Page Comparison

...

The RBAC part of the access control is based on the user’s list of process privileges contained in the access token.

Access Token Field

Meaning

Example Value

realm_access

List of process privileges, that is, what is the user allowed to do.

"realm_access": {

"roles": [

"Patient.read",

"Patient.write"

]

}

What operations the user is allowed to invoke is stated in the "realm_access" attribute. In the example above the user is allowed to issue a "Patient.read" and a "Patient.write". This means that the user can get and edit patient records. This part of the security model is the RBAC-part, as the claims here are entirely based upon what role the user has.

...

The ABAC part of the access control combines the access token user type with security token context(s) and, at times, also the access token user id. These are typically compared to attributes of the data from the services.

Access Token Field

Meaning

Example Value

context

List of items that are set in context. context in combination with items in realm_access governs the access to all resources in the ehealth infrastructure.

"context": {

"organization_id" : "https://fut.com/fhir/Organization/1",

"care_team_id": https://fut.com/fhir/CareTeam/4,

"episode_of_care_id": https://fut.com/fhir/EpisodeOfCare/10,

"patient_id": "https://fut.com/fhir/Patient/8"

}

user_id

Id of the user. Can be either a FHIR patient Id, FHIR practitioner Id or a KeyCloak Id

"user_id": " e03ccef7-b0b1-4f68-8e16-6fc2f865a922"

user_type

Can be either SYSTEM, PATIENT, PRACTITIONER or SSL

"user_type": "PATIENT"

Each resource type (see IG Profiles) has certain restrictions to what context is required in order to allow data retrieval or data manipulation.

...

These resources are not patient related. Read and Search operations do not require any security context apart from the privilege.

Plandefinition/ActivityDefinition

User Type

FHIR Operation

Organization Context

Property updated → role needed

Practitioner

create/update

required:

must match modifierRole.reference

PlanDefinition/ActivityDefinition creation or modifierRole changed → owner

All other updates → owner or co-author

System

-

Plandefinition$apply

User Type

EpisodeOfCare Context

CareTeam Context

Practitioner

required:

Must match EpisodeOfCare.id

required:

Must match EpisodeOfCare.team

System

-

DocumentReference

These resources are not patient related.

User Type	Context
DocumentReference.read/search
Practitioner / Patient	-
System	-

Read and Search operations do not require any security context apart from the privilege.

DocumentReference.create/update

User Type

Organization Context

Practitioner / Patient

required:

must match DocumentReference.custodian

System

-

EpisodeOfCare cannot be created directly. They are created by calling the custom operation: create-episode-of-care

User Type	EpisodeOfCare Context	Patient Context	CareTeam Context
EpisodeOfCare.create-episode-of-care
Practitioner	must not be present	required: must match EpisodeOfCare.Patient	required: Must match EpisodeOfCare.team
Patient	must not be present	required: must match EpisodeOfCare.Patient	-
System	-	-	-

EpisodeOfCare.read

User Type

EpisodeOfCare Context

Practitioner/Patient

required:

must match EpisodeOfCare

System

-

User Type	EpisodeOfCare Context	CareTeam Context
EpisodeOfCare.patch/updateCareteams
Practitioner	required: must match EpisodeOfCare	required: Must match EpisodeOfCare.team
Patient	required: must match EpisodeOfCare	-
System	-	-

User Type	EpisodeOfCare Context	Patient Context	CareTeam Context
EpisodeOfCare.search
Practitioner	must not be present	optional but when present: must match Patient search parameter	required: Must match CareTeam search parameter
Patient	must not be present	Always present: must match Patient search parameter	-
System	-	-	-

User Type	EpisodeOfCare Context	CareTeam Context
Condition
Practitioner	required: must match Condition.context	-
Practitioner	required: must match Condition.context	-
Patient	required: must match Condition.context	-
Patient	required: must match Condition.context	-
System	-	-

User Type	EpisodeOfCare Context	CareTeam Context
Provenance.read
Practitioner	required: must match Provenance.target	-
Practitioner	required: must match Provenance.target	-
Patient	required: must match Provenance.target	-
Patient	required: must match Provenance.target	-
System	-	-

User Type	EpisodeOfCare Context	CareTeam Context
Provenance.search
Practitioner	required: must match EpisodeOfCare search parameter (provenance.target)	-
Patient	required: must match EpisodeOfCare search parameter (provenance.target)	-
Patient		-
System	-	-

User Type	EpisodeOfCare Context	CareTeam Context
Consent.create/read/patch
Practitioner	Required Must match data.reference	-
Patient	Required Must match data.reference	-
System	-	-

User Type	EpisodeOfCare Context	CareTeam Context
Consent.search
Practitioner	required: must match EpisodeOfCare search parameter (consent.data.reference)	-
Patient	required: must match EpisodeOfCare search parameter (consent.data.reference)	-
System	-	-

CarePlan/ProcedureRequest

...

