patients:read)
3. Purpose-based access — the purpose claim restricts what records the actor can access (treatment, payment, operations) Combined with tenant context and RLS, this forms a four-layer defense for every PHI access.Identity, scopes, and purpose-based access
patients:read)
3. Purpose-based access — the purpose claim restricts what records the actor can access (treatment, payment, operations) Combined with tenant context and RLS, this forms a four-layer defense for every PHI access.