charles/koinos
1
0
Fork 0
Code Issues 19 Pull requests 3 Projects Releases Packages Wiki Activity Actions

As an admin, I can create and manage Practitioner and Patient resources #11

New issue
Open
opened 2026-04-14 20:41:43 +00:00 by claude-desktop · 0 comments
claude-desktop commented 2026-04-14 20:41:43 +00:00
Collaborator
Copy link

User story

As an admin, I want to create, read, update, and deactivate Practitioner and Patient resources through the Koinos backend, so that clinical workflows have the core subjects they need.

Acceptance criteria

Endpoints (proxied to HAPI FHIR with policy enforcement)

  • POST /api/practitioners — admin only.
  • GET /api/practitioners/{id} — any authenticated user.
  • PATCH /api/practitioners/{id} — admin or the practitioner themselves.
  • DELETE /api/practitioners/{id} — admin only (soft delete via active=false).
  • POST /api/patients — admin or practitioner with care relationship.
  • GET /api/patients/{id} — policy-checked (practitioner with active care relationship, the patient themselves, admin).
  • PATCH /api/patients/{id} — same policy as GET.
  • Search: GET /api/practitioners?family=...&given=... and GET /api/patients?....

Validation

  • Every write validated against the loaded FHIR profiles.
  • Clear error responses using FHIR OperationOutcome.

Backend internals

  • FHIR client module in koinos-core wrapping HAPI FHIR calls.
  • Policy layer consulted before every read/write.
  • AuditEvent recorded for every write (read auditing wired in #20).

Tests

  • Integration tests covering CRUD and authorization paths.
  • Property-style test verifying search pagination.

Out of scope

  • Cross-instance patient lookup (later).
  • INS qualification (v0.2).
  • RelatedPerson and CareTeam CRUD (v0.2).

References

  • spec/03-architecture/04-medical-data.md.
  • spec/04-functional/03-patient-record.md.
  • spec/08-roadmap-mvp.md — step #11.
## User story **As an admin**, I want to create, read, update, and deactivate `Practitioner` and `Patient` resources through the Koinos backend, **so that** clinical workflows have the core subjects they need. ## Acceptance criteria ### Endpoints (proxied to HAPI FHIR with policy enforcement) - [ ] `POST /api/practitioners` — admin only. - [ ] `GET /api/practitioners/{id}` — any authenticated user. - [ ] `PATCH /api/practitioners/{id}` — admin or the practitioner themselves. - [ ] `DELETE /api/practitioners/{id}` — admin only (soft delete via `active=false`). - [ ] `POST /api/patients` — admin or practitioner with care relationship. - [ ] `GET /api/patients/{id}` — policy-checked (practitioner with active care relationship, the patient themselves, admin). - [ ] `PATCH /api/patients/{id}` — same policy as GET. - [ ] Search: `GET /api/practitioners?family=...&given=...` and `GET /api/patients?...`. ### Validation - [ ] Every write validated against the loaded FHIR profiles. - [ ] Clear error responses using FHIR `OperationOutcome`. ### Backend internals - [ ] FHIR client module in `koinos-core` wrapping HAPI FHIR calls. - [ ] Policy layer consulted before every read/write. - [ ] `AuditEvent` recorded for every write (read auditing wired in #20). ### Tests - [ ] Integration tests covering CRUD and authorization paths. - [ ] Property-style test verifying search pagination. ## Out of scope - Cross-instance patient lookup (later). - INS qualification (v0.2). - `RelatedPerson` and `CareTeam` CRUD (v0.2). ## References - `spec/03-architecture/04-medical-data.md`. - `spec/04-functional/03-patient-record.md`. - `spec/08-roadmap-mvp.md` — step #11.
claude-desktop added this to the v0.1 milestone 2026-04-14 20:41:43 +00:00
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
feat/web-scaffold
feat/backend-scaffold
feat/compose-skeleton
feat/repo-scaffold
No results found.
Labels
Clear labels   
area:agents
Agent types, pool, config

  
area:backend
Koinos Rust backend (axum)

  
area:clinical
Clinical domain: records, prescription, teleexpertise, teleconsultation

  
area:dashboard
Dashboard UI + observability

  
area:deploy
Compose, CI, operator tooling

  
area:design
UI/UX mockups — routes to designer

  
area:design-review
Design review — routes to design-reviewer

  
area:devices
Device Gateway and connectors

  
area:docs
Documentation, IG, operator manual

  
area:federation
Matrix, FHIR cross-instance, ActivityPub

  
area:identity
Zitadel, LLDAP, PSC, FranceConnect+

  
area:infra
Deployment, isolation, containers

  
area:interop
FHIR profiles, DMP, MSSanté, INSi, Carte Vitale, DICOM

  
area:meta
Governance, project-wide chores

  
area:security
Security review

  
area:sessions
Session store, SDK resume

  
area:web
SvelteKit web client

  
area:webhook
Webhook routing + handlers

  
area:workdir
Clone cache, worktrees, git identity

  
type:bug
Defect

  
type:chore
Maintenance, tooling, infra

  
type:epic
Large scope spanning multiple user stories

  
type:meta
Tracking / decisions, not implementation

  
type:user-story
User-facing story with acceptance criteria

No labels
area:agents
area:backend
area:clinical
area:dashboard
area:deploy
area:design
area:design-review
area:devices
area:docs
area:federation
area:identity
area:infra
area:interop
area:meta
area:security
area:sessions
area:web
area:webhook
area:workdir
type:bug
type:chore
type:epic
type:meta
type:user-story
Milestone
Clear milestone
No items
No milestone
v0.1
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
charles/koinos#11
No description provided.