FHIR Chat · 'SHOULD be omitted' · smart/health-cards

Stream: smart/health-cards

Topic: 'SHOULD be omitted'

view this post on Zulip Michele Mottini (May 26 2021 at 15:58):

In the resource profiles some elements are marked as 'SHOULD be omitted' (eg Patient.address.city) whereas other are are actually removed with max cardinality = 0 (eg Patient.address.text) - why the two different approaches?

view this post on Zulip Paul Denning (May 26 2021 at 19:07):

It may be "SHOULD be omitted" in the Allowable Data profile because US Core and IPS Patient profiles have .address as 0..1 and MUST SUPPORT, but for the SHC QR code, the Data Minimization profile is used which sets it to 0..0. The case you mentioned, address.city, the invariant name suggests that the reason to not include it is for privacy, but maybe there are legal reasons to include it.
https://github.com/dvci/vaccine-credential-ig/issues/88 has some discussion. @Max Masnick ?

view this post on Zulip Max Masnick (May 26 2021 at 19:11):

Because SMART Health Cards can't be modified after they are issued, it's important to not put information into them that a Holder might not want to give to a Verifier (and isn't necessary for verification purposes).

Exact address is disallowed (0..0 cardinality) because of this -- there are circumstances where a Holder may need to show their SHC but not want to provide their precise street address.

Other elements like address.city are not as sensitive, but do still present a level of privacy risk and take up space in our limited payload size. This is where the SHOULD NOT populate conformance criteria come from. We're trying to strike a balance between privacy vs. being overly constraining.

view this post on Zulip Michele Mottini (May 26 2021 at 20:23):

OK, got it, thanks Max

view this post on Zulip Josh Mandel (May 27 2021 at 03:26):

We generally want/expect issuers to follow the data minimizing profiles; I still worry that the message may be confusing here.

view this post on Zulip Max Masnick (Jun 01 2021 at 20:58):

Agreed -- we're working on improving documentation now that the IG content is pretty much solidifed. If you have suggestions on how we can address this specifically we'd love to hear them :)

view this post on Zulip Josh Mandel (Jun 01 2021 at 21:00):

I'd consider making the "DM" profiles the main / easiest ones to find. And more or less "hiding" the others behind a "I need more for my use case" link of some kind.

Last updated: Apr 12 2022 at 19:14 UTC


An HL7 Website -