Cross Border Data Exchange IG
1.0.0 - CI Build
Cross Border Data Exchange IG, published by IEHR-Workgroup. This guide is not an authorized publication; it is the continuous build for version 1.0.0 built by the FHIR (HL7® FHIR® Standard) CI Build. This version is based on the current content of https://github.com/InteropEHRate-project/cross-border-data-exchange/ and changes regularly. See the Directory of published versions
When resources are requested from a server, the response to the request is transmitted as a bundle. If resources of the types listed above are part of the response, and they have no parents in the bundle, the server must create a Provenance for each of these resources. Those Provenances must be added to the bundle and transmitted to the client as well. This step is mandatory and the server is not allowed to send any of these resources without a Provenance, except if their parent is sent as well and a Provenance for the parent has been added to the bundle.
This applies to the following resources, which must be signed though the Provenance.signature before they are transmitted:
The following sections describe the process of adding a Provenance for a resource.
The to-be-signed resource is extended with a ProvenanceExtension-IEHR that references the Provenance containing the signature for the resource (Provenance.signature). This Provenance must be part of the same bundle and must be referenced in this extension by its id (Provenance.id).
The provenance is represented as a Provenance-IEHR. There should be one Provenance-IEHR in the bundle for each signed resource that is part of the bundle. The following attributes of the Provenance-IEHR resource are used to represent the required information:
Find all examples of Provenance-IEHR here.
The signature itself is represented as a Provenance-Signature-IEHR. The following attributes of the Provenance-Signature-IEHR resource are used to represent the required information:
This section describes the procedure to sign a resource for transmission. The steps are repeated for each resource, that must be signed. It is assumed, that the resources are sent as a Bundle-IEHR and the Bundle is already set up, so that only the entries are missing.
Once all resources and their provenances were added to the bundle, it can be validated and sent.
When the client receives a bundle as an answer to the request, it has to verify those resources. For each parent resource in the bundle, that is of a type from the list above, the client has to find the corresponding Provenance in the bundle. If it can not find the Provenance for a resource or is unable to verify the resource with the signature provided by its Provenance, the client has to refuse the resource and all its children.