CarePlans cannot be created directly. They are created and assigned to a patient by calling PlanDefinition$apply

User Type	EpisodeOfCare Context	CareTeam Context
CarePlan/ProcedureRequest Read/Suggest-care-teams
Practitioner	required: must match CarePlan/ProcedureRequest.context	required: Careplan: Context must match CarePlan.careTeam or Careplan.context.team ProducereRequest: Context must match CarePlan.careTeam or Careplan.context.team for the CarePlan that the ProcedureRequest belongs to.
Practitioner	required: must match CarePlan/ProcedureRequest.context
Patient	required: must match CarePlan/ProcedureRequest.context	-
Patient	required: must match CarePlan/ProcedureRequest.context	-
System	-	-

User Type	EpisodeOfCare Context	CareTeam Context	Extra permission
CarePlan/ProcedureRequest Update/Update-care-teams
Practitioner	required: must match CarePlan/ProcedureRequest.context	required: Careplan: Context must match CarePlan.careTeam or CarePlan.context.team ProducereRequest: Context must match CarePlan.careTeam or CarePlan.context.team for the CarePlan that the ProcedureRequest belongs to.
Practitioner	required: must match CarePlan/ProcedureRequest.context
Patient	required: must match CarePlan/ProcedureRequest.context	-	Only allowed if definition.topic is 'self-treatment'
Patient	required: must match CarePlan/ProcedureRequest.context	-	Only allowed if definition.topic is 'self-treatment'
System	-	-

CarePlan: Update careteam special case

User Type

EpisodeOfCare Context

CareTeam Context

Extra permission

Practitioner

required:

must match CarePlan.context

required:

Must match CarePlan.careTeam

Careplan$update.responsibility permission required in token to update careteam element

User Type	EpisodeOfCare Context	Patient Context	CareTeam Context
CarePlan Search
Practitioner	optional but when present: must match searchparam theContext	optional but when present: must match searchparam theSubject Only checked if EpisodeOfCare Context is not set.	required: Must match search parameter CarePlan.careteam or CarePlan.context.team. (Only a single search parameter is allowed for this element)
Patient	optional but when present: must match searchparam theContext	Always present and must match searchparam theSubject Only checked if EpisodeOfCare Context is not set.	-
System	-	-	-

Goal

Goals are considered as part of a CarePlan and do not have separate privileges.

User Type	Patient Context	EpisodeOfCare Context	CareTeam Context
Goal Create/Read/Update
Practitioner	-	required: must match Goal.addresses.context	required: must match Goal.addresses.context.team or Careplan.careteam for the CarePlan that the Goal.addresses ProcedureRequest belongs to.
Patient	required: Must match Goal.subject	-	-
Patient	required: Must match Goal.subject	-	-
System	-	-	-

User Type	Patient Context	EpisodeOfCare Context	CareTeam Context
Goal Search
Practitioner	-	required: must match search param: addresses.context	required: must match search param addresses.context.team or Careplan.careteam for the CarePlan that the addresses ProcedureRequest belongs to.
Patient	required: Must match search param addresses.subject	-	-
Patient	required: Must match search param addresses.subject	-	-
System	-	-	-

CommunicationRequest

User Type	EpisodeOfCare Context	Patient Context	CareTeam Context	Details
CommunicationRequest Create/Read/Update/Delete
Practitioner	required must match CommunicationRequest.context	not checked	required must match CommunicationRequest.recipient if recipient contains a careteam
Practitioner	required must match CommunicationRequest.context	not checked
Patient	optional but when present: must match CommunicationRequest.context	required must match CommunicationRequest.recipient	-	Update: Only status
Patient		required must match CommunicationRequest.recipient	-
System	-		-

