Open dougkavanagh opened 3 weeks ago
@dougkavanagh Thanks for your feedback! We will investigate and update as appropriate.
@dougkavanagh Thank you for bringing this to our attention. I've delegated this to content author @namalu, who will review it and offer their insightful opinions.
@namalu Could you please review add comments on this, update as appropriate.
Reading the article I can follow how the fhirUser grants permission for patients to access their own record. However, what happens when the fhirUser is a Practitioner? Is this use case supported? If so, is there documentation on how the access policies work? For example, Google has documentation for the consent and access rules that grant a Practitioner access to a patient compartment.
It would also help to have more clarity on when the user's access token should be used vs. the "on behalf of" access token flow vs. backend credentials, particularly in the context of application architecture design. I have seen general documentation in learn.microsoft on these flows, but the context for healthcare apps is quite different, especially when facoring in the fhirUser claim.
Thanks
Document Details
⚠ Do not edit this section. It is required for learn.microsoft.com ➟ GitHub issue linking.