PCM API (FHIR + OAuth2) (2026-01-05)

Download OpenAPI specification:

Combined OpenAPI entry point that references the FHIR and OAuth2 specifications.

Organization

Parent, service-provider, and data-source organizations.

Search organizations

Search organizations by supported parameters. Used for discovery and retrieval, including searches by active flag or identifier.

query Parameters

_id	string
identifier	string FHIR identifier search parameter.
active	string Search by activation status (token; true\|false).
type	string Search by type code (Organization.type or HealthcareService.type).
partof	string
_include	string Include related resources (FHIR _include).
_include:iterate	string Recursive include for related resources.

Responses

Response samples

200
400
401
403
default

Content type

application/fhir+json

{"resourceType": "Bundle",
"id": "bundle-organization-search",
"type": "searchset",
"total": 2,
"entry": [{"search": {"mode": "match"
},
"resource": {"resourceType": "Organization",
"id": "org-parent-hospital-a",
"name": "Hospital A (Parent Legal Entity)"
}
},
{"search": {"mode": "match"
},
"resource": {"resourceType": "Organization",
"id": "org-parent-hmo-b-submit",
"name": "HMO B (Parent Legal Entity)"
}
}
]
}

Read organization

path Parameters

id

required

string

Responses

Response samples

Content type

application/fhir+json

Example

Hospital A parent org (retrieval)

{"resourceType": "Organization",
"id": "org-parent-hospital-a",
"meta": {"lastUpdated": "2025-01-01T13:28:17Z"
},
"active": true,
"name": "Hospital A (Parent Legal Entity)",
"identifier": [{"use": "official",
"system": "http://pcm.fhir.health.gov.il/identifier/example-organization-id",
"value": "HOSP-A-PARENT-001"
}
],
"type": [{"coding": [{"system": "http://fhir.health.gov.il/cs/pcm-org-type",
"code": "parent-org",
"display": "Parent Organization"
}
]
},
{"coding": [{"system": "http://fhir.health.gov.il/cs/institution-type-moh",
"code": 1,
"display": "General Hospital"
}
]
}
],
"telecom": [{"system": "phone",
"value": "+972-3-555-0100"
}
],
"address": [{"text": "1 Hospital A Rd, Jerusalem"
}
],
"contact": [{"purpose": {"coding": [{"system": "http://terminology.hl7.org/CodeSystem/contactentity-type",
"code": "ADMIN"
}
]
},
"name": {"text": "Hospital A - Administration"
},
"telecom": [{"system": "email",
"value": "admin@hospital-a.example.org"
}
]
},
{"purpose": {"coding": [{"system": "http://terminology.hl7.org/CodeSystem/contactentity-type",
"code": "PATINF"
}
]
},
"name": {"text": "Hospital A - Patient Information"
},
"telecom": [{"system": "phone",
"value": "+972-3-555-0101"
}
]
},
{"purpose": {"coding": [{"system": "http://fhir.health.gov.il/cs/pcm-contactentity-type",
"code": "SEC"
}
]
},
"name": {"text": "Hospital A - Security"
},
"telecom": [{"system": "email",
"value": "soc@hospital-a.example.org"
}
]
}
]
}

Update organization

Used by organizations to update allowed fields (contacts, endpoint reference, applicable certificate thumbprint (x5t#S256), and redirect URI depending on org type). PCM controls activation.

path Parameters

id

required

string

Request Body schema: application/fhir+json
required

resourceType required	string Value: "Organization"
id	string
	object (Meta)
	object (Narrative)
	Array of objects (Extension)
active	boolean
name	string
	Array of objects (Identifier)
	Array of objects (CodeableConcept)
	object (Reference)
	Array of objects (ContactPoint)
	Array of objects (Address)
	Array of objects (OrganizationContact)
	Array of objects (Reference)

Responses

Request samples

Payload

Content type

application/fhir+json

Example

HMO B parent org (submit/update)

{"resourceType": "Organization",
"active": false,
"name": "HMO B (Parent Legal Entity)",
"identifier": [{"use": "official",
"system": "http://pcm.fhir.health.gov.il/identifier/example-organization-id",
"value": "HMO-B-PARENT-001"
}
],
"type": [{"coding": [{"system": "http://fhir.health.gov.il/cs/pcm-org-type",
"code": "parent-org",
"display": "Parent Organization"
}
]
},
{"coding": [{"system": "http://fhir.health.gov.il/cs/institution-type-moh",
"code": 73,
"display": "Health Maintenance Organization"
}
]
}
],
"telecom": [{"system": "phone",
"value": "+972-3-555-0200"
}
],
"address": [{"text": "10 HMO B Ave, Tel Aviv"
}
],
"contact": [{"purpose": {"coding": [{"system": "http://terminology.hl7.org/CodeSystem/contactentity-type",
"code": "ADMIN"
}
]
},
"name": {"text": "HMO B - Administration"
},
"telecom": [{"system": "email",
"value": "admin@hmo-b.example.org"
}
]
},
{"purpose": {"coding": [{"system": "http://terminology.hl7.org/CodeSystem/contactentity-type",
"code": "PATINF"
}
]
},
"name": {"text": "HMO B - Patient Information"
},
"telecom": [{"system": "phone",
"value": "+972-3-555-0210"
}
]
},
{"purpose": {"coding": [{"system": "http://fhir.health.gov.il/cs/pcm-contactentity-type",
"code": "SEC"
}
]
},
"name": {"text": "HMO B - Security"
},
"telecom": [{"system": "email",
"value": "soc@hmo-b.example.org"
}
]
}
]
}

Response samples

Content type

application/fhir+json

Example

Hospital A parent org (retrieval)

{"resourceType": "Organization",
"id": "org-parent-hospital-a",
"meta": {"lastUpdated": "2025-01-01T13:28:17Z"
},
"active": true,
"name": "Hospital A (Parent Legal Entity)",
"identifier": [{"use": "official",
"system": "http://pcm.fhir.health.gov.il/identifier/example-organization-id",
"value": "HOSP-A-PARENT-001"
}
],
"type": [{"coding": [{"system": "http://fhir.health.gov.il/cs/pcm-org-type",
"code": "parent-org",
"display": "Parent Organization"
}
]
},
{"coding": [{"system": "http://fhir.health.gov.il/cs/institution-type-moh",
"code": 1,
"display": "General Hospital"
}
]
}
],
"telecom": [{"system": "phone",
"value": "+972-3-555-0100"
}
],
"address": [{"text": "1 Hospital A Rd, Jerusalem"
}
],
"contact": [{"purpose": {"coding": [{"system": "http://terminology.hl7.org/CodeSystem/contactentity-type",
"code": "ADMIN"
}
]
},
"name": {"text": "Hospital A - Administration"
},
"telecom": [{"system": "email",
"value": "admin@hospital-a.example.org"
}
]
},
{"purpose": {"coding": [{"system": "http://terminology.hl7.org/CodeSystem/contactentity-type",
"code": "PATINF"
}
]
},
"name": {"text": "Hospital A - Patient Information"
},
"telecom": [{"system": "phone",
"value": "+972-3-555-0101"
}
]
},
{"purpose": {"coding": [{"system": "http://fhir.health.gov.il/cs/pcm-contactentity-type",
"code": "SEC"
}
]
},
"name": {"text": "Hospital A - Security"
},
"telecom": [{"system": "email",
"value": "soc@hospital-a.example.org"
}
]
}
]
}

Endpoint

FHIR server endpoints for data sources.

Search endpoints

query Parameters

_id	string
thumbprint	string Search by NTN-registered applicable certificate thumbprint (x5t#S256, base64url SHA-256) stored in the Endpoint extension.

