4.0.0-ci-build - DSTU3 Switzerland flag

CH EPR FHIR (R4), published by eHealth Suisse. This guide is not an authorized publication; it is the continuous build for version 4.0.0-ci-build built by the FHIR (HL7® FHIR® Standard) CI Build. This version is based on the current content of and changes regularly. See the Directory of published versions

Mobile Privacy Policy Bundle Feed [PPQ-4]


This transaction is used by the Policy Source to add, update, or delete a set of privacy policies. The only HTTP method which SHALL be supported is POST.


Interaction Diagram for [PPQ-4]Policy SourcePolicy RepositoryHTTPPOST[baseUrl]Payload: Bundle of type "transaction"HTTP responsePayload: Bundle of type "transaction-outcome" / OperationOutcome
Figure 5: PPQ-4: HTTP Method POST

Trigger Event

The Policy Source uses HTTP method POST to perform an operation on a set of privacy policies in the Policy Repository, as an ACID transaction.

Request Message

The request body SHALL represent a single Bundle resource compliant to the PpqmFeedRequestBundle profile.

The request SHALL be sent to [baseUrl].

Expected Actions

Upon receiving the HTTP POST request, the Policy Repository SHALL:

  • Validate the Bundle resource contained in the request body.
  • On each request entry, perform the operation specified the attribute entry.request.method on the embedded or referenced PpqmConsent resource:
    • “POST” — add policy set.
    • “PUT” — update policy set if it is already present, otherwise add it.
    • “DELETE” — delete policy set.
  • Create a PPQ 4 response according to the transaction outcome.

Response Message

The PPQ 4 response SHALL be created according to the section of the FHIR R4 specification.

Security Considerations

TLS SHALL be used. For user authentication and authorization, the IUA profile with extended access token SHALL be used as described in the Amendment mHealth of Annex 5, Section 3.2. Consequently, the Mobile Privacy Policy Bundle Feed [PPQ 4] transaction SHALL be combined with Incorporate Access Token [ITI-72] transaction of the IUA profile.

The involved actors SHALL record audit events. The Policy Source SHALL use the ATNA FHIR Feed option thereby, the Policy Repository SHALL use either the ATNA FHIR Feed option or the ATNA TLS Syslog option.

The audit records correspond to the ones of PPQ 1, with the following adaptations:

  • EventTypeCode SHALL be set to EV("PPQ-4", "e-health-suisse", "Mobile Privacy Policy Bundle Feed").
  • The Destination User ID SHALL be the FHIR endpoint URI of the Policy Repository.