Used Documentation

Cookbook / Materials	Version	Location
Consent WS	1.9	https://www.ehealth.fgov.be/ehealthplatform/nl/service-ehealthconsent
Secure Token Service	1.3	https://www.ehealth.fgov.be/ehealthplatform/nl/service-iam-identity-access-management
MetaHub V2 Cookbook	1.9	https://www.ehealth.fgov.be/ehealthplatform/nl/service-verwijzingsrepertorium-hubs-metahub

General Information

Informed Consent

The existence of an active ‘informed patient consent’ is one of the fundamental prerequisites for the healthcare providers to access patient’s medical data. Therefore, the eHealth platform makes available to the concerned patients and the health care actors involved in the exchange,

storage or referencing personal data a service to manage the ‘informed patient consent’ as defined by the deliberation 12/047 of the CSSSS/SCSZG1.

Technically, we identify the following attributes for an ‘informed patient consent’:

The SSIN of the patient.
The date of the consent registration (at the end-user side).
The “type” of the consent If the consent is only valuable for data posterior to the signing date, it is called ‘prospective’ and ‘retrospective’ in the other case . According to the rules defined now, the only possible value for this attribute is ‘retrospective’. The attribute is present for backwards compatibility.
The identity of the HCParty acting in the patient’s name (if applicable).

Image Removed

The “informed consent” can be managed and verified throughout several ways and associated components. The above scheme provides an overview of all those components.
The “eHealth Consent WS” described here is only available for the software of the authorized healthcare professionals and institutions

.

KMEHR

This service is a ‘KMEHR-based’ WS. We thus strongly recommend consulting the documentation related to the KMEHR normative elements. The KMEHR site aims to offer a central point for the documentation of the KMEHR normative elements.

https://www.ehealth.fgov.be/standards/kmehr/en

The three following generic elements are, in particular, essentials to build the request and the reply of eHealth Consent WS.

cd : This is the key element used to code information: this section is completely based on the description from the KMEHR standard, as can be found on: https://www.ehealth.fgov.be/standards/kmehr/en/page/key-elements#cd
id: This element is used to uniquely identify key elements like request, response of the WS, patient, HCParty. It can also be used to specify any unique identifier: this section is completely based on the description from the KMEHR standard, as can be found on: https://www.ehealth.fgov.be/standards/kmehr/en/page/key-elements#id
HC Party: The hcparty element is a generic element that aims to represent any kind of healthcare party: organization, physician, medical specialty, or even IT systems: this section is entirely based on the description from the KMEHR standard, as can be found on: https://www.ehealth.fgov.be/standards/kmehr/en/page/hcparty

Basic Flow

Flow

Specifications

ID

AR

UC-

UC139

126-BF
Name	Revoke Patient Consent -Doctor

working in a recognized authorized organization that acts in behalf of

who is working in a Health Insurance Organization (HIO) and the request is transmitted via a recognized authorized organization.
Description	Revoke Patient consent allows end-users to revoke an active consent of the concerned patient. Request Revoke consent is done by a

doctor

doctor who is working in a Health Insurance Organization (HIO) and the request is transmitted via a recognized authorized organization

that acts in behalf of a Health Insurance Organization.

.
Actor(s)	Doctor who is working in a Health Insurance Organization (HIO) and the request is transmitted via a recognized authorized organization

that acts in behalf of a Health Insurance Organization

.
Requirements	End-user is

a d

a doctor who is working in a

recognized authorized organization that acts in behalf of a

Health Insurance Organization

The informed patient consent is managed by

(HIO) and the request is transmitted via a recognized authorized organization

thru its usual software in behalf a HIO

Valid eHealth Certificate of the authorized organization
Consent WS is integrated in the software of the end-user

INSS concerned patient

Identification of the HIO: CBE number, HIO category
Identification of the doctor: SSIN number, NIHII (if available), professional category
Information about the consent to revoke

°Identification data of concerned patient: SSIN, first and family name (optional)

°Type

Type

of consent: retrospective

Date

°Date of revocation

An active consent


Trigger	The user wants to revoke a Patient Consent
Precondition(s)	The user has an account for the application The user is logged out
Flow	The user attempts to access the eHealth Consent WS The user needs to request a SAML Token by using his eID A request for a SAML Token is sent to the Secure Token Service (STS) The STS responds with a SAML Token The user has access to the eHealth WS Consent The user does a request for Revoke Patient Consent The Revoke Patient Consent Request is sent to the WS Consent

°

The revoked consent is stored in eHealth Database
The request is logged
The WS Consent responds with a Revoke Patient Consent Response

° The request is logged

° The revoked consent is stored in eHealth Database

Post Condition(s)	The request is logged The revoked consent is stored in eHealth Database with following information °SSIN of concerned patient °Initial signing date of the consent °Consent type °Author of the request °Revocation date
Test Data	Example Revoke Patient Consent Request Example Revoke Patient Consent Response successful Example Revoke Patient Consent Response unsuccessful
End point(s)	WS Consent eHealth Database
Additional Information	Date of revocation of an active consent must be equal or anterior to the request date. If so, it must be also anterior to the current date.

Alternative Flow

Flow

Specifications

ID

AR

UC-

UC139

126-AF01
Name	Revoke Patient Consent - Administrative who is working in a

recognized authorized organization under

Health Insurance Organization (HIO) under the responsibility of a doctor

, that acts in behalf of a Health Insurance Organization (HIO)

and the request is transmitted via a recognized authorized organization.
Description	Revoke Patient consent allows end-users to revoke an active consent of the concerned patient. Request Revoke consent is done by an administrative who is working in a

recognized authorized organization under

Health Insurance Organization (HIO) under the responsibility of a doctor

, that acts in behalf of a Health Insurance Organization (HIO)

and the request is transmitted via a recognized authorized organization.
Actor(s)	Administrative who is working in a

recognized authorized organization under

Health Insurance Organization (HIO) under the responsibility of a doctor

, that acts in behalf of a Health Insurance Organization (HIO)

and the request is transmitted via a recognized authorized organization.
Requirements	End-user is an

administrative working in a recognized authorized organization under responsibility of a doctor, that acts in behalf of

administrative who is working in a Health Insurance Organization (HIO)

The informed patient consent is managed by

under the responsibility of a doctor and the request is transmitted via a recognized authorized organization

thru its usual software in behalf a HIO

Valid eHealth Certificate of the authorized organization
Consent WS is integrated in the software of the end-user

INSS concerned patient

Identification of the HIO: CBE number, HIO category
Identification of the doctor: SSIN number, NIHII (if available), professional category
Identification of the admin: SSIN number, professional category
Information about the consent to revoke

°Identification data of concerned patient: SSIN, first and family name (optional)

°Type

Type

of consent: retrospective

Date

°Date of revocation

An active consent


Trigger	The user wants to revoke a Patient Consent
Precondition(s)	The user has an account for the application The user is logged out
Flow	The user attempts to access the eHealth Consent WS The user needs to request a SAML Token by using his eID A request for a SAML Token is sent to the Secure Token Service (STS) The STS responds with a SAML Token The user has access to the eHealth WS Consent The user does a request for Revoke Patient Consent The Revoke Patient Consent Request is sent to the WS Consent

°

The revoked consent is stored in eHealth Database
The request is logged
The WS Consent responds with a Revoke Patient Consent Response

° The request is logged

° The revoked consent is stored in eHealth Database

Post Condition(s)	The request is logged The revoked consent is stored in eHealth Database with following information °SSIN of concerned patient °Initial signing date of the consent °Consent type °Author of the request °Revocation date
Test Data	Example Revoke Patient Consent Request Example Revoke Patient Consent Response successful Example Revoke Patient Consent Response unsuccessful
End point(s)	WS Consent eHealth Database
Additional Information	Date of revocation of an active consent must be equal or anterior to the request date. If so, it must be also anterior to the current date.

Alternative

Exception Flow 1

Flow

Specifications

ID

AR

UC-

UC139

126-

AF02

EF01
Name	Revoke Patient Consent -

Patient through a recognized authorized organization under responsibility of a doctor, that acts in behalf of

Doctor who is working in a Health Insurance Organization (HIO) and the request is transmitted via a recognized authorized organization. - Deceased patient
Description	Revoke Patient consent allows end-users to revoke an active consent of the concerned patient. Request Revoke consent is done by a

patient through a recognized authorized organization under responsibility of a doctor, that acts in behalf of

doctor who is working in a Health Insurance Organization (HIO) and the request is transmitted via a recognized authorized organization. Deceased patient

Actor(s)

Patient through a recognized authorized organization under responsibility of a doctor, that acts in behalf of

Doctor who is working in a Health Insurance Organization (HIO) and the request is transmitted via a recognized authorized organization.
Requirements	End-user is

a patient through a recognized authorized organization under responsibility of a doctor, that acts in behalf of

a doctor who is working in a Health Insurance Organization (HIO) and the request is transmitted via a recognized authorized organization Valid eHealth Certificate of the authorized organization Consent WS is integrated in the software of the end-user Identification of the HIO: CBE number, HIO category Identification of the doctor: SSIN number, NIHII (if available), professional category Information about the consent to revoke °Identification data of concerned patient: SSIN, first and family name (optional) °Type of consent: retrospective °Date of revocation Concerned patient is deceased
Trigger	The user wants to revoke a Patient Consent
Precondition(s)	The user has an account for the application The user is logged out
Flow	The user attempts to access the eHealth Consent WS The user needs to request a SAML Token by using his a eHealth Certificate A request for a SAML Token is sent to the Secure Token Service (STS) The STS responds with a SAML Token The user has access to the eHealth WS Consent The user does a request for Revoke Patient Consent The Revoke Patient Consent Request is sent to the WS Consent The WS Consent responds with a Revoke Patient Consent Response: error message
Post Condition(s)	Error message
Test Data	Example Revoke Patient Consent Request Example Revoke Patient Consent Response successful Example Revoke Patient Consent Response unsuccessful
End point(s)	WS Consent eHealth Database

Exception Flow 2

Flow

Specifications

ID	UC-126-EF02
Name	Revoke Patient Consent - Doctor who is working in a Health Insurance Organization (HIO)

and the request is transmitted via a recognized authorized organization. - The consent of the concerned patient is already revoked
Description	Revoke Patient consent allows end-users to revoke an active consent of the concerned patient. Request Revoke consent is done by a doctor who is working in a Health Insurance Organization (HIO) and the request is transmitted via a recognized authorized organization. The consent of the concerned patient is already revoked
Actor(s)	Doctor who is working in a Health Insurance Organization (HIO) and the request is transmitted via a recognized authorized organization.
Requirements	End-user is a doctor who is working in a Health Insurance Organization (HIO) and the request is transmitted via a recognized authorized organization

The informed patient consent is managed by a recognized authorized organization thru its usual software in behalf a HIO

Valid eHealth Certificate of the authorized organization
Consent WS is integrated in the software of the end-user

INSS concerned patient

Identification of the HIO: CBE number, HIO category
Identification of the doctor: SSIN number, NIHII (if available), professional category
Information about the consent to revoke

°Identification data of concerned patient: SSIN, first and family name (optional)

°Type

Type

of consent: retrospective

Date

°Date of revocation

An active consent

The consent of the concerned patient is already revoked
Trigger	The user wants to revoke a Patient Consent
Precondition(s)	The user has an account for the application The user is logged out
Flow	The user attempts to access the eHealth Consent WS The user needs to request a SAML Token by using

his eID

his a eHealth Certificate
A request for a SAML Token is sent to the Secure Token Service (STS)
The STS responds with a SAML Token
The user has access to the eHealth WS Consent
The user does a request for Revoke Patient Consent
The Revoke Patient Consent Request is sent to the WS Consent

°

The WS Consent responds with a Revoke Patient Consent Response: error message

° The request is logged

° The revoked consent is stored in eHealth Database

Post Condition(s)	Error message
Test Data	Example Revoke Patient Consent Request Example Revoke Patient Consent Response successful Example Revoke Patient Consent Response unsuccessful
End point(s)	WS Consent eHealth Database

Exception Flow 3

Flow

Specifications

ID	UC-126-EF03
Name	Revoke Patient Consent - Doctor who is working in a Health Insurance Organization (HIO) and the request is transmitted via a recognized authorized organization. - The consent of the concerned patient does not exist
Description	Revoke Patient consent allows end-users to revoke an active consent of the concerned patient. Request Revoke consent is done by a doctor who is working in a Health Insurance Organization (HIO) and the request is transmitted via a recognized authorized organization. The consent of the concerned patient does not exist
Actor(s)	Doctor who is working in a Health Insurance Organization (HIO) and the request is transmitted via a recognized authorized organization.
Requirements	End-user is a doctor who is working in a Health Insurance Organization (HIO) and the request is transmitted via a recognized authorized organization Valid eHealth Certificate of the authorized organization Consent WS is integrated in the software of the end-user Identification of the HIO: CBE number, HIO category Identification of the doctor: SSIN number, NIHII (if available), professional category Information about the consent to revoke °Identification data of concerned patient: SSIN, first and family name (optional) °Type of consent: retrospective °Date of revocation The consent of the concerned patient does not exist
Trigger	The user wants to revoke a Patient Consent
Precondition(s)	The user has an account for the application The user is logged out
Flow	The user attempts to access the eHealth Consent WS The user needs to request a SAML Token by using his a eHealth Certificate A request for a SAML Token is sent to the Secure Token Service (STS) The STS responds with a SAML Token The user has access to the eHealth WS Consent The user does a request for Revoke Patient Consent The Revoke Patient Consent Request is sent to the WS Consent The WS Consent responds with a Revoke Patient Consent Response: error message
Post Condition(s)	Error message

Post Condition(s)

The request is logged
The revoked consent is stored in eHealth Database with following information

°SSIN of concerned patient

°Initial signing date of the consent

°Consent type

°Author of the request

°Revocation date


Test Data	Example Revoke Patient Consent Request Example Revoke Patient Consent Response successful Example Revoke Patient Consent Response unsuccessful
End point(s)	WS Consent eHealth Database

Additional InformationDate of revocation of an active consent must be equal or anterior to the request date. If so, it must be also anterior to the current date.

Page tree

Versions Compared

Old Version 8

New Version Current

Key

Used Documentation

General Information

Informed Consent

Basic Flow

Alternative Flow

Exception Flow 1

Exception Flow 2

Exception Flow 3

Page tree

Page History

Versions Compared

Old Version 8

New Version Current

Key

Used Documentation

General Information

Informed Consent

Basic Flow

Alternative Flow

Exception Flow 1

Exception Flow 2

Exception Flow 3