Stream: smart
Topic: Launch Standalone - Patient Revocations & Intent Declaration
Nihar (Sep 01 2021 at 15:12):
Hello, We are implementing the scenario for Standalone Launch for Patient using the app and accessing the data from EHR. We are having following Queries where we need suggestions:
1> How does the Patient Revocation actually works in the workflow? Who initiates the revocation_endpoint URL and How it is informed to Resource Server that token is revoked by patient?
2> Is it mandatory for the app to declare the Intent of data usage and if app has not declared, do we need to mandatorily provide the alert to the Patient after their login identification?
Please suggest. Thanks in advance.
Josh Mandel (Sep 01 2021 at 15:51):
We are implementing the scenario for Standalone Launch
Are you building an EHR or an app in this scenario?
Josh Mandel (Sep 01 2021 at 15:56):
How does the Patient Revocation actually works in the workflow? Who initiates the revocation_endpoint URL
Once an app has been granted access, it gets an access token (and optionally a refresh token). The authorization server can revoke access (meaning: the refresh token and perhaps the access token will stop working!) at any time. One pathway for this is that the user can sign into their portal, review a list of "current apps connected to my data", and the press a button like "revoke access". Another pathway could be: the EHR e-mails the patient on a regular basis to say "Reminder: the following 3 apps are connected to your health record, click here to adjust". This is all out of band. What management_endpoint in the .well-known/smart-configuration file provides is just a way for an app to learn the management URL to send a user to, if it wants to be helpful surface this URL to the user; and revocation_endpoint provides a URL that the app can call to revoke its own access token, following https://datatracker.ietf.org/doc/html/rfc7009 (of course, you can't rely on apps wanting to revoke their own access, but it's nice to support them when they want to).
Josh Mandel (Sep 01 2021 at 15:58):
Is it mandatory for the app to declare the Intent of data usage and if app has not declared, do we need to mandatorily provide the alert to the Patient after their login identification?
For a SMART standalone launch, this generally happens out of band, based on the app's terms and conditions, privacy policy, etc. It's helpful if an EHR can record the URLs for these artifacts so that it can display links to them in-line during the approval process (e.g. "Do you want to approve MyCoolApp? Keep in mind that MyCoolApp is not offered to you by your healthcare provider and is subject to its own terms and conditions [link]".) We're also seeing EHRs develop their own structured surveys to help summarize an app's policies and data use practices; we'd love to standardize this over time, and would point to https://docs.smarthealthit.org/privacy-manifest-builder/ as an example of how this might look. In this world, EHRs would ask apps to submit a QuestionnaireResponse at registration time, or to submit the URL for a QuestionnairResponse that the app could update over time... and then the EHR could display this information in an easy-to-read fashion during the approval process, to surface key details about the app's policies.
Nihar (Sep 01 2021 at 18:36):
@Josh Mandel : We are actually implementing the EHR Part including the Registration Process. Thank you so much for the detailed explanation of revocation, this really helped in understanding the complete mechanism. Also, went through the rfc7009 link and as suggested it mentions about the client taking the call to revoke...!!!
Regarding Question 2: Understood what you explained and just to confirm from myside, Intent to use the data (e.g. We want medication information), Terms & Conditions and Privacy Manifest (QuestionnaireResponse) are actually not mandatory implementation yet, it might be in future but we as an EHR Implementer can implement these good to have features for apps as well as patient's clarity about the app policies.
Josh Mandel (Sep 01 2021 at 18:48):
That's right -- and re: Question (2), we'd love feedback on the proposed SMART Privacy Manifest questionnaire, if you happen to dig in. (Builder at https://docs.smarthealthit.org/privacy-manifest-builder/; underling artifacts here. H/T @Raheel Sayeed!)
Nihar (Sep 02 2021 at 06:59):
Sure, @Josh Mandel. We will explore more about the Privacy Manifest and will definitely provide the feedback...!! Thank you.
Last updated: Apr 12 2022 at 19:14 UTC
