search

cds-hooks / docs

CDS Hooks website & specification
http://cds-hooks.org
Apache License 2.0
166 stars 61 forks source link

May 2018 Ballot Comment 60 #266

Closed cds-hooks-bot closed 5 years ago

cds-hooks-bot commented 6 years ago

May 2018 Ballot Comment 60

Submitted by @bvdh from Philips Healthcare

Chapter: CDS Services Section: Security and Safety Type: NEG :exclamation: In Person Requested? Yes :bust_in_silhouette:

Comment: This section makes a security infrastructure mandatory. In the other parts of the specification this optional. I think it is not up to HL7 to require security as other deployments can also be supported. I recommend to specify the security similar as indicated in this section, and labeling each section as a SHOULD requirement.

Triage Information

Triage Notes: Reviewed with Bas

Proposed Disposition: Persuasive with Mod Proposed Disposition Comment: This line:

"Therefore, all CDS Services to be called from within an EHR system MUST BE pre-registered with the authorization server of that EHR"

We need to clarify that this is only the case if the fhirAuthorization object is present in the request. CDS Services that do not call the FHIR server do not need to be pre-registered with the AS.

This issue was imported by @cds-hooks-bot from the consolidated CDS Hooks May 2018 ballot spreadsheet.

cds-hooks-bot commented 6 years ago

Proposed Disposition: Persuasive with Mod Proposed Disposition Comment: This line:

"Therefore, all CDS Services to be called from within an EHR system MUST BE pre-registered with the authorization server of that EHR"

We need to clarify that this is only the case if the fhirAuthorization object is present in the request. CDS Services that do not call the FHIR server do not need to be pre-registered with the AS.

cds-hooks-bot commented 6 years ago

:telephone_receiver: CDS Working Group Block Vote (5-30-2018)

Meeting notes: http://wiki.hl7.org/index.php?title=File:2018-05-30_CDS_WG_Call_Minutes.docx

Julia Skapik moved the following disposition, seconded by @brynrhodes.

Disposition: Persuasive with Mod Disposition Comment: This line:

"Therefore, all CDS Services to be called from within an EHR system MUST BE pre-registered with the authorization server of that EHR"

We need to clarify that this is only the case if the fhirAuthorization object is present in the request. CDS Services that do not call the FHIR server do not need to be pre-registered with the AS.

:+1: For: 12 :expressionless: Abstain: 0 :-1: Against: 0

:tada: The motion passed! :tada: