Standalone Provider and System apps?

[Gerald Lewis]

I'm having trouble parsing the verbiage from the tutorial's "Standalone App Launch for Patient Access Workflow" section:

"SMART supports EHR launch and standalone launch. However, Cerner currently only supports standalone launch for patient access workflow." (emphasis mine)

Does this mean that Provider and System apps cannot be standalone, or does it mean that Patient apps can only be standalone?

Also, I'm still digging into the documentation, but I'm not sure of the difference between Provider and System apps is; if someone could clarify that as well, it'd be appreciated!

Thanks,

Gerald

[Benjamin Eichhorn (Cerner)]

Hi Gerald,

The verbiage there specifically means that patient access apps can only be standalone launches. 

A provider app is access on behalf of a user (user being a practitioner), you can read more about this at https://fhir.cerner.com/authorization/#requesting-authorization-on-behalf-of-a-user. This is also what a patient app is, where the user is a patient or authorized proxy.

A system app is access on behalf of a system (no user involved), you can read more about this at https://fhir.cerner.com/authorization/#requesting-authorization-on-behalf-of-a-system

When accessing on behalf of a provider, we take on the responsibility for enforcing restrictions, privileges, and privacy for that provider/patient combination. We also audit access as required for HIPAA and CEHRT when the provider accesses a patient's record (among other considerations). For system access, the other system will take on this responsibility for any clinical data that is accessed downstream.

Thanks,

Ben (Cerner)

[Gerald Lewis]

Very helpful -- thank you!

[Jenni Syed (Cerner)]

Gerald,

I'm also submitting a pull request to get the verbiage in the tutorial cleaned up. It is misleading - what it is attempting to state is that we only support the special "launch/patient" scope for patient access applications - which requests that a patient get selected during authorization. If you have a standalone provider application (not launched from the EHR), you can't currently request that scope. That means that a standalone practitioner application would need to provide a patient search (using FHIR Patient resource) to find a patient, and would only be able to use the user/* scopes (eg: user/Observation.read and not patient/Observation.read) during authorization if it is not launched from within the EHR.

~ Jenni

[BistroElectro Co]

I just wanted to throw in there that I've been facing the same confusion (especially since I tried a standalone / provider and it worked to my confoundment).   This cleared it up a lot thanks.

-Justin Grunewald