FHIR Chat · App licensing model · smart

Stream: smart

Topic: App licensing model

view this post on Zulip Yunwei Wang (Jul 19 2017 at 19:15):

Maybe it is still to early to ask such question. How does an app developer sell SMART app?

view this post on Zulip Dave Carlson (Jul 19 2017 at 19:52):

Wes Rishel wrote an interesting blog related to your question, see http://rishel.com/blog/2017/04/ehrfhir-sidecars-over-the-hump-and-on-to-new-humps/

view this post on Zulip Yunwei Wang (Jul 20 2017 at 14:31):

My question is more on how the developer identify which provider/user is using his app. For example, a developer published his app on a vendor's app gallery, three hospitals download and install that app. The developer wants to charge hospital by app usage. So he need to identify which hospital uses his app. One way is to add hospital identification to each app installation. But that part is not specified in SMART.

view this post on Zulip John Moehrke (Jul 20 2017 at 14:46):

licensing your application should be your responsibility. It would not be related to the FHIR standard data/interaction model, nor the smart context/authorization solution. This said, it is very possible for the authorization server can keep track of the actions requested, this 'log' could be used for licensing. This log could be recorded in a proprietary way, or could be a pattern using the FHIR AuditEvent resource.

view this post on Zulip Yunwei Wang (Jul 21 2017 at 03:31):

@John Moehrke I realized this is NOT a SMART's problem. It is more a question for app deployment. For example, smarthealthit.org simply provide an app registry. The actual app still runs on our web server. So after user is authorized through smarthealthit.org and starts the app, we have no idea who the user is. We have to either ask user login again through our authorization server, which is totally against the idea of "single sign-on", or setup a b2b authorization channel between these two authorization servers.

view this post on Zulip Kevin Shekleton (Jul 21 2017 at 16:23):

SMART does address identifying the user via OpenID Connect today. However, the only EHR that has implemented this (today) is Cerner.

view this post on Zulip Kevin Shekleton (Jul 21 2017 at 16:25):

SMART issue 133 and issue 141 are both related to this topic

Last updated: Apr 12 2022 at 19:14 UTC


An HL7 Website -