User Type	EpisodeOfCare Context	Patient Context	CareTeam Context
CommunicationRequest Search
Practitioner	required if searchparam recipient is a patient. optional otherwise. must match searchparam CommunicationRequest.context when present	optional but when present: must match searchparam CommunicationRequest.subject	required if searchparam recipient is a careteam
Patient	optional but when present must match CommunicationRequest.context	Always present and must match searchparam CommunicationRequest.recipient	-
Patient			-
System	-	-	-

ClinicalImpression/Task

User Type	EpisodeOfCare Context	Patient Context	CareTeam Context
ClinicalImpression create/read/update
Practitioner	required: must match ClinicalImpression.context	-	required: must be in ClinicalImpressions.ehealth-careplan.careTeam or ClinicalImpressions.context.team
Practitioner	required: must match ClinicalImpression.context	-
Patient	optional but when present: must match ClinicalImpression.context	required when EOC context not present: must match ClinicalImpression.subject	-
Patient			-
System	-	-	-

User Type	EpisodeOfCare Context	Patient Context	CareTeam Context
ClinicalImpression.search
Practitioner	optional but when present: must match searchparam: context	optional must match searchparam: subject Only checked if EOC context is not present:	required: Must match search param value in context.team or carePlan.careTeam
Patient	optional but when present: must match searchparam: context	required when EpisodeOfCare Context not present: must match searchparam: subject	-
Patient	optional but when present: must match searchparam: context		-
System	-	-	-

User Type	EpisodeOfCare Context	Patient Context	CareTeam Context / UserId	Extra Permission
Task create/read/update
Practitioner	optional but when present: must match Task.context	optional must match Task.context.subject Only checked if EOC context is not present:	CareTeam Context must match Task.responsible	User must have at least one corresponding restriction category privilege in Task.restriction-category.
Practitioner	optional but when present: must match Task.context		UserID must match Task.responsible, Task.owner or Task.requester
Patient	optional but when present: must match Task.context	required when EOC context not present: must match Task.context.subject	UserID must match Task.responsible, Task.owner or Task.requester
Patient	optional but when present: must match Task.context
System	-	-	-

User Type	EpisodeOfCare Context	Patient Context	CareTeam Context / UserId	Extra Permission
Task search
Practitioner	optional but when present: must match searchparam Context	optional must match searchparam Context.subject Only checked if EOC context is not present:	CareTeam Context must match searchparam responsible	User must have all restriction category privileges corresponding to the list in searchparam restriction-category.
Practitioner	optional but when present: must match searchparam Context		UserID must match searchparam: Responsible, Owner or Requester
Patient	optional but when present: must match searchparam Context	required when EpisodeOfCare Context not present: must match searchparam theContext.subject	UserID must match searchparam: Responsible, Owner or Requester
Patient	optional but when present: must match searchparam Context
System	-	-	-

When searching for tasks based on careteam, it is possible, but not necessary to specify restriction categories. If they are not specified as search criteria, then they will be inferred from the privileges in the security-token.

...

Observation/QuestionnaireResponse/Media/Communication

Observation , QuestionnaireResponse and Media cannot be created directly. They can be created by calling $submit-measurement. QuestionnaireResponse can be created directly as drafts or as a completed QuestionnaireResponse by calling $submit-measurement

User Type	EpisodeOfCare Context	Patient Context	CareTeam Context
Communication read
Practitioner	optional but when present: must match communication.context	required if EpisodeOfCare context not present: must match communication.subject Only checked if EpisodeOfCare Context is not present.	A match must be found either through the Careteam or the UserID Careteam: must match either communication.senderCareTeam or communication.recipientCareTeam UserID: must match communication.sender or communication.recipient
Patient	-	required: must match communication.recipient or communication.sender	-
System	-	-	-

User Type	EpisodeOfCare Context	Patient Context	CareTeam Context	Extra permission
Communication create/patch
Practitioner	optional but when present: must match communication.context	required if EpisodeOfCare context not present: must match communication.subject Only checked if EpisodeOfCare Context is not present.	A match must be found either through the Careteam or the UserID Careteam: must match either communication.senderCareTeam UserID: must match communication.sender
Patient	-	required: must match communication.subject	-	communication.sender must match AuthToken.userId
System	-	-	-

User Type	EpisodeOfCare Context	Patient Context	CareTeam Context
Communication search
Practitioner	required: search param must match the context	-	A match must be found either through the Careteam or the UserID Careteam: must match either communication.senderCareTeam or communication.recipientCareTeam UserID: must match communication.sender or communication.recipient
Patient	-	required: context must match subject and either of sender or recipient search params	-
System	-	-	-

User Type	EpisodeOfCare Context	Patient Context	CareTeam Context
Observation read
Practitioner	required: must match observation.context	--	required: If the CareTeam is assigned on the EpisodeOfCare: The user is granted access with no further checks when the EpisodeOfCare.team of the EpisodeOfCare Context contains the CareTeam in the CareTeam Context If the Careteam is assigned on the CarePlan: Observation.basedOn must be a ProcedureRequest which is referenced in CarePlan.activity.reference where the CarePlan.careTeam contains the CareTeam in the CareTeam Context
Patient	optional but when present: must match observation.context	required when EOC context not present: must match observation.subject Only checked if EpisodeOfCare Context is not present.	--
System	--	--	--

User Type	EpisodeOfCare Context	Patient Context	CareTeam Context
Observation search
Practitioner	required: search param must match the context	--	required: If the CareTeam is assigned on the EpisodeOfCare: basedOn search parameter is not mandatory If the Careteam is assigned on the CarePlan: basedOn search parameter is mandatory and must must match the context
Patient	optional but when present: search param must match the context	required when EOC context not present: search param must match the context	--
System	--	--	--

User Type	EpisodeOfCare Context	Patient Context	CareTeam Context
QuestionnaireResponse read
Practitioner	required: must match questionnaireResponse.context	--	required: If the CareTeam is assigned on the EpisodeOfCare: The user is granted access with no further checks when the EpisodeOfCare.team of the EpisodeOfCare Context contains the CareTeam in the CareTeam Context If the Careteam is assigned on the CarePlan: QuestionnaireResponse.basedOn must be a ProcedureRequest which is referenced in CarePlan.activity.reference where the CarePlan.careTeam contains the CareTeam in the CareTeam Context
Patient	optional but when present: must match questionnaireResponse.context	required when EOC context not present: must match questionnaireResponse.subject	--
System	--	--	--

User Type	EpisodeOfCare Context	Patient Context	CareTeam Context
QuestionnaireResponse search
Practitioner	required: search param must match the context	--	required: If the CareTeam is assigned on the EpisodeOfCare: basedOn search parameter is not mandatory If the Careteam is assigned on the CarePlan: basedOn search parameter is mandatory and must must match the context
Patient	optional but when present: search param must match the context	required when EOC context not present: search param must match the context	--
System	--	--	--

User Type	EpisodeOfCare Context	CareTeam Context
QuestionnaireResponse create
Practitioner	required: must match questionnaireResponse.context	required: If the CareTeam is assigned on the EpisodeOfCare: The user is granted access with no further checks when the EpisodeOfCare.team of the EpisodeOfCare Context contains the CareTeam in the CareTeam Context If the Careteam is assigned on the CarePlan: QuestionnaireResponse.basedOn must be a ProcedureRequest which is referenced in CarePlan.activity.reference where the CarePlan.careTeam contains the CareTeam in the CareTeam Context
Patient	required must match questionnaireResponse.context	--
System	--	--

User Type	EpisodeOfCare Context	Patient Context	CareTeam Context
QuestionnaireResponse update
Practitioner	required: must match questionnaireResponse.context	--	required: If the CareTeam is assigned on the EpisodeOfCare: The user is granted access with no further checks when the EpisodeOfCare.team of the EpisodeOfCare Context contains the CareTeam in the CareTeam Context If the Careteam is assigned on the CarePlan: QuestionnaireResponse.basedOn must be a ProcedureRequest which is referenced in CarePlan.activity.reference where the CarePlan.careTeam contains the CareTeam in the CareTeam Context
Patient	--	required must match questionnaireResponse.subject	--
System	--	--	--

User Type	EpisodeOfCare Context	Patient Context	CareTeam Context
Media read
Practitioner	required: must match media.context	--	required: If the CareTeam is assigned on the EpisodeOfCare: The user is granted access with no further checks when the EpisodeOfCare.team of the EpisodeOfCare Context contains the CareTeam in the CareTeam Context If the Careteam is assigned on the CarePlan: Media.basedOn must be a ProcedureRequest which is referenced in CarePlan.activity.reference where the CarePlan.careTeam contains the CareTeam in the CareTeam Context
Patient	optional but when present: must match media.context	required when EOC context not present: must match media.subject	--
System	--	--	--

