Details
-
Change Request
-
Resolution: Persuasive
-
Medium
-
Interoperable Digital Identity and Patient Matching (FHIR)
-
current
-
Patient Administration
-
Digital Identity
Home -
-
Clarification
-
Non-substantive
-
current
Description
The NOTE in 4.1 states that explicit patient authorization is required for patient access to data, however AEO does not have a way to include that in-line as of this time, so the B2B workflow where an organization's digital certificate is used to authenticate the organization, which then signs a JWT including patient demographics for the patient they wish to request health data about, is at odds with these stipulations in the IG. There are at least 2 more places where the requirement to authenticate the patient directly is reinforced at the beginning of 4.2.
Related topics include 1) more specific guidance on ID token data and 2) passing that same data in non-OIDC transactions
Attachments
Issue Links
- mentioned in
-
Page Loading...