CH EPR FHIR (R4)
5.0.0-ballot-ci-build - ci-build
CH EPR FHIR (R4), published by eHealth Suisse. This guide is not an authorized publication; it is the continuous build for version 5.0.0-ballot-ci-build built by the FHIR (HL7® FHIR® Standard) CI Build. This version is based on the current content of https://github.com/ehealthsuisse/ch-epr-fhir/ and changes regularly. See the Directory of published versions
This transaction is used by the Policy Source to add, update, or delete single privacy policies. Correspondingly, the
following HTTP methods SHALL be supported: POST
, PUT
, and DELETE
.
The Policy Source uses HTTP method POST
to submit a single new privacy policy to the Policy Repository.
The request body SHALL represent a single Consent resource compliant to the PpqmConsent profile.
The request SHALL be sent to [baseUrl]/Consent
.
Upon receiving the HTTP POST request, the Policy Repository SHALL:
The PPQ-3 response SHALL be created according to the section 3.1.0.8 of the FHIR R4 specification.
The Policy Source uses HTTP method PUT
to submit a new or update an existing single privacy policy.
The request body SHALL represent a single Consent resource compliant to the PpqmConsent profile.
The request SHALL be sent to [baseUrl]/Consent?identifier=[uuid]
.
The Policy Repository SHALL implement the Conditional Update pattern described in section 3.1.0.4.3 of the FHIR R4 specification.
Upon receiving the HTTP PUT request, the Policy Repository SHALL:
The PPQ-3 response SHALL be created according to the section 3.1.0.4 of the FHIR R4 specification.
The Policy Source uses HTTP method DELETE
to delete a single existing privacy policy from the Policy Repository.
The request body SHALL be empty.
The request SHALL be sent to [baseUrl]/Consent?identifier=[uuid]
.
The Policy Repository SHALL implement the Conditional Delete pattern described in section 3.1.0.7.1 of the FHIR R4 specification.
Upon receiving the HTTP DELETE request, the Policy Repository SHALL:
The PPQ-3 response SHALL be created according to the section 3.1.0.7 of the FHIR R4 specification.
The transaction SHALL be secured by Transport Layer Security (TLS) encryption and server authentication with server certificates.
The transaction SHALL use client authentication and authorization using one of the following strategies:
The Policy Repository actor shall be grouped with CH:ADR, i.e. the Policy Repository shall use the CH:ADR Authorization Decision Request transaction to authorize the transaction and enforce the authorization decision retrieved from CH:ADR Authorization Decision Response.
The actors SHALL support the traceparent header handling, as defined in Appendix: Trace Context.
The Policy Source and Policy Repository SHALL record the right audit event for the operations: