Return to January 2017 Proposals

US-Core Track

Coordinated with other related Connectathon tracks

• Medication Track

Submitting WG/Project/Implementer Group

DAF Profiles Project

...need to update rest...

Justification

API access to the 2015 CCDS is required for EHR certification.

US-Core Connectathon Priority Profiles: Allergies, Patient, CareTeam, Device, Observation-Vitalsigns

US-Core formalized conformance:

• Conformance requirements for the US Requestor actor (to be updated)
• Conformance requirements for the US Responder actor (to be updated)

Background on original Argonaut use cases:

US-Core Allergies, Patient

This is a continuation of the DAF connectathons in January 2015, May 2016, and September 2016.

US-Core CareTeam, Device, Observation-Vitalsigns

Extend DAF connectathon to include retrieval of CareTeam, Device, Vital Signs for both provider and patient access. This connectathon will review consistently of CareTeam implementation.

Proposed Track Lead

Coordinator: Nagesth Bahsyam (Dragon), Brett Marquard, Eric Haas

Track Lead: Nagesth Bahsyam (Dragon)

Expected participants

Please sign up!

If you're working on a server, please complete the "servers" tab of the Signup Spreadsheet **This time around you'll need to update the `status` flag to indicate whether you've begun work (or completed work), so clients will know when to start testing.** You'll also share details about how a developer can obtain OAuth client credentials (`client_id` for public apps, or a `client_id` and `client_secret` for confidential apps) as well as user login credentials. You might consider simply sharing a set of fixed credentials in this spreadsheet, or else directing users to a web page where they can complete self-service registration. If absolutely necessary, you can ask developers to e-mail you directly.

If you're working on a client, please complete the "clients" tab of the Sprint 4 Spreadsheet. You'll also need to update the `status` flag to indicate whether you've begun work (or completed work).

Roles

(reproduced from Argonaut Project implementation-program Resprint)

Server/EHR

If you're working on a server, please complete the "servers" tab of the Sprints Spreadsheet (see above). You'll need to update the status flag to indicate whether you've begun work (or completed work), so clients will know when to start testing. You'll also share details about how a developer can obtain OAuth client credentials (client_id for public apps, or a client_id and client_secret for confidential apps) as well as **user login credentials. The preferred approach is to direct users to a web page where they can complete self-service registration. (If absolutely necessary, you can ask developers to e-mail you directly.) Work on your OAuth implementation

The expectation is that servers will follow Argonaut’s best-practice approach by implementing the OAuth2-based SMART on FHIR authorization specification. To make this more approachable for new implementers, you can think about handling security in four parts:

1. open server. Before you get OAuth working, and even once you have an OAuth-secured server, it can be helpful to host sample data at a totally unprotected https endpoint. This facilitates testing, debugging, and exploration
2. Standalone launch. Following SMART’s “standalone launch” flow means that the user (patient, or clinician) can begin by launching an app, and from there can engage in a “connect to my EHR” workflow. This approach is suitable for MU3 patient API access.
3. EHR launch. Following SMART’s “EHR launch” flow means that the user (patient, or clinician) can begin from the EHR or potal, and launch an app from there, ensuring that the app learns the context about the surrounding EHR or portal environment. This approach is suitable for embedding apps in an EHR or portal.
4. Single Sign-on. Using the OAuth2-based OpenID Connect framework for single sign-on, your authorization server can “vouch for” a user’s identity. This helps ensure that users don’t need to create a new account, with new credentials, for every app they use. This approach to SSO can be used with either of SMART’s launch flows.

Client

If you're working on a client, please complete the "clients" tab of the Sprints Spreadsheet (see above) . You'll also need to update the status flag to indicate whether you've begun work (or completed work).

Scenarios

Dedicated Zulip chat stream for this Track.

5 Use cases:

1. Patient access to medications
2. Dispense medication from pharmacy
3. Create new outpatient prescription
4. Add new medication to patient medication list
5. Access to medication administration

1. Patient access to medications

Action: (Patient consumer) requests medications. This scenario is the same as the Argonaut use case Sprint 4. Refer to the Argonaut Medications IG for Success Criteria. (Note although this references DSTU2, our focus is on STU3.)

Preconditions:

1. Patient does exist on the server previously with medications.
2. Server Conforms to the US-Core CapabilityStatement-daf-query-responder for Medication, MedicationStatement, MedicationOrder, and Patient profiles

Success Criteria:Patient medication list returned.

Bonus point:The medication list includes both MedicationStatement and MedicationRequest

Questions for Discussion:(GitHub issues link)

2. Dispense medication from pharmacy

tbd

3. Create new outpatient prescription

tbd

4. Add new medication to patient medication list

tbd

5. Access to medication administration

tbd

TestScript(s)

tbd