The Patient resource represents individuals receiving healthcare services. OmniEHR implements full CRUD operations with encrypted PHI fields and automatic PID assignment.
Endpoints
Create Patient
Only users with the admin role can create Patient resources. Practitioners and auditors have read-only access.
POST /api/fhir/Patient
Authorization: Bearer {token}
Content-Type: application/json
Patient identifiers. System automatically assigns a 7-digit PID.
Patient name(s) with given and family fields. Stored encrypted.
Administrative gender: male, female, other, or unknown
Birth date in YYYY-MM-DD format
Contact details (phone, email). Values are encrypted at rest.
Patient addresses. All fields encrypted (line, city, state, postalCode).
Whether the patient record is active. Defaults to true.
Example Request
curl -X POST https://api.example.com/api/fhir/Patient \
-H "Authorization: Bearer YOUR_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"resourceType": "Patient",
"active": true,
"name": [{
"use": "official",
"family": "Doe",
"given": ["Jane"]
}],
"gender": "female",
"birthDate": "1990-05-15",
"telecom": [
{
"system": "phone",
"value": "+1-555-0123",
"use": "home"
},
{
"system": "email",
"value": "[email protected]"
}
],
"address": [{
"use": "home",
"line": ["123 Main St"],
"city": "Springfield",
"state": "IL",
"postalCode": "62701"
}]
}'
Response
MongoDB ObjectId for the patient
Includes system-assigned PID in format PAT-1234567
{
"resourceType": "Patient",
"id": "65f1234567890abcdef12345",
"identifier": [
{
"system": "http://example.org/fhir/patient-id",
"value": "PAT-1234567"
}
],
"active": true,
"name": [{
"use": "official",
"family": "Doe",
"given": ["Jane"]
}],
"gender": "female",
"birthDate": "1990-05-15",
"telecom": [
{
"system": "phone",
"value": "+1-555-0123",
"use": "home"
},
{
"system": "email",
"value": "[email protected]"
}
],
"address": [{
"use": "home",
"line": ["123 Main St"],
"city": "Springfield",
"state": "IL",
"postalCode": "62701"
}]
}
List Patients
GET /api/fhir/Patient
Authorization: Bearer {token}
Number of results per page (default: 20, max: 100)
Starting offset for pagination (default: 0)
Example Request
curl -X GET "https://api.example.com/api/fhir/Patient?_count=10&_offset=0" \
-H "Authorization: Bearer YOUR_TOKEN"
Response
Returns a FHIR Bundle with type: "searchset"
{
"resourceType": "Bundle",
"type": "searchset",
"total": 42,
"entry": [
{
"resource": {
"resourceType": "Patient",
"id": "65f1234567890abcdef12345",
"identifier": [{
"system": "http://example.org/fhir/patient-id",
"value": "PAT-1234567"
}],
"name": [{
"family": "Doe",
"given": ["Jane"]
}],
"gender": "female"
}
}
]
}
Get Patient by ID
GET /api/fhir/Patient/:id
Authorization: Bearer {token}
Example Request
curl -X GET https://api.example.com/api/fhir/Patient/65f1234567890abcdef12345 \
-H "Authorization: Bearer YOUR_TOKEN"
Update Patient
Only admin role can update Patient resources.
PUT /api/fhir/Patient/:id
Authorization: Bearer {token}
Content-Type: application/json
Get Patient Everything
Retrieve a patient’s complete longitudinal record including all related resources.
GET /api/fhir/Patient/:id/$everything
Authorization: Bearer {token}
Response
Returns a Bundle containing:
- Patient resource
- All Observations
- All Conditions
- All AllergyIntolerances
- All MedicationRequests
- All Encounters
- All Appointments
- All Tasks
curl -X GET https://api.example.com/api/fhir/Patient/65f1234567890abcdef12345/\$everything \
-H "Authorization: Bearer YOUR_TOKEN"
PHI Encryption
The following Patient fields are encrypted at rest using AES-256-GCM:
name[].givenname[].familytelecom[].value (phone, email)address[].lineaddress[].cityaddress[].stateaddress[].postalCode
Role Permissions
| Role | Create | Read | Update | Delete |
|---|
| Admin | ✅ | ✅ | ✅ | ❌ |
| Practitioner | ❌ | ✅ | ❌ | ❌ |
| Auditor | ❌ | ✅ | ❌ | ❌ |
Observation
Clinical observations linked to patients
Condition
Patient conditions and diagnoses
Encounter
Clinical encounters for patients
Appointment
Patient appointments