Uploaded image for project: 'FHIR Specification Feedback'
  1. FHIR Specification Feedback
  2. FHIR-36172

SMART App Launch SHALL/SHOULD requirement inconsistencies

    XMLWordPrintableJSON

Details

    • Icon: Change Request Change Request
    • Resolution: Not Persuasive with Modification
    • Icon: Medium Medium
    • International Patient Access (FHIR)
    • current
    • Patient Care
    • International Patient Access Server CapabilityStatement
    • Finding and Retrieving Patient Information
      Gaining Access to a Patient Record
      IPA Server Requirements [deprecated]
      Security and Privacy
    • Hide

      We will clarify the spec – both in narrative and in the computable IG that SMART on FHIR is a SHALL. Both servers and clients must support SMART on FHIR in order to be compliant with IPA.

       

      Additionally, we will also specify normative requirements for clients to support specific capabilities of SMART, specifically:

      • SHALL support at least one of launch-standalone or launch-ehr.
      • SHOULD support launch-standalone and MAY support launch-ehr.
      • Patient-facing apps SHALL support context-standalone-patient and SHOULD support permission-patient.
      • Apps that have the technical capability to keep a secret SHALL support client-confidential-asymmetric and MAY support permission-offline.
      • Apps that do not have the technical capability to keep a secret SHALL support client-public and SHALL NOT support client-confidential-asymmetric .

       

      (partially pre-applied- see comments)

      Show
      We will clarify the spec – both in narrative and in the computable IG that SMART on FHIR is a SHALL. Both servers and clients must support SMART on FHIR in order to be compliant with IPA.   Additionally, we will also specify normative requirements for clients to support specific capabilities of SMART, specifically: SHALL support at least one of launch-standalone or launch-ehr. SHOULD support launch-standalone and MAY support launch-ehr. Patient-facing apps SHALL support context-standalone-patient and SHOULD support permission-patient. Apps that have the technical capability to keep a secret SHALL support client-confidential-asymmetric and MAY support permission-offline. Apps that do not have the technical capability to keep a secret SHALL support client-public and SHALL NOT support client-confidential-asymmetric .   (partially pre-applied- see comments)
    • Isaac Vetter / Jay Lyle : 3-0-1
    • Correction
    • Non-compatible
    • Yes

    Description

      There are several references to requirements around SMART App Launch capabilities within IPA. The Capability Statement states under 13.1.2.1  'SHOULD Support the Following Implementation Guides http://hl7.org/fhir/smart-app-launch/ImplementationGuide/hl7.fhir.uv.smart-app-launch' however in other sections such as in Security section it states under 7.1 'Servers SHALL support the following SMART on FHIR capabilities:'. On the IPA call on 23rd Feb 2022 https://confluence.hl7.org/display/PC/IPA+2022-02-23 vassil stated believed the CapabilityStatement SHOULD requirement is the correct position. As well as under the Security section where it says SHALL there are several other references in the 'Gaining Access to a patient record' and 'Finding / Retrieving information about a patient' where while it does not directly say SHALL wording seems to indicate that it is required/expected and should be amended to make clear that an optional capability.

      Attachments

        Activity

          People

            ehaas Eric Haas
            ben_mcalister Ben McAlister
            Watchers:
            7 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: