DEVHIDE
Login Or Sign up

How to check access based on both userId and dataId using the Google Healthcare Consent API?

102 Views Asked by At

Users can add other users to their careteam and assign a role to each member of their careteam. When accessing the profile of another user, the system should check if the user gave consent to do this.

Question 1: How to check if user X gave consent to view the profile of user Y?

Question 2: Can Google Healthcare Consent API handle this?

Question 3: Does it make sense to use Google Healthcare Consent API for this?

Current concept

Example use case: Grandma is the patient and Alice is taking care of her in a "doctor" context.

In the current setup, there is a dataMapping for each careteam member:

{
  userId: 'id_of_alice',
  dataId: 'users/id_of_grandma/profile',
  resourceAttributes: [
    {
      attributeDefinitionId: 'careteam',
      values: ['doctor']
    }
  ]
}

I used two methods to check if Alice has access to Grandma's profile:

checkDataAccess

This method takes a dataId as input and returns true if consent was given to ANY user. That's not very useful... Should I lookup the userId on my side and pass the role in requestAttributes? (What does the Consent API offer then?)

evaluateUserConsents

This method takes a userId as input and returns all consented dataIds. This does not seem scalable. A doctor may have access to thousands of patients.

google-cloud-platform google-healthcare-api
Original Q&A
1

There are 1 best solutions below

0
On

According to the current documentation [1] it is not possible to check access based on both UserId and DataId. It is documented that each has its own process [2][3].

For your question #1 You would need to implement some sort of filtering in your application to be able to have what you are looking for.

For question #2 it seems that the Consent management API currently does not offer that functionality.

For your question #3, the consent management API can help you to manage the access of the users by applying policies [4].

It is important to mention that the Consent Management API is still in beta [5] and new features could be included in the future.

[1]https://cloud.google.com/healthcare/docs/how-tos/consent-access-determination [2]https://cloud.google.com/healthcare/docs/how-tos/consent-access-determination#making_consent_access_determinations_for_specific_data_elements [3]https://cloud.google.com/healthcare/docs/how-tos/consent-access-determination#making_an_access_determination_for_all_consents_for_a_user [4]https://cloud.google.com/healthcare/docs/how-tos/consent-policies [5]https://cloud.google.com/healthcare/docs/release-notes#October_08_2020

Related Questions in GOOGLE-CLOUD-PLATFORM

Related Questions in GOOGLE-HEALTHCARE-API

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Popular Questions

Copyright © 2021 Jogjafile Inc.