diff --git a/care/emr/api/viewsets/file_upload.py b/care/emr/api/viewsets/file_upload.py
index 30137f1e2f..cf18f52cd7 100644
--- a/care/emr/api/viewsets/file_upload.py
+++ b/care/emr/api/viewsets/file_upload.py
@@ -41,6 +41,8 @@ def file_authorizer(user, file_type, associating_id, permission):
         if permission == "read":
             allowed = AuthorizationController.call(
                 "can_view_clinical_data", user, encounter_obj.patient
+            ) or AuthorizationController.call(
+                "can_view_encounter_obj", user, encounter_obj
             )
         elif permission == "write":
             allowed = AuthorizationController.call(
diff --git a/care/emr/api/viewsets/questionnaire_response.py b/care/emr/api/viewsets/questionnaire_response.py
index b799118c0d..745a8e1c51 100644
--- a/care/emr/api/viewsets/questionnaire_response.py
+++ b/care/emr/api/viewsets/questionnaire_response.py
@@ -44,8 +44,7 @@ def get_queryset(self):
         else:
             obj = get_object_or_404(QuestionnaireResponse, self.kwargs["external_id"])
             patient = obj.patient
-            if obj.encounter:
-                encounter = obj.encounter
+            encounter = obj.encounter
         if encounter:
             allowed = AuthorizationController.call(
                 "can_view_clinical_data", self.request.user, patient