CH EPR FHIR (R4)
5.0.0-ballot-ci-build - ci-build Switzerland flag

CH EPR FHIR (R4), published by eHealth Suisse. This guide is not an authorized publication; it is the continuous build for version 5.0.0-ballot-ci-build built by the FHIR (HL7® FHIR® Standard) CI Build. This version is based on the current content of https://github.com/ehealthsuisse/ch-epr-fhir/ and changes regularly. See the Directory of published versions

Mobile Privacy Policy Retrieve [PPQ-5]

Scope

This transaction is used by the Policy Consumer to retrieve policy sets. The only HTTP method which SHALL be supported is GET.

HTTP Method GET

Interaction Diagram for [PPQ-5]Policy ConsumerPolicy RepositoryQuery by Patient IDHTTPGET[baseUrl]/Consent?patient:identifier=urn:oid:2.16.756.5.30.1.127.3.10.3|[epr-spid]HTTP responsePayload: Bundle / OperationOutcomeQuery by Policy Set IDHTTPGET[baseUrl]/Consent?identifier=[uuid]HTTP responsePayload: Bundle / OperationOutcome
Figure 6: PPQ-5: HTTP Method GET

Trigger Events

The Policy Consumer sends this message to retrieve existing policy sets from the Policy Repository.

Request Message

The request body SHALL be empty.

The request SHALL be sent:

  • For querying by patient ID — to [baseUrl]/Consent?patient:identifier=urn:oid:2.16.756.5.30.1.127.3.10.3|[epr-spid].
  • For querying by policy set ID — to [baseUrl]/Consent?identifier=[uuid].

Expected Actions

Upon receiving the HTTP GET request, the Policy Repository SHALL create a PPQ-5 response according to the transaction outcome.

Response Message

The PPQ-5 response SHALL be created according to the section 3.1.0.9 of the FHIR R4 specification. If the response body is a Bundle, then it SHALL comply to the PpqmRetrieveResponseBundle profile.

Security Considerations

TLS SHALL be used. For user authentication and authorization, the IUA profile with extended access token SHALL be used as described in the Amendment mHealth of Annex 5, Section 3.2. Consequently, the Mobile Privacy Policy Retrieve [PPQ-5] transaction SHALL be combined with the Incorporate Access Token [ITI-72] transaction of the IUA profile.

The actors SHALL support the traceparent header handling, as defined in Appendix: Trace Context.

The Policy Consumer shall record a CH Audit Event for [PPQ-5] Policy Consumer.

The Policy Repository shall record a CH Audit Event for [PPQ-5] Policy Repository.