Netherlands - Zorginzage Implementation Guide
1.0.0 - release Netherlands flag

Netherlands - Zorginzage Implementation Guide, published by Stichting ActiZ. This guide is not an authorized publication; it is the continuous build for version 1.0.0 built by the FHIR (HL7® FHIR® Standard) CI Build. This version is based on the current content of https://github.com/nuts-foundation/nl-zorginzage-ig/ and changes regularly. See the Directory of published versions

Volume 2b

Registration at discovery service

All data holders have to register themselves at the Discovery Service. This registration takes place in the implementation-phase.

Data holder organisationDisovery Service organisationXISNuts-nodeNuts-nodeDiscovery serviceXISNuts-nodeNuts-nodeDiscovery service1/internal/discovery/v1/{serviceID}/{subjectID of Data user organisation}2nuts-nodes handle registration request3registration4200


Number Remarks
1 Registration request to local Nuts-node (see below)
2  
3  
4  

Step 1 details

The body of the request to the internal API of the Nuts-node MUST contain the following registration parameters:

{
  "registrationParameters": {
    "authorization_server_url": "https://example.com/some-endpoint",
    "fhir_base_url": "https://example.com/some-endpoint",
  }
}

The following credentials MUST be available in the Nuts node organisation wallet:

  1. X509Credential based on UZI server certificate
  2. HealthcareProviderRoleTypeCredential

Pull

The sequence for pull scenarios is the following. The numbered transactions are specified in more detail in the table below the sequence diagram.

Data user organisation `A` Data holder organisation `B` XISNuts-nodeNuts-nodeNuts-nodeNuts-nodePEPPEPFhirFhirHealthcare professionalXISNuts-nodeNuts-nodePEPFhirHealthcare professionalXISNuts-nodeNuts-nodePEPFhirXISNuts-nodeNuts-nodeNuts-nodeNuts-nodePEPPEPFhirFhir1Log in2Create User session,User info needed for NutsEmployeeCredential (step 7)Later in User session3request information for Patient4Resolve Patient BSN, and array of data_holder_URA's for patient if it is knownArray of data_holder_URA's can be found via a (local) index (e.g. user-input and/or a CareTeam-resource)loop[For each data_holder_URA]get addresses of data holder organisation5Look up data holder organisation in discoveryGET /internal/discovery/v1/{serviceID}?organization_ura={URA}The Zorginzage requires underlying use cases to include elements with id "organization_ura", "authorization_server_url" and "fhir_base_url" in the discovery-service-presentation-definitions6Found Organization B (authorization_server_url, fhir_base_url)get access token7Get access tokenPOST /internal/auth/v2/{subjectID of Data user organisation}/request-service-access-token8nuts-nodes handle access token request, request is forwarded using value of "authorization_server_url" element in bodyuses X509Credential, HealthcareProviderRoleTypeCredential and NutsEmployeeCredential9Access tokenget Patient resource including patient-idPOST-based Patient search on BSN10POST /fhir/Patient/_search11introspect access tokenPOST /internal/auth/v2/accesstoken/introspect12valid token + requesting_URA + USER{name,userRole,identifier}13Authorization(Legal basis to be determined by use case, e.g. patient consent and/or treatment relationship)14POST /fhir/Patient?search15: Patient Fhir resource (with patient-id)16: Patient Fhir resource (with patient-id)Retrieve other resources- Other resources are gathered based on internal patient-id of data holder organisation (received in step 16)- access token received in step 9 can be reused in loop belowloop[For each resource except Patient]17GET /fhir/{resource}?patient={patient-id}18introspect access tokenPOST /internal/auth/v2/accesstoken/introspect19valid token + requesting_URA + USER{name,userRole,identifier}20Authorization(Legal basis to be determined by use case, e.g. patient consent and/or treatment relationship)21GET /fhir/{resource}?patient={patient-id}22: Fhir resource23: Fhir ResourceData user XIS displays data received from data holder(s)24Display external Patient information


Number Remarks
1 Local login
2 XIS creates user sessions and stores the user info needed for the NutsEmployeeCredential (step 7)
3  
4  
5 Search data holder organisation by URA-identifier
6  
7 Include NutsEmployeeCredential, example request below
8  
9  
10 See section Patient Context in Volume 3 for more details
11  
12  
13  
14  
15  
16  
17  
18  
19  
20  
21  
22  
23  
24  

Step 7 details

The body of the request MUST contain a NutsEmployeeCredential CredentialSubject:

POST <internal Nuts interface>/internal/auth/v2/<subjectID>/request-service-access-token
Content-Type: application/json

{
  "authorization_server": "<authorization_server_url>",
  "scope": "<use-case-identfiier>",
  "credentials": [
    {
      "@context": [
        "https://www.w3.org/2018/credentials/v1",
        "https://nuts.nl/credentials/v1"
      ],
      "type": ["VerifiableCredential", "NutsEmployeeCredential"],
      "credentialSubject": {
        "name": "John Doe",
        "roleName": "Nurse",
        "identifier": "123456"
      }
    }
  ]
}