CH EPR FHIR (R4)
4.0.1-ballot - ballot
CH EPR FHIR (R4)
4.0.1-ballot - ballot
This page is part of the CH EPR FHIR (R4) (v4.0.1-ballot: DSTU 4 Ballot 2) based on FHIR (HL7® FHIR® Standard) R4. The current version which supersedes this version is 5.0.0-ballot. For a full list of available versions, see the Directory of published versions
This transaction is used by the Policy Consumer to retrieve policy sets. The only HTTP method which SHALL be supported
is GET.
The Policy Consumer sends this message to retrieve existing policy sets from the Policy Repository.
The request body SHALL be empty.
The request SHALL be sent:
[baseUrl]/Consent?patient:identifier=urn:oid:2.16.756.5.30.1.127.3.10.3|[epr-spid].[baseUrl]/Consent?identifier=[uuid].Upon receiving the HTTP GET request, the Policy Repository SHALL create a PPQ-5 response according to the transaction
outcome.
The PPQ-5 response SHALL be created according to the section 3.1.0.9 of the FHIR R4 specification. If the response body is a Bundle, then it SHALL comply to the PpqmRetrieveResponseBundle profile.
TLS SHALL be used. For user authentication and authorization, the IUA profile with extended access token SHALL be used as described in the Amendment mHealth of Annex 5, Section 3.2. Consequently, the Mobile Privacy Policy Retrieve [PPQ-5] transaction SHALL be combined with the Incorporate Access Token [ITI-72] transaction of the IUA profile.
The traceparent header is required, as described in Trace Context header.
The involved actors SHALL record audit events. The Policy Consumer SHALL use the ATNA FHIR Feed option thereby, the Policy Repository SHALL use either the ATNA FHIR Feed option or the ATNA TLS Syslog option.
The audit records correspond to the ones of PPQ-2, with the following adaptations:
EventTypeCode SHALL be set to EV("PPQ-5", "e-health-suisse", "Mobile Privacy Policy Retrieve").