Responses

Response samples

200
400
401
403
default

Content type

application/fhir+json

{"resourceType": "Bundle",
"id": "bundle-endpoint-search",
"type": "searchset",
"total": 1,
"entry": [{"search": {"mode": "match"
},
"resource": {"resourceType": "Endpoint",
"id": "endpoint-hmo-b",
"address": "https://fhir.hmo-b.example.org/r4"
}
}
]
}

Create endpoint

Request Body schema: application/fhir+json
required

resourceType required	string Value: "Endpoint"
id	string
	object (Meta)
	object (Narrative)
	Array of objects (Extension)
status	string Enum: "active" "suspended" "error" "off" "entered-in-error" "test"
	object (Coding)
	Array of objects (CodeableConcept)
address	string
	object (Reference)

Responses

Request samples

Payload

Content type

application/fhir+json

{"resourceType": "Endpoint",
"status": "active",
"connectionType": {"system": "http://terminology.hl7.org/CodeSystem/endpoint-connection-type",
"code": "hl7-fhir-rest",
"display": "HL7 FHIR REST"
},
"payloadType": [{"coding": [{"system": "urn:oid:1.3.6.1.4.1.19376.1.2.3",
"code": "urn:ihe:pcc:xphr:2007",
"display": "XPHR Extract"
}
]
}
],
"address": "https://fhir.hmo-b.example.org/r4",
"managingOrganization": {"reference": "Organization/org-ds-hmo-b-submit"
},
"extension": [{"url": "http://pcm.fhir.health.gov.il/StructureDefinition/ext-applicable-certificates",
"extension": [{"url": "thumbprint",
"valueString": "dBjftJeZ4CVP-mB92K27uhbUJU1p1r_wW1gFWFOEjXk"
}
]
}
]
}

Response samples

201
400
401
403
default

Content type

application/fhir+json

{"resourceType": "Endpoint",
"id": "endpoint-hmo-b",
"status": "active",
"connectionType": {"system": "http://terminology.hl7.org/CodeSystem/endpoint-connection-type",
"code": "hl7-fhir-rest",
"display": "HL7 FHIR REST"
},
"payloadType": [{"coding": [{"system": "urn:oid:1.3.6.1.4.1.19376.1.2.3",
"code": "urn:ihe:pcc:xphr:2007",
"display": "XPHR Extract"
}
]
}
],
"address": "https://fhir.hmo-b.example.org/r4",
"managingOrganization": {"reference": "Organization/org-ds-hmo-b"
},
"extension": [{"url": "http://pcm.fhir.health.gov.il/StructureDefinition/ext-applicable-certificates",
"extension": [{"url": "thumbprint",
"valueString": "dBjftJeZ4CVP-mB92K27uhbUJU1p1r_wW1gFWFOEjXk"
}
]
}
]
}

Read endpoint

path Parameters

id

required

string

Responses

Response samples

Content type

application/fhir+json

Example

HMO B endpoint (retrieval)

{"resourceType": "Endpoint",
"id": "endpoint-hmo-b",
"status": "active",
"connectionType": {"system": "http://terminology.hl7.org/CodeSystem/endpoint-connection-type",
"code": "hl7-fhir-rest",
"display": "HL7 FHIR REST"
},
"payloadType": [{"coding": [{"system": "urn:oid:1.3.6.1.4.1.19376.1.2.3",
"code": "urn:ihe:pcc:xphr:2007",
"display": "XPHR Extract"
}
]
}
],
"address": "https://fhir.hmo-b.example.org/r4",
"managingOrganization": {"reference": "Organization/org-ds-hmo-b"
},
"extension": [{"url": "http://pcm.fhir.health.gov.il/StructureDefinition/ext-applicable-certificates",
"extension": [{"url": "thumbprint",
"valueString": "dBjftJeZ4CVP-mB92K27uhbUJU1p1r_wW1gFWFOEjXk"
}
]
}
]
}

Update endpoint

path Parameters

id

required

string

Request Body schema: application/fhir+json
required

resourceType required	string Value: "Endpoint"
id	string
	object (Meta)
	object (Narrative)
	Array of objects (Extension)
status	string Enum: "active" "suspended" "error" "off" "entered-in-error" "test"
	object (Coding)
	Array of objects (CodeableConcept)
address	string
	object (Reference)

Responses

Request samples

Payload

Content type

application/fhir+json

{"resourceType": "Endpoint",
"status": "active",
"connectionType": {"system": "http://terminology.hl7.org/CodeSystem/endpoint-connection-type",
"code": "hl7-fhir-rest",
"display": "HL7 FHIR REST"
},
"payloadType": [{"coding": [{"system": "urn:oid:1.3.6.1.4.1.19376.1.2.3",
"code": "urn:ihe:pcc:xphr:2007",
"display": "XPHR Extract"
}
]
}
],
"address": "https://fhir.hmo-b.example.org/r4",
"managingOrganization": {"reference": "Organization/org-ds-hmo-b-submit"
},
"extension": [{"url": "http://pcm.fhir.health.gov.il/StructureDefinition/ext-applicable-certificates",
"extension": [{"url": "thumbprint",
"valueString": "dBjftJeZ4CVP-mB92K27uhbUJU1p1r_wW1gFWFOEjXk"
}
]
}
]
}

Response samples

Content type

application/fhir+json

{"resourceType": "Endpoint",
"id": "endpoint-hmo-b",
"status": "active",
"connectionType": {"system": "http://terminology.hl7.org/CodeSystem/endpoint-connection-type",
"code": "hl7-fhir-rest",
"display": "HL7 FHIR REST"
},
"payloadType": [{"coding": [{"system": "urn:oid:1.3.6.1.4.1.19376.1.2.3",
"code": "urn:ihe:pcc:xphr:2007",
"display": "XPHR Extract"
}
]
}
],
"address": "https://fhir.hmo-b.example.org/r4",
"managingOrganization": {"reference": "Organization/org-ds-hmo-b"
},
"extension": [{"url": "http://pcm.fhir.health.gov.il/StructureDefinition/ext-applicable-certificates",
"extension": [{"url": "thumbprint",
"valueString": "dBjftJeZ4CVP-mB92K27uhbUJU1p1r_wW1gFWFOEjXk"
}
]
}
]
}

HealthcareService

Canonical and instance service definitions.

Search services

query Parameters

_id	string
identifier	string FHIR identifier search parameter.
active	string Search by activation status (token; true\|false).
category	string Search by HealthcareService.category.
type	string Search by type code (Organization.type or HealthcareService.type).
name	string Search by HealthcareService.name.
providedBy	string Search by HealthcareService.providedBy (instance profile only).

Responses

Response samples

200
400
401
403
default

Content type

application/fhir+json

{"resourceType": "Bundle",
"id": "bundle-healthcareservice-search",
"type": "searchset",
"total": 2,
"entry": [{"search": {"mode": "match"
},
"resource": {"resourceType": "HealthcareService",
"id": "svc-catalog-cross-org-summary",
"name": "Cross-Organization Patient Summary"
}
},
{"search": {"mode": "match"
},
"resource": {"resourceType": "HealthcareService",
"id": "svc-instance-hosp-a-cross-org-summary",
"name": "Hospital A - Patient App / Cross-Org Summary"
}
}
]
}

Create service (canonical or instance)

Service providers post an instance to register a service association. PCM admins may post canonical services as part of catalog management.

Request Body schema: application/fhir+json
required

resourceType required	string Value: "HealthcareService"
id	string
	object (Meta)
	object (Narrative)
	Array of objects (Extension)
active	boolean
	object (Reference)
name	string
	Array of objects (CodeableConcept)
	object (CodeableConcept)
extraDetails	string
	Array of objects (Identifier)

Responses

Request samples

Payload

Content type

application/fhir+json

Example

Service instance (submit)

{"resourceType": "HealthcareService",
"meta": {"profile": ["http://pcm.fhir.health.gov.il/StructureDefinition/pcm-healthcareservice-instance"
],
"tag": [{"system": "http://pcm.fhir.health.gov.il/cs/pcm-meta-tag",
"code": "instance",
"display": "Instance"
}
]
},
"active": false,
"name": "Hospital A - Patient App / Cross-Org Summary",
"category": [{"coding": [{"system": "http://terminology.hl7.org/CodeSystem/service-category",
"code": "35",
"display": "Hospital"
}
],
"text": "Cross-organization continuity of care"
}
],
"type": {"coding": [{"system": "http://terminology.hl7.org/CodeSystem/v3-ActCode",
"code": "INFA",
"display": "information access"
}
]
},
"extraDetails": "Hospital A patient app requests a cross-organization summary for treatment continuity.",
"extension": [{"url": "http://pcm.fhir.health.gov.il/StructureDefinition/ext-based-on-canonical-healthcareservice",
"valueReference": {"reference": "HealthcareService/svc-catalog-cross-org-summary"
}
},
{"url": "http://pcm.fhir.health.gov.il/StructureDefinition/ext-access-mode",
"valueCode": "continuous"
},
{"url": "http://pcm.fhir.health.gov.il/StructureDefinition/ext-access-duration",
"valueDuration": {"value": 6,
"system": "http://unitsofmeasure.org",
"code": "mo",
"unit": "months"
}
},
{"url": "http://pcm.fhir.health.gov.il/StructureDefinition/ext-example-query",
"valueString": "GET [FHIR BASE]/Observation?category=laboratory&_lastUpdated=ge{{period.start}}"
},
{"url": "http://pcm.fhir.health.gov.il/StructureDefinition/ext-allow-patient-basket-change",
"valueBoolean": true
},
{"url": "http://pcm.fhir.health.gov.il/StructureDefinition/ext-information-bucket",
"extension": [{"url": "bucket",
"valueCodeableConcept": {"coding": [{"system": "http://fhir.health.gov.il/cs/il-hdp-information-buckets",
"code": "laboratoryTests",
"display": "Laboratory tests"
}
]
}
},
{"url": "historyDepth",
"valueDuration": {"value": 2,
"system": "http://unitsofmeasure.org",
"code": "a",
"unit": "years"
}
}
]
},
{"url": "http://pcm.fhir.health.gov.il/StructureDefinition/ext-information-bucket",
"extension": [{"url": "bucket",
"valueCodeableConcept": {"coding": [{"system": "http://fhir.health.gov.il/cs/il-hdp-information-buckets",
"code": "medications",
"display": "Medications"
}
]
}
},
{"url": "historyDepth",
"valueDuration": {"value": 1,
"system": "http://unitsofmeasure.org",
"code": "a",
"unit": "years"
}
}
]
}
]
}

