Skip to main content

Purpose-based access Every PHI-touching route declares the purposes it accepts: ```

purposeBasedAccess(‘patients’, ‘TREATMENT’, ‘PAYMENT’, ‘OPERATIONS’, ‘EMERGENCY’) Requests must carry a purpose claim that matches one of the accepted values; otherwise the request is denied with 403 phi_consent_required.