-
Type:
Change Request
-
Resolution: Persuasive
-
Priority:
Medium
-
US Making EHR Data More available for Research and Public Health (MedMorph) (FHIR)
-
0.1.0
-
Public Health
-
Research Data Extraction
-
10.1
-
-
Kishore Bashyam / Craig Newman : 28 - 0 - 1
-
Correction
-
Compatible, substantive
The specification defines the following:
The EHR system SHALL support ```system/.read and patient/.read`` scopes to access data for multiple patients.
As this is using the SMART Bulk data standard the patient/.read scope is out of context. As specified in the the BULK data specification: http://hl7.org/fhir/uv/bulkdata/authorization/index.html#scopes
As the client authorization addressed by this specification involves no user or launch context, the existing SMART on FHIR scopes are not appropriate. Instead, clients SHALL use “system” scopes that parallel SMART “user” scopes. System scopes have the format system/(:resourceType|).(read|write|)– which conveys the same access scope as the matching user format user/(:resourceType|).(read|write|). However, system scopes are associated with permissions assigned to an authorized software client rather than to a human end-user.
the patient.read scope should be removed
- is voted on by
-
BALLOT-15059 Negative - Marc Hadley : 2021-Jan-FHIR IG MEDMORPH R1 STU
- Balloted
