Versions Compared

Old Version 22

changes.mady.by.user Unknown User (gaelle.laurent.ext@imec.be)

Saved on

compared with

New Version Current

changes.mady.by.user Unknown User (gaelle.laurent.ext@imec.be)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Used Documentation

Cookbook / Materials

Version

Location

Consent WS1.9https://www.ehealth.fgov.be/ehealthplatform/nl/service-ehealthconsent


General Information

Informed Consent 

The existence of an active ‘informed patient consent’ is one of the fundamental prerequisites for the healthcare providers to access patient’s medical data. Therefore, the eHealth platform makes available to the concerned patients and the health care actors involved in the exchange,

storage or referencing personal data a service to manage the ‘informed patient consent’ as defined by the deliberation 12/047 of the CSSSS/SCSZG1.

Technically, we identify the following attributes for an ‘informed patient consent’:

  • The SSIN of the patient.
  • The date of the consent registration (at the end-user side).
  • The “type” of the consent If the consent is only valuable for data posterior to the signing date, it is called ‘prospective’ and ‘retrospective’ in the other case . According to the rules defined now, the only possible value for this attribute is ‘retrospective’. The attribute is present for backwards compatibility.
  • The identity of the HCParty acting in the patient’s name (if applicable).


KMEHR

This service is a ‘KMEHR-based’ WS. We thus strongly recommend consulting the documentation related to the KMEHR normative elements. The KMEHR site aims to offer a central point for the documentation of the KMEHR normative elements.

https://www.ehealth.fgov.be/standards/kmehr/en

The three following generic elements are, in particular, essentials to build the request and the reply of eHealth Consent WS. 

Basic Flow

FlowSpecifications


IDARUC-UC139126-BF
NameRevoke Patient Consent -Doctor working in a recognized authorized organization that acts in behalf of who is working in a Health Insurance Organization (HIO) and the request is transmitted via a recognized authorized organization. 
DescriptionRevoke Patient consent allows end-users to revoke an active consent of the concerned patient. Request Revoke consent is done by a doctor doctor who is working in a Health Insurance Organization (HIO) and the request is transmitted via a recognized authorized organization that acts in behalf of a Health Insurance Organization.
Actor(s)

Doctor who is working in a Health Insurance Organization (HIO) and the request is transmitted via a recognized authorized organization

that acts in behalf of a Health Insurance Organization

Requirements
  • End-user is a da doctor working in a recognized authorized organization that acts in behalf of who is working in a Health Insurance Organization The informed patient consent is managed by (HIO) and the request is transmitted via a recognized authorized organization thru its usual software in behalf a HIO
  • Valid eHealth Certificate of the authorized organization
  • Consent WS is integrated in the software of the end-user
  • Identification of the HIO: CBE number, HIO category
  • Identification of the doctor: SSIN number, NIHII (if available), professional category
  • Information about the consent to revoke

     °Identification data of concerned patient: SSIN, first and family name (optional)

     °Type of consent: retrospective

     °Date of revocation

TriggerThe user wants to revoke a Patient Consent 
Precondition(s)
  • The user has an account for the application
  • The user is logged out
Flow
  1. The user attempts to access the eHealth Consent WS
  2. The user needs to request a SAML Token by using his eID 
  3. A request for a SAML Token is sent to the Secure Token Service (STS)
  4. The STS responds with a SAML Token
  5. The user has access to the eHealth WS Consent
  6. The user does a request for Revoke Patient Consent 
  7. The Revoke Patient Consent Request is sent to the WS Consent 
°
  1. The revoked consent is stored in eHealth Database
      °
  1. The request is logged 
      ° The
  1. The WS Consent responds with a Revoke Patient Consent Response
Post Condition(s)
  • The request is logged 
  • The revoked consent is stored in eHealth Database with following information

         °SSIN of concerned patient 

         °Initial signing date of the consent

         °Consent type

         °Author of the request

         °Revocation date

Test Data
End point(s)
  • WS Consent
  • eHealth Database
Additional InformationDate of revocation of an active consent must be equal or anterior to the request date. If so, it must be also anterior to the current date. 



