Health Gorilla uses OAuth 2.0 scopes and role-based access control (RBAC) to manage and enforce fine-grained access to APIs. This ensures that clients and users can only perform actions explicitly authorized for them.
OAuth Scopes
OAuth scopes define what a token can access. When requesting a token, you must include the appropriate scopes. If a token lacks the required scope, the API will return a 403 Forbidden error.
Common Scopes
| Scope | Description |
|---|---|
user/. | Full user-level access to all FHIR resources |
patient/*.read | Read-only access to all patient resources |
patient/*.write | Write access to patient resources |
user/Observation.read | Read Observation resources |
user/MedicationRequest.write | Create MedicationRequest entries |
patient360 | Access Patient360 aggregated longitudinal data |
Scope-Based Access Examples
Read Patient Data
GET /fhir/Patient/{id}
Authorization: Bearer {access_token}
Required Scope: patient/*.read
Submit Medication Request
POST /fhir/MedicationRequest
Authorization: Bearer {access_token}
Content-Type: application/json
Example Payload
{
"resourceType": "MedicationRequest",
"status": "active",
"intent": "order",
"medicationCodeableConcept": {
"text": "Atorvastatin 40mg Tablet"
},
"subject": {
"reference": "Patient/{patient_id}"
}
}
Required Scope: user/MedicationRequest.write
Role-Based Access Control (RBAC)
In addition to scopes, Health Gorilla enforces role-based access rules tied to user accounts. This adds a layer of security by ensuring users can only act within the boundaries of their assigned roles.
User Roles and Permissions
| Role | Allowed Actions |
|---|---|
| Physician | Full read/write access to patient records |
| Nurse | Retrieve and update patient data, but cannot create medication requests |
| Administrative User | Access limited to demographic and billing data |
| System Integration | Server-based access with explicitly defined scopes only |
Tokens are evaluated based on both the granted scopes and the user or client’s role. A user may have the correct scope but still be denied if their role is too restrictive.