Details
-
Change Request
-
Resolution: Persuasive with Modification
-
Medium
-
International Patient Access (FHIR)
-
0.1.0
-
Patient Care
-
STU
-
Security and Privacy
-
-
Emma Jones / Isaac Vetter: 6-0-0
-
Enhancement
-
Compatible, substantive
-
Yes
Description
http://hl7.org/fhir/uv/ipa/2022Jan/security.html – we should require support for permission-offline; if a server does not support this capability, many classes of patient-facing apps become unusable. National standards like US EHR Certification today already require servers to support refresh tokens, so codifying this requirement in IPA would simply documenting an already-widely-adopted profiling decision.