Alternative Flow

FlowSpecifications


ID
AR
UC-
UC139
126-AF01
NameRevoke Patient Consent - Administrative
working in a recognized authorized organization under responsibility of a doctor, that acts in behalf of
who is working in a Health Insurance Organization (HIO)
DescriptionRevoke Patient consent allows end-users to revoke an active consent of the
under the responsibility of a doctor and the request is transmitted via a recognized authorized organization. 
DescriptionRevoke Patient consent allows end-users to revoke an active consent of the concerned patient. Request Revoke consent is done by an administrative
working in a recognized authorized organization under responsibility of a doctor, that acts in behalf of
who is working in a Health Insurance Organization (HIO)
Actor(s)Administrative working in a recognized authorized organization under responsibility of a doctor, that acts in behalf of a Health Insurance Organization (HIO)Requirements
  • End-user is an administrative working in a recognized authorized organization under responsibility of a doctor, that acts in behalf of a Health Insurance Organization (HIO)
  • The informed patient consent is managed by a recognized authorized organization thru its usual software in behalf a HIO
  • Valid eHealth Certificate of the authorized organization
  • Consent WS is integrated in the software of the end-user
  • Identification of the HIO: CBE number, HIO category
  • Identification of the doctor: SSIN number, NIHII (if available), professional category
  • Identification of the admin: SSIN number, professional category
  • Information about the consent to revoke

     °Identification data of concerned patient: SSIN, first and family name (optional)

     °Type of consent: retrospective

     °Date of revocation

TriggerThe user wants to revoke a Patient Consent Precondition(s)
  • The user has an account for the application
  • The user is logged out
Flow
  1. The user attempts to access the eHealth Consent WS
  2. The user needs to request a SAML Token by using his eID 
  3. A request for a SAML Token is sent to the Secure Token Service (STS)
  4. The STS responds with a SAML Token
  5. The user has access to the eHealth WS Consent
  6. The user does a request for Revoke Patient Consent 
  7. The Revoke Patient Consent Request is sent to the WS Consent 
  8. ° The revoked consent is stored in eHealth Database

      ° The request is logged 

      ° The WS Consent responds with a Revoke Patient Consent Response

Post Condition(s)
  • The request is logged 
  • The revoked consent is stored in eHealth Database with following information

         °SSIN of concerned patient 

         °Initial signing date of the consent

         °Consent type

         °Author of the request

         °Revocation date

Test DataEnd point(s)
  • WS Consent
  • eHealth Database
Additional InformationDate of revocation of an active consent must be equal or anterior to the request date. If so, it must be also anterior to the current date. 

Alternative Flow

under the responsibility of a doctor and the request is transmitted via a recognized authorized organization. 
Actor(s)Administrative who is working in a Health Insurance Organization (HIO) under the responsibility of a doctor and the request is transmitted via a recognized authorized organization. 
Requirements
  • End-user is an administrative who is working in a Health Insurance Organization (HIO) under the responsibility of a doctor and the request is transmitted via a recognized authorized organization
FlowSpecificationsIDAR-UC139-AF02NameRevoke Patient Consent - Patient through a recognized authorized organization under responsibility of a doctor, that acts in behalf of a Health Insurance Organization (HIO)DescriptionRevoke Patient consent allows end-users to revoke an active consent of the concerned patient. Request Revoke consent is done by a patient through a recognized authorized organization under responsibility of a doctor, that acts in behalf of a Health Insurance Organization (HIO)Actor(s)Patient through a recognized authorized organization under responsibility of a doctor, that acts in behalf of a Health Insurance Organization (HIO)Requirements
  • End-user is a patient through a recognized authorized organization under responsibility of a doctor, that acts in behalf of a Health Insurance Organization (HIO)
    • The informed patient consent is managed by a recognized authorized organization thru its usual software in behalf a HIO
    • Valid eHealth Certificate of the authorized organization
    • Consent WS is integrated in the software of the end-
    user
    • user
    • Identification of the HIO: CBE number, HIO category
    • Identification of the
    HIO
    • doctor:
    CBE number, HIO
    • SSIN number, NIHII (if available), professional category
    • Identification of the
    patient
    • admin: SSIN number, professional category
    • Information about the consent to revoke

