CH EPR FHIR (R4)
5.0.0-ballot-ci-build - ci-build Switzerland flag

CH EPR FHIR (R4), published by eHealth Suisse. This guide is not an authorized publication; it is the continuous build for version 5.0.0-ballot-ci-build built by the FHIR (HL7® FHIR® Standard) CI Build. This version is based on the current content of https://github.com/ehealthsuisse/ch-epr-fhir/ and changes regularly. See the Directory of published versions

Sequence Diagrams

Sample sequence diagrams to illustrate the usage of the generic EPR API and SMART on FHIR options for reading documents as a patient or healthcare professional:

Patient access from a portal

Patient PortalCommunity ComponentsIdPApp GUIDocument ConsumerDocument ConsumerPatient IdentifierPatient IdentifierAuthorization ClientAuthorization ClientPatient IdentifierPatient IdentifierAuthorization ServerAuthorization ServerAuthorization ServerDocument ResponderDocument ResponderUser PatientApp GUIDocument ConsumerPatient IdentifierAuthorization ClientPatient IdentifierAuthorization ServerDocument ResponderUser PatientPatientApp GUIApp GUIDocument Consumer(MHD)Document Consumer(MHD)Patient IdentifierCross-referenceConsumerPatient IdentifierCross-referenceConsumerAuthorization Client(IUA)Authorization Client(IUA)Patient IdentifierCross-referenceMangerPatient IdentifierCross-referenceMangerAuthorization Server(IUA)Authorization Server(IUA)Document Responder(MHD)Document Responder(MHD)UserAuthenticationProviderUserAuthenticationProviderApp GUIDocument ConsumerDocument ConsumerPatient IdentifierPatient IdentifierAuthorization ClientAuthorization ClientPatient IdentifierPatient IdentifierAuthorization ServerAuthorization ServerAuthorization ServerDocument ResponderDocument ResponderUser [01]read doc[02]GET /.well-known/smart-configuration[03]Conformance statement incl. OAuth 2.1 endpointsalt[IUA JWT Token option][04]Get Access Token[05]CH:XUA Authenticate User[06] [07][ITI-71] Get Access Token Request[Basic access token][08]Authorize App Access[09][ITI-71] Get Access Token Response[Basic access token][10] [11]query EPR-SPIDfrom MPI using localID and access token[12][ITI-83] Mobile Patient Identifier Cross-referenceQuery [local ID] together with access token[13][ITI-83] Mobile Patient Identifier Cross-referenceQuery Response [EPR-SPID][14] [mTLS][15]query EPR-SPIDfrom MPI using localID and mTLS[16][ITI-83] Mobile Patient Identifier Cross-referenceQuery [local ID] together with access token[17][ITI-83] Mobile Patient Identifier Cross-referenceQuery Response [EPR-SPID][18] opt[IUA with JWT option][19]Get Access Token[20][ITI-71] Get Access Token[Extended access token][21][ITI-71] Get Access Token Response[Extended access token][22] [23]query documentswith extended access token[24]query documents [ITI-67] with extended access token[25] [26] [27]retrieve documentswith extended access token[28]retrieve document [ITI-68] with extended access token[29] [30] [31] 

