CH EPR FHIR (R4), published by eHealth Suisse. This guide is not an authorized publication; it is the continuous build for version 5.0.0-ballot-ci-build built by the FHIR (HL7® FHIR® Standard) CI Build. This version is based on the current content of https://github.com/ehealthsuisse/ch-epr-fhir/ and changes regularly. See the Directory of published versions
Home
Official URL: http://fhir.ch/ig/ch-epr-fhir/ImplementationGuide/ch.fhir.ig.ch-epr-fhir
The national extensions documented in this implementation guide shall be used in conjunction with the definitions of integration
profiles, actors and transactions provided in Volumes 1 through 3 of the IHE IT Infrastructure Technical Framework.
This implementation guide with national extensions of IHE integration profiles was authored in order to fulfil the Swiss
regulations of the Ordinance on the Electronic Patient Record (EPRO, SR 816.11). The EPRO and the
EPRO-DFI are published in Official Compilation of Federal Legislation (AS) (available in German, French
and Italian).
Download: You can download this implementation guide in NPM format from here.
Overview
Introduction
This national extension is motivated by the intention to provide FHIR based profiles for the Swiss EPR by extending the IHE FHIR based mobile profiles. The IHE FHIR based mobile profiles use technologies (REST, OAuth, etc.) which are widely spread in the developer community and may be used for Web Applications, for example in web based primary systems or portals.
This national extension strictly separates the authentication and authorization of the applications use to access the EPR on behalf of the user and the authentication and authorization of the user itself. By using this separation this national extension closely follows the underlying IUA Trial Implementation and OAuth 2.1:
Client authentication - an application identifies and authenticates to an authorization server.
Client authorization - an application is authorized by the user or system policy to access data and documents on behalf of the user.
User authentication - a natural person identifies and authenticates using an Identity Provider with the authenticators registered for the natural person.
User authorization - provision of an access token which includes the information required to perform authorization decisions and policy enforcement.
The scope of this extension covers the following use cases:
Client authentication and authorization;
User authentication and authorization;
Read data and documents from the EPR;
Write data and documents to the EPR;
Write logs to the EPR ATNA Audit Record Repository.
Read audit trails for a patient according the EPR requirements.
This extension covers two options:
Generic EPR API option – This option addresses primary systems or portals using the basic EPR flows replacing the XDS.b related and PIX/PDQ V3 profiles with the FHIR based profiles;
SMART on FHIR – This option addresses modular portals or primary systems that want to connect to the Swiss EPR using SMART on FHIR.
Profiles, actors and transactions
The following figure shows the profiles, actors and transactions specified or referenced in this national extension:
Conformance Expectations
The key words MUST, MUST NOT, REQUIRED, SHALL, SHALL NOT, SHOULD, SHOULD NOT,
RECOMMENDED, MAY, and OPTIONAL in this document are to be interpreted as described in
[RFC2119].
This implementation guide uses Must Support in StructureDefinitions with the definition found in Appendix Z. This is equivalent to the IHE use of R2 as defined in Appendix Z.
Scope of precisions
The extensions, restrictions and translations specified apply to the following IHE IT Infrastructure (ITI) Integration profiles:
The Swiss EPR is a federated system with multiple communities publishing documents for a patient. A patient has a reference community but documents can be published for a patient in other communities too. Each patient has one active national identifier (EPR-SPID) which shall be used to correlate the patient between the different communities. This impacts the FHIR API in the following way:
logical reference for patients and health care professionals, contained resources
No addressable patient resources: All references to patients are made by the identifier EPR-SPID since there is no national master patient which could be referenced. This is the reason that IHE PIXm and PDQm with the $match transaction have been selected and not IHE MHDS/PMIR. Systems are not allowed to store the EPR-SPID, and need to feed their local identifier (localID) and EPR-SPID to the community to resolve the localID to the EPR-SPID later on. Therefore FHIR APIs require the support of the patient logical identifier as a query parameter (e.g. MHD, CH:PPQm) and the resources are profiled that a logical reference with the EPR-SPID identifier have to be provided.
The same principle applies for health care professionals, they are identified by the GLN number and references to them need to include also the the logical reference from other resources (e.g. DocumentReference).
Information which has to be provided and has no own identity in the Swiss EPR (e.g. as local patient demographics in document publishing) are represented as contained resources.
authentication and authorization
Annex 8 allows two different standards for user authentication with SAML 2.0 and OpenID Connect (JWT).
