Thanks for the thorough explanation of this subject. Documentation about proxy users has been difficult to track down. I do have an additional question about proxy users and how they related to subscriptions, however. From the IE Security Guide you quoted above: [emphasis added]
Information Exchange also supports the notion of a proxy user, an individual who is authorized to log in in place of one or more clinicians and who enjoys the same clinician/patient relationships as the clinician. Frequently, this would be an assistant to a clinician logging into Information Exchange in order to pull down a patient record at the clinician’s request.
Should a clinician's proxy inherit a relationship-based subscription to which the clinician has subscribed? We've seen some inconsistent behavior around proxies and subscriptions, and I'm not sure what the expected behavior actually should be.
For example, in our test environment, it appears that simply making User B a proxy for User A will not include User B in notifications from A's relationship-based subscription, even though B is supposed to assume the relationships of A. Additionally, if we use User B's email in place of A's (for cases where the clinician does not wish to receive the notifications), User B receives an error after following the link and logging in because they are not authorized to view the document. This seems to contradict the statement in the Security Guide which states that proxies are authorized to log in on behalf of a clinician. Is this expected behavior?