Uploaded image for project: 'FHIR Specification Feedback'
  1. FHIR Specification Feedback
  2. FHIR-28693

How does the CDS Client recognize the CDS Service?

    XMLWordPrintableJSON

Details

    • Icon: Change Request Change Request
    • Resolution: Not Persuasive with Modification
    • Icon: Highest Highest
    • CDS Hooks (FHIR)
    • 1.0 [deprecated]
    • Clinical Decision Support
    • (NA)
    • Trusting CDS Services
    • Hide

      I (at great risk of being incorrect) believe that the commenter is mistaken. The CDS Client is not responsible for knowing nor enforcing the scopes granted to the CDS Service. 

      Already, we do state:

      The authorization server is responsible for enforcing restrictions on the CDS Services that MAY be called and the scope of the FHIR resources that MAY be prefetched or retrieved from the FHIR server.

      We will simply and improve this sentence to make is clearer: 

      The FHIR server, using information provided by the authorization server, is responsible for enforcing restrictions on the information available to the CDS Service.

      Show
      I (at great risk of being incorrect) believe that the commenter is mistaken. The CDS Client is not responsible for knowing nor enforcing the scopes granted to the CDS Service.  Already, we do state: The authorization server is responsible for enforcing restrictions on the CDS Services that MAY be called and the scope of the FHIR resources that MAY be prefetched or retrieved from the FHIR server. We will simply and improve this sentence to make is clearer:  The FHIR server, using information provided by the authorization server, is responsible for enforcing restrictions on the information available to the CDS Service.
    • Bas van den Heuvel/Ben Hamlin: 23-0-0
    • Clarification
    • Non-substantive

    Description

      This assumes the CDS Client knows the restrictions of the CDS Client. E.g. by using its client-id with the Authorization Service. This information is currently not communicated over any of the interfaces. Please indicate in how this is facilitated using the current specification and what are the CDS Client, CDS Service and CDS Server(CDS Service host) requirements related to this.

      Existing Wording:

      The authorization server is responsible for enforcing restrictions on the CDS Services that MAY be called and the scope of the FHIR resources that MAY be prefetched or retrieved from the FHIR server. If a CDS Client is satisfying prefetch requests from a CDS Service or sends a non-null fhirAuthorization object to a CDS Service so that it can call the FHIR server, the CDS Service MUST be pre-registered with the authorization server protecting access to the FHIR server. Pre-registration includes registering a CDS client identifier, and agreeing upon the scope of FHIR access that is minimally necessary to provide the clinical decision support required. This specification does not address how the CDS Client, authorization server, and CDS Service perform this pre-registration.

      Attachments

        Activity

          People

            Unassigned Unassigned
            bvdh Bas van den Heuvel
            Bas van den Heuvel
            Watchers:
            4 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: