A bit in relation to this, for a laugh.
In the Netherlands there was a plan to roll out a system to provide clinical data to everyone who needed professional access. They did ten years in designing and spending half a billion Euro's.
The promise was to garantue to the patient a fine-grained authorization-mechanism in which the patient (if intelligent enough) could give people/professions access to the necessary parts of the data.
There would be an emergency-access-definition also.
Also detailed logging of who would have had access to data was promised.
And now the joke, they did not succeed, they failed in all promises, despite working ten years on it, despite having dozens of the best educated people working for them.
Despite CSC and Intersystems working for them.
And the patients (we, the people) were pushed in with opt-out-system. Most people did not realize their medical data were available in an national system.
A hasty changing from opt-out to opt-in was not good enough
The parliament, that part of the parliament which we call the senate, did not take it anymore, and pulled the plug.
A privacy-disaster because of the missing fine-grained authorization and the missing logging was avoided.
What was the case: If you add up all people in the Netherlands that have in one way or another need of access to some medical data, you come to 500.000 persons, on every 30 persons 1.
Many of them working for agencies in more institutions having multiple access.
It was unclear how to avoid having people having access to personal data which was not needed for their work.
Everyone would know some persons with access to medical data.
Now insurance-companies have taken up the abandoned system and try to revive it, but as I am informed, things are going terrible wrong there too.
I save that story for another occasion.
Ok, did you have a good laugh about the Dutch, feel free to do, the Dutch also feel free to laugh about other nations.
For example, about the British? How was their national NHS Information system?
And now the bit of relation to this subject.
Is it possible, to have fine grained authorization nation-wide on data-level?
Is it possible to have detailed logging checkable by the patient, having every nurse logging in, getting the patients-record and having something to type in a computer after every action, while having a very busy job.
Would such a system remain workable?
Those were the hard nuts.
Isn't it better that a taxi-driver only has "hardwired/hardcoded" access about when to drive a patient in a simple dataset? For that purpose, it is not needed to have Reference Model structures communicated
But what is needed is a live-mapping to the archetypes/templates to where data are retrieved and written back and final validation.
And thus, a mapping definition 
Now I stop with this subject.
Best regards
Bert Verhees