Loading...

XML

Word

Printable

JSON

Details

Type: Change Request
Resolution: Persuasive with Modification
Priority: Medium

Specification:

International Patient Access (FHIR)
Raised in Version:

0.1.0
Work Group:

Patient Care
Outstanding Negatives:
STU
Related URL:
http://hl7.org/fhir/uv/ipa/2022Jan/security.html
Related Page(s):

Security and Privacy
Grouping:
- block-vote-4
Resolution Description:
Hide

We'll mandate some capabilities, recommend others, as follows:

Servers SHALL support client-public, and client-asymmetric.

Functionally, apps are required to support a number of these capabilities in order to function. IPA will explain to apps the importance of supporting SMART in order to maximize their interoperability.

SHALL

launch-standalone

context-standalone-patient

permission-patient

permission-offline

sso-openid-connect

client-public

client-confidential-asymmetric

SHOULD

and other capabilities defined in SMART MAY be supposed, such as:

launch-ehr

context-ehr-patient

permission-user

client-confidential-symmetric
Show
We'll mandate some capabilities, recommend others, as follows: Servers SHALL support client-public, and client-asymmetric. Functionally, apps are required to support a number of these capabilities in order to function. IPA will explain to apps the importance of supporting SMART in order to maximize their interoperability. SHALL launch-standalone context-standalone-patient permission-patient permission-offline sso-openid-connect client-public client-confidential-asymmetric SHOULD and other capabilities defined in SMART MAY be supposed, such as: launch-ehr context-ehr-patient permission-user client-confidential-symmetric
Resolution Vote:
Emma Jones / Isaac Vetter: 6-0-0
Change Category:
Enhancement
Change Impact:
Compatible, substantive
Pre Applied:
Yes

Description

http://hl7.org/fhir/uv/ipa/2022Jan/security.html – we should require support for permission-offline; if a server does not support this capability, many classes of patient-facing apps become unusable. National standards like US EHR Certification today already require servers to support refresh tokens, so codifying this requirement in IPA would simply documenting an already-widely-adopted profiling decision.

Attachments

Issue Links

is voted on by

BALLOT-27672 Negative - Josh Mandel : 2022-Jan-FHIR IG IPA R1 STU

Balloted

mentioned in: Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...

(1 mentioned in)

Activity

People

Assignee:: Unassigned

Reporter:: Josh Mandel

Request in-person:: Josh Mandel

Watchers:: 3 Start watching this issue

Dates

Created:: 2022-01-10 07:20

Updated:: 2023-03-26 10:44

Resolved:: 2022-06-29 02:50

Vote Date:: 2022-10-06