reference": "Encounter/e001" } } ], "extension": [ { "url": "https://g.co/fhir/medicalrecords/Environment", "valueCodeableConcept": { "coding": [ { "system": "iso3166-1", "code": "CA" } ] } }, { "url": "https://g.co/fhir/medicalrecords/DataTag", "valueCoding": { "system": "http://terminology.hl7.org/CodeSystem/common-tags", "code": "actionable" } }, { "url": "https://g.co/fhir/medicalrecords/DataTag", "extension": [ { "url": "https://g.co/fhir/medicalrecords/DataTag", "valueCoding": { "system": "http://example.com/custom-tags", "code": "archived" } }, { "url": "https://g.co/fhir/medicalrecords/DataTag", "valueCoding": { "system": "http://example.com/custom-tags", "code": "insensitive" } } ] }, { "url": "https://g.co/fhir/medicalrecords/DataSource", "valueUri": "http://somesystem.example.org/foo" } ], "securityLabel": [ { "system": "http://terminology.hl7.org/CodeSystem/v3-Confidentiality", "code": "R" }, { "system": "http://terminology.hl7.org/CodeSystem/v3-ActCode", "code": "PSY" } ] } }
上面的示例表示一个管理员政策同意资源,其中从业者 f002 向从业者 TREAT 授予权限,其目的是提供由 TREAT 表示的定期治疗。从业者来自地理位置 iso3166-1/CA。该同意资源允许从业者在患者数据满足以下所有条件的情况下访问患者数据:
- 它是 ID 为
Encounter/e001的Encounter类型。 - 它来自来源
http://somesystem.example.org/foo。 - 它满足至少以下一个标记条件:
- 具有标记(
system=http://terminology.hl7.org/CodeSystem/common-tags和code=actionable) - 同时具有两个标记(
system=http://example.com/custom-tags和code=archived)以及(system=http://example.com/custom-tags和code=insensitive) - 它至少具有以下某个安全标签
system=http://terminology.hl7.org/CodeSystem/v3-Confidentiality且code是R、N、M、L、U之一。system=http://terminology.hl7.org/CodeSystem/v3-ActCode且code=PSY。
管理员级级联政策指令示例
{ "resourceType": "Consent", "id": "admin-cascading-policy-example", "patient": {}, "extension": [ { "url": "https://g.co/fhir/medicalrecords/ConsentAdminPolicy" }, { "url": "https://g.co/fhir/medicalrecords/CascadingPolicy" } ], "category": [ { "coding": [ { "system": "http://loinc.org", "code": "57017-6" } ] } ], "scope": {}, "policyRule": { "coding": [ { "system": "http://terminology.hl7.org/CodeSystem/v3-ActCode", "code": "OPTIN" } ] }, "status": "active", "provision": { "type": "permit", "actor": [ { "reference": { "reference": "Practitioner/f002" }, "role": { "coding": [ { "system": "http://terminology.hl7.org/CodeSystem/v3-RoleCode", "code": "GRANTEE" } ] } } ], "purpose": [ { "system": "http://terminology.hl7.org/CodeSystem/v3-ActReason", "code": "TREAT" } ], "class": [ { "system": "http://hl7.org/fhir/resource-types", "code": "Patient" } ], "extension": [ { "url": "https://g.co/fhir/medicalrecords/Environment", "valueCodeableConcept": { "coding": [ { "system": "iso3166-1", "code": "CA" } ] } }, { "url": "https://g.co/fhir/medicalrecords/DataTag", "valueCoding": { "system": "http://terminology.hl7.org/CodeSystem/common-tags", "code": "employee" } } ] } }
上面的示例表示一个管理员级别的级联政策同意资源,用于向从业者 f002 授予权限,其目的是提供由 TREAT 表示的定期治疗。该从业者位于地理位置 iso3166-1/CA。该意见征求资源允许从业者访问标记为 employee 的患者的舱室数据。所有资源条件仅适用于隔离区基本资源(即患者资源),因为它控制着要从哪些资源级联。
强制执行患者意见征求或管理员政策
通过 ApplyConsents 强制执行患者的同意
curl -X POST \ -H "Authorization: Bearer $(gcloud auth application-default print-access-token)" \ -H "Content-Type: application/json" \ --data "{'validateOnly': false}" \ "https://healthcare.googleapis.com/v1beta1/projects/PROJECT_ID/locations/LOCATION/datasets/DATASET_ID/fhirStores/FHIR_STORE_ID:applyConsents"
您应该收到类似以下内容的 JSON 响应:
{
"name": "projects/PROJECT_ID/locations/LOCATION/datasets/DATASET_ID/operations/OPERATION_ID"
}
响应包含操作名称。如需跟踪操作的状态,您可以使用 [操作“get”方法](/healthcare-api/docs/reference/rest/v1/projects.locations.datasets.operations/get):
curl -X GET \ -H "Authorization: Bearer $(gcloud auth application-default print-access-token)" \ "https://healthcare.googleapis.com/v1beta1/projects/PROJECT_ID/locations/LOCATION/datasets/DATASET_ID/operations/OPERATION_ID"
操作完成后,服务器将以 JSON 格式返回包含操作状态的响应:
{
"name": "projects/PROJECT_ID/locations/LOCATION/datasets/DATASET_ID/operations/OPERATION_ID"",
"metadata": {
"@type": "type.googleapis.com/google.cloud.healthcare.v1beta1.OperationMetadata",
"apiMethodName": "google.cloud.healthcare.v1beta1.fhir.FhirStoreService.ApplyConsents",
"createTime": "CREATE_TIME",
"endTime": "END_TIME",
"logsUrl": "https://console.cloud.google.com/logs/query/CLOUD_LOGGING_URL",
"counter": {
"success": "2",
"secondarySuccess": "5"
}
},
"done": true,
"response": {
"@type": "type.googleapis.com/google.cloud.healthcare.v1beta1.fhir.ApplyConsentsResponse",
"consentApplySuccess": "2",
"affectedResources": "5"
}
}
此响应表明服务器已成功处理 2 个同意并更新了 5 个资源(1 个患者、2 个同意、2 个观察结果)的同意访问权限。
通过 ApplyAdminConsents 强制执行管理员政策
curl -X POST \ -H "Authorization: Bearer $(gcloud auth application-default print-access-token)" \ -H "Content-Type: application/json" \ --data "{ 'validateOnly': false, 'newConsentsList': { 'names': ['projects/PROJECT_ID/locations/LOCATION/datasets/DATASET_ID/fhirStores/FHIR_STORE_ID/fhir/Consent/5c8e3f8a-9fd5-480d-a08e-f29b89feccde/_history/VERSION_ID'] } }" \ "https://healthcare.googleapis.com/v1beta1/projects/PROJECT_ID/locations/LOCATION/datasets/DATASET_ID/fhirStores/FHIR_STORE_ID:applyAdminConsents"
您应该收到类似以下内容的 JSON 响应:
{
"name": "projects/PROJECT_ID/locations/LOCATION/datasets/DATASET_ID/operations/OPERATION_ID"
}
响应包含操作名称。如需跟踪操作的状态,您可以使用 [操作“get”方法](/healthcare-api/docs/reference/rest/v1/projects.locations.datasets.operations/get):
curl -X GET \ -H "Authorization: Bearer $(gcloud auth application-default print-access-token)" \ "https://healthcare.googleapis.com/v1beta1/projects/PROJECT_ID/locations/LOCATION/datasets/DATASET_ID/operations/OPERATION_ID"
操作完成后,服务器将以 JSON 格式返回包含操作状态的响应:
{
"name": "projects/PROJECT_ID/locations/LOCATION/datasets/DATASET_ID/operations/OPERATION_ID"",
"metadata": {
"@type": "type.googleapis.com/google.cloud.healthcare.v1beta1.OperationMetadata",
"apiMethodName": "google.cloud.healthcare.v1beta1.fhir.FhirStoreService.ApplyAdminConsents",
"createTime": "CREATE_TIME",
"endTime": "END_TIME",
"logsUrl": "https://console.cloud.google.com/logs/query/CLOUD_LOGGING_URL",
"counter": {
"success": "1",
"secondarySuccess": "7"
}
},
"done": true,
"response": {
"@type": "type.googleapis.com/google.cloud.healthcare.v1beta1.fhir.ApplyAdminConsentsResponse",
"consentApplySuccess": "1",
"affectedResources": "7"
}
}
此响应表明服务器已成功处理 1 项管理政策,并更新了 7 个资源(1 名执业者、1 名患者、2 项观察结果、2 项患者同意和 1 项管理政策)的同意访问权限。
在调用 ApplyConsents(对于患者同意)或 ApplyAdminConsents(对于管理员政策和管理员级联政策)并成功完成之前,对存储在 FHIR 存储区中的同意的强制执行不会生效。如果您在运行 ApplyConsents 或 ApplyAdminConsents 后添加、修改或移除同意,则必须再次运行该工具,才能将这些同意包含在强制执行模型中。
FHIR 资源会以异步方式编入索引,因此 ApplyConsents 或 ApplyAdminConsents 完成的时间与强制执行模型在搜索结果中反映的时间可能会略有延迟。只有搜索请求才会出现这种延迟。
如果这是您第一次在 FHIR 存储区上设置同意强制执行功能,请等待 ApplyConsents 或 ApplyAdminConsents 长时间运行的操作完成,然后再发出同意感知请求。
如需对部分患者调用 ApplyConsents,您可以使用以下过滤条件:
PatientScope:针对多达 10,000 位患者的 ID 列表运行ApplyConsentsTimeRange:针对特定时间范围内更新其同意资源的患者资源 ID 列表运行ApplyConsent
如需调用 ApplyAdminConsents:您需要提供要应用的所有政策的完整列表(而不是增量列表)。因此,如果列表为空,则会使商店中的所有管理政策失效。如果 FHIR 存储空间采用版本控制,则每项政策都必须是资源版本名称;否则,则是资源名称。
您可以使用 operations.get 检索操作的 ProgressCounter。完成后,Operation.response 中会包含 ApplyConsentsResponse。下表介绍了 ProgressCounter 和 ApplyConsentsResponse 或 ApplyAdminConsentsResponse 中的计数器。
ProgressCounter |
ApplyConsentsResponse 或 ApplyAdminConsentsResponse |
说明 |
|---|---|---|
success |
consentApplySuccess |
操作成功处理的意见征求资源的数量。 |
failure |
consentApplyFailure |
不受支持或无效的意见征求资源的数量。您可以在 Cloud Logging 中查看错误日志,或者当 validateOnly 为 false 时,使用 CheckConsentEnforcementStatus 或 CheckPatientConsentEnforcementStatus 检索错误详细信息以检查同意强制执行状态。 |
secondarySuccess |
affectedResources |
当 validateOnly 为 false 时,它表示由于同意更改生效而成功重新编入索引的 FHIR 资源的数量。 |
secondaryFailure |
failedResources |
当 validateOnly 为 false 时,它表示可能具有同意更改但无法重新编入索引的 FHIR 资源的数量。这可能会影响使用同意上下文进行搜索,但不会影响其他方法。如需查看错误详情,您可以在 Cloud Logging 中查看错误日志。 |
处理 FHIR 同意资源后,您可以使用以下 API 检查单个同意或患者所有同意的强制执行状态:
CheckConsentEnforcementStatus:返回列出以下参数的Parameters(STU3、R4)资源:id:表示同意资源的 IDlastUpdated:表示上次强制执行同意的时间versionId:表示用于同意强制执行的版本 IDconsent-enforcement-status:表示同意强制执行状态
CheckPatientConsentEnforcementStatus:返回Parameters(STU3、R4)资源的Bundle(STU3、R4),该资源包含来自单个患者的所有同意的强制执行状态
