Details
-
Change Request
-
Resolution: Not Persuasive with Modification
-
Highest
-
CDS Hooks (FHIR)
-
1.0 [deprecated]
-
Clinical Decision Support
-
(NA)
-
Trusting CDS Services
-
-
Bas van den Heuvel/Ben Hamlin: 23-0-0
-
Clarification
-
Non-substantive
Description
This assumes the CDS Client knows the restrictions of the CDS Client. E.g. by using its client-id with the Authorization Service. This information is currently not communicated over any of the interfaces. Please indicate in how this is facilitated using the current specification and what are the CDS Client, CDS Service and CDS Server(CDS Service host) requirements related to this.
Existing Wording:
The authorization server is responsible for enforcing restrictions on the CDS Services that MAY be called and the scope of the FHIR resources that MAY be prefetched or retrieved from the FHIR server. If a CDS Client is satisfying prefetch requests from a CDS Service or sends a non-null fhirAuthorization object to a CDS Service so that it can call the FHIR server, the CDS Service MUST be pre-registered with the authorization server protecting access to the FHIR server. Pre-registration includes registering a CDS client identifier, and agreeing upon the scope of FHIR access that is minimally necessary to provide the clinical decision support required. This specification does not address how the CDS Client, authorization server, and CDS Service perform this pre-registration.
Attachments
Issue Links
- is voted on by
-
BALLOT-13324 Negative - Bas van den Heuvel : 2020-Sep-HL7 XPARADIGM CDS HOOKS R1 STU
- Closed