Identifying the calling organization?

177 views
Skip to first unread message

Farhan Ahmad

unread,
Jan 2, 2017, 8:24:06 PM1/2/17
to Cerner FHIR Developers
Hi,

What is the suggested method for identifying the organization that the user might be using a FHIR app from?  I looked at Person.managingOrganization, Patient.managingOrganization and Patient.contact, but none of these are populated for the test patients.  Or, are we supposed to create a mapping based on what seems to be a UUID in the AccessToken.tenant?

Thanks!

Farhan Ahmad
CTO & Chief of Staff, HealthDecision

Jenni Syed

unread,
Jan 3, 2017, 1:50:46 PM1/3/17
to Cerner FHIR Developers
Hi Farhan,

When you state "organization" the references above make me think you're referring to the FHIR Organization. However, this is likely *not* the same thing as the business that purchased or who is launching the application.

Are you trying to infer where the app is running? IE: from what facility or doctors office? That may be more complicated, as some apps run off of iPads and other personal devices.

Even using the "managingOrganization" on the patient may not be getting what you expect - it can vary by patient, and may not be the same as the organization that the app is running at.

If you can describe what exactly the app needs (running, owning, launching), we may be able to determine if that's a concept represented in SMART or FHIR.

~ Jenni

Farhan Ahmad

unread,
Jan 4, 2017, 4:06:30 PM1/4/17
to Cerner FHIR Developers
Thanks for the response, Jenni.  The goal is to find the business (i.e. the healthcare system) that licensed our product.

- Farhan

Jenni Syed

unread,
Jan 5, 2017, 10:47:57 AM1/5/17
to Cerner FHIR Developers
The closest you'll get to that is likely the tenant in the SMART response. We allow or disallow applications access at that level.

~ Jenni

Farhan Ahmad

unread,
Jan 5, 2017, 10:55:45 AM1/5/17
to Cerner FHIR Developers
I did notice the tenant at one point.  Is that a unique identifier per healthcare system that Cerner has licensed?  Can we get any more details about it, or will that be a number that we will have to map internally?

Thanks,
Farhan

Jenni Syed

unread,
Jan 5, 2017, 11:13:48 AM1/5/17
to Cerner FHIR Developers
It's a unique identifier that you would need to map internally, at least currently. It may not be equivalent to healthcare system (because of mergers and other business adjustments) - you may want to allow more than one tenant per "healthcare system" because of these types of situations.

The OAuth setup itself (client id, redirect) wouldn't need to change per tenant since that approval and onboarding is done centrally for our server. Your application would need to be granted access to each tenant separately (essentially whitelisted) - though the system that licenses your application would let us know where to whitelist it if they had several tenants they were going to bring live on the application at the same time. 

~ Jenni

Farhan Ahmad

unread,
Jan 5, 2017, 7:29:34 PM1/5/17
to Cerner FHIR Developers
Sounds good.  Thanks for all the info!

- Farhan
Reply all
Reply to author
Forward
0 new messages