对于管理政策,CheckConsentEnforcementStatus 只能用于检查单个意见征求管理政策的违规处置状态。或者,您也可以使用 fhirStores.get 查看应用于商店的所有有效管理员政策。
用户意见征求强制执行状态
consent-enforcement-status 可以具有以下任一值:
OFF:表示新同意资源的默认强制执行状态,其中的同意资源从未处理。ENFORCEABLE:同意资源已成功处理的状态。INACTIVE:同意资源被忽略的非活跃状态。UNSUPPORTED:可能符合 FHIR 规范但无法执行的同意资源状态。这是由于在当前功能支持级别下 FHIR 同意强制执行的实施有限。ENFORCEMENT_LIMIT_EXCEEDED:FHIR 同意资源格式和资源支持级别没有错误但以下一个或多个条件为 true 时的状态:患者拥有大量同意资源。
所有活跃同意中的同意指令大小都大于 FHIR 服务器强制执行同意指令的最大大小。
使用同意上下文进行搜索
Cloud Healthcare API 支持在给定 FHIR 存储区中搜索 FHIR 资源,并使用 actor、purpose 和 environment 作为查询参数。响应中仅包含用户已同意使用的资源。
搜索具有同意范围的 FHIR 资源
- 从业者 Jeffrey Brown(由
Practitioner/12942879-f89f-41ae-aa80-0b911b649833标识)使用受信任的应用App/123搜索status=final的所有观察结果。 - 从业者 Jeffrey Brown(由
Practitioner/12942879-f89f-41ae-aa80-0b911b649833标识)使用应用App/123搜索患者 Darcy 的所有观察结果。 - 从业者 Jeffrey Brown(由
Practitioner/12942879-f89f-41ae-aa80-0b911b649833标识)使用应用App/123搜索患者 Darcy 的所有观察结果,用于紧急处理。 - 从业者 Jeffrey Brown(由
Practitioner/12942879-f89f-41ae-aa80-0b911b649833标识)使用status=final搜索观察结果,以实现治疗和研究这两个目的 - 医院 IT 管理员使用
bypass搜索医院的所有执业者。
curl -X GET \ -H "Authorization: Bearer $(gcloud auth application-default print-access-token)" \ -H "X-Consent-Scope: actor/Practitioner/12942879-f89f-41ae-aa80-0b911b649833 env/App/123" \ "https://healthcare.googleapis.com/v1beta1/projects/PROJECT_ID/locations/LOCATION/datasets/DATASET_ID/fhirStores/FHIR_STORE_ID/fhir/Observation?status=final"
您应该收到类似以下内容的 JSON 响应:
{
"entry": [
{
"fullUrl": "https://healthcare.googleapis.com/v1beta1/projects/PROJECT_ID/locations/LOCATION_ID/datasets/DATASET_ID/fhirStores/FHIR_STORE_ID/fhir/Observation/7473784b-46a8-470c-b9a6-fe38a01025aa",
"resource": {
"code": {
"coding": [
{
"code": "718-7",
"display": "Hemoglobin [Mass/volume] in Blood",
"system": "http://loinc.org"
}
]
},
"effectivePeriod": {
"start": "2021-12-10T05:30:10+01:00"
},
"id": "7473784b-46a8-470c-b9a6-fe38a01025aa",
"issued": "2021-12-10T13:30:10+01:00",
"meta": {
"lastUpdated": "2022-09-01T17:31:40.423469+00:00",
"source": "http://example.com/HappyHospital",
"versionId": "VERSION_ID"
},
"resourceType": "Observation",
"status": "final",
"subject": {
"reference": "Patient/3c6aa096-c054-4c22-b2b4-1e4a4d203de2"
},
"valueQuantity": {
"code": "g/dL",
"system": "http://unitsofmeasure.org",
"unit": "g/dl",
"value": 7.2
}
},
"search": {
"mode": "match"
}
}
],
"link": [
{
"relation": "search",
"url": "https://healthcare.googleapis.com/v1beta1/projects/PROJECT_ID/locations/LOCATION/datasets/DATASET_ID/fhirStores/FHIR_STORE_ID/fhir/Observation/?status=final"
},
{
"relation": "first",
"url": "https://healthcare.googleapis.com/v1beta1/projects/PROJECT_ID/locations/LOCATION/datasets/DATASET_ID/fhirStores/FHIR_STORE_ID/fhir/Observation/?status=final"
},
{
"relation": "self",
"url": "https://healthcare.googleapis.com/v1beta1/projects/PROJECT_ID/locations/LOCATION/datasets/DATASET_ID/fhirStores/FHIR_STORE_ID/fhir/Observation/?status=final"
}
],
"resourceType": "Bundle",
"total": 1,
"type": "searchset"
}
curl -X GET \ -H "Authorization: Bearer $(gcloud auth application-default print-access-token)" \ -H "X-Consent-Scope: actor/Practitioner/12942879-f89f-41ae-aa80-0b911b649833 env/App/123" \ "https://healthcare.googleapis.com/v1beta1/projects/PROJECT_ID/locations/LOCATION/datasets/DATASET_ID/fhirStores/FHIR_STORE_ID/fhir/Observation?subject:Patient.name=Darcy"
您应该收到类似以下内容的 JSON 响应:
{
"link": [
{
"relation": "search",
"url": "https://healthcare.googleapis.com/v1beta1/projects/PROJECT_ID/locations/LOCATION/datasets/DATASET_ID/fhirStores/FHIR_STORE_ID/fhir/Observation/?subject%3APatient.name=Darcy"
},
{
"relation": "first",
"url": "https://healthcare.googleapis.com/v1beta1/projects/PROJECT_ID/locations/LOCATION/datasets/DATASET_ID/fhirStores/FHIR_STORE_ID/fhir/Observation/?subject%3APatient.name=Darcy"
},
{
"relation": "self",
"url": "https://healthcare.googleapis.com/v1beta1/projects/PROJECT_ID/locations/LOCATION/datasets/DATASET_ID/fhirStores/FHIR_STORE_ID/fhir/Observation/?subject%3APatient.name=Darcy"
}
],
"resourceType": "Bundle",
"total": 0,
"type": "searchset"
}
