Stream: cds hooks
Topic: Access privileges for SMART app to external system
Lloyd McKenzie (Mar 01 2019 at 18:02):
As part of CDS hooks, a CDS service can provide a card that recommends launching a particular SMART app. When the user launches the SMART app from within the EHR, it will have an OAuth token that allows access to the EHR data (with permissions as granted by the user/system). However, there may also be a need for the SMART app to have controlled access to the CDS service based on the context of that particular card and the CDS that drove the creation of it. One possibility would be to just generate a custom SMART app link, but that might cause issues with EHRs that choose to trust certain SMART apps and not others. What's the best way for a hook to communicate authorization information that should be conveyed to the SMART app when launched - and that will in turn allow that SMART app to have privileged access to an external server (i.e. not the EHR that launched it)?
Isaac Vetter (Mar 02 2019 at 00:59):
Hey Lloyd, have you considered using the appContext field on the link object in the card? It's intended to be a general mechanism for app+service integration and a black box to the cds client.
Lloyd McKenzie (Mar 02 2019 at 03:12):
That'll teach me for raising a question during a call that I couldn't remember if there was an answer for without looking at the spec. Yes, that should work. Thanks for the quick response.
Lloyd McKenzie (Mar 02 2019 at 04:06):
@Robert Dieterle
Robert Dieterle (Mar 02 2019 at 16:43):
Thank you for following-up will communicate this to Andy and Larry at Mitre
@Larry Decelles
@Andy Gregorowicz
Last updated: Apr 12 2022 at 19:14 UTC
