HSWT
(Have Stethoscope Will Travel)
(Have Stethoscope Will Travel)
This is a single string (with multiple components) that is passed as part of the authorization scheme. It provides the access requirements (what kinds of access the app is requesting).
Clinical data - if included, always either a patient scope (for patient facing apps) or user scopes (for provider facing apps)
('patient' || 'user') + '/' + ( specific fhir-resource || '*') + '.' + ('read' || 'write' || '*')
Mix and match!
patient/*.read (allows reading all available data about a patient)
patient/Observation.* (allows reading & writing Observations)
user/*.* (allows full access, reading and writing, for all resources)
user/Appointment.read (allow clinician to view all appointments)
user
Contextual data
launch - that's the only scope for context, but it's used differently
EHR context
'launch' is included in the scope
launch=abc123 (launch parameter passed by EHR to app at launch, in first example under A)
Standalone launch
doesn't pass launch parameter, only passes 'launch' as part of scope
EHR can add scopes, but two defined at HL7
launch/patient Need patient context at launch (Patient resource)
launch/encounter Need encounter context at launch (Encounter resource)
Identity data
-patient/*.read : can read any resource for the current patient.
-user/*.* : car read and write all resources that the current user can access
-openid fhirUser (or openid profile) : can retrieve info about current user
-launch : can obtain launch context if launched from EHR
-launch/patient : when launching outside the EHR, ask for a patient to be selected at launch time
-offline_access : request a refresh_token, this can be used to obtain a new access token to replace an expired one, even after the end-user no longer is online after the access token expires
-online_access : request a refresh_token that can be used to obtain a new access token to replace an expired one, and that will be usable for as long as the end-user remains online