INDHOLD

Beskrivelse

Samtykke ('Min Spærring') services er nationale services til henholdsvis administration og verifikation af borgeres spærringer.Borgere kan spærre for adgang til deres sundhedsdata for specifikke sundhedspersoner, samt spærre for data fra bestemte afdelinger eller fra en bestemt tidsperiode. Borgere kan administrere spærringer via Sundhed.dk.
Samtykke ('Min Spærring') er tilgængelig på alle NSP’er (cNSP+dNSP) samt på testmiljøerne.

Support ansvarlig: Kvalitets IT
NSP: NSP Service: Samtykkeservices (ændres til 'Min Spærring')

Forretningsanvendelse

^^Tilbage til toppen^^



Relaterede registre og services

Applikationsbeskrivelse

^^Tilbage til toppen^^

Min Spærring består af to forskellige services. En service til administration af samtykker og spærringer og en service til verifikation. Servicen til verifikation udstilles udelukkende ved brug af Den Gode Webservice [DGWS]. Servicen til administration af samtykker og spærringer udstilles både ved brug af DGWS og IDWS. I begge tilfælde anvendes Seal.Java til validering af sikkerhedsheaders. I tillæg til DGWS eller IDWS skal der vedlægges yderligere beskrivelser af konteksten. Dette sker via HSUID headeren.
Adgang kræver whitelisting.

A consent describes a relationship between:
- a citizen,
- (what) information about the citizen
- (who) health professional persons or organizations in addition to their entry way to the information

A negative consent means that the citizen has declined that retrieval or disclosure of sensitive data (what) can be accomplished by an identified target group (who).
A positive consent selectively allows that an identified target group (who) can retrieve sensitive data (what), despite one or more negative consents for the sensitive data. A positive consent can furthermore be used in external systems to allow identified target group to retrieve sensitive data that has been marked externally as private.

A consent is either active or inactive. An active consent can affect a health professional’s access to sensitive data about the citizen. An inactive consent has no impact, but is a record of a formerly active consent, that the citizen has nullified.
A consent can be attached with a validity period (when), that states a period for which a health professional’s access to the information may be restricted (on negative consent) or relaxed (on positive consent). The consent’s validity period concerns the time for desired retrieval of information only; it does not concern when the information was created or registered. Positive consents must be attached with a validity period, while negative consents only requires a stated start date.
A health professional’s access to sensitive data concerning a citizen is unaffected by a consent if the health professional is outside the consent’s field of action. This is the case if for instance a negative consent concerns another specific health professional.

Realisering af Min Spærring services omfatter to Java-baserede webservices:
1) Min Spærring administrationsservice
- Der tillader registrering og vedligehold af afgivne samtykke/spærring for en borger.
- Ved registrering af samtykker/spærringer for borger hvor den aktive bruger handler på vegne af borgeren, skal hændelsen registreres i Minlog
- Administrationsservicen udstilles via NSP DCC
2) Min Spærring verifikationsservice
- Der gør det muligt at undersøge samtykke- og spærringsforholdene mellem en borger og en sundhedsperson.
- Verifikationsservicen udstilles som en webservice på NSP'erne.

Min Spærring administrationsservice tilbyder følgende operationer:
-----------------------------------------------------------------------
++ ConsentRegistrationsGet: Retrieves descriptions of all registrations of consents applicable to given citizen.
++ ConsentAdd: Adds active consent/active consents applicable to given citizen.
++ ConsentModify: Updates consent(s) from the collection of consents applicable to given citizen.
++ ConsentRevoke: Revokes given consent(s) from the collection of consents applicable to the provided citizen. This takes place by inactivation of the revoked consents.
ENDPOINT: http://localhost:8080/consent-administration/service, WSDL: http://localhost:8080/consent-administration/service?wsdl

Min Spærring verifikations service tilbyder følgende operationer:
--------------------------------------------------------------------
++ ConsentForUserCheck: Examines whether a citizen has expressed general positive, general negative or data specific consent towards the user.
++ ConsentForDataCheck: Examines whether a citizen has expressed positive or negative consent in regard to the user towards a number of specific data elements.
++ ConsentForForeignersCheck: Examines if the citizen has given positive consent for foreign health professionals to access the citizens’ health information.
ENDPOINT: http://localhost:9090/consent-verification/service, WSDL: http://localhost:8080/consent-verification/service?wsdl

Brug af andre services:
------------------------
- Minlog: Min Spærring administrationsservice foretager i visse situationer registrering af hændelser på borgers data i Min-log service. Når en borger opretter, fjerner eller modificerer samtykker/spærringer for en anden borger, bliver dette ligeledes registreret i Min-log.

