Stream: smart
Topic: SMART for research/quality purposes
Sebastiaan Knijnenburg (May 06 2019 at 12:29):
Dear all,
At the last Dutch HL7 WGM @Bram Wesselo organized a brainstorm session on using SMART for research & quality purposes. The number of institutions with a FHIR server setup for these purposes is growing rapidly in NL. Before every institute reinvents the wheel we'd like to make a proposal that hospitals can follow and that preferably follows the SMART on FHIR standard, to not end up with a country-specific architecture.
The brainstorm can be summarized with two main observations:
1) We can use a custom launchcontext (for example launch=ResearchStudy/123456) to indicate that a user has access to set of related patients. This does require manual implementation in the FHIR server of choice.
2) The current set of scopes is not fine-grained enough to ensure that researchers are blocked from viewing more information than they are entitled to.
From a hospital and compliance perspective the researcher requests access to certain resources beforehand, these get approved and configured in the authentication/authorization server. For example, for a diabetes monitoring study, only Observations with LOINC code 2345-7 (serum glucose) should be retrievable. A nice way to model this would be to allow filtering on the scope level, along the lines of patient/Observation?code=http://www\.loinc\.org|2345-7.read. Allowing for parameter to the scope also allows for different data scrubbing for different users, for examepl
We would love to hear some experiences of other implementers on how they managed to organize access control for research/quality settings. From a standards perspective, are there any plans to extend the scope system for these kind of usecases? And would folks be interested to discuss this in a breakout session during the next Fhir Dev Days in June '19?
Rien Wertheim (May 06 2019 at 13:05):
Let's see if we can do a "pop-up session" on this at DevDays. @Josh Mandel ?
Jim Steel (May 06 2019 at 13:05):
I think we would like to participate too
Pascal Pfiffner (May 06 2019 at 13:18):
Some ancient talk around "scopes" touching upon this topic for those interested: https://chat.fhir.org/#narrow/stream/179170-smart/topic/scopes
Rien Wertheim (May 22 2019 at 10:56):
Let's see if we can do a "pop-up session" on this at DevDays. Josh Mandel ?
@Sebastiaan Knijnenburg and @Josh Mandel let me know the title for this session and a few lines so participants will know what it's about. I will make sure to reserve a time block.
Sebastiaan Knijnenburg (May 22 2019 at 12:59):
@Rien Wertheim @Josh Mandel How about 'Exploring SMART on FHIR for research and quality purposes'?
I'm speaking quite early on Monday morning (10:15) on FHIR & Research, so I can mention the session there already, briefly introduce the attendees on the subject and invite them to attend the pop-up session if interested.
Sebastiaan Knijnenburg (May 22 2019 at 13:03):
Some ancient talk around "scopes" touching upon this topic for those interested: https://chat.fhir.org/#narrow/stream/179170-smart/topic/scopes
Thanks for the reference, good readup on scopes and permissions! The user/read.$function approach mentioned by @Brian Postlethwaite definitley seems in line with the filtering/query approach we brainstormed about. Will keep this in mind for the pop-up session in June.
Rien Wertheim (May 22 2019 at 13:36):
Okay Sebastiaan. We'll add this to the schedule. Let you know the day/time.
Last updated: Apr 12 2022 at 19:14 UTC
