This ticket is for a handful of corrections on this page:

• 4.1: "This section of the guide extends the existing HL7 FHIR patient $match..." - this page covers a lot more than $match; reflect this in the summary sentence.
• 4.1: "NOTE: As security is generally out of scope for this guide" that's not the case. This page covers a B2B extension for authenticating users.
• 4.1: "However, patient-initiated workflows (for example, “patient request” purpose of use) SHALL always include explicit end-user authorization." This is about security, not patient matching, so doesn't belong on this page. Consider moving to FAST Security, or the FHIR Security pages. Further, it reads more like a policy: linking security mechanisms to when they should be used, which we've generally avoided making normative in IGs, so consider relaxing the SHALL.