上述查询是链式搜索。由于同意场景 actor/Practitioner/12942879-f89f-41ae-aa80-0b911b649833 env/App/123 访问患者 Darcy 资源(由 Patient/3c6aa096-c054-4c22-b2b4-1e4a4d203de2 标识)被拒绝,因此 FHIR 服务器不会返回患者的观察结果,就像患者不存在一样。
curl -X GET \ -H "Authorization: Bearer $(gcloud auth application-default print-access-token)" \ -H "X-Consent-Scope: actor/Practitioner/12942879-f89f-41ae-aa80-0b911b649833 purp/v3/ETREAT env/App/123" \ "https://healthcare.googleapis.com/v1beta1/projects/PROJECT_ID/locations/LOCATION/datasets/DATASET_ID/fhirStores/FHIR_STORE_ID/fhir/Observation?subject:Patient.name=Darcy"
您应该收到类似以下内容的 JSON 响应:
{
"entry": [
{
"fullUrl": "https://healthcare.googleapis.com/v1beta1/projects/PROJECT_ID/locations/LOCATION/datasets/DATASET_ID/fhirStores/FHIR_STORE_ID/fhir/Observation/68583624-9921-4158-8754-2a306c689abd",
"resource": {
"code": {
"coding": [
{
"code": "15074-8",
"display": "Glucose [Moles/volume] in Blood",
"system": "http://loinc.org"
}
]
},
"effectivePeriod": {
"start": "2021-12-01T05:30:10+01:00"
},
"id": "68583624-9921-4158-8754-2a306c689abd",
"issued": "2021-12-01T13:30:10+01:00",
"meta": {
"lastUpdated": "2022-09-01T17:31:40.423469+00:00",
"versionId": "VERSION_ID"
},
"resourceType": "Observation",
"status": "final",
"subject": {
"reference": "Patient/3c6aa096-c054-4c22-b2b4-1e4a4d203de2"
},
"valueQuantity": {
"code": "mmol/L",
"system": "http://unitsofmeasure.org",
"unit": "mmol/l",
"value": 6.3
}
},
"search": {
"mode": "match"
}
},
{
"fullUrl": "https://healthcare.googleapis.com/v1beta1/projects/PROJECT_ID/locations/LOCATION/datasets/DATASET_ID/fhirStores/FHIR_STORE_ID/fhir/Observation/7473784b-46a8-470c-b9a6-fe38a01025aa",
"resource": {
"code": {
"coding": [
{
"code": "718-7",
"display": "Hemoglobin [Mass/volume] in Blood",
"system": "http://loinc.org"
}
]
},
"effectivePeriod": {
"start": "2021-12-10T05:30:10+01:00"
},
"id": "7473784b-46a8-470c-b9a6-fe38a01025aa",
"issued": "2021-12-10T13:30:10+01:00",
"meta": {
"lastUpdated": "2022-09-01T17:31:40.423469+00:00",
"source": "http://example.com/HappyHospital",
"versionId": "VERSION_ID"
},
"resourceType": "Observation",
"status": "final",
"subject": {
"reference": "Patient/3c6aa096-c054-4c22-b2b4-1e4a4d203de2"
},
"valueQuantity": {
"code": "g/dL",
"system": "http://unitsofmeasure.org",
"unit": "g/dl",
"value": 7.2
}
},
"search": {
"mode": "match"
}
}
],
"link": [
{
"relation": "search",
"url": "https://healthcare.googleapis.com/v1beta1/projects/PROJECT_ID/locations/LOCATION/datasets/DATASET_ID/fhirStores/FHIR_STORE_ID/fhir/Observation/?subject:Patient.name=Darcy"
},
{
"relation": "first",
"url": "https://healthcare.googleapis.com/v1beta1/projects/PROJECT_ID/locations/LOCATION/datasets/DATASET_ID/fhirStores/FHIR_STORE_ID/fhir/Observation/?subject:Patient.name=Darcy"
},
{
"relation": "self",
"url": "https://healthcare.googleapis.com/v1beta1/projects/PROJECT_ID/locations/LOCATION/datasets/DATASET_ID/fhirStores/FHIR_STORE_ID/fhir/Observation/?subject:Patient.name=Darcy"
}
],
"resourceType": "Bundle",
"total": 2,
"type": "searchset"
}
curl -X GET \ -H "Authorization: Bearer $(gcloud auth application-default print-access-token)" \ -H "X-Consent-Scope: actor/Practitioner/12942879-f89f-41ae-aa80-0b911b649833 purp/v3/TREAT purp/v3/HRESCH" \ "https://healthcare.googleapis.com/v1beta1/projects/PROJECT_ID/locations/LOCATION/datasets/DATASET_ID/fhirStores/FHIR_STORE_ID/fhir/Observation?status=final"
您应该收到类似以下内容的 JSON 响应:
{
"issue": [
{
"code": "security",
"details": {
"text": "permission_denied"
},
"diagnostics": "the maximum number of allowed consent purpose scopes is 1, got 2",
"severity": "error"
}
],
"resourceType": "OperationOutcome"
}
在这种情况下,从业者 Jeffrey Brown 应该从请求的 `X-Consent-Scope` 中移除不必要的目的。
curl -X GET \ -H "Authorization: Bearer $(gcloud auth application-default print-access-token)" \ -H "X-Consent-Scope: bypass actor/Admin/ef0592c9-6724-467e-878d-f879e537cd15 env/net/HappyNet" \ "https://healthcare.googleapis.com/v1beta1/projects/PROJECT_ID/locations/LOCATION/datasets/DATASET_ID/fhirStores/FHIR_STORE_ID/fhir/Practitioner?"
