CH EPR FHIR (R4)
4.0.1-ballot - ballot
This page is part of the CH EPR FHIR (R4) (v4.0.1-ballot: DSTU 4 Ballot 2) based on FHIR (HL7® FHIR® Standard) R4. This is the current published version in its permanent home (it will always be available at this URL). For a full list of available versions, see the Directory of published versions
This transaction is used by the Policy Source to add, update, or delete single privacy policies. Correspondingly, the
following HTTP methods SHALL be supported: POST
, PUT
, and DELETE
.
The Policy Source uses HTTP method POST
to submit a single new privacy policy to the Policy Repository.
The request body SHALL represent a single Consent resource compliant to the PpqmConsent profile.
The request SHALL be sent to [baseUrl]/Consent
.
Upon receiving the HTTP POST request, the Policy Repository SHALL:
The PPQ-3 response SHALL be created according to the section 3.1.0.8 of the FHIR R4 specification.
The Policy Source uses HTTP method PUT
to submit a new or update an existing single privacy policy.
The request body SHALL represent a single Consent resource compliant to the PpqmConsent profile.
The request SHALL be sent to [baseUrl]/Consent?identifier=[uuid]
.
The Policy Repository SHALL implement the Conditional Update pattern described in section 3.1.0.4.3 of the FHIR R4 specification.
Upon receiving the HTTP PUT request, the Policy Repository SHALL:
The PPQ-3 response SHALL be created according to the section 3.1.0.4 of the FHIR R4 specification.
The Policy Source uses HTTP method DELETE
to delete a single existing privacy policy from the Policy Repository.
The request body SHALL be empty.
The request SHALL be sent to [baseUrl]/Consent?identifier=[uuid]
.
The Policy Repository SHALL implement the Conditional Delete pattern described in section 3.1.0.7.1 of the FHIR R4 specification.
Upon receiving the HTTP DELETE request, the Policy Repository SHALL:
The PPQ-3 response SHALL be created according to the section 3.1.0.7 of the FHIR R4 specification.
TLS SHALL be used. For user authentication and authorization, the IUA profile with extended access token SHALL be used as described in the Amendment mHealth of Annex 5, Section 3.2. Consequently, the Mobile Privacy Policy Feed [PPQ-3] transaction SHALL be combined with the Incorporate Access Token [ITI-72] transaction of the IUA profile.
The traceparent
header is required, as described in Trace Context header.
The involved actors SHALL record audit events. The Policy Source SHALL use the ATNA FHIR Feed option thereby, the Policy Repository SHALL use either the ATNA FHIR Feed option or the ATNA TLS Syslog option.
The audit records correspond to the ones of PPQ-1, with the following adaptations:
EventTypeCode
SHALL be set to EV("PPQ-3", "e-health-suisse", "Mobile Privacy Policy Feed")
.