Response samples

201
400
401
403
default

Content type

application/fhir+json

Example

Canonical service (retrieval)

{"resourceType": "HealthcareService",
"id": "svc-catalog-cross-org-summary",
"meta": {"profile": ["http://pcm.fhir.health.gov.il/StructureDefinition/pcm-healthcareservice-canonical"
],
"tag": [{"system": "http://pcm.fhir.health.gov.il/cs/pcm-meta-tag",
"code": "catalog",
"display": "Catalog"
}
]
},
"identifier": [{"use": "official",
"system": "http://pcm.fhir.health.gov.il/identifier/pcm-healthcareservice-catalog-id",
"value": "PCM-CAT-0101"
}
],
"active": true,
"name": "Cross-Organization Patient Summary",
"category": [{"coding": [{"system": "http://terminology.hl7.org/CodeSystem/service-category",
"code": "35",
"display": "Hospital"
}
],
"text": "Hospital / continuity of care"
}
],
"type": {"coding": [{"system": "http://terminology.hl7.org/CodeSystem/v3-ActCode",
"code": "INFA",
"display": "information access"
}
]
},
"extraDetails": "A standardized summary used for cross-organization care coordination and treatment continuity.",
"extension": [{"url": "http://pcm.fhir.health.gov.il/StructureDefinition/ext-access-mode",
"valueCode": "continuous"
},
{"url": "http://pcm.fhir.health.gov.il/StructureDefinition/ext-access-duration",
"valueDuration": {"value": 6,
"system": "http://unitsofmeasure.org",
"code": "mo",
"unit": "months"
}
},
{"url": "http://pcm.fhir.health.gov.il/StructureDefinition/ext-example-query",
"valueString": "GET [FHIR BASE]/Observation?category=laboratory&_lastUpdated=ge{{period.start}}"
},
{"url": "http://pcm.fhir.health.gov.il/StructureDefinition/ext-example-query",
"valueString": "GET [FHIR BASE]/MedicationRequest?_lastUpdated=ge{{period.start}}"
},
{"url": "http://pcm.fhir.health.gov.il/StructureDefinition/ext-allow-patient-basket-change",
"valueBoolean": true
},
{"url": "http://pcm.fhir.health.gov.il/StructureDefinition/ext-information-bucket",
"extension": [{"url": "bucket",
"valueCodeableConcept": {"coding": [{"system": "http://fhir.health.gov.il/cs/il-hdp-information-buckets",
"code": "laboratoryTests",
"display": "Laboratory tests"
}
]
}
},
{"url": "historyDepth",
"valueDuration": {"value": 2,
"system": "http://unitsofmeasure.org",
"code": "a",
"unit": "years"
}
}
]
},
{"url": "http://pcm.fhir.health.gov.il/StructureDefinition/ext-information-bucket",
"extension": [{"url": "bucket",
"valueCodeableConcept": {"coding": [{"system": "http://fhir.health.gov.il/cs/il-hdp-information-buckets",
"code": "medications",
"display": "Medications"
}
]
}
},
{"url": "historyDepth",
"valueDuration": {"value": 1,
"system": "http://unitsofmeasure.org",
"code": "a",
"unit": "years"
}
}
]
}
]
}

Read service

path Parameters

id

required

string

Responses

Response samples

Content type

application/fhir+json

Example

Canonical service (retrieval)

{"resourceType": "HealthcareService",
"id": "svc-catalog-cross-org-summary",
"meta": {"profile": ["http://pcm.fhir.health.gov.il/StructureDefinition/pcm-healthcareservice-canonical"
],
"tag": [{"system": "http://pcm.fhir.health.gov.il/cs/pcm-meta-tag",
"code": "catalog",
"display": "Catalog"
}
]
},
"identifier": [{"use": "official",
"system": "http://pcm.fhir.health.gov.il/identifier/pcm-healthcareservice-catalog-id",
"value": "PCM-CAT-0101"
}
],
"active": true,
"name": "Cross-Organization Patient Summary",
"category": [{"coding": [{"system": "http://terminology.hl7.org/CodeSystem/service-category",
"code": "35",
"display": "Hospital"
}
],
"text": "Hospital / continuity of care"
}
],
"type": {"coding": [{"system": "http://terminology.hl7.org/CodeSystem/v3-ActCode",
"code": "INFA",
"display": "information access"
}
]
},
"extraDetails": "A standardized summary used for cross-organization care coordination and treatment continuity.",
"extension": [{"url": "http://pcm.fhir.health.gov.il/StructureDefinition/ext-access-mode",
"valueCode": "continuous"
},
{"url": "http://pcm.fhir.health.gov.il/StructureDefinition/ext-access-duration",
"valueDuration": {"value": 6,
"system": "http://unitsofmeasure.org",
"code": "mo",
"unit": "months"
}
},
{"url": "http://pcm.fhir.health.gov.il/StructureDefinition/ext-example-query",
"valueString": "GET [FHIR BASE]/Observation?category=laboratory&_lastUpdated=ge{{period.start}}"
},
{"url": "http://pcm.fhir.health.gov.il/StructureDefinition/ext-example-query",
"valueString": "GET [FHIR BASE]/MedicationRequest?_lastUpdated=ge{{period.start}}"
},
{"url": "http://pcm.fhir.health.gov.il/StructureDefinition/ext-allow-patient-basket-change",
"valueBoolean": true
},
{"url": "http://pcm.fhir.health.gov.il/StructureDefinition/ext-information-bucket",
"extension": [{"url": "bucket",
"valueCodeableConcept": {"coding": [{"system": "http://fhir.health.gov.il/cs/il-hdp-information-buckets",
"code": "laboratoryTests",
"display": "Laboratory tests"
}
]
}
},
{"url": "historyDepth",
"valueDuration": {"value": 2,
"system": "http://unitsofmeasure.org",
"code": "a",
"unit": "years"
}
}
]
},
{"url": "http://pcm.fhir.health.gov.il/StructureDefinition/ext-information-bucket",
"extension": [{"url": "bucket",
"valueCodeableConcept": {"coding": [{"system": "http://fhir.health.gov.il/cs/il-hdp-information-buckets",
"code": "medications",
"display": "Medications"
}
]
}
},
{"url": "historyDepth",
"valueDuration": {"value": 1,
"system": "http://unitsofmeasure.org",
"code": "a",
"unit": "years"
}
}
]
}
]
}

Update service (deactivate instance)

Instance owners may deactivate by PUT with active=false. PCM ignores non-writable elements and enforces policy.

path Parameters

id

required

string

Request Body schema: application/fhir+json
required

resourceType required	string Value: "HealthcareService"
id	string
	object (Meta)
	object (Narrative)
	Array of objects (Extension)
active	boolean
	object (Reference)
name	string
	Array of objects (CodeableConcept)
	object (CodeableConcept)
extraDetails	string
	Array of objects (Identifier)

