Stream: smart
Topic: SMART Ballot Reconciliation Call: 2017-11-02
Josh Mandel (Nov 02 2017 at 18:35):
For today's 3p ET meeting we'll take notes here. Please feel free to join in the discussion. https://join.freeconferencecall.com/fhir (meeting ID: FHIR)
Josh Mandel (Nov 02 2017 at 19:06):
Key docs for our call: Ballot Themes List with prioritized issues in red at the bottom; and Ballot Summary Spreadsheet with full ballot comments + dispositions so far.
Josh Mandel (Nov 02 2017 at 19:07):
Attendees:
Joshua Bell
Lisa Erickson
Robert Scanlon
Grahame Grieve
Debbie Bucci
Dylan (MITRE)
Josh Mandel (Nov 02 2017 at 19:11):
Motion to approve Block Vote #1 from Grahame Grieve, Second from Rob Scanlon -- For: 4 for, 0 against, 2 abstain
Josh Mandel (Nov 02 2017 at 19:18):
Cory Spears Joins
Josh Mandel (Nov 02 2017 at 19:19):
SD isn't needed for Capabilities (58
"Grahame Grieve
From: http://fhir-registry.smarthealthit.org/StructureDefinition/capabilities
Comment: this is never described (nor is such an end-point available). It should be described
" "Not Persuasive.
This is no longer needed since Capabilities is being put in a .well-known/smart-configuration file.
Move: Grahame Grieve, Second: Debbie Bucci
5 for, 0 against, 2 abstain
Josh Mandel (Nov 02 2017 at 19:26):
"EHR Launch" for portals, too (65) "Hans Buitendijk
Comment: The main launch page assumes the app is being launched from an EHR - most interpret that as the practitioner system. Does that need to be generalized more, or do we think people will understand it could be launched, for example, from a portal?
Summary: EHR vs Portal" "An app (confidential or public) can launch from within an existing EHR session, which is known as an EHR launch. --> An app can launch from within an existing EHR or Patient Portal session; this is known as an EHR launch.
Include a definition of the ""EHR Role"" up front, and also make a spot fix to the sentence above -- we'll note that this role can to a practitoiner-facing clinical system, or patient-facing system (e.g. PHR or Patient Portal); indeed to any FHIR system where a user can give permissions to launch an app.
Move Debbie Bucci / Second: Corey Spears
6 for, 0 against, 1 abstain
Josh Mandel (Nov 02 2017 at 19:34):
Who controls permission on launch? (73)
Hans Buitendijk
Comment: If an EHR launches the app for an authenticated user who has explicitly requested the launch, asking for the end user’s authorization is optional; else the user’s authorization SHOULD be requested. from http://www.hl7.org/fhir/smart-app-launch/index.html#2-ehr-evaluates-authorization-request-asking-for-end-user-input - not sure I'm following. If a patient explicitly launches the app, we still ask for auth. If a practitioner launches an app (implicit or explicit), we do not. Is this trying to say something else?
Summary: Requirement for end user input
" "This is basically saying that the decision about when to prompt a user for approval is up to the EHR. We should try to simplify this language and provide an example.
Proposal from Debbie: remove the following text, ""If an EHR launches the app for an authenticated user who has explicitly requested the launch, asking for the end user’s authorization is optional; else the user’s authorization SHOULD be requested. The user should be given information regarding the client requesting the access, the request, the scope, and the time access is needed.""
Mover: Debbie Bucci, Seconder: Corey Spears
6 for, 0 against, 1 abstain
Josh Mandel (Nov 02 2017 at 19:42):
Isaac Vetter joins.
Josh Mandel (Nov 02 2017 at 19:42):
Token Signing "Grahame Grieve
From: A large range of threats to bearer tokens can be mitigated by digitally signing the token
Comment: Which token? (this paragraph should be called out as a note, so the example
following is not taken as an example relating to this pararaph)
" online "Theme: ""Signed Tokens""
This note is referring to the access token. Agreed that the fomatting should be improved -- but I'm unsure what ""called out as a note"" is suggesting." "Clarify that we are talking about the Access Token
Agreed that the fomatting should be improved -- use italics as we do for the ""Apps using the standalone launch flow won’t have a launch"" paragraph above.
Move: Grahame, Second: Debbie
7 for, 0 against, 1 abstain"
Josh Mandel (Nov 02 2017 at 19:50):
"Hans Buitendijk
Comment: http://www.hl7.org/fhir/smart-app-launch/conformance/#launch-context-for-ehr-launch - states that patient and encounter are requested explicitly by the app for an EHR launch (which is equivalent to the ""launch"" scope). I thought this was only required for standalone launch?
Summary: launch/patient for EHR launch?
" "When an app requests ""launch/encounter"", for example - the EHR decides what to supply. During an EHR Launch scope, if there's no current encounter in scope, is the ""launch/encounter"" scope asking the EHR to display an encounter-picker in order to define a new context?
Eventually we might want to introduce different parameters to differentiate between ""I need this; don't bother launching me without it"" vs. ""It'd be nice to have, but I can work either way"" -- but not for this version of the specification.
Mover: Isaac Vetter, Seconder: Grahame Grieve
7 for, 0 against, 1 abstain"
Josh Mandel (Nov 09 2017 at 19:34):
Notes on HL7 Wiki at http://wiki.hl7.org/index.php?title=FHIR_Infrastructure_Minutes_CC_20171102
Last updated: Apr 12 2022 at 19:14 UTC
