An app with both provider-initiated access token and a system token for offline access?

[Sheldon]

I am working on a Smart on Fhir app that users (providers) initiate from PowerChart to create patient records in our system during patient visits, then users conduct some testing, but the test result may take a day or two to be posted back to Cerner as a PDF or image using DocumentReference API.

The first part of the workflow of creating a patient record is done using provider-initiated OAuth, but the last part of the workflow of posting result back seems to require a system token. Is that the correct interpretation? If the app needs to be registered as a System App, does it also support user-initiated OAuth?

Thanks!

[Sheldon]

I'd really like someone at Cerner to shed light on my use case. After reading a lot of group messages and developer documents I am still very baffled.

Based on some messages in the group offline access in provider app is not supported (e.g. https://groups.google.com/forum/#!searchin/cerner-fhir-developers/provider$20app$20offline_access%7Csort:date/cerner-fhir-developers/B3ZiXVhMrK8/Kq0DE1WSBAAJ), which precludes my app from using a refresh_token to get an offline_access token. But if I use a system app, I lose context about provider who initiated the workflow. Is there a way to support my use case? It seems that it should be a common situation where patients get selected by providers to do some test and the test results get updated a few days later.

Thanks.

[Benjamin Eichhorn (Cerner)]

Apologies for the delayed response Sheldon,

As you read correctly, we do not currently support offline_access for provider workflows. 

In terms of what you should use, what is the workflow of your app? Based upon your original message, would the users not come back to review the results of the test conducted after they have completed, could they not review those results within the app itself to "finalize" or sign off on them (which could then have to POST the document)?

Thanks,

Ben (Cerner)

[Sheldon]

Hi Ben, there are two sets of result for each vision test, the first set happens immediately after the test, which could be ~15 minutes after the user "orders" the test using the SMART app from the patient chart (which synchs the patient info to the app). This result may already exceed the online_access accessToken lifetime (which I read somewhere is 9.5 min). The result is available in the SMART app which the user can view immediately. However we would like to sync it into patient chart as a PDF to be available to all providers in the same office so they can reference later without accessing our SMART app. There may be a 2nd set of result which happens about a business day later when our in-house clinical team review the vision tests. In some cases the reviewer may change the result reading, which is updated in SMART app immediately but needs to be sync'ed to EHR again. There is no user sign-off in either results, especially the 2nd one because it is initiated from our in-house team.

What I am trying to reconcile is how to accommodate the Provider initiated "order" with result being posted back to EHR after user is offline.

Thanks!

Sheldon

[Jenni Syed (Cerner)]

Hi Sheldon,

With online_access, the application can (and should) refresh the token using the refresh token supplied during the authorization request. That refresh token is good while the provider is online/logged in. Each token itself is much more short lived. This is documented here: https://fhir.cerner.com/authorization/#utilizing-refresh-tokens

You can use system access when there is no user responsible/producing that result at all, nor approving the accuracy of that before writing it into the system as clinical data. You would still need to ensure the write functionality is available in our FHIR server today for whatever data is needing to be written back.

Regards,

Jenni