Skip to content

fix(security): enforce FHIR patient compartment filtering#8

Merged
SafetyMP merged 1 commit into
mainfrom
fix/security-review-issues
Jul 12, 2026
Merged

fix(security): enforce FHIR patient compartment filtering#8
SafetyMP merged 1 commit into
mainfrom
fix/security-review-issues

Conversation

@SafetyMP

Copy link
Copy Markdown
Owner

Summary

  • Enforce patient compartment checks for patient-scoped tokens on FHIR reads
  • Require CDS Hooks patient context to match authenticated patient compartment

Test plan

  • Issue patient-scoped token for patient A and verify patient B read is denied
  • Verify CDS endpoint rejects cross-patient context
  • Run auth policy unit tests

Closes #7

Patient-scoped tokens are limited to their bound patient for reads and
CDS Hooks evaluation.
Copilot AI review requested due to automatic review settings July 12, 2026 01:35

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copilot was unable to review this pull request because the user who requested the review has reached their quota limit.

@SafetyMP
SafetyMP merged commit 8ced3f2 into main Jul 12, 2026
2 of 5 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

security: enforce FHIR patient compartment filtering

2 participants