Non-patient File Sharing (NPFS)
2.2.1-current - ci-build
Non-patient File Sharing (NPFS), published by IHE IT Infrastructure Technical Committee. This guide is not an authorized publication; it is the continuous build for version 2.2.1-current built by the FHIR (HL7® FHIR® Standard) CI Build. This version is based on the current content of https://github.com/IHE/ITI.NPFS/ and changes regularly. See the Directory of published versions
This section corresponds to transaction [ITI-109] of the IHE Technical Framework. Transaction [ITI-109] is used by the File Consumer and File Manager.
The Retrieve File [ITI-109] transaction is used by the File Consumer to retrieve a File from the File Manager.
Actor: | File Consumer |
Role: | Requests a File from the File Manager |
Actor: | File Manager |
Role: | Serves the File to the File Consumer |
FHIR-R4 HL7 FHIR Release 4.0
Figure 2:3.109.4-1: Retrieve File Interactions
This message is an HTTP GET request to retrieve the File.
The File Consumer wants to obtain a File.
The File Consumer sends a HTTP GET request to the server. The File Consumer request may be to retrieve the File content referenced by a DocumentReference.content.attachment.url.
The File Consumer may provide HTTP Accept header, according to the semantics of the HTTP protocols (see RFC2616, Section 14.1). This enables the File Consumer to indicate preferred mime-types such that the File Manager could provide the File requested in an encoding other than the encoding indicated in the DocumentReference. For example, indicating application/fhir+json
could result in the response from the File Manager being a json FHIR Bundle of type File
with all the content encoded as FHIR resources.
The only MIME type assured to be returned is the MIME type indicated in the DocumentReference.content.attachment.contentType.
The HTTP If-Unmodified-Since header shall not be included in the GET request.
The File Manager shall provide the File in the requested MIME type or reply with an HTTP status code indicating the error condition. The File Manager is not required to transform the File.
This is the return message sent by the File Manager.
The HTTP Response message is sent upon completion of the Retrieve File Request.
This message shall be an HTTP Response, as specified by RFC2616. When the requested File is returned, the File Manager shall respond with HTTP Status Code 200. The HTTP message-body shall be the content of the requested File.
Table 2:3.109.4.2.2-1 contains error situations and the HTTP Response.
Table 2:3.109.4.2.2-1: HTTP Error Response Codes and Suggested Text
Situation | HTTP Response |
---|---|
URI not known | 404 File Not Found |
File is Deprecated or not available | 410 Gone (or 404 when 410 is unacceptable due to security/privacy policy) |
File Manager unable to format File in content types listed the ‘Accept’ field | 406 Not Acceptable |
HTTP request specified is otherwise not a legal value | 403 Forbidden/Request Type Not Supported |
The File Manager may return other HTTP Status Codes. Guidance on handling Access Denied related to use of 200, 403 and 404 can be found in ITI TF-2: Appendix Z.7.
The File Manager should complement the returned error code with a human readable description of the error condition.
The File Consumer processes the results according to application-defined rules.
The .hash and .size, when populated, represent the content in the MIME type indicated in the DocumentReference.content.attachment.contentType.
File Managers implementing this transaction shall provide a CapabilityStatement Resource as described in ITI TF-2: Appendix Z.3 indicating the transaction has been implemented.
See NPFS Security Considerations.
The files are not Patient specific, but they may have other needs for security controls, such as business knowledge restrictions. Thus, the use of Security may be applicable. Actors involved in this transaction should be aware that even if the Resources exchanged do not contain PHI or other private information, retrieving those Resources could compromise patient care or have other legal ramifications. For general security considerations, see ITI TF-2: Appendix Z.8 (currently in the Appendix Z on HL7 FHIR Trial Implementation Supplement).
The File Consumer when grouped with ATNA Secure Node or Secure Application Actor shall be able to record a Retrieve File Consumer Audit Event Log.
The File Manager when grouped with ATNA Secure Node or Secure Application Actor shall be able to record a Retrieve File Manager Audit Event Log.