...

MinSpærring Administration opbevarer i sin database information om samtykke og spærring, som angivet af ConsentAdd ovenfor, ud over oplysninger om, hvem og hvornår samtykke henholdsvis oprettes og ændres.

Consent Verification Service

Allows examination of the consent relationship between a citizen and a health professional. The service exposes the following operations:

• ConsentForUserCheck – Returns the general consent relationship for a user in regard to a citizen; if the user is allowed to view all or nothing about the citizen.

• ConsentForDataCheck – Returns the specific consent relationship for a user and concrete information in regard to a citizen; if the user is allowed to view these concrete informations about the citizen. The concrete information/documents are described strictly using document metadata.

• ConsentForForeignersCheck – Returns whether foreign health professionals can access Patient Summary and Electronic Prescription for the citizen through epSos

Together with the calling health service, the consent verification service follows the following decision graph to determine a citizens’ / health professionals access to data:

Image Removed

Figure 1 (In Danish) State diagram for initial decision on granting access to health care information about at citizen.

For an individual/citizen it is only verified that the citizen is authenticated and that own data can be accessed.

For health professionals, the following decision graph is used to verify consents:

Image Removed

Figure 2 State diagram for consent verification steps when granting access for a health care professional to health care information about a citizen. References in parenthesis refer to [Sundhedsloven].

Empowerment (Danish: Bemyndigelse) is a state where one health care professional is working on behalf of another. The health care professional worked on behalf of is typically held accountable for the actions performed by the former.

Common to Consent Services

MinSpærring Verifkation

Servicen anvendes til at verificere spærringer og samtykker mellem border og sundhedsfaglig. Service udstiller nedenstående operationer:

• ConsentForUserCheck – Returnerer det generelle samtykkeforhold (samtykke eller spærring) for en bruger med hensyn til en borger; hvis brugeren har lov til at se alt eller intet om borgeren.

• ConsentForDataCheck – Returnerer det specifikke samtykkeforhold (samtykke eller spærring) for en bruger og konkrete oplysninger om en borger; hvis brugeren har lov til at se disse konkrete oplysninger om borgeren. De konkrete oplysninger / dokumenter returneres i form af en liste af ID'er. ID'erne der ønskes undersøgt er en del af forespørgslen til servicen.
  

• ConsentForForeignersCheck – Returnerer, om udenlandske sundhedsfaglige kan få adgang til patientoversigt og elektronisk recept til borgeren gennem epSos

Sammen med det kalende anvendersytem følger MinSopærring Verifikation følgende beslutningsgraf for at bestemme en borgeres / sundhedspersonale adgang til data:

Figur 1 Tilstandsdiagram for den oprindelige beslutning om at give adgang til sundhedsoplysninger om borgerne.

For en borger verificeres det kun at borgeren er godkendt og egne data kan tilgås.

For sundhedsfaglige er det nedenstående beslutningstræ der anvendes til at lave MinSpærring Verifikation:

Figur 2 Tilstandsdiagram for trin til bekræftelse af samtykke eller spærring, når en sundhedsfaglig forsøger at tilgå sundhedsoplysninger om en birger. Henvisninger i parentes henviser til [Sundhedsloven].

Bemyndigelse er en tilstand hvor en sundhedsfaglig arbejder på vegne af en anden. Den sundhedsfaglige der arbejdes på vegne er typisk ansvarlig for de handlinger der udføres.

Fælles for MinSpærring

Begge services overholder Both services comply with Den Gode Web Service 1.0.1 , and require:

• That the calling system is authenticated by the STS on NSP with at least security level 3

• That the calling system is authorized, which is checked through a whitelist

og kræver:

• At anvendersystem er godkendt af STS på NSP med mindst sikkerhedsniveau 3

• At anvender er whitelisted i servicen
  

Det er anvendersystemets ansvar It is the responsibility of the calling system to ensure that the user is authenticated and authorized.

Scope for Deployment and Database

As depicted in Figure 3, consents are stored in a central database which is replicated to databases on NSP instances.

The consent administration service is deployed on a central server and exposed on NSP instances through the decoupling component DCC. The proxy for the administration service used on an NSP instance is not implemented as part of this service. The proxy is established on the NSP in the form of a configuration of the DCC.

The consent verification service is deployed only on the NSP instances and queries on the local database copies.

Design mål og beslutninger

...

Database og service deployment overblik

Som afbildet i figur 3 lagres MinSpærring data i en central database, der replikeres til de forskellige NSP  instanser.

MinSpærring Administration installeres på en central server og eksponeres på NSP-forekomster gennem afkoblingskomponenten DCC. Proxyen for MinSpærring Administration, der bruges i en NSP-instans, implementeres ikke som en del af denne service. Proxyen oprettes på NSP i form af en konfiguration af DCC.

MinSpærring Verifikation er kun installeret på cNSP og forespærger på den lokale database.

De

Design Goals

The system must be designed in alignment with the goals and priorities stated in Table 1. The priority of each goal is indicated with a score of 1 to 5 where 5 indicates the highest priority.

...