search

IHE / ITI.PCF

The Privacy Consent on FHIR (PCF) Profile provides support for patient privacy consents and access control where a FHIR API is used to access Document Sharing Health Information Exchanges. This profile includes both Consent profiling and access controls profiling of oAuth access token.
Creative Commons Attribution 4.0 International
2 stars 2 forks source link

[Bug]: Failure To Retrieve Consent Should Not Default To Implicit Policy #12

Closed slagesse-epic closed 1 year ago

slagesse-epic commented 1 year ago

Contact Details

slagesse@epic.com

Section Number

53.4.2.3.2 Consent Access Control Process Flow

What is wrong

Diagram step 5 states:

"The Consent Authorization Server receives the available consents. –> Note that failure to get a consent means that the default Implicit policy that is active is enforced."

The behavior when the consent authorization server fails to retrieve the available consents will be dependent on trust domain policy. A reasonable policy might be that the overarching implicit policy is permit, but in the event that patient consent cannot be determined the transaction should fail.

Describe the solution you'd like

Define this as a failure mode dependent on trust domain policy.

Relevant log output

No response

Priority

{"Medium"=>"Significant issue or clarification. Requires discussion, but should not lead to long debate."}

Code of Conduct

JohnMoehrke commented 1 year ago

clarify that this failure to retrieve is not a technical-failure, but a positive indication that there is no consent on file.

JohnMoehrke commented 1 year ago

add to security considerations that handling technical failures (failure-modes) should be guided by policy. For example under treatment purposes technical failures tend to fail-open, where under non-treatment purposes tend to fail closed.