I'm a Flutter developer and I use Google's Healthcare API for working with data in the FHIR data standard. One of the projects I'm working on is a patient facing application that uses the Healthcare API as the database. 

According to this link about HIPAA compliance, Firestore (but NOT firebase), Healthcare API, and Identity Platform are all HIPAA compliant. So I can have people login using a google login to access the Healthcare API and it is compliant (and I've done this).

But for a patient facing application, I'd like to be able to create new users on the fly, that can access the Healthcare API. Firebase Authentication allows this, and as I understand it, as long as I've upgraded to Identity Platform in Firebase, then this authentication process is still HIPAA compliant. It would also allow a lot more flexibility in terms of ways a user could login. 

Now, the next step is what I don't know how to do. If I have a person create a new Firebase user with login, is there a way to then give this login permission to access the Healthcare API? As an example, if I have a patient that I want to be able to complete a medical history survey for me. I send them a link to create a new user in a Firebase instance. They create their account, and login. Now, I want them to be able to request a Questionnaire from the Healthcare API, complete it, and then send it back to the Healthcare API to store it, all from the user account in that Firebase instance. Can this be done?