search

IHE / ITI.PCF

The Privacy Consent on FHIR (PCF) Profile provides support for patient privacy consents and access control where a FHIR API is used to access Document Sharing Health Information Exchanges. This profile includes both Consent profiling and access controls profiling of oAuth access token.
Creative Commons Attribution 4.0 International
2 stars 2 forks source link

[Bug]: Unclear How To Implement Break-Glass Policy #7

Closed slagesse-epic closed 1 year ago

slagesse-epic commented 1 year ago

Contact Details

slagesse@epic.com

Section Number

53.2.1 Implicit Option

What is wrong

The Implicit Option states that compliant systems must support the https://profiles.ihe.net/ITI/PCF/Policy-break-glass-only policy. However, the IG does not describe how break-glass would be implemented. Thus, it is unclear what a Consent Enforcer would need to do to comply with this requirement.

Describe the solution you'd like

Remove the requirement to support break-glass or specify what it means to support break-glass.

Relevant log output

No response

Priority

{"High"=>"Important issue where there is major issue to be resolved. Requires discussion and debate."}

Code of Conduct

JohnMoehrke commented 1 year ago

open issue. ask if it is useful to keep the PCF break-glass given that there is no clear way for break-glass to be declared or to learn that break-glass would be useful to a given user that is authorized to declare break-glass.

JohnMoehrke commented 1 year ago

made open issue PCF_20 (Issue #20)