It has been brought to our attention that health systems that utilize Oracle Health for patient access have been contacting consumer application vendors requesting that the application restrict access to patient information. The data that is available to patients is fundamentally a responsibility of the EHR and not the consuming applications. Many of the requests are rooted in a misunderstanding of what patients are entitled to, the difference between Oracle Health patient portal access compared to FHIR access, and inadequate guidance on what options are available to restrict data.
To address this discrepancy, we have updated our guidance for Oracle Health clients and consolidated instruction on what clients are able to configure. The guidance will vary by client type. The updated guidance can be found here: https://wiki.cerner.com/x/nLkHXg. This requires an Oracle login to view.
As developers in the community, we also need your help. If and when a client requests such customizations, they should be directed to the published guidance or this post.
Example Messaging:
Thank you for reaching out. The data available to patients within our application is based on what is being provided via patient access FHIR APIs from the EHR. Any data restrictions needs to be configured in the EHR. Oracle Health has provided guidance on patient data access available here: https://wiki.cerner.com/x/nLkHXg. Additional questions should be directed to your Oracle support representative.
Andrew Fagan (Oracle Health FHIR Team)