User Access from an integrated Primary System to read documents

Healthcare Professional Portal or Primary SystemCommunity ComponentsIdPApp GUIDocument ConsumerDocument ConsumerPatient IdentifierPatient IdentifierAuthorization ClientAuthorization ClientPatient IdentifierPatient IdentifierAuthorization ServerAuthorization ServerAuthorization ServerDocument ResponderDocument ResponderUser Healthcare App GUIDocument ConsumerPatient IdentifierAuthorization ClientPatient IdentifierAuthorization ServerDocument ResponderUser HealthcareProfessionalHealthcareProfessionalApp GUIApp GUIDocument Consumer(MHD)Document Consumer(MHD)Patient IdentifierCross-referenceConsumerPatient IdentifierCross-referenceConsumerAuthorization Client(IUA)Authorization Client(IUA)Patient IdentifierCross-referenceMangerPatient IdentifierCross-referenceMangerAuthorization Server(IUA)Authorization Server(IUA)Document Responder(MHD)Document Responder(MHD)UserAuthenticationProviderUserAuthenticationProviderApp GUIDocument ConsumerDocument ConsumerPatient IdentifierPatient IdentifierAuthorization ClientAuthorization ClientPatient IdentifierPatient IdentifierAuthorization ServerAuthorization ServerAuthorization ServerDocument ResponderDocument ResponderUser [01]read doc[02]GET /.well-known/smart-configuration[03]Conformance statement incl. OAuth 2.1 endpointsalt[IUA JWT Token option][04]Get Access Token[05]CH:XUA Authenticate User[06] [07][ITI-71] Get Access Token Request[Basic access token][08]Authorize App Access[09][ITI-71] Get Access Token Response[Basic access token][10] [11]query EPR-SPIDfrom MPI using localID and access token[12][ITI-83] Mobile Patient Identifier Cross-referenceQuery [local ID] together with access token[13][ITI-83] Mobile Patient Identifier Cross-referenceQuery Response [EPR-SPID][14] [mTLS][15]query EPR-SPIDfrom MPI using localID and mTLS[16][ITI-83] Mobile Patient Identifier Cross-referenceQuery [local ID] together with access token[17][ITI-83] Mobile Patient Identifier Cross-referenceQuery Response [EPR-SPID][18] opt[IUA with JWT option][19]Get Access Token[20][ITI-71] Get Access Token[Extended access token][21][ITI-71] Get Access Token Response[Extended access token][22] [23]query documentswith extended access token[24]query documents [ITI-67] with extended access token[25] [26] [27]retrieve documentswith extended access token[28]retrieve document [ITI-68] with extended access token[29] [30] [31] 

User Access from an integrated Primary System to publish documents

Healthcare Professional Portal or Primary SystemCommunity ComponentsIdPApp GUIDocument SourcePatient IdentifierPatient IdentifierAuthorization ClientAuthorization ClientPatient IdentifierPatient IdentifierAuthorization ServerAuthorization ServerAuthorization ServerDocument RecipientUser Healthcare App GUIDocument SourcePatient IdentifierAuthorization ClientPatient IdentifierAuthorization ServerDocument RecipientUser HealthcareProfessionalHealthcareProfessionalApp GUIApp GUIDocument Source(MHD)Document Source(MHD)Patient IdentifierCross-referenceConsumerPatient IdentifierCross-referenceConsumerAuthorization Client(IUA)Authorization Client(IUA)Patient IdentifierCross-referenceMangerPatient IdentifierCross-referenceMangerAuthorization Server(IUA)Authorization Server(IUA)Document Recipient(MHD)Document Recipient(MHD)UserAuthenticationProviderUserAuthenticationProviderApp GUIDocument SourcePatient IdentifierPatient IdentifierAuthorization ClientAuthorization ClientPatient IdentifierPatient IdentifierAuthorization ServerAuthorization ServerAuthorization ServerDocument RecipientUser [01]write doc[02]GET /.well-known/smart-configuration[03]Conformance statement incl. OAuth 2.1 endpointsalt[IUA JWT Token option][04]Get Access Token[05]CH:XUA Authenticate User[06] [07][ITI-71] Get Access Token Request[Basic access token][08]Authorize App Access[09][ITI-71] Get Access Token Response[Basic access token][10] [11]query EPR-SPIDfrom MPI using localID and access token[12][ITI-83] Mobile Patient Identifier Cross-referenceQuery [local ID] together with access token[13][ITI-83] Mobile Patient Identifier Cross-referenceQuery Response [EPR-SPID][14] [mTLS][15]query EPR-SPIDfrom MPI using localID and mTLS[16][ITI-83] Mobile Patient Identifier Cross-referenceQuery [local ID] together with access token[17][ITI-83] Mobile Patient Identifier Cross-referenceQuery Response [EPR-SPID][18] opt[IUA with JWT option][19]Get Access Token[20][ITI-71] Get Access Token[Extended access token][21][ITI-71] Get Access Token Response[Extended access token][22] [23]publish documentwith extended access tokenloop[For the access decision enforcement, the EPR relies on the Confidentiality Code within the document metadata to be stored in the patient’s Health Record.A patient can set the default Confidentiality Code and a document source needs to iterate over the different confidentiality code until successful][24]publish document [ITI-65] with extended access token[25] [26] [27] 

