Hi,
Can you confirm how we can get Health records of any customer without verifying OTP everytime.
If a user has created HID first time and next time again he goes to PHR app, how will he get his medical records. Will he has to verify the OTP every time he wants to see the records?
It will be very irritating for the user to verify OTP everytime to see the records.
Hey @prasadsatyam,
Once data fetched will remain there for some time and linking again and again won’t be neccessary.
Thanks
Thanks @Shubhanshu_Shukla for your quick response. However, I need some more clarifications:
1. You mention that once data is fetched it will remain there for some time. If the user logs into the PHR app and try to fetch a record, say from one hospital he needs to verify OTP. However, if the same user tries to fetch record after a certain period of time from some other hospital or for some other dates, is he going to authenticate again using OTP?
What is that time threshold? Also I believe there would be a way to extend that threshold, so that a user doesn’t get interrupted within a long session. How?
2. Now, how does the above scenario works across sessions?
E.g. In a PHR app, user is registered has already validated with an OTP with the ABDM. He should be able to do multiple requests across sessions without any authentication again and again. Else it is adding a friction for the user. Any way for the PHR app to establish that trust and do so on user’s behalf?
From safety point of view transactions like sharing a record etc anyway have a PIN based mechanism. Also there could be ways of putting a lock (biometric or patter or PIN etc) to prevent unauthorized viewing at the app level.