Read up on ActiveRecord with_scope - you might want to do something like this:
Patient.with_scope( :find=>{:conditions=>[''groups.user_id=?",User.current_user], :include=>[:groups]} ) do Patient.find(:all, :conditions=><other conditions for patient go here>, ...) end
This is a really nicely structured way of separating the authorisation concern from the actual query.
Note that you could also include the user table: :include=>{:groups=>:user} and then use users.user_id in the condition.
Cheers, Max