由于提供了 bypass,因此系统跳过了意见征求检查。您应该收到类似以下内容的 JSON 响应:
{
"entry": [
{
"fullUrl": "https://healthcare.googleapis.com/v1beta1/projects/PROJECT_ID/locations/LOCATION/datasets/DATASET_ID/fhirStores/FHIR_STORE_ID/fhir/Practitioner/12942879-f89f-41ae-aa80-0b911b649833",
"resource": {
"active": true,
"birthDate": "1970-05-23",
"gender": "male",
"id": "12942879-f89f-41ae-aa80-0b911b649833",
"meta": {
"lastUpdated": "2022-09-01T17:31:40.423469+00:00",
"versionId": "VERSION_ID"
},
"name": [
{
"family": "Brown",
"given": [
"Jeffrey"
],
"use": "official"
}
],
"resourceType": "Practitioner"
},
"search": {
"mode": "match"
}
}
],
"link": [
{
"relation": "search",
"url": "https://healthcare.googleapis.com/v1beta1/projects/PROJECT_ID/locations/LOCATION/datasets/DATASET_ID/fhirStores/FHIR_STORE_ID/fhir/Practitioner/?"
},
{
"relation": "first",
"url": "https://healthcare.googleapis.com/v1beta1/projects/PROJECT_ID/locations/LOCATION/datasets/DATASET_ID/fhirStores/FHIR_STORE_ID/fhir/Practitioner/?"
},
{
"relation": "self",
"url": "https://healthcare.googleapis.com/v1beta1/projects/PROJECT_ID/locations/LOCATION/datasets/DATASET_ID/fhirStores/FHIR_STORE_ID/fhir/Practitioner/?"
}
],
"resourceType": "Bundle",
"total": 1,
"type": "searchset"
}
使用同意上下文获取资源
Cloud Healthcare API 支持在给定 FHIR 存储区中获取 FHIR 资源,并使用 actor、purpose 和 environment 作为查询参数。响应中仅包含用户已同意使用的资源。
获取具有同意范围的 FHIR 资源
- 从业者 Jeffrey Brown(由
Practitioner/12942879-f89f-41ae-aa80-0b911b649833标识)使用应用App/123读取患者的血红蛋白测量值(在此示例中为Observation/7473784b-46a8-470c-b9a6-fe38a01025aa)。 - 从业者 Jeffrey Brown(由
Practitioner/12942879-f89f-41ae-aa80-0b911b649833标识)使用未知应用App/unknown读取患者的血红蛋白测量值(在此示例中为Observation/7473784b-46a8-470c-b9a6-fe38a01025aa)。 - 从业者 Jeffrey Brown(由
Practitioner/12942879-f89f-41ae-aa80-0b911b649833标识)使用应用App/golden进行生物医学研究,读取了 Darcy 的 birthDate(在此示例中为Patient/3c6aa096-c054-4c22-b2b4-1e4a4d203de2)。 - 从业者 Jeffrey Brown(由
Practitioner/12942879-f89f-41ae-aa80-0b911b649833标识)使用“紧急情况应急处理”协议请求对患者的记录进行紧急的未经授权的访问。 (在此示例中为Observation/7473784b-46a8-470c-b9a6-fe38a01025aa)。
curl -X GET \ -H "Authorization: Bearer $(gcloud auth application-default print-access-token)" \ -H "X-Consent-Scope: actor/Practitioner/12942879-f89f-41ae-aa80-0b911b649833 env/App/123" \ "https://healthcare.googleapis.com/v1beta1/projects/PROJECT_ID/locations/LOCATION/datasets/DATASET_ID/fhirStores/FHIR_STORE_ID/fhir/Observation/7473784b-46a8-470c-b9a6-fe38a01025aa"
由于请求者获得了同意,因此响应是观察结果资源的内容。
{
"code": {
"coding": [
{
"code": "718-7",
"display": "Hemoglobin [Mass/volume] in Blood",
"system": "http://loinc.org"
}
]
},
"effectivePeriod": {
"start": "2021-12-10T05:30:10+01:00"
},
"id": "7473784b-46a8-470c-b9a6-fe38a01025aa",
"issued": "2021-12-10T13:30:10+01:00",
"meta": {
"lastUpdated": "2022-09-01T17:31:40.423469+00:00",
"source": "http://example.com/HappyHospital",
"versionId": "VERSION_ID"
},
"resourceType": "Observation",
"status": "final",
"subject": {
"reference": "Patient/3c6aa096-c054-4c22-b2b4-1e4a4d203de2"
},
"valueQuantity": {
"code": "g/dL",
"system": "http://unitsofmeasure.org",
"unit": "g/dl",
"value": 7.2
}
}
curl -X GET \ -H "Authorization: Bearer $(gcloud auth application-default print-access-token)" \ -H "X-Consent-Scope: actor/Practitioner/12942879-f89f-41ae-aa80-0b911b649833 env/App/unknown" \ "https://healthcare.googleapis.com/v1beta1/projects/PROJECT_ID/locations/LOCATION/datasets/DATASET_ID/fhirStores/FHIR_STORE_ID/fhir/Observation/7473784b-46a8-470c-b9a6-fe38a01025aa"
