It's also important to note that the system app type is not widely available yet in prod as mentioned in our
overview and authorization
registration pages.
In addition to the basic authorization differences of who is authorizing the app and the app is acting on behalf of (and that a system app is not embedded within the workflow/chart), there are other concerns an application may need to take on when using system access. For example, when an application is acting on behalf of a user (embedded or not within the chart), all of the auditing and sensitive data restrictions for that user are enforced and recorded.
When acting on behalf of a system, we still do auditing that an application accessed data, but once it's into the other system, it is up to that system to audit who has accessed the patient data as well as enforce any sensitive data or privilege restrictions on that data.
~ Jenni