Writing documents from clinical archives

Clinical ArchiveCommunity ComponentsTechnical UserDocument SourcePatient IdentifierAuthorization ClientAuthorization ClientPatient IdentifierAuthorization ServerAuthorization ServerAuthorization ServerDocument RecipientTechnical UserDocument SourcePatient IdentifierAuthorization ClientPatient IdentifierAuthorization ServerDocument RecipientTechnical UserTechnical UserDocument Source(MHD)Document Source(MHD)Patient IdentifierCross-referenceConsumerPatient IdentifierCross-referenceConsumerAuthorization Client(IUA)Authorization Client(IUA)Patient IdentifierCross-referenceMangerPatient IdentifierCross-referenceMangerAuthorization Server(IUA)Authorization Server(IUA)Document Recipient(MHD)Document Recipient(MHD)Technical UserDocument SourcePatient IdentifierAuthorization ClientAuthorization ClientPatient IdentifierAuthorization ServerAuthorization ServerAuthorization ServerDocument Recipient[01]GET /.well-known/smart-configuration[02]Conformance statement incl. OAuth 2.1 endpoints[03]Get Access Token[04][ITI-71] Get Access Token RequestClient Credential Grant Type - [Basic access token][05][ITI-71] Get Access Token ResponseClient Credential Grant Type -[Basic access token][06] [07]query EPR-SPIDfrom MPI using localID and access token[08][ITI-83] Mobile Patient Identifier Cross-referenceQuery [local ID] together with access token[09][ITI-83] Mobile Patient Identifier Cross-referenceQuery Response [EPR-SPID][10] opt[IUA with JWT option][11]Get Access Token[12][ITI-71] Get Access Token[Extended access token][13][ITI-71] Get Access Token Response[Extended access token][14] [15]publish documentwith extended access tokenloop[For the access decision enforcement, the EPR relies on the Confidentiality Code within the document metadata to be stored in the patient’s Health Record.A patient can set the default Confidentiality Code and a document source needs to iterate over the different confidentiality code until successful][16]publish document [ITI-65] with extended access token[17] [18] 

Patient: get document – SMART on FHIR option (EHR Launch)

Patient PortalSMART on FHIR AppCommunity ComponentsIdPApp GUIAuthorization ClientPatient IdentifierPatient IdentifierApp GUIDocument ConsumerDocument ConsumerAuthorization ServerAuthorization ServerAuthorization ServerAuthorization ServerPatient IdentifierPatient IdentifierDocument ResponderDocument ResponderUserUserPatientApp GUIAuthorization ClientPatient IdentifierApp GUIDocument ConsumerAuthorization ServerPatient IdentifierDocument ResponderUserPatientPatientApp GUIIUA Authorization ClientApp GUIIUA Authorization ClientAuthorization Client(IUA)Authorization Client(IUA)Patient IdentifierCross-referenceConsumerPatient IdentifierCross-referenceConsumerApp GUIIUA Authorization ClientApp GUIIUA Authorization ClientDocument Consumer(MHD)Document Consumer(MHD)Authorization Server(IUA)Authorization Server(IUA)Patient IdentifierCross-referenceMangePatient IdentifierCross-referenceMangeDocument Responder(MHD)Document Responder(MHD)UserAuthenticationProviderUserAuthenticationProviderApp GUIAuthorization ClientPatient IdentifierPatient IdentifierApp GUIDocument ConsumerDocument ConsumerAuthorization ServerAuthorization ServerAuthorization ServerAuthorization ServerPatient IdentifierPatient IdentifierDocument ResponderDocument ResponderUserUser[01]read doc[02]GET /.well-known/smart-configuration[03]Conformance statement incl. OAuth 2.1 endpointsalt[IUA JWT Token option][04]Get Access Token[05]CH:XUA Authenticate User[06] [07][ITI-71] Get Access Token Request[Basic access token][08]Authorize App Access[09][ITI-71] Get Access Token Response[Basic access token][10] [11]query EPR-SPIDfrom MPI using localID and access token[12][ITI-83] Mobile Patient Identifier Cross-referenceQuery [local ID] together with access token[13][ITI-83] Mobile Patient Identifier Cross-referenceQuery Response [EPR-SPID][14] [mTLS][15]query EPR-SPIDfrom MPI using localID and mTLS[16][ITI-83] Mobile Patient Identifier Cross-referenceQuery [local ID] together with access token[17][ITI-83] Mobile Patient Identifier Cross-referenceQuery Response [EPR-SPID][18] [19]launch app[20]GET /.well-known/smart-configuration[21]Conformance statementincl. OAuth 2.1 endpoints[22]CH:XUA Authenticate User[23] [24][ITI-71] Get Access Token[Extended access token][25][ITI-71] Get Access Token Response[Extended access token][26]query documentswith extended access token[27]query documents [ITI-67] with extended access token[28] [29] [30]retrieve documentwith extended access token[31]retrieve document [ITI-68] with extended access token[32] [33] [34] [35] 