Responses

Request samples

Payload

Content type

application/fhir+json

{"resourceType": "HealthcareService",
"meta": {"profile": ["http://pcm.fhir.health.gov.il/StructureDefinition/pcm-healthcareservice-instance"
],
"tag": [{"system": "http://pcm.fhir.health.gov.il/cs/pcm-meta-tag",
"code": "instance",
"display": "Instance"
}
]
},
"active": false,
"name": "Hospital A - Patient App / Cross-Org Summary",
"category": [{"coding": [{"system": "http://terminology.hl7.org/CodeSystem/service-category",
"code": "35",
"display": "Hospital"
}
],
"text": "Cross-organization continuity of care"
}
],
"type": {"coding": [{"system": "http://terminology.hl7.org/CodeSystem/v3-ActCode",
"code": "INFA",
"display": "information access"
}
]
},
"extraDetails": "Hospital A patient app requests a cross-organization summary for treatment continuity.",
"extension": [{"url": "http://pcm.fhir.health.gov.il/StructureDefinition/ext-based-on-canonical-healthcareservice",
"valueReference": {"reference": "HealthcareService/svc-catalog-cross-org-summary"
}
},
{"url": "http://pcm.fhir.health.gov.il/StructureDefinition/ext-access-mode",
"valueCode": "continuous"
},
{"url": "http://pcm.fhir.health.gov.il/StructureDefinition/ext-access-duration",
"valueDuration": {"value": 6,
"system": "http://unitsofmeasure.org",
"code": "mo",
"unit": "months"
}
},
{"url": "http://pcm.fhir.health.gov.il/StructureDefinition/ext-example-query",
"valueString": "GET [FHIR BASE]/Observation?category=laboratory&_lastUpdated=ge{{period.start}}"
},
{"url": "http://pcm.fhir.health.gov.il/StructureDefinition/ext-allow-patient-basket-change",
"valueBoolean": true
},
{"url": "http://pcm.fhir.health.gov.il/StructureDefinition/ext-information-bucket",
"extension": [{"url": "bucket",
"valueCodeableConcept": {"coding": [{"system": "http://fhir.health.gov.il/cs/il-hdp-information-buckets",
"code": "laboratoryTests",
"display": "Laboratory tests"
}
]
}
},
{"url": "historyDepth",
"valueDuration": {"value": 2,
"system": "http://unitsofmeasure.org",
"code": "a",
"unit": "years"
}
}
]
},
{"url": "http://pcm.fhir.health.gov.il/StructureDefinition/ext-information-bucket",
"extension": [{"url": "bucket",
"valueCodeableConcept": {"coding": [{"system": "http://fhir.health.gov.il/cs/il-hdp-information-buckets",
"code": "medications",
"display": "Medications"
}
]
}
},
{"url": "historyDepth",
"valueDuration": {"value": 1,
"system": "http://unitsofmeasure.org",
"code": "a",
"unit": "years"
}
}
]
}
]
}

Response samples

Content type

application/fhir+json

{"resourceType": "HealthcareService",
"id": "svc-instance-hosp-a-cross-org-summary",
"meta": {"profile": ["http://pcm.fhir.health.gov.il/StructureDefinition/pcm-healthcareservice-instance"
],
"tag": [{"system": "http://pcm.fhir.health.gov.il/cs/pcm-meta-tag",
"code": "instance",
"display": "Instance"
}
]
},
"active": true,
"providedBy": {"reference": "Organization/org-sp-hospital-a"
},
"name": "Hospital A - Patient App / Cross-Org Summary",
"category": [{"coding": [{"system": "http://terminology.hl7.org/CodeSystem/service-category",
"code": "35",
"display": "Hospital"
}
],
"text": "Cross-organization continuity of care"
}
],
"type": {"coding": [{"system": "http://terminology.hl7.org/CodeSystem/v3-ActCode",
"code": "INFA",
"display": "information access"
}
]
},
"extraDetails": "Approved instance; patients can now grant consents for Hospital A to access data.",
"extension": [{"url": "http://pcm.fhir.health.gov.il/StructureDefinition/ext-based-on-canonical-healthcareservice",
"valueReference": {"reference": "HealthcareService/svc-catalog-cross-org-summary"
}
},
{"url": "http://pcm.fhir.health.gov.il/StructureDefinition/ext-approval-window",
"valuePeriod": {"start": "2026-01-01T00:00:00+02:00",
"end": "2026-07-01T00:00:00+02:00"
}
},
{"url": "http://pcm.fhir.health.gov.il/StructureDefinition/ext-access-mode",
"valueCode": "continuous"
},
{"url": "http://pcm.fhir.health.gov.il/StructureDefinition/ext-access-duration",
"valueDuration": {"value": 6,
"system": "http://unitsofmeasure.org",
"code": "mo",
"unit": "months"
}
},
{"url": "http://pcm.fhir.health.gov.il/StructureDefinition/ext-example-query",
"valueString": "GET [FHIR BASE]/Observation?category=laboratory&_lastUpdated=ge{{period.start}}"
},
{"url": "http://pcm.fhir.health.gov.il/StructureDefinition/ext-allow-patient-basket-change",
"valueBoolean": true
},
{"url": "http://pcm.fhir.health.gov.il/StructureDefinition/ext-information-bucket",
"extension": [{"url": "bucket",
"valueCodeableConcept": {"coding": [{"system": "http://fhir.health.gov.il/cs/il-hdp-information-buckets",
"code": "laboratoryTests",
"display": "Laboratory tests"
}
]
}
},
{"url": "historyDepth",
"valueDuration": {"value": 2,
"system": "http://unitsofmeasure.org",
"code": "a",
"unit": "years"
}
}
]
},
{"url": "http://pcm.fhir.health.gov.il/StructureDefinition/ext-information-bucket",
"extension": [{"url": "bucket",
"valueCodeableConcept": {"coding": [{"system": "http://fhir.health.gov.il/cs/il-hdp-information-buckets",
"code": "medications",
"display": "Medications"
}
]
}
},
{"url": "historyDepth",
"valueDuration": {"value": 1,
"system": "http://unitsofmeasure.org",
"code": "a",
"unit": "years"
}
}
]
}
]
}

Consent

Consent requests and approvals. Deletion is not supported; service providers may only deactivate consents they created.

Search consents

Search consents by supported parameters. Use _include to return actor organizations, endpoints, and parent orgs in a single bundle.

query Parameters

_id	string
identifier	string FHIR identifier search parameter.
status	string
patient	string Search by patient logical reference; supports patient.identifier chain (system\|value).
pcm-service	string Search by pcmService extension reference (HealthcareService instance).
_include	string Include related resources (FHIR _include).
_include:iterate	string Recursive include for related resources.

