Stream: smart
Topic: fhirUser not implying a patient context
Merlyn Albery-Speyer (May 28 2021 at 23:01):
@Josh Mandel I wanted to follow up on something you said in the other thread (and keep it's discussion separate):
First off, there's not necessarily A correspondence directly between the fhirUser running an app and the patient context to which authorization is bound for patient/ scopes (for example, a user might be a clinician or parent, sharing access scoped to a child's clinical record).
The SMART on FHIR documentation for the CMS Interoperability Rule doesn't talk about users authenticating that are anything other than the patient (or at least, there aren't any walk throughs such as sequence diagrams that speak to users accessing other user's data).
Is "a user might be a clinician or parent, sharing access scoped to a child's clinical record" about the capabilities of SMART [on FHIR] in general, or applicable to the CMS Rule (that you know of)?
If it applies to the CMS Rule then I'm very keen to follow guidance on how it should be implemented.
Thanks in advance!
Merlyn
Josh Mandel (May 28 2021 at 23:10):
CMS Interoperability Rule doesn't talk about users authenticating that are anything other than the patient
In general, patient have the right to delegate access to designated representatives. I'm not sure whether/how CMS plans to test this.
Josh Mandel (May 28 2021 at 23:10):
Is "a user might be a clinician or parent, sharing access scoped to a child's clinical record" about the capabilities of SMART [on FHIR] in general, or applicable to the CMS Rule (that you know of)?
The point about a clinician end-user is a general consideration, not related to patient access APIs.
Merlyn Albery-Speyer (May 28 2021 at 23:19):
Thanks, Josh. Super useful clarifications. Much appreciated!
Last updated: Apr 12 2022 at 19:14 UTC
