Subscribers and dependants
Minimum bar: support
patient/ scopes (e.g.,
and authorize the app for each patient record. So here at authz time,
scope=launch/patient patient/ExplanationOfBenefit.read patient/Coverage.read ...
Beyond the minumum, a server can support user-level scopes ("do you want to share all the records you have access to with the following app"...)