Azure FHIR Service - Provider Directory Auth

Kyle Infante 0 Reputation points
2023-04-19T14:57:04.2933333+00:00

I am working on getting a Provider Directory FHIR Service up and running that must follow the rules by CMS and the Davinci PDEX Plannet implementation guide and I seem to have everything in place and I am able to search for data, BUT only after I authenticate and get my token. The issue is according to the CMS rules here, https://www.cms.gov/about-cms/obrhi/faqs#112 "The Provider Directory API must be publicly available and exclude the security protocols related to user authentication and authorization and any other protocols that restrict the availability of this information to particular persons or organizations (see 85 FR 25543)." Is there any way to configure my FHIR service to be publicly accessible without authenticating so any client can search and query our Provider Directory? I also need to change my FHIR service capabilities and narrow the functionality down to only a few resources, according to the DaVinci Implementation Guide I linked above. Any insight would be greatly appreciated! Thank You

Azure Health Data Services
Azure Health Data Services
An Azure offering that provides a suite of purpose-built technologies for protected health information in the cloud.
149 questions
{count} votes

1 answer

Sort by: Most helpful
  1. MuthuKumaranMurugaachari-MSFT 22,246 Reputation points
    2023-04-26T21:44:24.5566667+00:00

    Kyle Infante Thanks for posting your question in Microsoft Q&A. We have implementation guide for this scenario in doc: https://learn.microsoft.com/en-us/azure/healthcare-apis/fhir/centers-for-medicare-tutorial-introduction#provider-directory-api-implementation-guide and adding for your reference.

    To answer your questions, you can use API Gateway i.e., API Management service in front of FHIR service which acts as a facade to FHIR service. This would help in enabling publicly available API via Open API/Open Product and refer https://learn.microsoft.com/en-us/azure/api-management/api-management-subscriptions#how-api-management-handles-requests-with-or-without-subscription-keys. Also, this can enable to narrow down to only few resources.

    I hope this helps with your questions and let me know if you have any questions.

    0 comments No comments