Page History
...
Operationen ConsentForDataCheck accepterer en liste over metadataelementer og filtrerer dem baseret på borgerens samtykke eller spærring.
------------------Hvis ID'erne er en SHAK- eller DEA-koder, forsøger godkendelsesbekræftelse kode eller et Ydernummer forsøger verifikations servicen at slå de relaterede SOR - koder op , som vil blive sammenlignet med brugernes anvendt i forbindelse med brugeresn spærring eller samtykke.
Derudover, hvis der er angivet et negativt en dataspecifikt samtykke spærring til en organisation, inkluderes de hierarkiske forældre til den organisation i dette samtykke. Medmindre der gives er givet et specifikt positivt samtykke.
Dette illustreres i de følgende eksempler. Figur 1 viser borger, der har et generelt positivt samtykke, men som har givet et en dataspecifikt negativt samtykke spærring til organisationen "Org". Hvis identifikatorer organisations id'er fra alle fire organisationer sendes til bekræftelse af samtykke, MinSpærring Verifikation viser diagrammet svaret , hvor rødt er et negativt samtykke, og grønt er et positivt samtykke.
The verification service has two methods to verify consent of a health professional: ConsentForUserCheck and ConsentForDataCheck.
The purpose of the ConsentForUserCheck-method is that it makes it possible for a user system to verify quickly whether a user has general positive or general negative consent.
If the method returns positive or negative, then it is not necessary to search or request again with the data found about the citizens.
On a positive response, the user system will assume that the user has consent to see the health data concerning the citizen for which the consent database is responsible. Conversely, on a negative response, the assumption is that the user has negative consent towards all data concerning the citizen.
The ConsentForDataCheck-method accepts a list of metadata elements and filter them based on the citizen’s consents.
If the ID’s are SHAK or DEA codes consent verification tries to lookup the related SOR codes which will be compared to the users consents.
In addition, if a negative data specific consent has been specified for an organization the hierarchical parents to that organization are included in that consent. Unless a specific positive consent is given.
This is illustrated in the following examples. Figure 1 shows citizen who has a general positive consent but has made a data specific negative consent on the organization “Org”. If identifiers from all four organizations are sent to consent verification the diagram shows the response where red is a negative consent and green is a positive consent.
Figure 1: Specific negative on ”Org” which has impact on the parent
But on the other hand if the citizen has made a general negative consent and made a specific positive consent for data from “Org” for a given user, the parent organization is not affected by the consent. See Figure 2.
rød er spærring og grøn er samtykke.
Figur 1: Spærring på ”Org” der har indflydelse på den overliggende organisation.
På den anden side, hvis borgeren har oprettet en general spærring og givet et specifikt samtykke til data fra "Org" for en given bruger, påvirkes overliggende organisation ikke. Se figur 2.
Figur 2: Specikt samtykke på ”Org” påvirker ikke overliggende organisation.Figure 2: Specific positive on ”Org” does not impact parent
Those metadata whose IDs are returned from the service are the metadata the user has a positive consent to view.
De metadata, hvis id'er returneres fra tjenesten, er de metadata, som brugeren har et positivt samtykke til at få vist.
It is the user systems responsibility to ensure that the used IDs are unique so that they can be distinguished in the returned list. The service does not use the IDs for anything else than the return list.
...