Responses

Response samples

200
400
401
403
default

Content type

application/fhir+json

{"resourceType": "Bundle",
"id": "bundle-consent-include-actors-endpoints",
"link": [{"relation": "self",
"url": "https://pcm.fhir.health.gov.il/r4/Consent?_id=resource-id-12345&_include=Consent:actor&_include:iterate=Organization:endpoint&_include:iterate=Organization:partof"
}
],
"entry": [{"search": {"mode": "match"
},
"resource": {"resourceType": "Consent",
"id": "consent-approved-hosp-a-cross-org-summary",
"meta": {"lastUpdated": "2026-01-05T08:25:00Z",
"profile": ["http://pcm.fhir.health.gov.il/StructureDefinition/pcm-consent"
]
},
"text": {"status": "generated",
"div": "<div xmlns=\"http://www.w3.org/1999/xhtml\"><p>Approved consent including selected data sources. Service providers use it to request source access tokens and resolve endpoints.</p><p>FHIR REST: <code>GET https://pcm.fhir.health.gov.il/r4/Consent/{consent-id}</code></p></div>"
},
"identifier": [{"use": "official",
"system": "http://pcm.fhir.health.gov.il/identifier/pcm-consent-id",
"value": "PCM-CONSENT-0101"
}
],
"scope": {"coding": [{"system": "http://terminology.hl7.org/CodeSystem/consentscope",
"code": "patient-privacy",
"display": "Patient Privacy"
}
]
},
"category": [{"coding": [{"system": "http://fhir.health.gov.il/cs/pcm-consent-access-mode",
"code": "continuous",
"display": "Continuous"
}
]
},
{"coding": [{"system": "http://terminology.hl7.org/CodeSystem/v3-ActCode",
"code": "INFA",
"display": "information access"
}
]
}
],
"patient": {"identifier": {"system": "http://fhir.health.gov.il/identifier/il-national-id",
"value": "324573740"
}
},
"extension": [{"url": "http://pcm.fhir.health.gov.il/StructureDefinition/ext-pcm-service",
"valueReference": {"reference": "HealthcareService/svc-instance-hosp-a-cross-org-summary"
}
}
],
"provision": {"purpose": [{"system": "http://terminology.hl7.org/CodeSystem/v3-ActReason",
"code": "TREAT",
"display": "treatment"
}
],
"period": {"start": "2026-01-05T00:00:00+02:00",
"end": "2026-07-05T00:00:00+02:00"
},
"actor": [{"role": {"coding": [{"system": "http://terminology.hl7.org/CodeSystem/v3-ParticipationType",
"code": "IRCP",
"display": "information recipient"
}
]
},
"reference": {"reference": "Organization/org-sp-hospital-a"
}
},
{"role": {"coding": [{"system": "http://terminology.hl7.org/CodeSystem/v3-ParticipationType",
"code": "CST",
"display": "custodian"
}
]
},
"reference": {"reference": "Organization/org-ds-hmo-b"
}
}
],
"type": "permit"
},
"status": "active",
"dateTime": "2026-01-05T10:22:30+02:00"
}
},
{"search": {"mode": "include"
},
"resource": {"resourceType": "Organization",
"id": "org-sp-hospital-a",
"meta": {"lastUpdated": "2025-01-01T13:28:17Z",
"profile": ["http://pcm.fhir.health.gov.il/StructureDefinition/pcm-organization-service-provider"
]
},
"text": {"status": "generated",
"div": "<div xmlns=\"http://www.w3.org/1999/xhtml\"><p>Activated service-provider organization for Hospital A. Referenced as the requestor (IRCP) in consent requests.</p><p>FHIR REST: <code>GET https://pcm.fhir.health.gov.il/r4/Organization/{service-provider-id}</code></p></div>"
},
"identifier": [{"use": "official",
"system": "http://pcm.fhir.health.gov.il/identifier/example-organization-id",
"value": "HOSP-A-SP-001"
}
],
"type": [{"coding": [{"system": "http://fhir.health.gov.il/cs/pcm-org-type",
"code": "service-provider",
"display": "Service Provider"
}
]
},
{"coding": [{"system": "http://fhir.health.gov.il/cs/institution-type-moh",
"code": "1",
"display": "General Hospital"
}
]
}
],
"extension": [{"url": "http://pcm.fhir.health.gov.il/StructureDefinition/ext-oauth2-redirect-uri",
"valueUrl": "https://app.hospital-a.example.org/pcm/oauth2/callback"
},
{"extension": [{"url": "thumbprint",
"valueString": "dBjftJeZ4CVP-mB92K27uhbUJU1p1r_wW1gFWFOEjXk"
}
],
"url": "http://pcm.fhir.health.gov.il/StructureDefinition/ext-applicable-certificates"
}
],
"active": true,
"name": "Hospital A - Patient App (Service Provider)",
"partOf": {"reference": "Organization/org-parent-hospital-a"
}
}
},
{"search": {"mode": "include"
},
"resource": {"resourceType": "Organization",
"id": "org-ds-hmo-b",
"meta": {"lastUpdated": "2025-01-01T13:28:17Z",
"profile": ["http://pcm.fhir.health.gov.il/StructureDefinition/pcm-organization-source"
]
},
"text": {"status": "generated",
"div": "<div xmlns=\"http://www.w3.org/1999/xhtml\"><p>Activated data-source organization for HMO B. Referenced in Consent.provision.actor as a custodian (CST).</p><p>FHIR REST: <code>GET https://pcm.fhir.health.gov.il/r4/Organization/{data-source-id}</code></p></div>"
},
"identifier": [{"use": "official",
"system": "http://pcm.fhir.health.gov.il/identifier/example-organization-id",
"value": "HMO-B-DS-001"
}
],
"type": [{"coding": [{"system": "http://fhir.health.gov.il/cs/pcm-org-type",
"code": "source",
"display": "Data Source"
}
]
},
{"coding": [{"system": "http://fhir.health.gov.il/cs/institution-type-moh",
"code": "73",
"display": "Health Maintenance Organization"
}
]
}
],
"endpoint": [{"reference": "Endpoint/endpoint-hmo-b"
}
],
"extension": [{"extension": [{"url": "thumbprint",
"valueString": "dBjftJeZ4CVP-mB92K27uhbUJU1p1r_wW1gFWFOEjXk"
}
],
"url": "http://pcm.fhir.health.gov.il/StructureDefinition/ext-applicable-certificates"
}
],
"active": true,
"name": "HMO B - Clinical Data Source",
"partOf": {"reference": "Organization/org-parent-hmo-b-submit"
}
}
},
{"search": {"mode": "include"
},
"resource": {"resourceType": "Endpoint",
"id": "endpoint-hmo-b",
"meta": {"profile": ["http://pcm.fhir.health.gov.il/StructureDefinition/pcm-endpoint"
]
},
"text": {"status": "generated",
"div": "<div xmlns=\"http://www.w3.org/1999/xhtml\"><p>Validated FHIR endpoint for HMO B. Returned during retrieval flows so providers can call the data source.</p><p>FHIR REST: <code>GET https://pcm.fhir.health.gov.il/r4/Endpoint/{endpoint-id}</code></p></div>"
},
"payloadType": [{"coding": [{"code": "urn:ihe:pcc:xphr:2007",
"system": "urn:oid:1.3.6.1.4.1.19376.1.2.3",
"display": "XPHR Extract"
}
]
}
],
"extension": [{"extension": [{"url": "thumbprint",
"valueString": "dBjftJeZ4CVP-mB92K27uhbUJU1p1r_wW1gFWFOEjXk"
}
],
"url": "http://pcm.fhir.health.gov.il/StructureDefinition/ext-applicable-certificates"
}
],
"connectionType": {"system": "http://terminology.hl7.org/CodeSystem/endpoint-connection-type",
"code": "hl7-fhir-rest",
"display": "HL7 FHIR REST"
},
"status": "active",
"address": "https://fhir.hmo-b.example.org/r4",
"managingOrganization": {"reference": "Organization/org-ds-hmo-b"
}
}
},
{"search": {"mode": "include"
},
"resource": {"resourceType": "Organization",
"id": "org-parent-hospital-a",
"meta": {"lastUpdated": "2025-01-01T13:28:17Z",
"profile": ["http://pcm.fhir.health.gov.il/StructureDefinition/pcm-organization-parent"
]
},
"text": {"status": "generated",
"div": "<div xmlns=\"http://www.w3.org/1999/xhtml\"><p>Activated parent organization for Hospital A. It is the legal entity referenced by the service-provider and data-source child orgs.</p><p>FHIR REST: <code>GET https://pcm.fhir.health.gov.il/r4/Organization/{parent-id}</code></p></div>"
},
"identifier": [{"use": "official",
"system": "http://pcm.fhir.health.gov.il/identifier/example-organization-id",
"value": "HOSP-A-PARENT-001"
}
],
"type": [{"coding": [{"system": "http://fhir.health.gov.il/cs/pcm-org-type",
"code": "parent-org",
"display": "Parent Organization"
}
]
},
{"coding": [{"system": "http://fhir.health.gov.il/cs/institution-type-moh",
"code": "1",
"display": "General Hospital"
}
]
}
],
"telecom": [{"system": "phone",
"value": "+972-3-555-0100"
}
],
"address": [{"text": "1 Hospital A Rd, Jerusalem"
}
],
"contact": [{"purpose": {"coding": [{"system": "http://terminology.hl7.org/CodeSystem/contactentity-type",
"code": "ADMIN"
}
]
},
"name": {"text": "Hospital A - Administration"
},
"telecom": [{"system": "email",
"value": "admin@hospital-a.example.org"
}
]
},
{"purpose": {"coding": [{"system": "http://terminology.hl7.org/CodeSystem/contactentity-type",
"code": "PATINF"
}
]
},
"name": {"text": "Hospital A - Patient Information"
},
"telecom": [{"system": "phone",
"value": "+972-3-555-0101"
}
]
},
{"purpose": {"coding": [{"system": "http://fhir.health.gov.il/cs/pcm-contactentity-type",
"code": "SEC"
}
]
},
"name": {"text": "Hospital A - Security"
},
"telecom": [{"system": "email",
"value": "soc@hospital-a.example.org"
}
]
}
],
"active": true,
"name": "Hospital A (Parent Legal Entity)"
}
},
{"search": {"mode": "include"
},
"resource": {"resourceType": "Organization",
"id": "org-parent-hmo-b-submit",
"meta": {"profile": ["http://pcm.fhir.health.gov.il/StructureDefinition/pcm-organization-parent"
]
},
"text": {"status": "generated",
"div": "<div xmlns=\"http://www.w3.org/1999/xhtml\"><p>HMO B updates its parent organization record after NTN onboarding. This supplies required contacts and operational details used by PCM for activation.</p><p>FHIR REST: <code>PUT https://pcm.fhir.health.gov.il/r4/Organization/{parent-id}</code></p></div>"
},
"identifier": [{"use": "official",
"system": "http://pcm.fhir.health.gov.il/identifier/example-organization-id",
"value": "HMO-B-PARENT-001"
}
],
"type": [{"coding": [{"system": "http://fhir.health.gov.il/cs/pcm-org-type",
"code": "parent-org",
"display": "Parent Organization"
}
]
},
{"coding": [{"system": "http://fhir.health.gov.il/cs/institution-type-moh",
"code": "73",
"display": "Health Maintenance Organization"
}
]
}
],
"telecom": [{"system": "phone",
"value": "+972-3-555-0200"
}
],
"address": [{"text": "10 HMO B Ave, Tel Aviv"
}
],
"contact": [{"purpose": {"coding": [{"system": "http://terminology.hl7.org/CodeSystem/contactentity-type",
"code": "ADMIN"
}
]
},
"name": {"text": "HMO B - Administration"
},
"telecom": [{"system": "email",
"value": "admin@hmo-b.example.org"
}
]
},
{"purpose": {"coding": [{"system": "http://terminology.hl7.org/CodeSystem/contactentity-type",
"code": "PATINF"
}
]
},
"name": {"text": "HMO B - Patient Information"
},
"telecom": [{"system": "phone",
"value": "+972-3-555-0210"
}
]
},
{"purpose": {"coding": [{"system": "http://fhir.health.gov.il/cs/pcm-contactentity-type",
"code": "SEC"
}
]
},
"name": {"text": "HMO B - Security"
},
"telecom": [{"system": "email",
"value": "soc@hmo-b.example.org"
}
]
}
],
"active": false,
"name": "HMO B (Parent Legal Entity)"
}
}
],
"type": "searchset",
"total": 1
}

