CH EPR FHIR (R4)
4.0.1-ballot-2 - ballot Switzerland flag

CH EPR FHIR (R4), published by eHealth Suisse. This guide is not an authorized publication; it is the continuous build for version 4.0.1-ballot-2 built by the FHIR (HL7® FHIR® Standard) CI Build. This version is based on the current content of https://github.com/ehealthsuisse/ch-epr-fhir/ and changes regularly. See the Directory of published versions

Sequence Diagrams

Sample sequence diagrams to illustrate the usage of the generic EPR API and SMART on FHIR options for reading documents as a patient or healthcare professional:

Patient access from a portal

Patient PortalCommunity ComponentsIdPPatientPatientApp GUIApp GUIDocument Consumer(MHD)Document Consumer(MHD)Patient IdentifierCross-referenceConsumerPatient IdentifierCross-referenceConsumerAuthorization Client(IUA)Authorization Client(IUA)Patient IdentifierCross-referenceMangerPatient IdentifierCross-referenceMangerAuthorization Server(IUA)Authorization Server(IUA)Document Responder(MHD)Document Responder(MHD)UserAuthenticationProviderUserAuthenticationProvider[01]read doc[02]GET /.well-known/smart-configuration[03]Conformance statement incl. OAuth 2.1 endpoints[04]Get Access Token[05][ITI-71] Get Access Token Request[Basic access token][06]Authenticate User[07] [08]Authorize App Access[09][ITI-71] Get Access Token Response[Basic access token][10] [11]query MPI-PID and EPR-SPIDfrom MPI using localID and access token[12][ITI-83] Mobile Patient Identifier Cross-referenceQuery [local ID] together with access token[13][ITI-83] Mobile Patient Identifier Cross-referenceQuery Response [MPI-PID, EPR-SPID][14] [15]Get Access Token[16][ITI-71] Get Access Token[Extended access token][17][ITI-71] Get Access Token Response[Extended access token][18] [19]query documents[20]query documents [ITI-67][21] [22] [23]retrieve documents[24]retrieve document [ITI-68][25] [26] [27] 

User Access from an integrated Primary System to read documents

Healthcare Professional Portal or Primary SystemCommunity ComponentsIdPHealthcareProfessionalHealthcareProfessionalApp GUIApp GUIDocument Consumer(MHD)Document Consumer(MHD)Patient IdentifierCross-referenceConsumerPatient IdentifierCross-referenceConsumerAuthorization Client(IUA)Authorization Client(IUA)Patient IdentifierCross-referenceMangerPatient IdentifierCross-referenceMangerAuthorization Server(IUA)Authorization Server(IUA)Document Responder(MHD)Document Responder(MHD)UserAuthenticationProviderUserAuthenticationProvider[01]read doc[02]GET /.well-known/smart-configuration[03]Conformance statement incl. OAuth 2.1 endpoints[04]Get Access Token[05][ITI-71] Get Access Token Request[Basic access token][06]Authenticate User[07] [08]Authorize App Access[09][ITI-71] Get Access Token Response[Basic access token][10] [11]query MPI-PID and EPR-SPIDfrom MPI using localID and access token[12][ITI-83] Mobile Patient Identifier Cross-referenceQuery [local ID] together with access token[13][ITI-83] Mobile Patient Identifier Cross-referenceQuery Response [MPI-PID, EPR-SPID][14] [15]Get Access Token[16][ITI-71] Get Access Token[Extended access token][17][ITI-71] Get Access Token Response[Extended access token][18] [19]query documents[20]query documents [ITI-67][21] [22] [23]retrieve documents[24]retrieve document [ITI-68][25] [26] [27] 

User Access from an integrated Primary System to publish documents

Healthcare Professional Portal or Primary SystemCommunity ComponentsIdPHealthcareProfessionalHealthcareProfessionalApp GUIApp GUIDocument Source(MHD)Document Source(MHD)Patient IdentifierCross-referenceConsumerPatient IdentifierCross-referenceConsumerAuthorization Client(IUA)Authorization Client(IUA)Patient IdentifierCross-referenceMangerPatient IdentifierCross-referenceMangerAuthorization Server(IUA)Authorization Server(IUA)Document Recipient(MHD)Document Recipient(MHD)UserAuthenticationProviderUserAuthenticationProvider[01]write doc[02]GET /.well-known/smart-configuration[03]Conformance statement incl. OAuth 2.1 endpoints[04]Get Access Token[05][ITI-71] Get Access Token Request[Basic access token][06]Authenticate User[07] [08]Authorize App Access[09][ITI-71] Get Access Token Response[Basic access token][10] [11]query MPI-PID and EPR-SPIDfrom MPI using localID and access token[12][ITI-83] Mobile Patient Identifier Cross-referenceQuery [local ID] together with access token[13][ITI-83] Mobile Patient Identifier Cross-referenceQuery Response [MPI-PID, EPR-SPID][14] [15]Get Access Token[16][ITI-71] Get Access Token[Extended access token][17][ITI-71] Get Access Token Response[Extended access token][18] [19]publish documentloop[For the access decision enforcement, the EPR relies on the Confidentiality Code within the document metadata to be stored in the patient’s Health Record.A patient can set the default Confidentiality Codeand a document source needs to iterate over the different confidentiality code until successful][20]publish document [ITI-65][21] [22] [23] 

