Details
-
Change Request
-
Resolution: Not Persuasive
-
Medium
-
US Da Vinci PDex (FHIR)
-
current
-
Financial Mgmt
-
Payer-to-Payer Exchange [deprecated]
-
5.2.1
-
-
Mark Scrimshire / Rachael Foerster : 10-0-2
Description
Hi!
I'm struggling to wrap my head around requesting a token scoped to a single Patient in a member-directed (i.e. not member-mediated) payer-to-payer exchange. Please refer to:
- 5.2.1 Member Match with Consent
- Member Connection
- Step 3: Request Access Token for Member Access
- 16 Use OAuth 2.0 token endpoint to request access using MemberMatch ID
- Step 3: Request Access Token for Member Access
- Member Connection
The MemberMatch ID is an identifier; the MemberIdentifier output parameter for $member-match.
In chat.fhir.org, I asked (direct link):
- What is this request meant to look like?
- Which parameter and/or scope is used to communicate the MemberMatch ID to the OAuth 2.0 token endpoint?
Apparently, clients are to:
- use the same client credentials (client ID, client secret) obtained in Step 1b with an additional member_id parameter in the request body.
This member_id parameter doesn't appear to be documented anywhere.
Questions:
- Is this correct?
- If so, what should the value of the member_id parameter look like? e.g. system|value
- Is this documented somewhere?
- If not, how are clients/servers expected to know about it?
- Is this a client credentials grant?
Changes Requested:
Please provide additional detail and clarity regarding access requests using the MemberMatch ID in the PDex IG (or via reference).
Please provide an example if possible.
Thank you!
Attachments
Issue Links
- relates to
-
FHIR-39314 Need detail w.r.t. reconciling new session with Consent from earlier interaction.
- Resolved - change required