FHIR Chat · scopes in cds-services discovery endpoint · cds hooks

Stream: cds hooks

Topic: scopes in cds-services discovery endpoint

view this post on Zulip David Teirney (Sep 30 2018 at 13:26):

Has there been any discussion about having the CDS Service discovery endpoint publish the scopes that each hook would need access to from the FHIR Server? To help with the question of "what scopes will this CDS Service hook need to work correctly". The spec mentions this is covered out-of-band when the EMR connects with a CDS Service. During the connectathon, this "needed scopes" information in the CDS Service discovery endpoint would have made some of the connections to the EMRs a little easier. This may also help allow access tokens exposed for each CDS service hook to be scoped to just the necessary scopes for each hook invocation. E.g. if one CDS Hook just needs read access but another needs write as well, a more constrained access token could be sent for the read only hook.

view this post on Zulip Tejay Cardon (Sep 30 2018 at 14:31):

I like this David. There is also the benefit that the EHR could detect at "registration" time that the CDS service expects more scope than the EHR will grant. This can then result in more intelligent actions/errors on the EHR end rather than simply having an error come back from the hook execution.

view this post on Zulip Kevin Shekleton (Sep 30 2018 at 16:00):

I tried to find an existing GitHub issue around this @David Teirney but couldn't find one. Want to log one?

view this post on Zulip Kensaku Kawamoto (Sep 30 2018 at 16:23):

Perhaps related -- has there been any movement in SMART on making scopes more specific? I.e., so that when you give a CDS Hooks service or SMART app the ability to read the patient's weight, they don't also get the ability to read the patient's HIV test results, and so that when you give a CDS Hooks service or SMART app the ability to read the patient's gender and birth date, you don't also give it access to name, home address, email, and cell phone number? I will note that this is of concern to our health system, and at least for me in the context of the US HIT Advisory Committee.

view this post on Zulip Grahame Grieve (Sep 30 2018 at 17:25):

some discussion in the smart track. and lots of general dsicussion but I don't know about anything landing anywhere. @Josh Mandel

view this post on Zulip Josh Mandel (Sep 30 2018 at 17:28):

An approach to this kind of fine grained management hasn't landed in -- but there has been good discussion on narrower use cases for: 1) approval for resources of a given profile, and 2) invoking specific operations

view this post on Zulip David Teirney (Sep 30 2018 at 21:02):

@Kevin Shekleton sure thing. https://github.com/cds-hooks/docs/issues/412

Last updated: Apr 12 2022 at 19:14 UTC


An HL7 Website -