User Type	EpisodeOfCare Context	Patient Context	CareTeam Context
Media search
Practitioner	required: search param must match the context	--	required: If the CareTeam is assigned on the EpisodeOfCare: basedOn search parameter is not mandatory If the Careteam is assigned on the CarePlan: basedOn search parameter is mandatory and must must match the context
Patient	optional but when present: search param must match the context	required when EOC context not present: search param must match the context	--
System	--	--	--

User Type	EpisodeOfCare Context
$submit-measurement
Practitioner	required
Patient	required
System	--

User Type	EpisodeOfCare Context	Patient Context	CareTeam Context
$search-measurements
Practitioner	required: search param must match the context	--	required: If the CareTeam is assigned on the EpisodeOfCare: basedOn search parameter is not mandatory If the Careteam is assigned on the CarePlan: basedOn search parameter is mandatory and must must match the context
Patient	optional but when present: search param must match the context	required when EOC context not present: search param must match the context	--
System	--	--	--

Organization/Practitioner/CareTeam

...

Privately owned devices do not have context checks. The tables below are valid for devices owned by organizations.

User Type	Organization Context	Patient Context
Device/DeviceMetric create/update/delete
SSL supplier/Practitioner	required must match the Device.owner organization	Optional but when present: must match a DeviceUseStatement where: DeviceUseStatement subject = patient context DeviceUseStatement device references the device.
Patient	-	must match a DeviceUseStatement where: DeviceUseStatement subject = patient context DeviceUseStatement device references the device.
System	-

User Type	Patient Context	Organization Context
Device read
SSL supplier/Practitioner	Optional but when present: must match a DeviceUseStatement where: DeviceUseStatement subject = patient context DeviceUseStatement device references the device.	Required if patient context is not present. Must match device.owner
Patient	must match a DeviceUseStatement where: DeviceUseStatement subject = patient context DeviceUseStatement device references the device.	-
System		-

DeviceUseStatement create/update

User Type

Patient Context

Organization Context

SSL supplier/Practitioner

required

must match DeviceUseStatement.subject

required

must match the Device.owner organization

System

-

User Type	Patient Context	Organization Context
DeviceUseStatement read
SSL supplier/Practitioner	required must match DeviceUseStatement.subject	-
Patient	must match a DeviceUseStatement.subject	-
System	-	-

Questionnaire

User Type	FHIR Operation	Organization Context	Property updated	Role needed
Questionnaire
Practitioner / Patient	create	required: must match Questionnaire.modifierRole.reference	-	owner
	update	required: must match Questionnaire.modifierRole.reference	Questionnaire.modifierRole	owner
	update	required: must match Questionnaire.modifierRole.reference	Not Questionnaire.modifierRole	owner or co-author
	delete	required: must match Questionnaire.modifierRole.reference	-	owner
	read/search	-	-	-
System	-	-	-	-

Transform

These operations are stateless and only require privileges to call. There are no security context requirements for these operations

...

There are no context checks for CRUD and search operations for the Library resource.

User Type	EpisodeOfCare Context	Patient Context	CareTeam Context
Library evaluate
Practitioner	required: must match either Observation.context or QuestionnaireResponse.context	required: must match either Observation.subject or QuestionnaireResponse.subject	-
Patient	required: must match either Observation.context or QuestionnaireResponse.context	required: must match either Observation.subject or QuestionnaireResponse.subject	-
System	-	-	-

SSL

SSL Catalogue

User Type	Organization Context
SSL Catalogue create/update/read
SSL supplier	required: must resolve to and match the Catalogue.seller party
Practitioner	-
System	-

SSL CatalogueItem

User Type	Organization Context
SSL CatalogueItem create/update/read
SSL supplier	required: must resolve to and match the CatalogueItem.Catalogue.seller party
Practitioner	-
System	-

User Type	Organization Context
SSL CatalogueItems read
SSL supplier	required: must resolve to and match the CatalogueItem.Catalogue.seller party
Practitioner	required: must resolve to and match WhiteList.buyer party, only returns CatalogueItems referred by WhiteLists
System	-