Writing documents from clinical archives

Clinical ArchiveCommunity ComponentsTechnical UserTechnical UserDocument Source(MHD)Document Source(MHD)Patient IdentifierCross-referenceConsumerPatient IdentifierCross-referenceConsumerAuthorization Client(IUA)Authorization Client(IUA)Patient IdentifierCross-referenceMangerPatient IdentifierCross-referenceMangerAuthorization Server(IUA)Authorization Server(IUA)Document Recipient(MHD)Document Recipient(MHD)[01]GET /.well-known/smart-configuration[02]Conformance statement incl. OAuth 2.1 endpoints[03]Get Access Token[04][ITI-71] Get Access Token RequestClient Credential Grant Type - [Basic access token][05][ITI-71] Get Access Token ResponseClient Credential Grant Type -[Basic access token][06] [07]query MPI-PID and EPR-SPIDfrom MPI using localID and access token[08][ITI-83] Mobile Patient Identifier Cross-referenceQuery [local ID] together with access token[09][ITI-83] Mobile Patient Identifier Cross-referenceQuery Response [MPI-PID, EPR-SPID][10] [11]Get Access Token[12][ITI-71] Get Access Token[Extended access token][13][ITI-71] Get Access Token Response[Extended access token][14] [15]publish documentloop[For the access decision enforcement, the EPR relies on the Confidentiality Code within the document metadata to be stored in the patient’s Health Record.A patient can set the default Confidentiality Codeand a document source needs to iterate over the different confidentiality code until successful][16]publish document [ITI-65][17] [18] 

Patient: get document – SMART on FHIR option (EHR Launch)

Patient PortalSMART on FHIR AppCommunity ComponentsIdPPatientPatientApp GUIIUA Authorization ClientApp GUIIUA Authorization ClientAuthorization Client(IUA)Authorization Client(IUA)Patient IdentifierCross-referenceConsumerPatient IdentifierCross-referenceConsumerApp GUIIUA Authorization ClientApp GUIIUA Authorization ClientDocument Consumer(MHD)Document Consumer(MHD)Authorization Server(IUA)Authorization Server(IUA)Patient IdentifierCross-referenceMangePatient IdentifierCross-referenceMangeDocument Responder(MHD)Document Responder(MHD)UserAuthenticationProviderUserAuthenticationProvider[01]read doc[02]GET /.well-known/smart-configuration[03]Conformance statement incl. OAuth 2.1 endpoints[04]Get Access Token[05][ITI-71] Get Access Token Request[Basic access token][06]Authenticate User[07] [08]Authorize App Access[09][ITI-71] Get Access Token Response[Basic access token][10] [11]query MPI-PID and EPR-SPIDfrom MPI using localID and access token[12][ITI-83] Mobile Patient Identifier Cross-referenceQuery [local ID] together with access token[13][ITI-83] Mobile Patient Identifier Cross-referenceQuery Response [MPI-PID, EPR-SPID][14] [15]launch app[16]GET /.well-known/smart-configuration[17]Conformance statementincl. OAuth 2.1 endpoints[18][ITI-71] Get Access Token[Extended access token][19][ITI-71] Get Access Token Response[Extended access token][20]query documents[21]query documents [ITI-67][22] [23] [24]retrieve document[25]retrieve document [ITI-68][26] [27] [28] [29] 

Healthcare professional: get document – SMART on FHIR option (EHR Launch)

Healthcare Professional Portal or Primary SystemSMART on FHIR AppCommunity ComponentsIdPHealthcareProfessionalHealthcareProfessionalApp GUIIUA Authorization ClientApp GUIIUA Authorization ClientAuthorization Client(IUA)Authorization Client(IUA)Patient IdentifierCross-referenceConsumerPatient IdentifierCross-referenceConsumerApp GUIIUA Authorization ClientApp GUIIUA Authorization ClientDocument Consumer(MHD)Document Consumer(MHD)Authorization Server(IUA)Authorization Server(IUA)Patient IdentifierCross-referenceMangePatient IdentifierCross-referenceMangeDocument Responder(MHD)Document Responder(MHD)UserAuthenticationProviderUserAuthenticationProvider[01]read doc[02]GET /.well-known/smart-configuration[03]Conformance statement incl. OAuth 2.1 endpoints[04]Get Access Token[05][ITI-71] Get Access Token Request[Basic access token][06]Authenticate User[07] [08]Authorize App Access[09][ITI-71] Get Access Token Response[Basic access token][10] [11]query MPI-PID and EPR-SPIDfrom MPI using localID and access token[12][ITI-83] Mobile Patient Identifier Cross-referenceQuery [local ID] together with access token[13][ITI-83] Mobile Patient Identifier Cross-referenceQuery Response [MPI-PID, EPR-SPID][14] [15]launch app[16]GET /.well-known/smart-configuration[17]Conformance statementincl. OAuth 2.1 endpoints[18][ITI-71] Get Access Token[Extended access token][19][ITI-71] Get Access Token Response[Extended access token][20]query documents[21]query documents [ITI-67][22] [23] [24]retrieve document[25]retrieve document [ITI-68][26] [27] [28] [29]