CH EPR PPQm (R4)
2.0.0 - draft Switzerland flag

This page is part of the CH EPR PPQm (R4) (v2.0.0: DSTU 2 Draft) based on FHIR (HL7® FHIR® Standard) R4. This is the current published version. For a full list of available versions, see the Directory of published versions

Home

Official URL: http://fhir.ch/ig/ch-epr-ppqm/ImplementationGuide/ch.fhir.ig.ch-epr-ppqm Version: 2.0.0
Active as of 2023-12-20 Computable Name: CH_EPR_PPQm

Copyright/Legal: CC0-1.0

Introduction

This Implementation Guide is a part of the Swiss EPR specifications and contains definitions necessary for the Swiss national integration profile “Privacy Policy Query for Mobile” (CH:PPQm). The goal of this profile is to provide a possibility to manage privacy policies using a lightweight technology stack suitable for mobile devices — as opposed to the classic CH:PPQ which is based on XACML 2.0 and SAML 2.0.

The CH:PPQm specification is based on:

See also:

Downloads

You can download the whole Implementation Guide as a NPM package.

Version history is documented in the change log.

Actors and Transactions

In CH:PPQm, EPR privacy policies are represented as PpqmConsent resources, whose structure resembles the EPR flavor of XACML 2.0 Policy Set and obeys the same logical constraints.

The CH:PPQm profile defines the following actors and transactions:


Thereby, the Policy Repository is a component of an EPR reference community’s central IT infrastructure. The Policy Source and Policy Consumer are the actors to be implemented in mobile clients.

PPQ-3: Mobile Privacy Policy Feed

To create, update, or delete single policies (PpqmConsent resources) in the Policy Repository, a mobile client may use the Mobile Privacy Policy Feed transaction (PPQ-3):

Policy SourcePolicy SourcePolicy RepositoryPolicy RepositoryAdd Policy SetHTTPPOST[baseUrl]/ConsentPayload: ConsentHTTP responsePayload: none / OperationOutcome / ConsentConditionally Add/Update Policy SetHTTPPUT[baseUrl]/Consent?identifier=[uuid]Payload: ConsentHTTP responsePayload: none / OperationOutcome / ConsentDelete Policy SetHTTPDELETE[baseUrl]/Consent?identifier=[uuid]Payload: noneHTTP responsePayload: none / OperationOutcome


PPQ-4: Mobile Privacy Policy Bundle Feed

To manipulate policies groupwise, the Mobile Privacy Policy Bundle Feed transaction (PPQ-4) can be used:

Policy SourcePolicy SourcePolicy RepositoryPolicy RepositoryHTTPPOST[baseUrl]Payload: Bundle of type "transaction"HTTP responsePayload: Bundle of type "transaction-response" / OperationOutcome

The request is a PpqmFeedRequestBundle resource containing one or more PpqmConsent resources (for add and update operations) or references to them (for the delete operation).

PPQ-5: Mobile Privacy Policy Retrieve

Read access to the Policy Repository is provided by the Mobile Privacy Policy Retrieve transaction (PPQ-5):

Policy ConsumerPolicy ConsumerPolicy RepositoryPolicy RepositoryQuery by Patient IDHTTPGET[baseUrl]/Consent?patient:identifier=urn:oid:2.16.756.5.30.1.127.3.10.3|[epr-spid]HTTP responsePayload: Bundle / OperationOutcomeQuery by Policy Set IDHTTPGET[baseUrl]/Consent?identifier=[uuid]HTTP responsePayload: Bundle / OperationOutcome

The response is a PpqmRetrieveResponseBundle resource containing zero or more PpqmConsent resources.

Further Aspects

In order to provide interoperability between CH:PPQ and CH:PPQm, the CH:PPQm integration profile defines transformation rules between XACML 2.0 Policy Sets and PpqmConsent resources.

IP Statements

This publication includes IP covered under the following statements.

Cross Version Analysis

This is an R4 IG. None of the features it uses are changed in R4B, so it can be used as is with R4B systems. Packages for both R4 (ch.fhir.ig.ch-epr-ppqm.r4) and R4B (ch.fhir.ig.ch-epr-ppqm.r4b) are available.

Dependency Table

Package hl7.fhir.uv.extensions.r4#1.0.0

This IG defines the global extensions - the ones defined for everyone. These extensions are always in scope wherever FHIR is being used (built Sun, Mar 26, 2023 08:46+1100+11:00)

Package ihe.formatcode.fhir#1.1.0

Implementation Guide for IHE defined FormatCode vocabulary. (built Thu, Feb 24, 2022 16:55-0600-06:00)

Package ch.fhir.ig.ch-epr-term#2.0.10

Implementation guide for the meta data specified in the framework of Annex 3 and 9 of the FDHA Ordinance on the electronic patient record in Switzerland (built Tue, Dec 19, 2023 12:36+0100+01:00)

Globals Table

There are no Global profiles defined