Observation Labs by eventset

[Kitty Winter]

Is there a way to get all the lab results under certain eventSet in the eventSet hierarchy?

[Jenni Syed (Cerner)]

Hi Kitty,

There's not really a concept of event set hierarchy in FHIR. However, the category concepts in DSTU 2 are currently (maybe not for future versions) mapped to event sets. This mapping is limited, and wouldn't include a category for every level of the hierarchy, since in reality the way these are built at sites often do not meet the rules for category in FHIR around being a true logical hierarchy.

Regards,

Jenni

[Kitty Winter]

Hi Jenni,

Thank you for the information. Could you tell me if it's possible for system to request patient viewable Observations if not by the eventset?

[Jenni Syed (Cerner)]

Hi Kitty,

For patient access to their data through the API, an app would use the OAuth on behalf of a user (user being the patient) [1]. This takes any security and privacy considerations into account (for example, if the patient is a minor but a parent is signed in), as well as auditing and tracking access to the API for the Promoting Interoperability numerator (previously Meaningful Use 3).

[1] https://fhir.cerner.com/authorization/#requesting-authorization-on-behalf-of-a-user

Regards,

~ Jenni

[Kitty Winter]

The information on that page says:

"your client application must make an authorization request through a user agent on the user’s device."

Is it possible for us to add additional layer, system/backend to proxy the request from client's device? or the request must be called from the device (mobile app or web browser) directly?

[Jenni Syed (Cerner)]

The authorization request for OAuth 2 (that gets credentials from the patient and asks them for authorization to access their data) has to be done in a browser. It will redirect back to any URL you need, and the rest of the authorization can be done from a server side (as can the FHIR calls). This is often done in OAuth 2 for confidential client workflows.

~ Jenni