Uploaded image for project: 'FHIR Specification Feedback'
  1. FHIR Specification Feedback
  2. FHIR-34805

use-case 3 is unworkable as is

    XMLWordPrintableJSON

Details

    • Icon: Change Request Change Request
    • Resolution: Persuasive with Modification
    • Icon: Medium Medium
    • US PACIO Advance Directive Interoperability (FHIR)
    • 0.1.0
    • Patient Empowerment
    • STU
    • Use Cases
    • Hide
      • Content custodian systems should be discovered through the National Directory for Healthcare in the future. Guidance can be added to provide that connection.
      • Update first sentence of Use Case 3 to reference both SMART on FHIR applications as well as back-end server access to the data. We will cover the back-end server in more detail in STU2.
      • Add SMART Health Card, record endpoint in their card, documents indicate who the custodian is.
      Show
      Content custodian systems should be discovered through the National Directory for Healthcare in the future. Guidance can be added to provide that connection. Update first sentence of Use Case 3 to reference both SMART on FHIR applications as well as back-end server access to the data. We will cover the back-end server in more detail in STU2. Add SMART Health Card, record endpoint in their card, documents indicate who the custodian is.
    • Abigail Watson / Dave Hill : 7-0-1
    • Clarification
    • Non-substantive

    Description

      Use-case 3 is intended to enable provider access to ADI, clearly a priority use-case! 

      In addition to not addressing discoverability of content custodians by provider systems, the IG requires:

      1. That an individual person at a healthcare organization be authorized, and
      2. that the ADI content can only be accessed by an OAuth 2.0 auth code flow, such that the individual person has credentials (and remembers them!) in the content custodian system.

      It seems obvious to me that content custodians should enable backend access to provider organizations where appropriate, using OAuth2 client_credentials flow.

      For example, HL7.FHIR.US.PACIO-ADI\ADI Care Experience Preference - FHIR v4.0.1 "is intended to inform the care team who may not know anything about them what is important to them as care is delivered"; so ... how should a member of the ED team be individually pre-authorized to access the patient's ADI?

      Attachments

        Activity

          People

            may_terry May Terry
            Isaac.Vetter Isaac Vetter
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: