FHIR Chat · Inferno standalone requires launch-ehr · inferno

Stream: inferno

Topic: Inferno standalone requires launch-ehr

view this post on Zulip Jenni Syed (Feb 11 2021 at 16:09):

It looks like the standalone launch verification has this validation: SPA-OSD-06 A SMART on FHIR server SHALL convey its capabilities to app developers by listing a set of the capabilities. The following capabilities are required: launch-ehr, launch-standalone, client-public, client-confidential-symmetric, sso-openid-connect, context-banner, context-style, context-ehr-patient, context-standalone-patient, permission-offline, permission-patient, permission-user

http://hl7.org/fhir/smart-app-launch/conformance/index.html#core-capabilities

view this post on Zulip Jenni Syed (Feb 11 2021 at 16:12):

This was removed (along with context-ehr-patient) as a requirement for patient access: https://www.healthit.gov/test-method/standardized-api-patient-and-population-services#ccg

view this post on Zulip Jenni Syed (Feb 11 2021 at 16:13):

"Health IT Modules will only be tested for the "Patient Access for Standalone Apps" and "Clinician Access for EHR Launch" scenarios described in the standard adopted at § 170.215(a)(3)."

view this post on Zulip Jenni Syed (Feb 11 2021 at 16:13):

So clinical access/provider APIs have to support those but the patient apps do not

view this post on Zulip Robert Scanlon (Feb 11 2021 at 17:15):

This does look like an oversight in our test, because we should only check the capabilities that we know need to be supported at this particular endpoint given the scenario we have set up (stand alone patient app, confidential client, refresh token, openid, granted access to all USCDI data). We intentionally allow implementations to use a different fhir & authorization endpoint for the user/ehr launch, and if they do, they would advertise the user/ehr related capabilities at that endpoint instead.

view this post on Zulip Robert Scanlon (Feb 11 2021 at 17:16):

This was removed (along with context-ehr-patient) as a requirement for patient access:

What are you referring to with 'This'? A specific capability?

view this post on Zulip Robert Scanlon (Feb 11 2021 at 17:55):

I opened a ticket onc-healthit/inferno-program#233 that we'll use to track this as we update the test. Did I capture the full scope of your concern? Also, thanks for the pointing this out!

view this post on Zulip Jenni Syed (Feb 11 2021 at 20:13):

Yes, that matches with the concerns. The original regulation did imply that launch-ehr and context-ehr-patient was needed for both patient and provider (as well as all the standalone features for both). But they clarified that in the CCG I quoted above.

Last updated: Apr 12 2022 at 19:14 UTC


An HL7 Website -