FHIR Chat · docs / Issue #324 May 2018 Ballot Comment 118

Stream: cds hooks/github

Topic: docs / Issue #324 May 2018 Ballot Comment 118

Github Notifications (May 16 2018 at 23:02):

cds-hooks-bot opened Issue #324

## May 2018 Ballot Comment 118

Submitted by @kensaku-kawamoto on behalf of @euvitudo from University of Utah

Chapter: Trusting CDS Services
Section: https://cds-hooks.org/specification/1.0/
Type: A-Q :question:
In Person Requested? No

Existing Wording:

The EHR’s authorization server is responsible for enforcing restrictions on the CDS Services that may be called and the scope of the FHIR resources that may be prefetched or retrieved from the FHIR server. Therefore, all CDS Services to be called from within an EHR system MUST BE pre-registered with the authorization server of that EHR. Pre-registration MUST include registering a CDS client identifier, and agreeing upon the scope of FHIR access that is minimally necessary to provide the clinical decision support required.

Comment:
How is this different from the SMART approach?

_This issue was imported by @cds-hooks-bot from the consolidated CDS Hooks May 2018 ballot spreadsheet._

Github Notifications (May 16 2018 at 23:02):

cds-hooks-bot milestoned Issue #324

Github Notifications (May 16 2018 at 23:02):

cds-hooks-bot labeled Issue #324

Github Notifications (May 16 2018 at 23:02):

cds-hooks-bot edited Issue #324

## May 2018 Ballot Comment 118

Submitted by @kensaku-kawamoto on behalf of @euvitudo from University of Utah

Chapter: Trusting CDS Services
Section: https://cds-hooks.org/specification/1.0/
Type: A-Q :question:
In Person Requested? No

Existing Wording:

The EHR’s authorization server is responsible for enforcing restrictions on the CDS Services that may be called and the scope of the FHIR resources that may be prefetched or retrieved from the FHIR server. Therefore, all CDS Services to be called from within an EHR system MUST BE pre-registered with the authorization server of that EHR. Pre-registration MUST include registering a CDS client identifier, and agreeing upon the scope of FHIR access that is minimally necessary to provide the clinical decision support required.

Comment:
How is this different from the SMART approach?

_This issue was imported by @cds-hooks-bot from the consolidated CDS Hooks May 2018 ballot spreadsheet._

Github Notifications (May 18 2018 at 09:25):

cds-hooks-bot commented on Issue #324

Proposed Disposition: Considered - question answered
Proposed Disposition Comment:
Both SMART and CDS Services make the details of the OAuth 2 registration out of scope of the specification. However, both SMART and CDS Services require that their respective clients (SMART app, CDS Service) are registered with the EHR's Authorization Server in order to access the FHIR server via an OAuth 2 access token.

Github Notifications (May 18 2018 at 09:47):

cds-hooks-bot labeled Issue #324

Github Notifications (May 30 2018 at 22:24):

cds-hooks-bot commented on Issue #324

## :telephone_receiver: CDS Working Group Block Vote (5-30-2018)

Meeting notes: http://wiki.hl7.org/index.php?title=File:2018-05-30_CDS_WG_Call_Minutes.docx

Julia Skapik moved the following disposition, seconded by @brynrhodes.

Disposition: Considered - question answered
Disposition Comment:
Both SMART and CDS Services make the details of the OAuth 2 registration out of scope of the specification. However, both SMART and CDS Services require that their respective clients (SMART app, CDS Service) are registered with the EHR's Authorization Server in order to access the FHIR server via an OAuth 2 access token.

:+1: For: 12
:expressionless: Abstain: 0
:-1: Against: 0

:tada: The motion passed! :tada: