Orion Health · Capability

Orion Health HIE API — Consent

Orion Health HIE API — Consent. 5 operations. Lead operation: Orion Health Search for patient consents. Self-contained Naftiko capability covering one Orion business surface.

Run with Naftiko OrionConsent

What You Can Do

GET
Searchconsents — Orion Health Search for patient consents
/v1/consent
POST
Createconsent — Orion Health Create a patient consent directive
/v1/consent
GET
Getconsent — Orion Health Get a consent directive
/v1/consent/{consentid}
PUT
Updateconsent — Orion Health Update a consent directive
/v1/consent/{consentid}
POST
Revokeconsent — Orion Health Revoke a consent directive
/v1/consent/{consentid}/revoke

MCP Tools

orion-health-search-patient-consents

Orion Health Search for patient consents

read-only idempotent
orion-health-create-patient-consent

Orion Health Create a patient consent directive

orion-health-get-consent-directive

Orion Health Get a consent directive

read-only idempotent
orion-health-update-consent-directive

Orion Health Update a consent directive

idempotent
orion-health-revoke-consent-directive

Orion Health Revoke a consent directive

Capability Spec

hie-consent.yaml Raw ↑ 
naftiko: 1.0.0-alpha2
info:
  label: Orion Health HIE API — Consent
  description: 'Orion Health HIE API — Consent. 5 operations. Lead operation: Orion Health Search for patient consents. Self-contained
    Naftiko capability covering one Orion business surface.'
  tags:
  - Orion
  - Consent
  created: '2026-05-19'
  modified: '2026-05-19'
binds:
- namespace: env
  keys:
    ORION_API_KEY: ORION_API_KEY
capability:
  consumes:
  - type: http
    namespace: hie-consent
    baseUri: https://api.orionhealth.com/hie
    description: Orion Health HIE API — Consent business capability. Self-contained, no shared references.
    resources:
    - name: consent
      path: /consent
      operations:
      - name: searchconsents
        method: GET
        description: Orion Health Search for patient consents
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: patientId
          in: query
          type: string
          required: true
        - name: status
          in: query
          type: string
        - name: purpose
          in: query
          type: string
          description: Purpose of use
      - name: createconsent
        method: POST
        description: Orion Health Create a patient consent directive
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: true
    - name: consent-consentId
      path: /consent/{consentId}
      operations:
      - name: getconsent
        method: GET
        description: Orion Health Get a consent directive
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: consentId
          in: path
          type: string
          required: true
      - name: updateconsent
        method: PUT
        description: Orion Health Update a consent directive
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: consentId
          in: path
          type: string
          required: true
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: true
    - name: consent-consentId-revoke
      path: /consent/{consentId}/revoke
      operations:
      - name: revokeconsent
        method: POST
        description: Orion Health Revoke a consent directive
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: consentId
          in: path
          type: string
          required: true
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: false
    authentication:
      type: bearer
      token: '{{env.ORION_API_KEY}}'
  exposes:
  - type: rest
    namespace: hie-consent-rest
    port: 8080
    description: REST adapter for Orion Health HIE API — Consent. One Spectral-compliant resource per consumed operation,
      prefixed with /v1.
    resources:
    - path: /v1/consent
      name: consent
      description: REST surface for consent.
      operations:
      - method: GET
        name: searchconsents
        description: Orion Health Search for patient consents
        call: hie-consent.searchconsents
        with:
          patientId: rest.patientId
          status: rest.status
          purpose: rest.purpose
        outputParameters:
        - type: object
          mapping: $.
      - method: POST
        name: createconsent
        description: Orion Health Create a patient consent directive
        call: hie-consent.createconsent
        with:
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/consent/{consentid}
      name: consent-consentid
      description: REST surface for consent-consentId.
      operations:
      - method: GET
        name: getconsent
        description: Orion Health Get a consent directive
        call: hie-consent.getconsent
        with:
          consentId: rest.consentId
        outputParameters:
        - type: object
          mapping: $.
      - method: PUT
        name: updateconsent
        description: Orion Health Update a consent directive
        call: hie-consent.updateconsent
        with:
          consentId: rest.consentId
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/consent/{consentid}/revoke
      name: consent-consentid-revoke
      description: REST surface for consent-consentId-revoke.
      operations:
      - method: POST
        name: revokeconsent
        description: Orion Health Revoke a consent directive
        call: hie-consent.revokeconsent
        with:
          consentId: rest.consentId
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
  - type: mcp
    namespace: hie-consent-mcp
    port: 9090
    transport: http
    description: MCP adapter for Orion Health HIE API — Consent. One tool per consumed operation, routed inline through this
      capability's consumes block.
    tools:
    - name: orion-health-search-patient-consents
      description: Orion Health Search for patient consents
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: hie-consent.searchconsents
      with:
        patientId: tools.patientId
        status: tools.status
        purpose: tools.purpose
      outputParameters:
      - type: object
        mapping: $.
    - name: orion-health-create-patient-consent
      description: Orion Health Create a patient consent directive
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: hie-consent.createconsent
      with:
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: orion-health-get-consent-directive
      description: Orion Health Get a consent directive
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: hie-consent.getconsent
      with:
        consentId: tools.consentId
      outputParameters:
      - type: object
        mapping: $.
    - name: orion-health-update-consent-directive
      description: Orion Health Update a consent directive
      hints:
        readOnly: false
        destructive: false
        idempotent: true
      call: hie-consent.updateconsent
      with:
        consentId: tools.consentId
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: orion-health-revoke-consent-directive
      description: Orion Health Revoke a consent directive
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: hie-consent.revokeconsent
      with:
        consentId: tools.consentId
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.