Uploaded image for project: 'FHIR Specification Feedback'
  1. FHIR Specification Feedback
  2. FHIR-36495

CDS Card should not return an access token

    XMLWordPrintableJSON

Details

    • Icon: Change Request Change Request
    • Resolution: Persuasive
    • Icon: Medium Medium
    • US Da Vinci PDex (FHIR)
    • 2.0.0-ballot
    • Financial Mgmt
    • CDS Hooks
    • Hide

      When a Card is returned from the CDS Hooks appointment-book service by a Health Plan it will provide the following elements:

      • An Access Token for secure access to the Health Plan’s FHIR API
      • The URL for the Health Plan’s FHIR API
      • A result code indicating the result of a Member Search
      • The returned information MAY include a link to a SMART-on-FHIR App to enable selection of resources by the Clinician that will be written to the Clinician’s EMR system
      • An information card with a human readable interpretation of the Member Search Result
      • The information card MAY include a link to launch the SMART-on-FHIR App using the Access Token and FHIR Endpoint address to enable the Clinician to query information about their patient using the Health Plan’s FHIR API.

      To this:

      When a Card is returned from the CDS Hooks appointment-book service by a Health Plan it will provide the following elements:

      • An AppContext that enables the launch of a (pre-registered and credentialed) SMART-on-FHIR to perform the next steps.
      • The URL for the Health Plan’s FHIR API
      • A result code indicating the result of a Member Search
      • The returned information MAY include a link to a SMART-on-FHIR App to enable selection of resources by the Clinician that will be written to the Clinician’s EMR system
      • An information card with a human readable interpretation of the Member Search Result
      • The information card MAY include a link to launch the SMART-on-FHIR App using the appContext to enable the Clinician to query information about their patient using the Health Plan’s FHIR API.
      Show
      When a Card is returned from the CDS Hooks appointment-book service by a Health Plan it will provide the following elements: An Access Token for secure access to the Health Plan’s FHIR API The URL for the Health Plan’s FHIR API A result code indicating the result of a Member Search The returned information MAY include a link to a SMART-on-FHIR App to enable selection of resources by the Clinician that will be written to the Clinician’s EMR system An information card with a human readable interpretation of the Member Search Result The information card MAY include a link to launch the SMART-on-FHIR App using the Access Token and FHIR Endpoint address to enable the Clinician to query information about their patient using the Health Plan’s FHIR API. To this: When a Card is returned from the CDS Hooks appointment-book service by a Health Plan it will provide the following elements: An AppContext that enables the launch of a (pre-registered and credentialed) SMART-on-FHIR to perform the next steps. The URL for the Health Plan’s FHIR API A result code indicating the result of a Member Search The returned information MAY include a link to a SMART-on-FHIR App to enable selection of resources by the Clinician that will be written to the Clinician’s EMR system An information card with a human readable interpretation of the Member Search Result The information card MAY include a link to launch the SMART-on-FHIR App using the appContext to enable the Clinician to query information about their patient using the Health Plan’s FHIR API.
    • Bob Dieterle / Celine Lefebvre: 21-0-1
    • Correction
    • Compatible, substantive
    • Yes
    • 2.0.0-ballot

    Description

      CDS Cards are primarily for display to a user. There are multiple problems with returning an access token:

      • It's overloading a displayable card to trigger other workflow events (especially without anything in the card indicating this is necessary)
      • If the CDS Client was to retrieve data, there are no recommendations about how a CDS Client trusts the FHIR url or how a token can be refreshed if necessary.
      • There's mention that the launched SMART app may use this access token, but given the current guidelines, there's no clear way it would receive that as a launch parameter.

      Instead, any information for the SMART App link should be presented as opaque content in the appContext (see https://cds-hooks.org/specification/current/#link) or better yet, the SMART App itself should be capable of obtaining the necessary access token.

      Attachments

        Activity

          People

            Unassigned Unassigned
            dennispatterson Dennis Patterson (Inactive)
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: