Implementation Guidance > Consumer Responsibilities
The information which adopters receive when querying PCR is considered Personal Information (PI) and Personal Health Information (PHI). As a result, access to the health patient information must be restricted to only appropriately authorized users and used on a need-to-know basis as specified in data-sharing agreements and corresponding legislation.
To support privacy inquiries into the disclosure of patient PHI, user name or ID mnemonic SHALL be included in the PCR query message to identify the user who initiated the query when that query was initiated by an actual user (as opposed to when performed by a system with no PHI disclosure to an individual user).
For PCR FHIR, the consumer shall satisfy this requirement through implementation of OAuth2 token defined in the request message header. Refer to the Connectivity section for further details.
The consumer shall implement request messages that are well-formed and conform to this specification.
Powered by SIMPLIFIER.NET