FHIR Chat · US Core not requiring system for Patient.identifier search · implementers

Stream: implementers

Topic: US Core not requiring system for Patient.identifier search

view this post on Zulip James Jahns (Jul 13 2021 at 17:18):

Hello,
The US Core server CapabilityStatement for Patient (http://hl7.org/fhir/us/core/CapabilityStatement-us-core-server.html#patient) requires that the server support a search by identifier where the system is not supplied. We're concerned that this could lead to inaccurate patient searches.

For example, a user might search by ?identifier=333224444, thinking that this identifier will correspond to social security number. However, since no system is supplied, we need to return any identifier with this value. If this value matches an ID from our lab system, for example, we must return that patient. This means we'll be returning the wrong match for the user's search, and the user would only notice if they specifically checked that the system OID/URL is correct, which also requires knowing the OID/URL in the first place.

Because of this, we'd like to require system to ensure that users are actually doing the search they think they are doing. But we can't as per US Core specifications (and this is explicitly validated by Inferno). Would it be reasonable for servers to require a system for Patient identifier searches?

view this post on Zulip Eric Haas (Jul 13 2021 at 18:19):

in US Core, we nailed down the search for token to at least a code ( value for Identifer), because most clients will only send identifiers. Also for an authorized client app with a patient read scopes for labs, I would never expect labs for another patient, that is the point of authorization, right? US Core's intent is to set a minimum bar it is silent on tightening the rules. @Robert Scanlon does inferno prohibit tighter rules by an implementer?

view this post on Zulip Robert Scanlon (Jul 13 2021 at 18:54):

@Eric Haas US Core requires servers to support token search by code and by system|code, so we test them both. I'm unsure what you mean 'tightening the rules' in this context -- we just test what US Core says is required of servers.

view this post on Zulip Eric Haas (Jul 13 2021 at 19:07):

I'm unsure what you mean 'tightening the rules' in this context

The way we define it doesn't allow for an implementer to tighten the rules to only support code|system.

view this post on Zulip Eric Haas (Jul 13 2021 at 19:09):

not saying it is bad, just clarifying

view this post on Zulip Robert Scanlon (Jul 13 2021 at 19:10):

Then yes, Inferno's US Core tests do prohibit tighter rules imposed by the server on the client in this case.

view this post on Zulip Daniel Venton (Jul 13 2021 at 20:29):

If the client queries by 333224444 and expect to only get patients with SSAN 333224444 w/o specifying system=SSAN isn't that a client problem not for the server to resolve? If you force the user to specify the system then when all they know is the Driver's license number but not the system url that means VA (or doesn't know the state at all) then they can't search via the value they do have.

Last updated: Apr 12 2022 at 19:14 UTC


An HL7 Website -