Uploaded image for project: 'FHIR Specification Feedback'
  1. FHIR Specification Feedback
  2. FHIR-32598

Wild card future data - how can that be ascertained?

    XMLWordPrintableJSON

Details

    • Icon: Question Question
    • Resolution: Considered - Question answered
    • Icon: Medium Medium
    • SMART on FHIR (FHIR)
    • current
    • FHIR Infrastructure
    • App Launch: Scopes and Launch Context
    • Hide

      The combination of wildcard scopes with offline_access provides an important capability for consumer apps: a mechanism to connect a personal health app to an EHR and keep the PHR updated over time. This is appropriate in scenarios where the patient fully trusts the PHR (e.g., the PHR may be a secure app that runs on the patient's personal device), perhaps even more than they trust the EHR where data are coming from.

      It's true that wildcard permissions provide broad access; users should only grant this to apps they trust, or can limit risk by allowing wildcard permissions but denying offline_access, thereby preventing "future" access.

      It's also worth noting that a user can revoke access at any time, from within the EHR.

       

      See https://jira.hl7.org/browse/FHIR-32600 for additional context.

      Show
      The combination of wildcard scopes with offline_access provides an important capability for consumer apps: a mechanism to connect a personal health app to an EHR and keep the PHR updated over time. This is appropriate in scenarios where the patient fully trusts the PHR (e.g., the PHR may be a secure app that runs on the patient's personal device), perhaps even more than they trust the EHR where data are coming from. It's true that wildcard permissions provide broad access; users should only grant this to apps they trust, or can limit risk by allowing wildcard permissions but denying offline_access, thereby preventing "future" access. It's also worth noting that a user can revoke access at any time, from within the EHR.   See https://jira.hl7.org/browse/FHIR-32600  for additional context.

    Description

      Current language: s noted previously, clients can request clinical scopes that contain a wildcard for the FHIR resource. When a wildcard is requested for the FHIR resource, the client is asking for all data for all available FHIR resources, both now and in the future. This is an important distinction to understand, especially for the entity responsible for granting authorization requests from clients.

      Comment: The future aspect seems concerning. While I can understand a wildcard request for currently held data, I do not understand how it can be extended to the future. How can the potential sensitivity of future data be ascertained?

      Attachments

        Activity

          People

            Unassigned Unassigned
            celine_lefebvre Celine Lefebvre
            Celine Lefebvre
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: