Skip to content

Instantly share code, notes, and snippets.

@jmandel

jmandel/CARIN Call Notes.md

Created October 15, 2020 18:02
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save jmandel/3a62967d6057a8e708f77e450bacc149 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save jmandel/3a62967d6057a8e708f77e450bacc149 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
CARIN Call Notes.md

Subscribers and dependants

Minimum bar: support patient/ scopes (e.g., patient/ExplanationOfBenefit.read), and authorize the app for each patient record. So here at authz time, e.g., scope=launch/patient patient/ExplanationOfBenefit.read patient/Coverage.read ... e.g., scope=launch/patient patient/*.read

Beyond the minumum, a server can support user-level scopes ("do you want to share all the records you have access to with the following app"...) e.g., scope=user/ExplanationOfBenefit.read user/Coverage.read ...

Required granularity for approvals?

Spec / Standards / Regulation level: FHIR Resource Types. (e.g., Patient, Coverage, ExplanationOfBenefit).

Any specific authorization server: Can provide finer-grained controls; this doesn't need to be standardized, but e.g., if the app asks for patient/ExplanationOfBenefit.read an authorization server might present the user with a list of choices.

Payor questions

Plan: support patient standalone launch

  • patient/*.read as the "only supported scope" in v1 (may add type-specific support later)
  • launch/patient as a required
  • openid fhirUser to allow the app to discover info about the authenticated user
  • Not supporting EHR launch (or context for EHR launch)
  • Not supporting Encounters
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment