apiVersion: naftiko.dev/v1
kind: WorkflowCapability
metadata:
  name: patient-access
  provider: penn-medicine
  description: SMART-on-FHIR workflow that lets a Penn Medicine patient authorize a third-party app to download their full clinical and claims history from UPHS, in line with CMS-9115-F Patient Access requirements.
spec:
  trigger:
    type: oauth2
    authorizationUrl: https://ssproxy.pennhealth.com/PRD-FHIR/oauth2/authorize
    tokenUrl: https://ssproxy.pennhealth.com/PRD-FHIR/oauth2/token
    scopes:
      - launch/patient
      - patient/Patient.read
      - patient/AllergyIntolerance.read
      - patient/Condition.read
      - patient/Observation.read
      - patient/MedicationRequest.read
      - patient/Immunization.read
      - patient/Procedure.read
      - patient/Encounter.read
      - patient/DiagnosticReport.read
      - patient/DocumentReference.read
      - patient/Coverage.read
      - patient/ExplanationOfBenefit.read
      - patient/Claim.read
      - offline_access
  steps:
    - id: read-patient-demographics
      capability: penn.patient.read
    - id: pull-allergies
      capability: penn.allergy.search
    - id: pull-conditions
      capability: penn.condition.search
    - id: pull-observations
      capability: penn.observation.search
    - id: pull-medications
      capability: penn.medication.search
    - id: pull-immunizations
      capability: penn.immunization.search
    - id: pull-procedures
      capability: penn.procedure.search
    - id: pull-encounters
      capability: penn.encounter.search
    - id: pull-diagnostic-reports
      capability: penn.report.search
    - id: pull-documents
      capability: penn.document.search
    - id: pull-coverage
      capability: penn.coverage.search
    - id: pull-eob
      capability: penn.eob.search