         °Identification data of concerned patient: SSIN, first and family name (optional)

         °Type of consent: retrospective

         °Date of revocation

    TriggerThe user wants to revoke a Patient Consent 
    Precondition(s)
    • The user has an account for the application
    • The user is logged out
    Flow
    1. The user attempts to access the eHealth Consent WS
    2. The user needs to request a SAML Token by using his eID 
    3. A request for a SAML Token is sent to the Secure Token Service (STS)
    4. The STS responds with a SAML Token
    5. The user has access to the eHealth WS Consent
    6. The user does a request for Revoke Patient Consent 
    7. The Revoke Patient Consent Request is sent to the WS Consent 
    °
    1. The revoked consent is stored in eHealth Database
          °
    1. The request is logged 
          ° The
    1. The WS Consent responds with a Revoke Patient Consent Response
    Post Condition(s)
    • The request is logged 
    • The revoked consent is stored in eHealth Database with following information

             °SSIN of concerned patient 

             °Initial signing date of the consent

             °Consent type

             °Author of the request

             °Revocation date

    Test Data
    End point(s)
    • WS Consent
    • eHealth Database
    Additional InformationDate of revocation of an active consent must be equal or anterior to the request date. If so, it must be also anterior to the current date. 



    Exception Flow 1

    FlowSpecifications


    IDARUC-UC139126-EF01
    NameRevoke Patient Consent -Doctor who is working in a recognized authorized organization that acts in behalf of a Health Insurance Organization (HIO) a Health Insurance Organization (HIO) and the request is transmitted via a recognized authorized organization.  Deceased patient
    DescriptionRevoke Patient consent allows end-users to revoke an active consent of the concerned patient. Request Revoke consent is done by a doctor who is working in a Health Insurance Organization (HIO) and the request is transmitted via a recognized authorized organization that acts in behalf of a Health Insurance Organization Deceased patient
    Actor(s)Doctor who is working in a Health Insurance Organization (HIO) and the request is transmitted via a recognized authorized organization that acts in behalf of a Health Insurance Organizationorganization. 
    Requirements
    • End-user is a da doctor working in a recognized authorized organization that acts in behalf of who is working in a Health Insurance Organization The informed patient consent is managed by (HIO) and the request is transmitted via a recognized authorized organization thru its usual software in behalf a HIO
    • Valid eHealth Certificate of the authorized organization
    • Consent WS is integrated in the software of the end-user
    • Identification of the HIO: CBE number, HIO category
    • Identification of the doctor: SSIN number, NIHII (if available), professional category
    • Information about the consent to revoke

         °Identification data of concerned patient: SSIN, first and family name (optional)

         °Type of consent: retrospective

         °Date of revocation

    • Concerned patient is deceased
    TriggerThe user wants to revoke a Patient Consent 
    Precondition(s)
    • The user has an account for the application
    • The user is logged out
    Flow
    1. The user attempts to access the eHealth Consent WS
    2. The user needs to request a SAML Token by using his a eHealth Certificate 
    3. A request for a SAML Token is sent to the Secure Token Service (STS)
    4. The STS responds with a SAML Token
    5. The user has access to the eHealth WS Consent
    6. The user does a request for Revoke Patient Consent 
    7. The Revoke Patient Consent Request is sent to the WS Consent 
    8. The WS Consent responds with a Revoke Patient Consent Response: error message
    Post Condition(s)Error message
    Test Data
    End point(s)
    • WS Consent
    • eHealth Database



    Exception Flow 2

    FlowSpecifications


    IDARUC-UC139126-EF02
    NameRevoke Patient Consent - Doctor working in a recognized authorized organization that acts in behalf of who is working in a Health Insurance Organization (HIO) and the request is transmitted via a recognized authorized organization. - The consent of the concerned patient is already revoked
    DescriptionRevoke Patient consent allows end-users to revoke an active consent of the concerned patient. Request Revoke consent is done by a doctor who is working in a Health Insurance Organization (HIO) and the request is transmitted via a recognized authorized organization that acts in behalf of a Health Insurance Organization The consent of the concerned patient is already revoked
    Actor(s)Doctor working in who is working in a Health Insurance Organization (HIO) and the request is transmitted via a recognized authorized organization that acts in behalf of a Health Insurance Organization
    Requirements
    • End-user is a da doctor working in a recognized authorized organization that acts in behalf of who is working in a Health Insurance Organization The informed patient consent is managed by (HIO) and the request is transmitted via a recognized authorized organization thru its usual software in behalf a HIO
    • Valid eHealth Certificate of the authorized organization
    • Consent WS is integrated in the software of the end-user
    • Identification of the HIO: CBE number, HIO category
    • Identification of the doctor: SSIN number, NIHII (if available), professional category
    • Information about the consent to revoke

         °Identification data of concerned patient: SSIN, first and family name (optional)

         °Type of consent: retrospective

         °Date of revocation

    • The consent of the concerned patient is already revoked
    TriggerThe user wants to revoke a Patient Consent 
    Precondition(s)
    • The user has an account for the application
    • The user is logged out
    Flow
    1. The user attempts to access the eHealth Consent WS
    2. The user needs to request a SAML Token by using his a eHealth Certificate 
    3. A request for a SAML Token is sent to the Secure Token Service (STS)
    4. The STS responds with a SAML Token
    5. The user has access to the eHealth WS Consent
    6. The user does a request for Revoke Patient Consent 
    7. The Revoke Patient Consent Request is sent to the WS Consent 
    8. The WS Consent responds with a Revoke Patient Consent Response: error message
    Post Condition(s)Error message
    Test Data
    End point(s)
    • WS Consent
    • eHealth Database



    Exception Flow 3

    FlowSpecifications


    ID
    AR
    UC-
    UC139
    126-EF03
    NameRevoke Patient Consent - Doctor
    working in a recognized authorized organization that acts in behalf of
    who is working in a Health Insurance Organization (HIO) and the request is transmitted via a recognized authorized organization. - The consent of the concerned patient does not exist
    DescriptionRevoke Patient consent allows end-users to revoke an active consent of the concerned patient. Request Revoke consent is done by a doctor who is working in a Health Insurance Organization (HIO) and the request is transmitted via a recognized authorized organization
    that acts in behalf of a Health Insurance Organization
    The consent of the concerned patient does not exist
    Actor(s)Doctor
    working in a recognized authorized organization that acts in behalf of
    who is working in a Health Insurance Organization (HIO) and the request is transmitted via a recognized authorized organization. 
    Requirements
    • End-user is
    a d
    • a doctor
    working in a recognized authorized organization that acts in behalf of
    • who is working in a Health Insurance Organization
    The informed patient consent is managed by
    • (HIO) and the request is transmitted via a recognized authorized organization
    thru its usual software in behalf a HIO
    • Valid eHealth Certificate of the authorized organization
    • Consent WS is integrated in the software of the end-user
    • Identification of the HIO: CBE number, HIO category
    • Identification of the doctor: SSIN number, NIHII (if available), professional category
    • Information about the consent to revoke

         °Identification data of concerned patient: SSIN, first and family name (optional)

         °Type of consent: retrospective

         °Date of revocation

    • The consent of the concerned patient does not exist
    TriggerThe user wants to revoke a Patient Consent 
    Precondition(s)
    • The user has an account for the application
    • The user is logged out
    Flow
    1. The user attempts to access the eHealth Consent WS
    2. The user needs to request a SAML Token by using his a eHealth Certificate 
    3. A request for a SAML Token is sent to the Secure Token Service (STS)
    4. The STS responds with a SAML Token
    5. The user has access to the eHealth WS Consent
    6. The user does a request for Revoke Patient Consent 
    7. The Revoke Patient Consent Request is sent to the WS Consent 
    8. The WS Consent responds with a Revoke Patient Consent Response: error message
    Post Condition(s)Error message
    Test Data
    End point(s)
    • WS Consent
    • eHealth Database