International Patient Access
0.1.0 - STU 1 ballot

This page is part of the International Patient Access (v0.1.0: STU 1 Ballot 1) based on FHIR R4. . For a full list of available versions, see the Directory of published versions

Gaining Access to a patient record

An application gets access to a patient record using the SMART App Launch Protocol, using the stand alone launch sequence.

Client Process

A client application gets access a patient record by following this general sequence of steps:

  • Identifying the appropriate end point [URL] at which the International Patient Access API is found.
    • Note that this specification does not specify how the end-point might be found; different countries will have different arrangements around this
  • Fetch the system capability statement from [url]/metadata and check that it implements the IPA API:

    "instantiates" : ["http://hl7.org/fhir/uv/ipa/CapabilityStatement/ipa"]

  • Fetch the end-point configuration from [url]/.well-known/smart-configuration.json

  • Registering itself as a client application with the end-point.
    • This may require a manual step on the part of the user or the developer, or the end-point may support automatic registration (see OAuth 2.0 Dynamic Client Registration Protocol).
    • if the application supports automatic registration, the end-point will be specified in the [url]/.well-known/smart-configuration.json
    • note that most healthcare systems exercise control over which clients can access healthcare records, and automatic registration is not supported
  • Follow the Smart App Launch Protocol using the authorization endpoint from the smart-configuration.json file

  • At the end of the Smart App Launch Protocol, the application will have a token that provides access to a single patient record. Now, use that to retrieve patient information

Scopes

Scopes work as described in the SMART on FHIR specification, but note that many servers limit a client to the scopes approved on its registration, and/or ignore the requested scopes at the initiation of the stand-alone launch.

Server Obligations

Servers that are conformant to the International Patient Access API conform to the following rules:

  • The server hosts a capability statement at [url]/metadata that is available to both authenticated and unauthenticated clients, and that declares that IPA is supported using CapabilityStatement.imports, as shown in the following fragment:

    "instantiates" : ["http://hl7.org/fhir/uv/ipa/CapabilityStatement/ipa"]

  • The server hosts a smart-configuration file at [url]/.well-known/smart-configuration.json that is available to both authenticated and unauthenticated clients.
  • The server conforms to the SMART App Launch specification, and checks that the authenticated user of the application has access.
  • If the client requests access to a patient record, the server checks that the authenticated user of the application has access to the specified record.
  • If the user is authorized to access multiple patient records, the server typically requires that the user choose a single patient record to which the application has access.
  • The client SHALL request the launch/patient scope and the server SHALL return a Patient FHIR resource identifier as the patient SMART launch context parameter.
  • The server enforces patient privacy and consent.

Note that both the CapabilityStatement and the smart configuration file may be different for authenticated and unauthenticated clients.