Stream: cds hooks
Topic: docs: issue 17: Requesting organization
Github Notifications (Jan 25 2017 at 17:47):
robs16 opened issue 17
For a CDS service provider, it is necessary to know which organization (or client) and potentially sub-organization is requesting the service. For example, it may be that a given client purchased only a subset of CDS Service’s capabilities and CDS Service needs this information to properly handle the request. Another example is that the client could be a cloud-based EMR, which encompasses many practices, each with their own organizational structure.
We believe it would be beneficial to add a required organization field to the the CDS service request which would provide the FHIR id of the organization (or sub organization) requesting CDS.
There are at least a few other ways to provide this information, but each has a downside:
FhirServer Url can include an identifier that indicates which organization (or hospital or practice, etc) is requesting the service. The primary issue with this approach is that the CDS service has to parse out the relevant identifier, thereby hardcoding assumptions about how the Url is structured. If those assumptions are ever violated, the process breaks down.
Context could reference the relevant FHIR resources, such as Organization to establish the context. However, the spec and examples currently focus the context on the triggering orders.
Service URL could include a prefix which identifies the organization. However with sub-organizations and sub-sub-organizations this could become unwieldy.
John Moehrke (Jan 25 2017 at 18:04):
The Security perspective would be that this is the role of the security assertion. Just because the security token is generally consumed by the security layer, does not mean it isn'
John Moehrke (Jan 25 2017 at 18:05):
The CDS-Hook can inspect the call stack to see who is the calling individual/organization
Last updated: Apr 12 2022 at 19:14 UTC