Create consent request

Request Body schema: application/fhir+json
required

resourceType required	string Value: "Consent"
id	string
	object (Meta)
	object (Narrative)
	Array of objects (Extension)
status	string Enum: "proposed" "active" "rejected" "inactive"
dateTime	string <date-time>
	Array of objects (Identifier)
	object (CodeableConcept)
	Array of objects (CodeableConcept)
	object (Reference)
	object (ConsentProvision)

Responses

Request samples

Payload

Content type

application/fhir+json

{"resourceType": "Consent",
"status": "proposed",
"scope": {"coding": [{"system": "http://terminology.hl7.org/CodeSystem/consentscope",
"code": "patient-privacy",
"display": "Patient Privacy"
}
]
},
"category": [{"coding": [{"system": "http://terminology.hl7.org/CodeSystem/v3-ActCode",
"code": "INFA",
"display": "information access"
}
]
}
],
"patient": {"identifier": {"system": "http://fhir.health.gov.il/identifier/il-national-id",
"value": "324573740"
}
},
"extension": [{"url": "http://pcm.fhir.health.gov.il/StructureDefinition/ext-pcm-service",
"valueReference": {"reference": "HealthcareService/svc-instance-hosp-a-cross-org-summary"
}
}
],
"provision": {"type": "permit",
"purpose": [{"system": "http://terminology.hl7.org/CodeSystem/v3-ActReason",
"code": "TREAT",
"display": "treatment"
}
]
}
}

Response samples

201
400
401
403
default

Content type

application/fhir+json

{"resourceType": "Consent",
"id": "consent-request-created-hosp-a-cross-org-summary",
"meta": {"lastUpdated": "2026-01-05T08:10:00Z"
},
"identifier": [{"use": "official",
"system": "http://pcm.fhir.health.gov.il/identifier/pcm-consent-id",
"value": "PCM-CONSENT-0101"
}
],
"status": "proposed",
"dateTime": "2026-01-05T10:10:00+02:00",
"scope": {"coding": [{"system": "http://terminology.hl7.org/CodeSystem/consentscope",
"code": "patient-privacy",
"display": "Patient Privacy"
}
]
},
"category": [{"coding": [{"system": "http://fhir.health.gov.il/cs/pcm-consent-access-mode",
"code": "continuous",
"display": "Continuous"
}
]
},
{"coding": [{"system": "http://terminology.hl7.org/CodeSystem/v3-ActCode",
"code": "INFA",
"display": "information access"
}
]
}
],
"patient": {"identifier": {"system": "http://fhir.health.gov.il/identifier/il-national-id",
"value": "324573740"
}
},
"extension": [{"url": "http://pcm.fhir.health.gov.il/StructureDefinition/ext-pcm-service",
"valueReference": {"reference": "HealthcareService/svc-instance-hosp-a-cross-org-summary"
}
}
],
"provision": {"type": "permit",
"purpose": [{"system": "http://terminology.hl7.org/CodeSystem/v3-ActReason",
"code": "TREAT",
"display": "treatment"
}
],
"actor": [{"role": {"coding": [{"system": "http://terminology.hl7.org/CodeSystem/v3-ParticipationType",
"code": "IRCP",
"display": "information recipient"
}
]
},
"reference": {"reference": "Organization/org-sp-hospital-a"
}
}
]
}
}

Read consent

path Parameters

id

required

string

Responses

Response samples

Content type

application/fhir+json

{"resourceType": "Consent",
"id": "consent-approved-hosp-a-cross-org-summary",
"meta": {"lastUpdated": "2026-01-05T08:25:00Z"
},
"identifier": [{"use": "official",
"system": "http://pcm.fhir.health.gov.il/identifier/pcm-consent-id",
"value": "PCM-CONSENT-0101"
}
],
"status": "active",
"dateTime": "2026-01-05T10:22:30+02:00",
"scope": {"coding": [{"system": "http://terminology.hl7.org/CodeSystem/consentscope",
"code": "patient-privacy",
"display": "Patient Privacy"
}
]
},
"category": [{"coding": [{"system": "http://fhir.health.gov.il/cs/pcm-consent-access-mode",
"code": "continuous",
"display": "Continuous"
}
]
},
{"coding": [{"system": "http://terminology.hl7.org/CodeSystem/v3-ActCode",
"code": "INFA",
"display": "information access"
}
]
}
],
"patient": {"identifier": {"system": "http://fhir.health.gov.il/identifier/il-national-id",
"value": "324573740"
}
},
"extension": [{"url": "http://pcm.fhir.health.gov.il/StructureDefinition/ext-pcm-service",
"valueReference": {"reference": "HealthcareService/svc-instance-hosp-a-cross-org-summary"
}
}
],
"provision": {"type": "permit",
"purpose": [{"system": "http://terminology.hl7.org/CodeSystem/v3-ActReason",
"code": "TREAT",
"display": "treatment"
}
],
"period": {"start": "2026-01-05T00:00:00+02:00",
"end": "2026-07-05T00:00:00+02:00"
},
"actor": [{"role": {"coding": [{"system": "http://terminology.hl7.org/CodeSystem/v3-ParticipationType",
"code": "IRCP",
"display": "information recipient"
}
]
},
"reference": {"reference": "Organization/org-sp-hospital-a"
}
},
{"role": {"coding": [{"system": "http://terminology.hl7.org/CodeSystem/v3-ParticipationType",
"code": "CST",
"display": "custodian"
}
]
},
"reference": {"reference": "Organization/org-ds-hmo-b"
}
}
]
}
}

Update consent status

Used by PCM (portal) to approve/reject/revoke, and by service provider to deactivate its own consent (status=inactive). Service providers may update only consents they created; deletion is not supported.

path Parameters

id

required

string

Request Body schema: application/fhir+json
required

resourceType required	string Value: "Consent"
id	string
	object (Meta)
	object (Narrative)
	Array of objects (Extension)
status	string Enum: "proposed" "active" "rejected" "inactive"
dateTime	string <date-time>
	Array of objects (Identifier)
	object (CodeableConcept)
	Array of objects (CodeableConcept)
	object (Reference)
	object (ConsentProvision)

Responses

Request samples

Payload

Content type

application/fhir+json

{"resourceType": "Consent",
"id": "consent-approved-hosp-a-cross-org-summary",
"meta": {"lastUpdated": "2026-01-05T08:25:00Z"
},
"identifier": [{"use": "official",
"system": "http://pcm.fhir.health.gov.il/identifier/pcm-consent-id",
"value": "PCM-CONSENT-0101"
}
],
"status": "active",
"dateTime": "2026-01-05T10:22:30+02:00",
"scope": {"coding": [{"system": "http://terminology.hl7.org/CodeSystem/consentscope",
"code": "patient-privacy",
"display": "Patient Privacy"
}
]
},
"category": [{"coding": [{"system": "http://fhir.health.gov.il/cs/pcm-consent-access-mode",
"code": "continuous",
"display": "Continuous"
}
]
},
{"coding": [{"system": "http://terminology.hl7.org/CodeSystem/v3-ActCode",
"code": "INFA",
"display": "information access"
}
]
}
],
"patient": {"identifier": {"system": "http://fhir.health.gov.il/identifier/il-national-id",
"value": "324573740"
}
},
"extension": [{"url": "http://pcm.fhir.health.gov.il/StructureDefinition/ext-pcm-service",
"valueReference": {"reference": "HealthcareService/svc-instance-hosp-a-cross-org-summary"
}
}
],
"provision": {"type": "permit",
"purpose": [{"system": "http://terminology.hl7.org/CodeSystem/v3-ActReason",
"code": "TREAT",
"display": "treatment"
}
],
"period": {"start": "2026-01-05T00:00:00+02:00",
"end": "2026-07-05T00:00:00+02:00"
},
"actor": [{"role": {"coding": [{"system": "http://terminology.hl7.org/CodeSystem/v3-ParticipationType",
"code": "IRCP",
"display": "information recipient"
}
]
},
"reference": {"reference": "Organization/org-sp-hospital-a"
}
},
{"role": {"coding": [{"system": "http://terminology.hl7.org/CodeSystem/v3-ParticipationType",
"code": "CST",
"display": "custodian"
}
]
},
"reference": {"reference": "Organization/org-ds-hmo-b"
}
}
]
}
}

