This page is part of the CH EPR FHIR (R4) (v4.0.1-ballot-2: DSTU 4 Ballot 3) based on FHIR (HL7® FHIR® Standard) R4 . This is the current published version in its permanent home (it will always be available at this URL). For a full list of available versions, see the Directory of published versions
Sequence Diagrams
Sample sequence diagrams to illustrate the usage of the generic EPR API and SMART on FHIR options for reading
documents as a patient or healthcare professional:
Patient access from a portal
Patient Portal Community Components IdP Patient Patient App GUI App GUI Document Consumer (MHD) Document Consumer (MHD) Patient Identifier Cross-reference Consumer Patient Identifier Cross-reference Consumer Authorization Client (IUA) Authorization Client (IUA) Patient Identifier Cross-reference Manger Patient Identifier Cross-reference Manger Authorization Server (IUA) Authorization Server (IUA) Document Responder (MHD) Document Responder (MHD) User Authentication Provider User Authentication Provider [01] read doc [02] GET /.well-known/smart-configuration [03] Conformance statement incl. OAuth 2.1 endpoints [04] Get Access Token [05] [ITI-71] Get Access Token Request [Basic access token] [06] Authenticate User [07] [08] Authorize App Access [09] [ITI-71] Get Access Token Response [Basic access token] [10] [11] query MPI-PID and EPR-SPID from MPI using local ID and access token [12] [ITI-83] Mobile Patient Identifier Cross-reference Query [local ID] together with access token [13] [ITI-83] Mobile Patient Identifier Cross-reference Query Response [MPI-PID, EPR-SPID] [14] [15] Get Access Token [16] [ITI-71] Get Access Token [Extended access token] [17] [ITI-71] Get Access Token Response [Extended access token] [18] [19] query documents [20] query documents [ITI-67] [21] [22] [23] retrieve documents [24] retrieve document [ITI-68] [25] [26] [27]
User Access from an integrated Primary System to read documents
Healthcare Professional Portal or Primary System Community Components IdP Healthcare Professional Healthcare Professional App GUI App GUI Document Consumer (MHD) Document Consumer (MHD) Patient Identifier Cross-reference Consumer Patient Identifier Cross-reference Consumer Authorization Client (IUA) Authorization Client (IUA) Patient Identifier Cross-reference Manger Patient Identifier Cross-reference Manger Authorization Server (IUA) Authorization Server (IUA) Document Responder (MHD) Document Responder (MHD) User Authentication Provider User Authentication Provider [01] read doc [02] GET /.well-known/smart-configuration [03] Conformance statement incl. OAuth 2.1 endpoints [04] Get Access Token [05] [ITI-71] Get Access Token Request [Basic access token] [06] Authenticate User [07] [08] Authorize App Access [09] [ITI-71] Get Access Token Response [Basic access token] [10] [11] query MPI-PID and EPR-SPID from MPI using local ID and access token [12] [ITI-83] Mobile Patient Identifier Cross-reference Query [local ID] together with access token [13] [ITI-83] Mobile Patient Identifier Cross-reference Query Response [MPI-PID, EPR-SPID] [14] [15] Get Access Token [16] [ITI-71] Get Access Token [Extended access token] [17] [ITI-71] Get Access Token Response [Extended access token] [18] [19] query documents [20] query documents [ITI-67] [21] [22] [23] retrieve documents [24] retrieve document [ITI-68] [25] [26] [27]
User Access from an integrated Primary System to publish documents
Healthcare Professional Portal or Primary System Community Components IdP Healthcare Professional Healthcare Professional App GUI App GUI Document Source (MHD) Document Source (MHD) Patient Identifier Cross-reference Consumer Patient Identifier Cross-reference Consumer Authorization Client (IUA) Authorization Client (IUA) Patient Identifier Cross-reference Manger Patient Identifier Cross-reference Manger Authorization Server (IUA) Authorization Server (IUA) Document Recipient (MHD) Document Recipient (MHD) User Authentication Provider User Authentication Provider [01] write doc [02] GET /.well-known/smart-configuration [03] Conformance statement incl. OAuth 2.1 endpoints [04] Get Access Token [05] [ITI-71] Get Access Token Request [Basic access token] [06] Authenticate User [07] [08] Authorize App Access [09] [ITI-71] Get Access Token Response [Basic access token] [10] [11] query MPI-PID and EPR-SPID from MPI using local ID and access token [12] [ITI-83] Mobile Patient Identifier Cross-reference Query [local ID] together with access token [13] [ITI-83] Mobile Patient Identifier Cross-reference Query Response [MPI-PID, EPR-SPID] [14] [15] Get Access Token [16] [ITI-71] Get Access Token [Extended access token] [17] [ITI-71] Get Access Token Response [Extended access token] [18] [19] publish document loop [For the access decision enforcement, the EPR relies on the Confidentiality Code within the document metadata to be stored in the patient’s Health Record. A patient can set the default Confidentiality Codeand a document source needs to iterate over the different confidentiality code until successful] [20] publish document [ITI-65] [21] [22] [23]
