CH EPR FHIR (R4)
5.0.0-ballot-ci-build - ci-build
CH EPR FHIR (R4)
5.0.0-ballot-ci-build - ci-build
CH EPR FHIR (R4), published by eHealth Suisse. This guide is not an authorized publication; it is the continuous build for version 5.0.0-ballot-ci-build built by the FHIR (HL7® FHIR® Standard) CI Build. This version is based on the current content of https://github.com/ehealthsuisse/ch-epr-fhir/ and changes regularly. See the Directory of published versions
The Retrieve ATNA Audit Event [ITI-81] transaction is defined in IHE ITI TF-2 and the IHE ITI Supplement Add RESTful Query to ATNA. The following rules shall be applied for the CH:ATC profile.
The Retrieve ATNA Audit Event message shall be a HTTP GET request sent to the Patient Audit Record Repository. This message is a FHIR search (see http://hl7.org/fhir/R4/search.html) on AuditEvent Resources (see http://hl7.org/fhir/R4/auditevent.html). This "search" target is formatted as:
<scheme>://<authority>/<path>/AuditEvent?date=ge[start-time]&date=le[stop-time]&<query>
where:
<scheme> shall be https.
<query> shall include the entity.identifier as defined in Additional ATNA Search Parameters and may include additional ATNA Search parameters. If entity.identifier is not included an HTTP response code 400 - Bad Request shall be returned.
The Patient Audit Consumer shall not use the following parameters in a query parameters: address, patient.identifier, source, type, outcome. The Patient Audit Consumer may use other parameters as listed in Retrieve Audit Event [ITI-81].
entity.identifier is a parameter of token type. This parameter specifies unique identifier for the object. The parameter value should be identified in accordance to the entity type;
For example:
https://example.com/ARRservice/AuditEvent?date=ge2020-03-22&date=le2025-03-22&entity.identifier=urn:oid:2.16.756.5.30.1.127.3.10.3|5678
The Audit Record Repository shall match this parameter with the AuditEvent.entity.what.identifier field that is of type identifier (ParticipantObjectID in DICOM schema).
For the CH:ATC profile the entity.identifier has to be the EPR-SPID:
entity.identifier=urn:oid:2.16.756.5.30.1.127.3.10.3|<<<value EPR-SPID>>>
The returned AuditEvent FHIR resources in the Bundle shall conform the CH:ATC AuditEvent profile, see Volume 3 - Content Profiles.
The transaction is used to exchange sensitive information and requires authentication and authorization. This profile allows two authentication mechanisms; The Patient Audit Record Repository shall support both options, the Patient Audit Consumer shall select one option.
Access control shall be implemented by grouping the CH:ATC Audit Consumer and Audit Record Repository with the Authorization Client and Resource Server from the IUA trial implementation profile using the SAML Token option (see IHE ITI Supplement IUA , chapter 3.72.4.3.2). As defined therein, the CH:ATC Audit Consumer and Audit Record Repository shall implement the Incorporate Authorization Token [ITI-72] transaction to convey the XUA token.
The actors shall implement the Incorporate Authorization Token [ITI-72] transaction with SAML token option, using the base64url encoded SAML assertion defined in XUA to the authorization header of the HTTP1.1 GET request with key "Bearer" as follows:
GET /example/url/to/resource/location HTTP/1.1
Authorization: Bearer fFBGRNJru1FQd[…omitted for brevity…]44AzqT3Zg
Host: examplehost.com
The CH:ATC Patient Audit Record Repository shall be grouped with CH:ADR, i.e. the CH:ATC Patient Audit Record Repository shall use the CH:ADR Authorization Decision Request transaction to authorize the transaction and enforce the authorization decision retrieved from CH:ADR Authorization Decision Response.
An audit event as specified in Access Audit Trail Content Profile shall be returned by a query to Patient Audit Record Repository after the Patient Audit Record Repository has been queried by a Patient Audit Consumer.