Stream: smart
Topic: User Identity
David Hay (Nov 30 2016 at 20:09):
I've been asked how 'mature' the spec is wrt the app requesting the identity of the current user as described here: http://docs.smarthealthit.org/authorization/scopes-and-launch-context/#scopes-for-requesting-identity-data - are any of the argonaut systems using this ?
Josh Mandel (Nov 30 2016 at 21:40):
I'm hoping @Jenni Syed can comment on this, since I think Cerner has an implementation.
Jenni Syed (Nov 30 2016 at 22:01):
We do have an implementation, though we're going through some adjustments around the profile and user-info endpoints
Jenni Syed (Nov 30 2016 at 22:06):
Most of our apps launch from the EHR, so the identity is already in the bar. Others have needed the unique id (essentially the FHIR URL to Practitioner), though they would like more
Jenni Syed (Nov 30 2016 at 22:07):
We originally didn't do the user info endpoint (the profile URL was treated as a replacement). That's something we're reworking based on some of the updated SMART doc
Jenni Syed (Nov 30 2016 at 22:08):
And for Patient, we've had to switch the reference over to Person (rather than Patient and RelatedPerson) because of challenges we discovered during implementation. EG: When it's a user/*.* scope, which RelatedPerson would you return? What if the user isn't a Patient?
Jenni Syed (Nov 30 2016 at 22:09):
Other fun things that have come up: if you have a profile scope, should that give you access to Practitoner (or Person)? And what data exaclty - since you likely don't need all the identifiers like SSN, etc that are normally on those resources? We haven't finished thinking through those... Would be interested to see what others have done.
John Moehrke (Dec 01 2016 at 13:17):
Thanks Jenni. I appreciate the lessons-learned.
Eric Haas (Dec 04 2016 at 06:53):
Interesting since I just had a talk with @Sandeep Giri at UCSF who also went with Person over Patient
Last updated: Apr 12 2022 at 19:14 UTC
