search

IHE / ITI.PCF

The Privacy Consent on FHIR (PCF) Profile provides support for patient privacy consents and access control where a FHIR API is used to access Document Sharing Health Information Exchanges. This profile includes both Consent profiling and access controls profiling of oAuth access token.
Creative Commons Attribution 4.0 International
2 stars 2 forks source link

[Bug]: Consent Registry does not make audit decisions and so cannot record the Consent Authorication Decision Audit Message #27

Closed slagesse-epic closed 1 year ago

slagesse-epic commented 1 year ago

Contact Details

slagesse@epic.com

Section Number

1:53.3.1

What is wrong

This section requires the Consent Registry to record the Consent Authorization Decision Audit Message, but the Consent Registry simply stores the Consent Resources, it does not make decisions.

Describe the solution you'd like

No response

Relevant log output

No response

Priority

{"Low"=>"Typo or other minor classification that an editor can manage. Requires no group discussion."}

Code of Conduct

JohnMoehrke commented 1 year ago

agreed. Will fix. That AuditEvent would be for the Consent Authorization Server.