Stream: implementers
Topic: Patient scoped IGs
John Timm (Dec 11 2020 at 22:16):
Why doesn't US Core (and related IGs which use SMART for patient-scoped access) require clients to use compartment search?
Lloyd McKenzie (Dec 11 2020 at 22:27):
Why would it? Compartment search is just an alternate syntax. It doesn't provide any additional capabilities...
John Timm (Dec 12 2020 at 21:07):
If the AuthN/AuthZ is patient-scoped, then I would assume the intention is to only allow the patient access to their own data. Restricting to Patient compartment search is more compatible with that intent than "standard" search.
Vassil Peytchev (Dec 12 2020 at 21:22):
Can you provide an example? I think I am missing something in this question...
Josh Mandel (Dec 13 2020 at 21:36):
@John Timm The correspondence between SMART scopes like patient/*.read and FHIR's "Patient Compartment" is imperfect. For example, related resources required to make sense of a Patient's observations, encoutners, etc would generally be exposed to an app with patient/*.read permissions, even though they might not be technically in the patient's compartment.
Josh Mandel (Dec 13 2020 at 21:36):
Because of these distinctions, it's easier to avoid the compartment syntax and its (appealing but not-quite-accurate) promise of simplicity/correctness.
Last updated: Apr 12 2022 at 19:14 UTC