Writing documents from clinical archives
Clinical Archive Community Components Technical User Technical User Document Source (MHD) Document Source (MHD) Patient Identifier Cross-reference Consumer Patient Identifier Cross-reference Consumer Authorization Client (IUA) Authorization Client (IUA) Patient Identifier Cross-reference Manger Patient Identifier Cross-reference Manger Authorization Server (IUA) Authorization Server (IUA) Document Recipient (MHD) Document Recipient (MHD) [01] GET /.well-known/smart-configuration [02] Conformance statement incl. OAuth 2.1 endpoints [03] Get Access Token [04] [ITI-71] Get Access Token Request Client Credential Grant Type - [Basic access token] [05] [ITI-71] Get Access Token Response Client Credential Grant Type -[Basic access token] [06] [07] query MPI-PID and EPR-SPID from MPI using local ID and access token [08] [ITI-83] Mobile Patient Identifier Cross-reference Query [local ID] together with access token [09] [ITI-83] Mobile Patient Identifier Cross-reference Query Response [MPI-PID, EPR-SPID] [10] [11] Get Access Token [12] [ITI-71] Get Access Token [Extended access token] [13] [ITI-71] Get Access Token Response [Extended access token] [14] [15] publish document loop [For the access decision enforcement, the EPR relies on the Confidentiality Code within the document metadata to be stored in the patient’s Health Record. A patient can set the default Confidentiality Codeand a document source needs to iterate over the different confidentiality code until successful] [16] publish document [ITI-65] [17] [18]
Patient: get document – SMART on FHIR option (EHR Launch)
Patient Portal SMART on FHIR App Community Components IdP Patient Patient App GUI IUA Authorization Client App GUI IUA Authorization Client Authorization Client (IUA) Authorization Client (IUA) Patient Identifier Cross-reference Consumer Patient Identifier Cross-reference Consumer App GUI IUA Authorization Client App GUI IUA Authorization Client Document Consumer (MHD) Document Consumer (MHD) Authorization Server (IUA) Authorization Server (IUA) Patient Identifier Cross-reference Mange Patient Identifier Cross-reference Mange Document Responder (MHD) Document Responder (MHD) User Authentication Provider User Authentication Provider [01] read doc [02] GET /.well-known/smart-configuration [03] Conformance statement incl. OAuth 2.1 endpoints [04] Get Access Token [05] [ITI-71] Get Access Token Request [Basic access token] [06] Authenticate User [07] [08] Authorize App Access [09] [ITI-71] Get Access Token Response [Basic access token] [10] [11] query MPI-PID and EPR-SPID from MPI using local ID and access token [12] [ITI-83] Mobile Patient Identifier Cross-reference Query [local ID] together with access token [13] [ITI-83] Mobile Patient Identifier Cross-reference Query Response [MPI-PID, EPR-SPID] [14] [15] launch app [16] GET /.well-known/smart-configuration [17] Conformance statement incl. OAuth 2.1 endpoints [18] [ITI-71] Get Access Token [Extended access token] [19] [ITI-71] Get Access Token Response [Extended access token] [20] query documents [21] query documents [ITI-67] [22] [23] [24] retrieve document [25] retrieve document [ITI-68] [26] [27] [28] [29]
Healthcare professional: get document – SMART on FHIR option (EHR Launch)
Healthcare Professional Portal or Primary System SMART on FHIR App Community Components IdP Healthcare Professional Healthcare Professional App GUI IUA Authorization Client App GUI IUA Authorization Client Authorization Client (IUA) Authorization Client (IUA) Patient Identifier Cross-reference Consumer Patient Identifier Cross-reference Consumer App GUI IUA Authorization Client App GUI IUA Authorization Client Document Consumer (MHD) Document Consumer (MHD) Authorization Server (IUA) Authorization Server (IUA) Patient Identifier Cross-reference Mange Patient Identifier Cross-reference Mange Document Responder (MHD) Document Responder (MHD) User Authentication Provider User Authentication Provider [01] read doc [02] GET /.well-known/smart-configuration [03] Conformance statement incl. OAuth 2.1 endpoints [04] Get Access Token [05] [ITI-71] Get Access Token Request [Basic access token] [06] Authenticate User [07] [08] Authorize App Access [09] [ITI-71] Get Access Token Response [Basic access token] [10] [11] query MPI-PID and EPR-SPID from MPI using local ID and access token [12] [ITI-83] Mobile Patient Identifier Cross-reference Query [local ID] together with access token [13] [ITI-83] Mobile Patient Identifier Cross-reference Query Response [MPI-PID, EPR-SPID] [14] [15] launch app [16] GET /.well-known/smart-configuration [17] Conformance statement incl. OAuth 2.1 endpoints [18] [ITI-71] Get Access Token [Extended access token] [19] [ITI-71] Get Access Token Response [Extended access token] [20] query documents [21] query documents [ITI-67] [22] [23] [24] retrieve document [25] retrieve document [ITI-68] [26] [27] [28] [29]