由于患者的同意不允许请求方(“App/unknown”)的边界访问,因此请求被拒绝。
{
"issue": [
{
"code": "security",
"details": {
"text": "permission_denied"
},
"diagnostics": "Consent access denied or the resource being accessed does not exist",
"severity": "error"
}
],
"resourceType": "OperationOutcome"
}
curl -X GET \ -H "Authorization: Bearer $(gcloud auth application-default print-access-token)" \ -H "X-Consent-Scope: actor/Practitioner/12942879-f89f-41ae-aa80-0b911b649833 purp/v3/BIORCH env/App/golden" \ "https://healthcare.googleapis.com/v1beta1/projects/PROJECT_ID/locations/LOCATION/datasets/DATASET_ID/fhirStores/FHIR_STORE_ID/fhir/Patient/3c6aa096-c054-4c22-b2b4-1e4a4d203de2"
由于请求者获得了同意,因此响应是患者资源的内容。
{
"active": true,
"birthDate": "1990-01-01",
"gender": "female",
"id": "3c6aa096-c054-4c22-b2b4-1e4a4d203de2",
"meta": {
"lastUpdated": "2022-09-01T17:31:40.423469+00:00",
"versionId": "VERSION_ID",
"tag": [{
"system": "http://terminology.hl7.org/CodeSystem/common-tags",
"code": "employee"
}]
},
"name": [
{
"family": "Smith",
"given": [
"Darcy"
],
"use": "official"
}
],
"resourceType": "Patient"
}
curl -X GET \ -H "Authorization: Bearer $(gcloud auth application-default print-access-token)" \ -H "X-Consent-Scope: btg actor/Practitioner/12942879-f89f-41ae-aa80-0b911b649833" \ "https://healthcare.googleapis.com/v1beta1/projects/PROJECT_ID/locations/LOCATION/datasets/DATASET_ID/fhirStores/FHIR_STORE_ID/fhir/Observation/7473784b-46a8-470c-b9a6-fe38a01025aa"
由于意见征求的授权方法为 btg,因此服务器会跳过意见征求检查。响应是 Observation 资源的内容。
{
"code": {
"coding": [
{
"code": "718-7",
"display": "Hemoglobin [Mass/volume] in Blood",
"system": "http://loinc.org"
}
]
},
"effectivePeriod": {
"start": "2021-12-10T05:30:10+01:00"
},
"id": "7473784b-46a8-470c-b9a6-fe38a01025aa",
"issued": "2021-12-10T13:30:10+01:00",
"meta": {
"lastUpdated": "2022-09-01T17:31:40.423469+00:00",
"source": "http://example.com/HappyHospital",
"versionId": "VERSION_ID"
},
"resourceType": "Observation",
"status": "final",
"subject": {
"reference": "Patient/3c6aa096-c054-4c22-b2b4-1e4a4d203de2"
},
"valueQuantity": {
"code": "g/dL",
"system": "http://unitsofmeasure.org",
"unit": "g/dl",
"value": 7.2
}
}
配置意见征求标头
以下部分介绍了 Cloud Healthcare API 中支持的同意强制执行方法,以及如何在发出同意感知请求时强制执行资源访问。
发出请求时,您的授权服务器负责生成具有相关同意范围的访问令牌。
设置 HTTP 标头
同意范围使用 X-Consent-Scope HTTP 标头传递给 Cloud Healthcare API。Cloud Healthcare API 使用此标头对 FHIR 存储区中的数据实施基于同意的访问权限控制。
FHIR 请求可支持有限数量的同意条目范围。给定的 FHIR 请求中最多可以包含三个 actor 条目、一个 purp 条目和一个 env 条目。
对于特殊镜重,FHIR 请求可以支持 btg 或 bypass 之一。
为受信任应用设置 HTTP 标头
只有在使用客户控制的授权服务器时,才需要按照本部分执行操作。在这种情况下,您还必须使用 SMARTproxy 或类似的代理。
某些可信应用可以使用指定的 HTTP 标头中的同意范围直接调用 Cloud Healthcare API。这样,您就可以直接强制执行用户意见征求,而无需使用 SMARTproxy 或其他代理在外部授权服务器和 Google Cloud之间进行转换。
例如,您的应用可能注册了部分范围,例如一个应用 environment 范围,或者应用可能会显示选择微件来设置一些范围条目,例如访问者的 purpose。
受信任的用户或受信任的应用也可以使用btg 或 bypass 范围条目,这些条目需要接受审核后的审核。
为同意范围配置授权服务器
Cloud Healthcare API 根据输入同意范围提供对 FHIR 同意强制执行的内置支持。FHIR 存储区管理员负责在 Cloud Healthcare API 之外创建和配置授予同意范围的授权服务器。
访问令牌示例
以下示例展示了用 base64 编码的访问令牌:
eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzM4NCJ9.eyJpc3MiOiJjb25zZW50LnRva2VuLm9yZyIsImlhdCI6MTYxMjg4NDA4NSwiZXhwIjoxNjQ0NDIwMDg1LCJhdWQiOiJ3d3cuZXhhbXBsZS5jb20iLCJzdWIiOiJkb2N0b3IuZ2FicmllbGFAZXhhbXBsZS5jb20iLCJzY29wZSI6Im9pZGMgYWN0b3IvUHJhY3RpdGlvbmVyLzEyMyBhY3Rvci9Hcm91cC85OTkgcHVycC92My9UUkVBVCBlbnYvQXBwL2FiYyJ9.fC7ljkVUUx8fwUOrJuONcrqA-WKC-k_Bclzlgds0Cq6H_gEe3nUjPlSOCTQsIdYB
