xShare Project Yellow Button
0.1.0 - trial-use
150
xShare Project Yellow Button
0.1.0 - trial-use
150
xShare Project Yellow Button, published by xShare Project. This guide is not an authorized publication; it is the continuous build for version 0.1.0 built by the FHIR (HL7® FHIR® Standard) CI Build. This version is based on the current content of https://github.com/hl7-eu/xShare/ and changes regularly. See the Directory of published versions
This page outlines the the xShare reference implementation for the xShare Yellow Button.
An overview of these main components is illustrated in the following figure.
Below is a brief description of the key components:
The layer is a gateway to “enter” the Yellow Button infrastructure, ensuring only authorized access to its façades and services. It is tightly connected to the “IAM” and “Consent management” systems enforcing access based on:
| COMPONENT | TYPE | DESCRIPTION |
|---|---|---|
| PATIENT DATA Façade/API | The main API, the starting point, exposing patient/citizen EEHRxFs to herself, so she can see what is available and decide what to do with data | |
| DOWNLOAD | Façade/API | The API allowing patient/citizen to download data in: computable format (EEHRxF FHIR and EEHRxF CDA); human readable format (HTML, PDF); translated in one of supported languages |
| SHARE | Façade/API | The API enabling patient/citizen to share her EEHRxFs |
| DATA ACCESS | Service | The main service, an coordinator of actions available in “Data management”: Retrieving EEHRxF from integrated data sources; Caching and retrieving EEHRxFs acting as IHE MHD Document Source & Document Consumer actors; Auditing events happening within “Data management”; Administering share mechanism and consent granting |
| VISUALIZATION | Service | The service for creation of human readable instance of EEHRxF in HTML and/or PDF format |
| TRANSFORMING | Service | The service transforming EEHRxF from FHIR to CDA format and vice versa |
| Data Transformation | Provides the generally defined functionality for modifying the selected resource format. This includes (pseudo) anonymisation, translation, password protection, and digital signature. | |
| ANONYMIZATION | Service | The service anonymizing EEHRxF data points before sharing |
Table 1: xShare Yellow Button reference architecture.
The Identity and Access Management is a system that enables authorized access to users. It does this via integrations with existing IdPs (Identity providers), rather than maintaining users’ accounts own its own. It is not yet defined, but it will probably offer service which utilizes OpenID Connect (OAuth2) and IHE IUA profile.
The Consent management is a system which supports access control (privacy) by enabling management of patient/citizen consents (PAP – Policy Administration Point) and by providing computable decisions allowing or forbidding access (PDP – Policy Decision Point).
The Data repository is a repository of EEHRxFs and it is used as a caching mechanism which will prevent over utilization of clinical data sources and thus prevent the Yellow Button users to abuse infrastructures used for direct care. Because EEHRxF are clinical documents, the repository exposes itself as standard IHE profile actors MHD Document Recipient & MHD Document Responder.
The Audit record repository is a repository storing and maintaining audit logs, the logs collecting information who access what, when and for which purpose. Logs are meant to be available for patient/citizen and information security officer to check if access was enforced properly.
The consent repository maintains access policies and their instances (consents) that patient/citizen granted during utilization of share services.
tbd
tbd
tbd
IG © 2023+ xShare Project. Package hl7.eu.fhir.xshare-yb#0.1.0 based on FHIR 4.0.1. Generated 2025-04-02