For Authorization IUA and XUA are supported. In addition client identification in IUA identifies the client application by message signature
or identifies the client application network node by mTLS.
This implementation guide defines how they can be combined with the security considerations on the different transactions.
interoperability specification
This Implementation Guide profiles elements, cardinalities and bindings that are required by the use cases, law and annexes of the Swiss EPR, to ensure that the systems are interoperable. The specification defines the requirements on the API and exchange messages required by law. Other elements, cardinalities and bindings are left as-is. E.g., a solution can add additional support with search parameters (which the FHIR specifications allows) or add additional transactions/profiles, as long as the law and annexes of the Swiss EPR are respected.
IP Statements
This document is licensed under Creative Commons "No Rights Reserved" (CC0).
HL7®, HEALTH LEVEL SEVEN®, FHIR® and the FHIR ® are trademarks owned by Health Level Seven International, registered with the United States Patent and Trademark Office.
This implementation guide contains and references intellectual property owned by third parties ("Third Party IP"). Acceptance of these License Terms does not grant any rights with respect to Third Party IP. The licensee alone is responsible for identifying and obtaining any necessary licenses or authorizations to utilize Third Party IP in connection with the specification or otherwise.
This publication includes IP covered under the following statements.
These codes are excerpted from ISO Standard, TS 21089-2017 - Health Informatics - Trusted End-to-End Information Flows, Copyright by ISO International. Copies of this standard are available through the ISO Web Site at www.iso.org.
This artefact includes content from SNOMED Clinical Terms® (SNOMED CT®) which is copyright of the International Health Terminology Standards Development Organisation (IHTSDO). Implementers of these artefacts must have the appropriate SNOMED CT Affiliate license - for more information contact http://www.snomed.org/snomed-ct/getsnomed-ct or info@snomed.org.
This material contains content that is copyright of SNOMED International. Implementers of these specifications must have the appropriate SNOMED CT Affiliate license - for more information contact https://www.snomed.org/get-snomed or info@snomed.org.
This IG defines the global extensions - the ones defined for everyone. These extensions are always in scope wherever FHIR is being used (built Mon, Feb 10, 2025 21:45+1100+11:00)
Package hl7.fhir.uv.extensions.r4#5.1.0
This IG defines the global extensions - the ones defined for everyone. These extensions are always in scope wherever FHIR is being used (built Sat, Apr 27, 2024 18:39+1000+10:00)
Package ihe.formatcode.fhir#1.3.0
Implementation Guide for IHE defined FormatCode vocabulary. (built Fri, May 17, 2024 12:02-0500-05:00)
Package ch.fhir.ig.ch-term#3.1.1-ci-build
Implementation Guide for Swiss Terminology (built Wed, Mar 26, 2025 13:09+0000+00:00)
This IG defines the global extensions - the ones defined for everyone. These extensions are always in scope wherever FHIR is being used (built Sun, Mar 26, 2023 08:46+1100+11:00)
Package ihe.iti.pixm#3.0.4
ImplementationGuide for IHE IT Infrastructure Technical Framework Supplement Patient Identifier Cross-referencing for mobile (PIXm) (built Thu, Feb 22, 2024 13:07-0600-06:00)
Package ihe.iti.pdqm#3.1.0
The Patient Demographics Query for Mobile (PDQm) Profile defines a lightweight RESTful interface to a patient demographics supplier leveraging technologies readily available to mobile applications and lightweight browser based applications. (built Mon, Dec 2, 2024 14:41-0600-06:00)
Package ihe.iti.mhd#4.2.2
ImplementationGuide for IHE IT Infrastructure Technical Framework Supplement Mobile access to Health Documents (MHD) (built Sat, May 18, 2024 12:30-0500-05:00)
Package ihe.iti.mcsd#4.0.0-comment
The IHE Mobile Care Services Discovery (mCSD) IG provides a transaction for mobile and lightweight browser-based applications to find and update care services resources. (built Wed, Mar 12, 2025 10:57-0500-05:00)
Package ihe.iti.balp#1.1.3
The Basic Audit Log Patterns (BALP) Implementation Guide is a Content Profile that defines some basic and reusable AuditEvent patterns. This includes basic audit log profiles for FHIR RESTful operations to be used when there is not a more specific audit event defined. A focus is enabling Privacy centric AuditEvent logs that hold well formed indication of the Patient when they are the subject of the activity being recorded in the log. Where a more specific audit event can be defined it should be derived off of these basic patterns. (built Wed, Feb 14, 2024 15:23-0600-06:00)