对访问令牌进行解码后,您可以看到它包含以下载荷:
{
"iss": "consent.token.org",
"iat": 1612884085,
"exp": 1644420085,
"aud": "www.example.com",
"sub": "doctor.gabriela@example.com",
"scope": "oidc actor/Practitioner/123 actor/Group/999 purp/v3/TREAT env/App/abc"
}
配置 SMARTProxy
SMARTProxy 是 Google 的开源代理,可提供以下功能:
允许 Cloud Healthcare API FHIR 服务器接受并验证同意感知访问令牌。
允许 Cloud Healthcare API 中的 FHIR 实现包含同意感知访问令牌,作为 Cloud Healthcare API 管理和权限模型的一部分。
在 FHIR 支持上也支持 SMART 的令牌功能。
当您发出通过 SMARTProxy 从 Cloud Healthcare API 检索数据的请求时,会发生以下情况:
SMARTProxy 接受包含同意感知令牌的客户端的请求。
SMARTProxy 通过您拥有的 JWT 授权服务器验证同意感知令牌。
SMARTProxy 从同意感知令牌中读取范围,并通过 HTTP 标头将其传递给 Cloud Healthcare API。
Cloud Healthcare API 会接收标头并对其进行验证,以对请求强制执行同意指令。随后,Cloud Healthcare API 通过 SMARTProxy 向客户端返回响应。
配置 Google Cloud 服务账号
一个代理只能有一个 Google Cloud 服务账号。如果多个客户端使用相同的代理,则这些客户端也将使用相同的服务账号。与多个客户端共享服务账号时,请务必小心,原因如下:
为了在 Cloud Healthcare API 中读取 FHIR 数据,可以将服务账号配置为具有广泛的读写权限。如需详细了解权限,请参阅控制对 Cloud Healthcare API 资源的访问权限。请参阅设置代理的一般性最佳实践。
Cloud Audit Logs
主电子邮件地址与服务账号关联。
例如,如果您使用您的 Google 账号直接调用 Cloud Healthcare API 以进行身份验证,则 Cloud Audit Logs 会将您的电子邮件地址记录为主电子邮件地址。当您使用代理调用 Cloud Healthcare API 时,代理使用自己的服务账号,并且主电子邮件地址是此服务账号的电子邮件地址,而原始账号未定义。
审核日志
当有访问请求或资源的访问权限强制执行发生变化时,系统会生成审核日志。
访问审核日志
如果在 FHIR 存储区中启用了审核日志,则 Cloud Logging 中提供的审核日志中会包含 consentMode 元数据字段。consentMode 可以是以下值之一:
off:FHIR 存储区配置将consentConfig.accessEnforced设置为false,并且不允许同意感知请求。emptyScope:FHIR 存储区的consentConfig.accessEnforced设置为true,但未包含同意范围标头。因此,同意未强制执行。enforced:FHIR 存储区将consentConfig.accessEnforced设置为true,并且存在同意范围标头。因此,系统会针对请求评估并强制执行同意。btg:FHIR 请求在同意范围标头中提供了btg。因此,系统跳过了意见征求检查。此请求适用于紧急情况,仅需接受审核后的审核。bypass:FHIR 请求在同意范围标头中仅提供了bypass。因此,系统跳过了意见征求检查。此请求旨在供受信任的工作流(例如管理员或受信任的应用,而不是最终用户)使用,因此此审核日志不同于用于数据治理检查的btg。
您可以根据需要将 access_determination_log_config 设置为 VERBOSE,以记录有关请求被批准或拒绝的原因的更多信息。
访问权限强制执行更改审核日志
当隔间基本资源发生更改时(例如,移除患者的 employee 标记):由于管理员级级联政策,对更改后的资源及其隔间的访问控制可能会发生变化。这会触发对其所有隔间资源重新编制索引。您可以在 Cloud Logging 中使用过滤条件 jsonPayload.@type="type.googleapis.com/google.cloud.healthcare.logging.FhirConsentCascadeLogEntry" 跟踪每个舱段基础资源更新的重新编制索引进度。
级联重新编制索引进度日志示例
{
"insertId": "tz2gtza8",
"jsonPayload": {
"@type": "type.googleapis.com/google.cloud.healthcare.logging.FhirConsentCascadeLogEntry",
"state": "STATE_FINISHED",
"affectedResources": "2",
"lastUpdated": "YYYY-MM-DDTHH:MM:SS+ZZ:ZZ",
"compartmentBaseResourceName": "projects/PROJECT_ID/locations/LOCATION/datasets/DATASET_ID/fhirStores/FHIR_STORE_ID/fhir/Patient/PATIENT_RESOURCE_ID/_history/PATIENT_RESOURCE_VERSION"
},
"resource": {
"type": "healthcare_fhir_store",
"labels": {
"location": "LOCATION",
"dataset_id": "DATASET_ID",
"fhir_store_id": "FHIR_STORE_ID",
"project_id": "PROJECT_ID"
}
},
"timestamp": "YYYY-MM-DDTHH:MM:SS+ZZ:ZZ",
"severity": "INFO",
"logName": "projects/PROJECT_ID/logs/healthcare.googleapis.com%2Fconsent_cascading_fhir",
"receiveTimestamp": "YYYY-MM-DDTHH:MM:SS+ZZ:ZZ"
}
jsonPayload.state 是重新编入索引操作的状态,jsonPayload.affectedResources 是重新编入索引的舱室资源的数量,jsonPayload.lastUpdated 是患者资源更新的时间戳。如果操作刚刚开始,则不会出现 jsonPayload.state="STATE_STARTED" 和 jsonPayload.affectedResources。
约束和限制
本部分介绍 FHIR R4 的限制条件和限制,但相同的限制条件和限制适用于 FHIR STU3。
| 类型 | 约束和限制 |
|---|---|
| 单个同意资源 |
|
| 违规处置模型 |
|
X-Consent-Scope |
|
| 支持的方法 |
|
| 性能 |
|
最佳做法
以下部分介绍了使用 FHIR 访问控制功能时的最佳实践。
一般最佳实践
请勿并行执行导入 FHIR 资源以及调用
ApplyConsents或ApplyAdminConsents的操作。我们建议您先导入 FHIR 资源,然后调用ApplyConsents或ApplyAdminConsents。但是,如果要导入的资源不包含任何患者或同意资源,则强制执行模型不会受到影响,并且处理意见征求或管理政策也不是必需的。请勿并行执行创建自定义搜索以及调用