Healthcare professional: get document – SMART on FHIR option (EHR Launch)

Healthcare Professional Portal or Primary SystemSMART on FHIR AppCommunity ComponentsIdPApp GUIAuthorization ClientPatient IdentifierPatient IdentifierApp GUIDocument ConsumerDocument ConsumerAuthorization ServerAuthorization ServerAuthorization ServerAuthorization ServerPatient IdentifierPatient IdentifierDocument ResponderDocument ResponderUserUserHealthcare App GUIAuthorization ClientPatient IdentifierApp GUIDocument ConsumerAuthorization ServerPatient IdentifierDocument ResponderUserHealthcareProfessionalHealthcareProfessionalApp GUIIUA Authorization ClientApp GUIIUA Authorization ClientAuthorization Client(IUA)Authorization Client(IUA)Patient IdentifierCross-referenceConsumerPatient IdentifierCross-referenceConsumerApp GUIIUA Authorization ClientApp GUIIUA Authorization ClientDocument Consumer(MHD)Document Consumer(MHD)Authorization Server(IUA)Authorization Server(IUA)Patient IdentifierCross-referenceMangePatient IdentifierCross-referenceMangeDocument Responder(MHD)Document Responder(MHD)UserAuthenticationProviderUserAuthenticationProviderApp GUIAuthorization ClientPatient IdentifierPatient IdentifierApp GUIDocument ConsumerDocument ConsumerAuthorization ServerAuthorization ServerAuthorization ServerAuthorization ServerPatient IdentifierPatient IdentifierDocument ResponderDocument ResponderUserUser[01]read doc[02]GET /.well-known/smart-configuration[03]Conformance statement incl. OAuth 2.1 endpointsalt[IUA JWT Token option][04]Get Access Token[05]CH:XUA Authenticate User[06] [07][ITI-71] Get Access Token Request[Basic access token][08]Authorize App Access[09][ITI-71] Get Access Token Response[Basic access token][10] [11]query EPR-SPIDfrom MPI using localID and access token[12][ITI-83] Mobile Patient Identifier Cross-referenceQuery [local ID] together with access token[13][ITI-83] Mobile Patient Identifier Cross-referenceQuery Response [EPR-SPID][14] [mTLS][15]query EPR-SPIDfrom MPI using localID and mTLS[16][ITI-83] Mobile Patient Identifier Cross-referenceQuery [local ID] together with access token[17][ITI-83] Mobile Patient Identifier Cross-referenceQuery Response [EPR-SPID][18] [19]launch app[20]GET /.well-known/smart-configuration[21]Conformance statementincl. OAuth 2.1 endpoints[22]CH:XUA Authenticate User[23] [24][ITI-71] Get Access Token[Extended access token][25][ITI-71] Get Access Token Response[Extended access token][26]query documentswith extended access token[27]query documents [ITI-67] with extended access token[28] [29] [30]retrieve documentwith extended access token[31]retrieve document [ITI-68] with extended access token[32] [33] [34] [35]