Response samples

Content type

application/fhir+json

{"resourceType": "Consent",
"id": "consent-approved-hosp-a-cross-org-summary",
"meta": {"lastUpdated": "2026-01-05T08:25:00Z"
},
"identifier": [{"use": "official",
"system": "http://pcm.fhir.health.gov.il/identifier/pcm-consent-id",
"value": "PCM-CONSENT-0101"
}
],
"status": "active",
"dateTime": "2026-01-05T10:22:30+02:00",
"scope": {"coding": [{"system": "http://terminology.hl7.org/CodeSystem/consentscope",
"code": "patient-privacy",
"display": "Patient Privacy"
}
]
},
"category": [{"coding": [{"system": "http://fhir.health.gov.il/cs/pcm-consent-access-mode",
"code": "continuous",
"display": "Continuous"
}
]
},
{"coding": [{"system": "http://terminology.hl7.org/CodeSystem/v3-ActCode",
"code": "INFA",
"display": "information access"
}
]
}
],
"patient": {"identifier": {"system": "http://fhir.health.gov.il/identifier/il-national-id",
"value": "324573740"
}
},
"extension": [{"url": "http://pcm.fhir.health.gov.il/StructureDefinition/ext-pcm-service",
"valueReference": {"reference": "HealthcareService/svc-instance-hosp-a-cross-org-summary"
}
}
],
"provision": {"type": "permit",
"purpose": [{"system": "http://terminology.hl7.org/CodeSystem/v3-ActReason",
"code": "TREAT",
"display": "treatment"
}
],
"period": {"start": "2026-01-05T00:00:00+02:00",
"end": "2026-07-05T00:00:00+02:00"
},
"actor": [{"role": {"coding": [{"system": "http://terminology.hl7.org/CodeSystem/v3-ParticipationType",
"code": "IRCP",
"display": "information recipient"
}
]
},
"reference": {"reference": "Organization/org-sp-hospital-a"
}
},
{"role": {"coding": [{"system": "http://terminology.hl7.org/CodeSystem/v3-ParticipationType",
"code": "CST",
"display": "custodian"
}
]
},
"reference": {"reference": "Organization/org-ds-hmo-b"
}
}
]
}
}

VerificationResult

Approvals for service instances.

Search approvals

query Parameters

_id

string

Responses

Response samples

200
400
401
403
default

Content type

application/fhir+json

{"resourceType": "Bundle",
"id": "bundle-verificationresult-search",
"type": "searchset",
"total": 1,
"entry": [{"search": {"mode": "match"
},
"resource": {"resourceType": "VerificationResult",
"id": "approval-hmo-b-parent-for-hosp-a-instance",
"status": "validated"
}
}
]
}

Create approval

Request Body schema: application/fhir+json
required

resourceType required	string Value: "VerificationResult"
id	string
	object (Meta)
	object (Narrative)
	Array of objects (Extension)
status	string Value: "validated"
	Array of objects (Reference)
	object

Responses

Request samples

Payload

Content type

application/fhir+json

{"resourceType": "VerificationResult",
"status": "validated",
"target": [{"reference": "HealthcareService/svc-instance-hosp-a-cross-org-summary-submit"
}
],
"validator": {"organization": {"reference": "Organization/org-parent-hmo-b-submit"
}
}
}

Response samples

201
400
401
403
default

Content type

application/fhir+json

{"resourceType": "VerificationResult",
"id": "approval-hmo-b-parent-for-hosp-a-instance",
"status": "validated",
"target": [{"reference": "HealthcareService/svc-instance-hosp-a-cross-org-summary"
}
],
"validator": {"organization": {"reference": "Organization/org-parent-hmo-b-submit"
}
}
}

Read approval

path Parameters

id

required

string

Responses

Response samples

Content type

application/fhir+json

{"resourceType": "VerificationResult",
"id": "approval-hmo-b-parent-for-hosp-a-instance",
"status": "validated",
"target": [{"reference": "HealthcareService/svc-instance-hosp-a-cross-org-summary"
}
],
"validator": {"organization": {"reference": "Organization/org-parent-hmo-b-submit"
}
}
}

CapabilityStatement

Server metadata and supported interactions.

Read capability statement

Returns the PCM server CapabilityStatement describing supported resources, interactions, and search parameters.

Authorizations:

mutualTLS

Responses

Response samples

200
400
401
403
default

Content type

application/fhir+json

{"resourceType": "CapabilityStatement",
"id": "pcm-capabilitystatement",
"url": "http://pcm.fhir.health.gov.il/CapabilityStatement/pcm-capabilitystatement",
"description": "Only the resources and interactions defined by pcm_process_flow.md are declared here.",
"format": ["json"
],
"software": {"name": "PCM FHIR Server"
},
"implementation": {"description": "PCM FHIR endpoint for consent and service orchestration.",
"url": "https://pcm.fhir.health.gov.il/r4"
},
"text": {"status": "generated",
"div": "<div xmlns=\"http://www.w3.org/1999/xhtml\">CapabilityStatement for the PCM FHIR server. It supports Organization onboarding updates, Endpoint registration, HealthcareService catalog/instance management, VerificationResult approvals, and Consent lifecycle operations as documented in pcm_process_flow.md.</div>\n"
},
"rest": [{"security": {"description": "Client authentication uses mTLS and client_credentials tokens; PCM enforces authorization."
},
"resource": [{"supportedProfile": ["http://pcm.fhir.health.gov.il/StructureDefinition/pcm-organization-parent",
"http://pcm.fhir.health.gov.il/StructureDefinition/pcm-organization-service-provider",
"http://pcm.fhir.health.gov.il/StructureDefinition/pcm-organization-source"
],
"interaction": [{"code": "read"
},
{"code": "search-type"
},
{"code": "update"
}
],
"searchParam": [{"name": "_id",
"type": "token",
"documentation": "Search by logical id."
},
{"name": "identifier",
"type": "token",
"documentation": "Search by organization business identifier."
},
{"name": "active",
"type": "token",
"documentation": "Search by activation status."
},
{"name": "type",
"type": "token",
"documentation": "Search by organization type."
},
{"name": "partof",
"type": "reference",
"documentation": "Search by parent organization reference."
}
],
"searchInclude": ["Organization:endpoint",
"Organization:partof"
],
"type": "Organization",
"documentation": "PCM creates Organization skeletons; organizations update allowed contact and linkage fields. Activation is PCM-controlled."
},
{"interaction": [{"code": "read"
},
{"code": "search-type"
},
{"code": "create"
},
{"code": "update"
}
],
"searchParam": [{"name": "_id",
"type": "token",
"documentation": "Search by logical id."
},
{"name": "thumbprint",
"type": "token",
"definition": "http://pcm.fhir.health.gov.il/SearchParameter/pcm-endpoint-thumbprint",
"documentation": "Search by applicable certificate thumbprint (x5t#S256)."
}
],
"type": "Endpoint",
"profile": "http://pcm.fhir.health.gov.il/StructureDefinition/pcm-endpoint",
"documentation": "FHIR server endpoint for a Data Source organization."
},
{"supportedProfile": ["http://pcm.fhir.health.gov.il/StructureDefinition/pcm-healthcareservice-canonical",
"http://pcm.fhir.health.gov.il/StructureDefinition/pcm-healthcareservice-instance"
],
"interaction": [{"code": "read"
},
{"code": "search-type"
},
{"code": "create"
},
{"code": "update"
}
],
"searchParam": [{"name": "_id",
"type": "token",
"documentation": "Search by logical id."
},
{"name": "active",
"type": "token",
"documentation": "Search by activation status."
},
{"name": "identifier",
"type": "token",
"documentation": "Search by HealthcareService business identifier."
},
{"name": "category",
"type": "token",
"documentation": "Search by HealthcareService.category."
},
{"name": "type",
"type": "token",
"documentation": "Search by HealthcareService.type."
},
{"name": "name",
"type": "string",
"documentation": "Search by HealthcareService.name."
},
{"name": "providedBy",
"type": "reference",
"documentation": "Search by HealthcareService.providedBy (instance profile only)."
}
],
"type": "HealthcareService",
"documentation": "Catalog definitions and instance registrations tied to organizations."
},
{"interaction": [{"code": "read"
},
{"code": "search-type"
},
{"code": "create"
},
{"code": "update"
}
],
"searchParam": [{"name": "_id",
"type": "token",
"documentation": "Search by logical id."
},
{"name": "identifier",
"type": "token",
"documentation": "Search by PCM consent business identifier."
},
{"name": "status",
"type": "token",
"documentation": "Search by Consent.status."
},
{"name": "patient",
"type": "reference",
"documentation": "Search by patient logical reference (supports patient.identifier chain)."
},
{"name": "pcm-service",
"type": "reference",
"definition": "http://pcm.fhir.health.gov.il/SearchParameter/pcm-consent-service",
"documentation": "Search by the pcmService extension reference (HealthcareService instance)."
}
],
"searchInclude": ["Consent:actor"
],
"type": "Consent",
"profile": "http://pcm.fhir.health.gov.il/StructureDefinition/pcm-consent",
"documentation": "Consent requests and approved consents for PCM services. Supports _include=Consent:actor and _include:iterate=Organization:endpoint|Organization:partof on consent searches."
},
{"interaction": [{"code": "read"
},
{"code": "search-type"
},
{"code": "create"
}
],
"searchParam": [{"name": "_id",
"type": "token",
"documentation": "Search by logical id."
}
],
"type": "VerificationResult",
"profile": "http://pcm.fhir.health.gov.il/StructureDefinition/pcm-verificationresult-service-approval",
"documentation": "Approvals by data source parent organizations targeting service instances."
}
],
"mode": "server",
"documentation": "PCM server supports only the interactions described in the process flow."
}
],
"name": "PcmCapabilityStatement",
"title": "PCM FHIR Capability Statement",
"status": "active",
"experimental": false,
"date": "2026-01-05",
"publisher": "PCM",
"kind": "instance",
"fhirVersion": "4.0.1"
}

SMART

SMART on FHIR OAuth2 configuration.

Read SMART on FHIR configuration

OAuth2/SMART discovery document for the PCM authorization server.

Authorizations:

mutualTLS

Responses

Response samples

200
default

Content type

application/json

{"issuer": "https://pcm.auth.example.org",
"authorization_endpoint": "https://pcm.auth.example.org/authorize",
"token_endpoint": "https://pcm.auth.example.org/token",
"introspection_endpoint": "https://pcm.auth.example.org/introspect",
"grant_types_supported": ["client_credentials",
"authorization_code",
"refresh_token"
],
"response_types_supported": ["code"
],
"response_modes_supported": ["query"
],
"token_endpoint_auth_methods_supported": ["tls_client_auth"
],
"code_challenge_methods_supported": ["S256"
],
"scopes_supported": ["system/Organization.read",
"system/Organization.write",
"system/Endpoint.read",
"system/Endpoint.write",
"system/HealthcareService.read",
"system/HealthcareService.write",
"system/Consent.read",
"system/Consent.write",
"system/VerificationResult.read",
"system/VerificationResult.write"
],
"capabilities": ["client-confidential-asymmetric",
"permission-v2"
]
}

OAuth2

Token issuance and introspection.

Issue access token (client_credentials)

Issues an opaque access token using client_credentials Oauth2 flow, protected with mTLS. The issued token is associated with the client_assertion certificate (NTN registered client cert). For data source access, the client_assertion MUST include UDAP B2B extensions with a Consent reference (URL).

Authorizations:

mutualTLS

Request Body schema: application/x-www-form-urlencoded
required

grant_type required	string Value: "client_credentials"
client_assertion_type required	string Value: "urn:ietf:params:oauth:client-assertion-type:jwt-bearer"
client_assertion required	string Signed JWT (private_key_jwt) used for client authentication. Must be signed with the private key corresponding to the mTLS client certificate. Required claims: iss: Client ID (Organization URI) sub: Client ID (same as iss) aud: Token endpoint URL (https://pcm.fhir.health.gov.il/token) jti: Unique identifier iat/exp: Issued/expiration times (short-lived) For data source access, the JWT MUST include UDAP B2B extensions: extensions.hl7-b2b.organization_id extensions.hl7-b2b.consent_reference (array of Consent URLs) extensions.hl7-b2b.purpose_of_use (array, e.g. ["TREAT"])
scope	string Requested scopes.
resource required	string RFC 8707 resource indicator (required). Used to indicate data source FHIR base URL for data source access tokens.

Responses

Request samples

Payload

Content type

application/x-www-form-urlencoded

Example

PCM management token request (RFC 8707 + private_key_jwt)

grant_type=client_credentials&client_assertion_type=urn%3Aietf%3Aparams%3Aoauth%3Aclient-assertion-type%3Ajwt-bearer&client_assertion=eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJodHRwOi8vcGNtLmZoaXIuaGVhbHRoLmdvdi5pbC9Pcmdhbml6YXRpb24vb3JnLXNwIiwic3ViIjoiaHR0cDovL3BjbS5maGlyLmhlYWx0aC5nb3YuaWwvT3JnYW5pemF0aW9uL29yZy1zcCIsImF1ZCI6Imh0dHBzOi8vcGNtLmZoaXIuaGVhbHRoLmdvdi5pbC90b2tlbiIsImp0aSI6ImY0YjM4ZmZkLTMyZTQtNGFhOS04ZWE2LWFlY2I0Y2E3OTU4MSIsImlhdCI6MTcwNjY0MDAwMCwiZXhwIjoxNzA2NjQwMzAwfQ.R6wTt6m8gT3_ExampleSignature&scope=system%2F%2A.cruds&resource=https%3A%2F%2Fpcm.fhir.health.gov.il%2Fr4

Response samples

200
400
401

Content type

application/json

Example

PCM management token (opaque)

{"access_token": "2f1b8b7e-2d1a-4b0b-9e9a-9f02a7b3b6a1",
"token_type": "Bearer",
"expires_in": 30,
"scope": "system/*.cruds"
}

Introspect access token

Validates an access token and returns its associated claims. Protected with mTLS and requires bearer token authentication.

Authorizations:

mutualTLSbearerAuth

Request Body schema: application/x-www-form-urlencoded
required

token

required

string

Token to introspect.

Responses

Request samples

Payload

Content type

application/x-www-form-urlencoded

token=2f1b8b7e-2d1a-4b0b-9e9a-9f02a7b3b6a1

Response samples

200
400
401

Content type

application/json

{"active": true,
"scope": "system/*.cruds",
"client_id": "http://pcm.fhir.health.gov.il/Organization/org-sp",
"organization_id": "org-sp",
"patient": "http://fhir.health.gov.il/identifier/il-national-id|000000018",
"fhirContext": [{"type": "Consent",
"identifier": {"system": "http://pcm.fhir.health.gov.il/identifier/pcm-consent-id",
"value": "PCM-CONSENT-0001"
}
},
{"type": "HealthcareService",
"identifier": {"system": "http://pcm.fhir.health.gov.il/identifier/pcm-healthcareservice-catalog-id",
"value": 98765
}
}
],
"cnf": {"x5t#S256": "dBjftJeZ4CVP-mB92K27uhbUJU1p1r_wW1gFWFOEjXk"
},
"exp": 1706640030,
"iat": 1706640000,
"iss": "http://pcm.fhir.health.gov.il/",
"aud": "https://pcm.fhir.health.gov.il/r4",
"sub": "http://pcm.fhir.health.gov.il/Organization/org-sp"
}

PCM API (FHIR + OAuth2) (2026-01-05)

Organization

Search organizations

query Parameters

Responses

Response samples

Read organization

path Parameters

Responses

Response samples

Update organization

path Parameters

Request Body schema: application/fhir+jsonrequired

Responses

Request samples

Response samples

Endpoint

Search endpoints

query Parameters

Responses

Response samples

Create endpoint

Request Body schema: application/fhir+jsonrequired

Responses

Request samples

Response samples

Read endpoint

path Parameters

Responses

Response samples

Update endpoint

path Parameters

Request Body schema: application/fhir+jsonrequired

Responses

Request samples

Response samples

HealthcareService

Search services

query Parameters

Responses

Response samples

Create service (canonical or instance)

Request Body schema: application/fhir+jsonrequired

Responses

Request samples

Response samples

Read service

path Parameters

Responses

Response samples

Update service (deactivate instance)

path Parameters

Request Body schema: application/fhir+jsonrequired

Responses

Request samples

Response samples

Consent

Search consents

query Parameters

Responses

Response samples

Create consent request

Request Body schema: application/fhir+jsonrequired

Responses

Request samples

Response samples

Read consent

path Parameters

Responses

Response samples

Update consent status

path Parameters

Request Body schema: application/fhir+jsonrequired

Responses

Request samples

Response samples

VerificationResult

Search approvals

query Parameters

Responses

Request Body schema: application/fhir+json
required

Request Body schema: application/fhir+json
required

Request Body schema: application/fhir+json
required

Request Body schema: application/fhir+json
required

Request Body schema: application/fhir+json
required

Request Body schema: application/fhir+json
required

Request Body schema: application/fhir+json
required

Request Body schema: application/fhir+json
required

Request Body schema: application/x-www-form-urlencoded
required

Request Body schema: application/x-www-form-urlencoded
required