SSL Annotation

User Type	Organization Context
SSL Annotation create/update/read/delete
SSL supplier	required: must resolve to and match the Annotation.CatalogueItem.Catalogue seller party
Practitioner	-
System	-

SSL WhiteList

User Type	Organization Context
SSL WhiteList create/read/delete
SSL supplier	- (no access)
Practitioner	required: must resolve to and match the WhiteList.buyer party
System	-

SSL BlackList

User Type	Patient Context
SSL BlackList create/read/delete
SSL supplier	- (no access)
Practitioner	required: must match the BlackList.patient
System	-

SSL Problem

User Type	Organization Context
SSL Problem create/patch/delete
SSL supplier	required: must resolve to and match the Problem.CatalogueItem.Catalogue seller party
Practitioner	- (no access)
System	-

User Type	Organization Context
SSL Problem read
SSL supplier	required: must resolve to and match the Problem.CatalogueItem.Catalogue seller party
Practitioner	required: must resolve to and match WhiteList.buyer party, only returns Problems with CatalogueItems referred by WhiteLists
System	-

SSL Package

User Type	Organization Context
SSL Package create/read/patch/delete
SSL supplier	- (no access)
Practitioner	required: must resolve to and match the Package.buyer party
System	-

SSL Orders

User Type	Organization Context	EpisodeOfCare Context	CareTeam Context
SSL Order create
SSL supplier	required: must resolve to and match the Order.seller party	required: used for reading CarePlan, see CarePlan resource for context rules	required: used for reading CarePlan, see CarePlan resource for context rules
Practitioner	required: must resolve to and match the Order.buyer party	required: used for reading CarePlan, see CarePlan resource for context rules	required: used for reading CarePlan, see CarePlan resource for context rules
System	-	-	-

User Type	Organization Context
SSL Order read/update/patch/delete/search
SSL supplier	required: must resolve to and match the Order.seller party
Practitioner	required: must resolve to and match the Order.buyer party
System	-

User Type	Organization Context
SSL OrderLine create/read/update/patch/delete/search
SSL supplier	required: must resolve to and match the OrderLine.Order.seller party
Practitioner	required: must resolve to and match the OrderLine.Order.buyer party
System	-

SSL Contract

User Type	Organization Context
SSL Contract create/patch/read
SSL supplier	required: must resolve to and match the Contract.seller party
Practitioner	-
System	-

User Type	Organization Context
custom/hasValidContract
SSL supplier	required: must resolve to and match the Contract.seller party
Practitioner	-
System	-

SSL Party

User Type	Organization Context
SSL Party create/update/read
SSL supplier	-
Practitioner	-
System	-

User Type	Organization Context
custom/findOrCreateParty
SSL supplier	required: must match the organization parameter
Practitioner	required: must match the organization parameter
System	-

Reports

Schedule/Fetch <Report_name>

User Type

Organization Context

UserID

Extra permission

Practitioner

required

Must match input parameter: ManagingOrganization

Only the user that called schedule is allowed to read the resulting /fhir/Binary/id

The privilege Report.non-anonymized is required if input parameter: anonymization == false

System-user

System user can't have an organization context

Only the user that called schedule is allowed to read the resulting /fhir/Binary/id

The privilege Report.non-anonymized is required if input parameter: anonymization == false

Patient/Appointment/Communication(eHealthMessage)/Person

...

Versions Compared

Old Version 1

New Version 2

Key

DocumentReference

CarePlan/ProcedureRequest

Goal

CommunicationRequest

ClinicalImpression/Task

Observation/QuestionnaireResponse/Media/Communication

Organization/Practitioner/CareTeam

Questionnaire

Transform

SSL

SSL Catalogue

SSL Package

SSL Orders

Reports

Patient/Appointment/Communication(eHealthMessage)/Person

Page Comparison

Versions Compared

Old Version 1

New Version 2

Key

DocumentReference

EpisodeOfCare/Condition/Provenance/Consent

CarePlan/ProcedureRequest

Goal

CommunicationRequest

ClinicalImpression/Task

Observation/QuestionnaireResponse/Media/Communication

Organization/Practitioner/CareTeam

Questionnaire

Transform

SSL

SSL Catalogue

SSL Package

SSL Orders

Reports

Patient/Appointment/Communication(eHealthMessage)/Person