CH EPR FHIR (R4)
4.0.1-ballot-2 - ballot
CH EPR FHIR (R4)
4.0.1-ballot-2 - ballot
CH EPR FHIR (R4), published by eHealth Suisse. This guide is not an authorized publication; it is the continuous build for version 4.0.1-ballot-2 built by the FHIR (HL7® FHIR® Standard) CI Build. This version is based on the current content of https://github.com/ehealthsuisse/ch-epr-fhir/ and changes regularly. See the Directory of published versions
This transaction is used by the Policy Source to add, update, or delete a set of privacy policies. The only HTTP
method which SHALL be supported is POST.
The Policy Source uses HTTP method POST to perform an operation on a set of privacy policies in the Policy Repository,
as an ACID transaction.
The request body SHALL represent a single Bundle resource compliant to the PpqmFeedRequestBundle profile.
The request SHALL be sent to [baseUrl].
Upon receiving the HTTP POST request, the Policy Repository SHALL:
entry.request.method on the embedded or
referenced PpqmConsent resource:
The PPQ-4 response SHALL be created according to the section 3.1.0.11 of the FHIR R4 specification.
TLS SHALL be used. For user authentication and authorization, the IUA profile with extended access token SHALL be used as described in the Amendment mHealth of Annex 5, Section 3.2. Consequently, the Mobile Privacy Policy Bundle Feed [PPQ-4] transaction SHALL be combined with Incorporate Access Token [ITI-72] transaction of the IUA profile.
The actors SHALL support the traceparent header handling, as defined in Appendix: Trace Context.
The Policy Source and Policy Repository SHALL record the right [PPQ-3] audit event for each operation in the transaction:
All audit events may be sent to the Audit Record Repository in a single Bundle (ITI-20 Send Audit Bundle Request). Example of such a Bundle.