Desuden benyttes følgende tabeller:
--------------------------------------
- consent databasen: persistering af spærringer / samtykker
- DDS-documentsources.whitelist_config: Alle CVR-numre i databasen skal for Verifikation have service-key: 'dk.nsi.consent.verification' og for Administration: 'dk.nsi.consent.administration'
- sor: Mapning mellem SOR-koder og SHAK-koder/ydernumre, som anvendes til opslag i forbindelse med samtykkeverifikationer.

Datastruktur, Sundhedsdataregister: Min Spærring (Samtykke)

^^Tilbage til toppen^^

Register properties:

A consent describes a relationship between:
- a citizen,
- (what) information about the citizen
- (who) health professional persons or organizations in addition to their entry way to the information

A negative consent means that the citizen has declined that retrieval or disclosure of sensitive data (what) can be accomplished by an identified target group (who).
A positive consent selectively allows that an identified target group (who) can retrieve sensitive data (what), despite one or more negative consents for the sensitive data. A positive consent can furthermore be used in external systems to allow identified target group to retrieve sensitive data that has been marked externally as private.

A consent is either active or inactive. An active consent can affect a health professional’s access to sensitive data about the citizen. An inactive consent has no impact, but is a record of a formerly active consent, that the citizen has nullified.
A consent can be attached with a validity period (when), that states a period for which a health professional’s access to the information may be restricted (on negative consent) or relaxed (on positive consent). The consent’s validity period concerns the time for desired retrieval of information only; it does not concern when the information was created or registered. Positive consents must be attached with a validity period, while negative consents only requires a stated start date.

Entitetsbeskrivelser

ConsentItem

^^Tilbage til toppen^^

Borger, angivet ved CPR, som har angivet spærringer.

A consent is registered as a ConsentItem. Given a ConsentItem, any attached WhatItem and/or WhoItem can be identified.

ConsentItem contains the following information:
citizenCpr Identity of the citizen (social security number) the consent concerns.
consentType Type of consent, 0=negative, other than zero=positive.
whatItem Reference to whatItem table. Null = all
whoItem Reference to whoItem table. Null = all
validFrom Time from which the consent is applicable. Saved as UTC-timestamp.
validTo Date and time where the consent expires.; Null = no expiration date.; Saved as UTC-timestamp.
creationTimestamp Time of creation of consent.; Saved as UTC-Timestamp.
creatingSystemName Name of the system through which the consent was created; (as recorded in the HSUID-header on the Web service-call to the consent administration service)
createdBy Identity of the user that created the consent (as recorded in the HSUID-header on the Web service call to consent service)
modifyTimestamp Time at which the consent was most recently modified. Saved as UTC-timestamp.
modifyingSystemName Name of the system through which the consent last was modified (as recorded in the HSUID-header on the Web service-call to consent service)
modifiedBy Identity of the user that last modified the consent (as recorded in the HSUID-header on the Web service-call to consent service)

WhatItem

^^Tilbage til toppen^^

Holds information concerning what the consent covers.

WhatItem contains the following information:
organizationIdentifier Identity of the organisation (given as the SOR-code of the organisation) from which the information originated. Null = all organisations.
includeSubOrganizations Indicates whether the consent concerns information originating from the particular organisation (with the value 0) or the particular organisation and all organisations transitively subordinate to it (with the value 1).
referralStart The consent concerns information on activities pertaining to the citizen on or later than the stated timestamp.; Null = no bounding start time.; Saved as UTC-timestamp.
referralEnd The consent concerns information on activities pertaining to the citizen before or on the stated timestamp.; Null = no bounding end time.; Saved as UTC-timestamp.

WhoItem

^^Tilbage til toppen^^

Holds information about whom a consent is given to / against.

WhoItem contains the following information:

healthProfessionalCpr Identity of the health professional (social security number) for whom the consent applies to.; A value of null means that the consent applies to any health professional.
organizationIdentifier Identity of the organisation (the SOR-code) for which the consent applies to. A value of null means any organisation.
includeSubOrgs Indicates whether the consent applies to the particular organisation (with the value 0); or the particular organisation and all organisations transitively subordinate to it (with the value 1).
foreignHealthProfessionals States whether the consent applies to health professionals functioning outside Danish territory.; A value of 1 indicates that the consent applies to foreign health professionals, while a value of zero indicates that it does not apply.; A consentitem of consentType 1 associated with at whoItem with foreignHealthProfessionals set to 1 indicates consent provided for epSos to disclose health information to foreign health professionals.; Which information to be disclosed is determined by epSos.

