Developers of patient-facing applications,
Cerner is enabling a series of TLS and DNS checks [1] on applications to provide trustworthy information to patients so they can make an informed decision about which parties they wish to share their health information with and to further secure the Cerner Ignite APIs by making it more difficult for bad actors to impersonate your applications.
As part of securing Cerner Ignite APIs, we have outlined a series application best practices [1] that enable Cerner to provide more detailed information about your applications to patients or authorized representatives. The goal of these best practices is to encourage the use of existing internet security features and standards.
These checks will be run as part of the patient facing authorization workflow [2] when your application requests and/or refreshes access tokens. You can review the user experience by manually walking through the patient authorization workflow for your application.
This functionality will be "previewed" beginning 4/29/22 in Cerner’s SMART on FHIR sandbox [3] with an anticipated production date of June 1st. Dates are subject to change and will be followed up with an announcement when the features are released more broadly.
ACTION ITEMS:
- Review the documentation [1].
- Test your patient facing applications to review the user experience by manually walking through the patient authorization flow.
- Make updates as needed to allow Cerner to provide the best description of your application to end users.
[1]
https://fhir.cerner.com/authorization/application-registration-prerequisites/[2]
https://fhir.cerner.com/authorization/[3]
https://fhir.cerner.com/millennium/r4/#secure-sandboxShould you need assistance please reach out through the Cerner FHIR Developers Group.