ApplyConsents的操作。我们建议您依次完成这些步骤。如果您的工作流需要对不相交的
PatientScope调用多个ApplyConsents,则可以并行调用这些ApplyConsents。ApplyAdminConsents可以与任意数量的ApplyConsents并行运行,但不能与其他ApplyAdminConsents并行运行。设置代理时,请为 IAM 服务账号分配只读权限,以免将一位患者的数据写入另一位患者的记录。
创建或更新记录时,请勿使用同意代理。
验证所有写入请求,以防止意外修改跨患者数据。
强制执行级联意见征求时,必须先导入舱段基本资源,然后再导入其余舱段资源。或者,您也可以将所有舱室资源封装在单个软件包中,并使用
fhir.executeBundle进行提取。
删除患者资源
删除患者资源时,如果您还想移除该患者的同意强制执行(尤其是当 FhirStore.disableReferentialIntegrity 为 true 时),我们建议您遵循以下操作顺序:
删除属于患者资源的所有同意资源。
使用
PatientScope过滤器调用ApplyConsents。
设置现有存储区以实现同意访问
如需设置现有存储区以实现同意访问,请完成以下步骤:
使用
UpdateFhirStore将具有同意强制执行version的ConsentConfig设置为V1,并将accessEnforced设置为true。curl -X PATCH \ -H "Authorization: Bearer $(gcloud auth application-default print-access-token)" \ -H "Content-Type: application/json" \ --data "{ 'consentConfig': { 'version': 'V1', 'accessEnforced': true } }" "https://healthcare.googleapis.com/v1beta1/projects/PROJECT_ID/locations/LOCATION/datasets/DATASET_ID/fhirStores/FHIR_STORE_ID?update_mask=consentConfig"
处理患者同意书或管理员政策
- 用于患者同意书的
ApplyConsents
curl -X POST \ -H "Authorization: Bearer $(gcloud auth application-default print-access-token)" \ -H "Content-Type: application/json" \ --data "{'validateOnly': false}" \ "https://healthcare.googleapis.com/v1beta1/projects/PROJECT_ID/locations/LOCATION/datasets/DATASET_ID/fhirStores/FHIR_STORE_ID:applyConsents"
ApplyAdminConsents(适用于管理员政策和管理员级联政策)。
curl -X POST \ -H "Authorization: Bearer $(gcloud auth application-default print-access-token)" \ -H "Content-Type: application/json" \ --data "{ 'newConsentsList': { 'names': [ 'projects/PROJECT_ID/locations/LOCATION/datasets/DATASET_ID/fhirStores/FHIR_STORE_ID/fhir/Consent/RESOURCE_ID_1/_history/VERSION_ID_1', ... 'projects/PROJECT_ID/locations/LOCATION/datasets/DATASET_ID/fhirStores/FHIR_STORE_ID/fhir/Consent/RESOURCE_ID_N/_history/VERSION_ID_N' ] }, 'validateOnly': false }" \ "https://healthcare.googleapis.com/v1beta1/projects/PROJECT_ID/locations/LOCATION/datasets/DATASET_ID/fhirStores/FHIR_STORE_ID:applyAdminConsents"
- 用于患者同意书的
运行 ApplyConsents 或 ApplyAdminConsents 的频率
ConsentConfig字段未设置的情况:在首次创建 FHIR 存储区时,以及在清除ConsentConfig字段时,ConsentConfig字段都会处于未设置状态。取消设置ConsentConfig字段后,您必须重复设置存储区以获取同意访问权限,然后再发出同意感知请求,以避免评估已过期的同意强制执行政策。强制执行模型发生变化时:创建、更新或删除同意资源时,强制执行模型会发生变化。在这种情况下,您必须调用
ApplyConsents或ApplyAdminConsents,这些更改才会生效。如果您可以使用同意更改来跟踪患者,我们建议您使用
PatientScope过滤条件以避免重新处理整个存储区。此过滤条件非常适合立即刷新一小部分患者的违规处置。您还可以使用
TimeRange过滤器定期运行ApplyConsents。如果立即刷新不是必需的,此过滤条件会很有用。例如,以下请求会刷新强制执行,以表示在世界协调时间 (UTC) 2022-09-20 零点与世界协调时间 (UTC) 2022-09-21 零点之间的同意变化。curl -X POST \ -H "Authorization: Bearer $(gcloud auth application-default print-access-token)" \ -H "Content-Type: application/json" \ --data "{ 'validateOnly': false, 'timeRange': { 'start': '2022-09-20T00:00:00Z', 'end': '2022-09-21T00:00:00Z', } }" \ "https://healthcare.googleapis.com/v1beta1/projects/PROJECT_ID/locations/LOCATION/datasets/DATASET_ID/fhirStores/FHIR_STORE_ID:applyConsents"
使用 FHIR 意见征求视图
FHIR Consent Viewer 会显示访问权限控制政策。该文件提供了一个表格,其中包含用于表示 FHIR 访问权限控制规则的意见征求范围。
在使用 FHIR 意见征求查看器之前,请确保满足以下条件:
FHIR 存储区
disableResourceVersioning设置必须为false。FHIR 存储区创建后,此设置便无法更改。如需创建新的 FHIR 存储区,请参阅创建 FHIR 存储区。FHIR 存储区已配置为强制执行用户意见征求。
如需查看 FHIR 意见征求查看器,请完成以下步骤:
控制台
在 Google Cloud 控制台中,前往浏览器页面。
选择包含您要查看的强制性意见征求政策的 FHIR 存储区的数据集。
在数据存储区页面的数据存储区列表中,选择您要查看强制性意见征求政策的 FHIR 存储区。
在数据存储区详情页面中,点击意见征求标签页。系统会显示意见征求范围。