Whitelist config (DDS)

^^Tilbage til toppen^^

Objektet indeholder de CVR som er whitelisted til brug på test/prod for DDS servicen

Objektet indeholder informationen:
---------------------------------------
service_key
-- DDS Registry: 'dk.nsi.ddsregistry'
-- DDS Repository: ’dk.nsi.ddsrepository’
-- Min Spærring (Samtykke verifikation): 'dk.nsi.consent.verification'
-- Min Spærring (Samtykke administration): 'dk.nsi.consent.administration'
service_type --
cvr -- CVR nummer
comment -- Her anføres NSP Jira nummer som relaterer den enkelte whitelisting

Tabelbeskrivelser

Tabel: consentitem

^^Tilbage til toppen^^

USE consent;

CREATE TABLE IF NOT EXISTS consent.consentitem (
PK BIGINT(20) NOT NULL AUTO_INCREMENT ,
citizenCpr VARCHAR(80) NOT NULL ,
consentType TINYINT(1) NOT NULL DEFAULT 0 COMMENT '0 equal Negative or 1 equals Positive Consent' ,
whatitem BIGINT(20) NULL DEFAULT NULL ,
whoitem BIGINT(20) NULL DEFAULT NULL ,
validFrom DATETIME NOT NULL ,
validTo DATETIME NULL DEFAULT NULL ,
creationTimeStamp DATETIME NOT NULL ,
creatingSystemName VARCHAR(80) NOT NULL ,
createdBy VARCHAR(80) NOT NULL ,
modifyTimeStamp DATETIME NULL DEFAULT NULL ,
modifyingSystemName VARCHAR(80) NULL DEFAULT NULL ,
modifiedBy VARCHAR(80) NULL DEFAULT NULL ,
PRIMARY KEY (PK) ,
UNIQUE INDEX PK_UNIQUE (PK ASC) ,
INDEX whoRelation (whoitem ASC) ,
INDEX whatRelation (whatitem ASC) ,
INDEX citizenCprIndex (citizenCpr ASC) ,
CONSTRAINT whatRelation
FOREIGN KEY (whatitem )
REFERENCES consent.whatitem (PK )
ON DELETE CASCADE
ON UPDATE NO ACTION,
CONSTRAINT whoRelation
FOREIGN KEY (whoitem )
REFERENCES consent.whoitem (PK )
ON DELETE CASCADE
ON UPDATE NO ACTION)
ENGINE = InnoDB
DEFAULT CHARACTER SET = utf8;

Tabel: whatItem

^^Tilbage til toppen^^

USE consent;

CREATE TABLE IF NOT EXISTS consent.whatitem (
PK BIGINT(20) NOT NULL AUTO_INCREMENT ,
organizationIdentifier MEDIUMTEXT NULL DEFAULT NULL ,
includeSubOrganizations TINYINT(1) NOT NULL DEFAULT true ,
referralStart DATETIME NULL DEFAULT NULL ,
referralEnd DATETIME NULL DEFAULT NULL ,
PRIMARY KEY (PK) ,
UNIQUE INDEX PK_UNIQUE (PK ASC) )
ENGINE = InnoDB
DEFAULT CHARACTER SET = utf8;

Tabel: whoItem

^^Tilbage til toppen^^

USE consent;

CREATE TABLE IF NOT EXISTS consent.whoitem (
PK BIGINT(20) NOT NULL AUTO_INCREMENT ,
healthProfessionalCpr VARCHAR(80) NULL DEFAULT NULL ,
organizationIdentifier MEDIUMTEXT NULL DEFAULT NULL ,
includeSubOrganizations TINYINT(1) NULL DEFAULT true ,
foreignHealthProfessionals TINYINT(1) NOT NULL DEFAULT false ,
PRIMARY KEY (PK) ,
UNIQUE INDEX PK_UNIQUE (PK ASC) )
ENGINE = InnoDB
DEFAULT CHARACTER SET = utf8;

Tabel: whitelist_config (DDS)

^^Tilbage til toppen^^

CREATE TABLE whitelist_config (
service_key VARCHAR(50) NOT NULL,
service_type VARCHAR(20) NOT NULL,
cvr CHAR(8) NOT NULL,
comment VARCHAR(100) NULL,
PRIMARY KEY (service_key, service_type, cvr)
); -- ENGINE=InnoDB COLLATE=utf8_bin;

Teknologibeskrivelse

^^Tilbage til toppen^^

Refereres fra

^^Tilbage til toppen^^





  • No labels