Stream: implementers
Topic: Patient Revocation & Questionaires
Nihar (Sep 01 2021 at 09:43):
Hello, We are implementing the Scenario for Standalone Launch for Patient using the app and accessing the data from EHR. We are having following Queries where we need suggestions:
1> How does the Patient Revocation actually works in the workflow? Who initiates the revocation_endpoint URL and How it is informed to Resource Server that token is revoked by patient?
2> Is it mandatory for the app to declare the Intent of data usage and if app has not declared, do we need to mandatorily provide the alert to the Patient after their login identification?
3> Is it mandatory for app to have the questionnaire towards HIPAA and data Usage and if app has not entered the questionnaire then do we need to mandatorily provide the alert to the Patient after their login identification?
Please suggest. Thanks in advance.
Lloyd McKenzie (Sep 01 2021 at 14:56):
I'm not understanding the 3rd question. The first 2 questions are best raised on #smart
Nihar (Sep 01 2021 at 15:10):
Hi @Lloyd McKenzie : Thank you so much. I will also raise the same to Smart Streams. Also, In 3rd Question, what is mean is that there are some general questionnaires to get the details related to the apps working and dealing with patient data like "Where does this app would store user data?". And based on those details alerting the patient for the same. Is this required or not...??
Lloyd McKenzie (Sep 01 2021 at 15:15):
You mean "does this app have to communicate to the patient where it's going to store information"? I believe SMART only requires communication to the patient about permissions to the FHIR data store being authorized. No communication is required about access to data stores that aren't using SMART for authorization. However, this too would be best asked on the #smart stream.
Last updated: Apr 12 2022 at 19:14 UTC
