The national extensions documented in this implementation guide shall be used in conjunction with the definitions of integration
profiles, actors and transactions provided in Volumes 1 through 3 of the IHE IT Infrastructure Technical Framework.
This implementation guide with national extensions of IHE integration profiles was authored in order to fulfil the Swiss
regulations of the Ordinance on the Electronic Patient Record (EPRO, SR 816.11). The EPRO and the
EPRO-DFI are published in Official Compilation of Federal Legislation (AS) (available in German, French
and Italian).
This implementation guide is under an informative ballot by HL7 Switzerland until September 30th, 2024 midnight.
Please add your feedback via the ‘Propose a change’-link in the footer on the page where you have comments.
The following items are under current development:
Download: You can download this implementation guide in NPM format from here.
Conformance Expectations
The key words MUST, MUST NOT, REQUIRED, SHALL, SHALL NOT, SHOULD, SHOULD NOT,
RECOMMENDED, MAY, and OPTIONAL in this document are to be interpreted as described in
[RFC2119].
This implementation guide uses Must Support in StructureDefinitions with the definition found in Appendix Z. This is equivalent to the IHE use of R2 as defined in Appendix Z.
Scope of precisions
The extensions, restrictions and translations specified apply to the following IHE IT Infrastructure (ITI) Integration profiles:
The FHIR API specifications to read audit trails is defined in a separate national Integration Profile
(CH:ATC, SR816.11, Annex 5, Extension 2) with the supporting Implementation Guide.
Overview
Introduction
This national extension is motivated by the intention to provide FHIR based profiles for the Swiss EPR by extending the IHE FHIR based mobile profiles. The IHE FHIR based mobile profiles use technologies (REST, OAuth, etc.) which are widely spread in the developer community and may be used for Web Applications, for example in web based primary systems or portals.
This national extension strictly separates the authentication and authorization of the applications use to access the EPR on behalf of the user and the authentication and authorization of the user itself. By using this separation this national extension closely follows the underlying IUA Trial Implementation and OAuth 2.1:
Client authentication - an application identifies and authenticates to an authorization server.
Client authorization - an application is authorized by the user or system policy to access data and documents on behalf of the user.
User authentication - a natural person identifies and authenticates using an Identity Provider with the authenticators registered for the natural person.
User authorization - provision of an access token which includes the information required to perform authorization decisions and policy enforcement.
The scope of this extension covers the following use cases:
Client authentication and authorization;
User authentication and authorization;
Read data and documents from the EPR;
Write data and documents to the EPR;
Write logs to the EPR ATNA Audit Record Repository.
This extension covers two options:
Generic EPR API option – This option adresses primary systems or portals using the basic EPR flows replacing the XDS.b related and PIX/PDQ V3 profiles with the FHIR based profiles;
SMART on FHIR – This option adresses modular portals or primary systems that want to connect to the Swiss EPR using SMART on FHIR.
Profiles, actors and transactions
The following figure shows the profiles, actors and transactions specified or referenced in this national extension:
IP Statements
This document is licensed under Creative Commons “No Rights Reserved” (CC0).
HL7®, HEALTH LEVEL SEVEN®, FHIR® and the FHIR ® are trademarks owned by Health Level Seven International, registered with the United States Patent and Trademark Office.
This implementation guide contains and references intellectual property owned by third parties (“Third Party IP”). Acceptance of these License Terms does not grant any rights with respect to Third Party IP. The licensee alone is responsible for identifying and obtaining any necessary licenses or authorizations to utilize Third Party IP in connection with the specification or otherwise.
This publication includes IP covered under the following statements.
This artefact includes content from SNOMED Clinical Terms® (SNOMED CT®) which is copyright of the International Health Terminology Standards Development Organisation (IHTSDO). Implementers of these artefacts must have the appropriate SNOMED CT Affiliate license - for more information contact http://www.snomed.org/snomed-ct/getsnomed-ct or info@snomed.org.
This material contains content that is copyright of SNOMED International. Implementers of these specifications must have the appropriate SNOMED CT Affiliate license - for more information contact https://www.snomed.org/get-snomed or info@snomed.org.
This IG defines the global extensions - the ones defined for everyone. These extensions are always in scope wherever FHIR is being used (built Sat, Apr 27, 2024 18:39+1000+10:00)
Package hl7.fhir.uv.extensions.r4#1.0.0
This IG defines the global extensions - the ones defined for everyone. These extensions are always in scope wherever FHIR is being used (built Sun, Mar 26, 2023 08:46+1100+11:00)
Package ihe.formatcode.fhir#1.2.0
Implementation Guide for IHE defined FormatCode vocabulary. (built Tue, Mar 12, 2024 16:59-0500-05:00)
Package ch.fhir.ig.ch-term#3.0.0
Implementation Guide for Swiss Terminology (built Thu, May 16, 2024 10:33+0000+00:00)
The Basic Audit Log Patterns (BALP) Implementation Guide is a Content Profile that defines some basic and reusable AuditEvent patterns. This includes basic audit log profiles for FHIR RESTful operations to be used when there is not a more specific audit event defined. A focus is enabling Privacy centric AuditEvent logs that hold well formed indication of the Patient when they are the subject of the activity being recorded in the log. Where a more specific audit event can be defined it should be derived off of these basic patterns. (built Wed, Feb 14, 2024 15:23-0600-06:00)
Package ihe.iti.pixm#3.0.4
ImplementationGuide for IHE IT Infrastructure Technical Framework Supplement Patient Identifier Cross-referencing for mobile (PIXm) (built Thu, Feb 22, 2024 13:07-0600-06:00)
Package ihe.iti.pdqm#3.0.0
The Patient Demographics Query for Mobile (PDQm) Profile defines a lightweight RESTful interface to a patient demographics supplier leveraging technologies readily available to mobile applications and lightweight browser based applications. (built Fri, Feb 23, 2024 14:36-0600-06:00)
Package ihe.formatcode.fhir#1.1.1
Implementation Guide for IHE defined FormatCode vocabulary. (built Wed, Feb 14, 2024 09:36-0600-06:00)
Package ihe.iti.mhd#4.2.1
ImplementationGuide for IHE IT Infrastructure Technical Framework Supplement Mobile access to Health Documents (MHD) (built Wed, Aug 2, 2023 10:57-0500-05:00)
Package ihe.iti.balp#1.1.0
The Basic Audit Log Patterns (BALP) Implementation Guide is a Content Profile that defines some basic and reusable AuditEvent patterns. This includes basic audit log profiles for FHIR RESTful operations to be used when there is not a more specific audit event defined. A focus is enabling Privacy centric AuditEvent logs that hold well formed indication of the Patient when they are the subject of the activity being recorded in the log. Where a more specific audit event can be defined it should be derived off of these basic patterns. (built Wed, May 4, 2022 10:07-0500-05:00)
Package ihe.iti.mcsd#3.8.0
The IHE Mobile Care Services Discovery (mCSD) IG provides a transaction for mobile and lightweight browser-based applications to find and update care services resources. (built Fri, Aug 12, 2022 09:41-0500-05:00)