Uploaded image for project: 'FHIR Specification Feedback'
  1. FHIR Specification Feedback
  2. FHIR-43190

Clarify requirement disallowing patients from matching

    XMLWordPrintableJSON

Details

    • Icon: Change Request Change Request
    • Resolution: Unresolved
    • Icon: Medium Medium
    • Interoperable Digital Identity and Patient Matching (FHIR)
    • current
    • Patient Administration
    • Patient Matching
    • 4.2

    Description

      Please clarify this requirement: "Security best practices, including transaction authorization, are generally out of scope for this IG; however implementers also SHALL NOT allow patients to request a match directly":

      • Is this intended to be an exception to the scope that does impact authorization?
      • Who does this requirement apply to? The requester, responder, or both?
      • How is this intended to be enforced?
        • By the requester, by not allowing a patient match ($match or simple Patient search) to be requested if the user is a patient?
        • By the responder, by not authorizing a patient match ($match or simple Patient search) when purpose of use is Patient request and/or the requester has not authenticated to a healthcare professional?

      Attachments

        Activity

          People

            Unassigned Unassigned
            jlamy Joseph M. Lamy
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated: