-
Created by Unknown User (gaelle.laurent.ext@imec.be), last modified on Aug 27, 2019
The existence of an active ‘informed patient consent’ is one of the fundamental prerequisites for the healthcare providers to access patient’s medical data. Therefore, the eHealth platform makes available to the concerned patients and the health care actors involved in the exchange,
storage or referencing personal data a service to manage the ‘informed patient consent’ as defined by the deliberation 12/047 of the CSSSS/SCSZG1.
Technically, we identify the following attributes for an ‘informed patient consent’:
- The SSIN of the patient.
- The date of the consent registration (at the end-user side).
- The “type” of the consent If the consent is only valuable for data posterior to the signing date, it is called ‘prospective’ and ‘retrospective’ in the other case . According to the rules defined now, the only possible value for this attribute is ‘retrospective’. The attribute is present for backwards compatibility.
- The identity of the HCParty acting in the patient’s name (if applicable).
KMEHR
This service is a ‘KMEHR-based’ WS. We thus strongly recommend consulting the documentation related to the KMEHR normative elements. The KMEHR site aims to offer a central point for the documentation of the KMEHR normative elements.
https://www.ehealth.fgov.be/standards/kmehr/en
The three following generic elements are, in particular, essentials to build the request and the reply of eHealth Consent WS.
Basic Flow
Flow | Specifications |
---|
| ID | UC-115-BF | Name | Put Patient Consent - Patient | Description | A patient declares his own "Informed Patient Consent" by using the WS Consent. The Certificate from the eID of the patient is used to access to the WS Consent. | Actor(s) | | Requirements | - End-user is a patient
- End-user acts as author of the request through his software and manages himself throughout his usual software
- Valid eID
- Consent WS is integrated in the software of the end-user
- Patient software information
- Identification of the patient
°SSIN number °First and last name (optional) - Information on the consent
°Identification of concerned patient: Patient SSIN, first and family name (optional) °Type of consent: retrospective °Signing date of consent | Trigger | The user wants to declare his Patient Consent | Precondition | - The user has an account for the application
- The user is logged out
| Flow | - The user attempts to access the eHealth Consent WS
- The user needs to request a SAML Token by using his eID
- A request for a SAML Token is sent to the Secure Token Service (STS)
- The STS responds with a SAML Token
- The user has access to the eHealth WS Consent
- The user does a request for Put Patient Consent
- The Put Patient Consent Request is sent to the WS Consent
- The informed Patient Consent is stored in eHealth Database
- The request is logged
- The WS Consent responds with a Put patient consent response
| Post Condition(s) | - Request is logged
- The informed patient consent is stored in the eHealth Database
| Test Data | | End point(s) | - WS Consent
- eHealth Database
| Remarks | If support card number is provided then it must be compliant e.g. correct format, check-digit and combination | Additional Information | Additional information about patient e.g. first name and family name may be added for the audit purpose |
|
Alternative Flow
Flow | Specifications |
---|
| ID | UC-115-AF01 | Name | Put Patient Consent - Parent of Patient | Description | Parent of the patient declares an "Informed Patient Consent" in behalf of the patient by using the WS Consent. The Certificate from the eID of the parent is used to access to the WS Consent. | Actor(s) | Parent of the concerned patient, who is younger than 18 years of age | Requirements | - End-user is a parent of the concerned patient
- End-user acts as author of the request through his software and manages himself throughout his usual software
- Valid eID of the parent
- Consent WS is integrated in the software of the end-user
- Parent software information
- Identification of the parent
°SSIN number °First and last name (optional) - Information on the consent
°Identification of concerned patient: Patient SSIN, first and family name (optional) °Type of consent: retrospective °Signing date of consent | Trigger | The user wants to declare his Patient Consent | Precondition(s) | - The user has an account for the application
- The user is logged out
| Flow | - The user attempts to access the eHealth Consent WS
- The user needs to request a SAML Token by using his eID
- A request for a SAML Token is sent to the Secure Token Service (STS)
- The STS responds with a SAML Token
- The user has access to the eHealth WS Consent
- The user does a request for Put Patient Consent
- The Put Patient Consent Request is sent to the WS Consent
- The informed Patient Consent is stored in eHealth Database
- The request is logged
- The WS Consent responds with a Put patient consent response
| Difference in flow | Identification of the parent | Post Conditions | - Request is logged
- The informed patient consent is stored in the eHealth Database
| Test Data | | End point(s) | - WS Consent
- eHealth Database
| Remarks | If support card number is provided then it must be compliant e.g. correct format, check-digit and combination | Additional Information | Additional information about parent e.g. first name and family name may be added for the audit purpose |
|
Alternative Flow
Flow | Specifications |
---|
| ID | UC-115-AF02 | Name | Put Patient Consent - Mandatary of Patient | Description | Mandatary of the patient declares an "Informed Patient Consent" in behalf of the patient by using the WS Consent. The Certificate from the eID of the mandatary is used to access to the WS Consent | Actor(s) | Mandatary of the concerned patient | Requirements | - End-user is a mandatary of the concerned patient
- End-user acts as author of the request through his software and manages himself throughout his usual software
- Valid eID of the mandatary
- Consent WS is integrated in the software of the end-user
- Mandatary software information
- Identification of the mandatary
°SSIN number °First and last name (optional) - Information on the consent
°Identification of concerned patient: Patient SSIN, first and family name (optional) °Type of consent: retrospective °Signing date of consent | Trigger | The user wants to declare his Patient Consent | Preconditions | - The user has an account for the application
- The user is logged out
| Flow | - The user attempts to access the eHealth Consent WS
- The user needs to request a SAML Token by using his eID
- A request for a SAML Token is sent to the Secure Token Service (STS)
- The STS responds with a SAML Token
- The user has access to the eHealth WS Consent
- The user does a request for Put Patient Consent
- The Put Patient Consent Request is sent to the WS Consent
- The informed Patient Consent is stored in eHealth Database
- The request is logged
- The WS Consent responds with a Put patient consent response
| Difference in flow | Identification of the Mandatary | Post Conditions | - Request is logged
- The informed patient consent is stored in the eHealth Database
| Test Data | | End point(s) | - WS Consent
- eHealth Database
| Remarks | If support card number is provided then it must be compliant e.g. correct format, check-digit and combination | Additional Information | Additional information about mandatary e.g. first name and family name may be added for the audit purpose |
|
Exception Flow 1
Flow | Specifications |
---|
| ID | UC-115-EF01 | Name | Put Patient Consent - Parent of mandatary of concerned patient - Deceased patient | Description | A parent of mandatary of a patient wants to update an "Informed Patient Consent" by using the WS Consent. The Certificate from the eID of the end-user is used to access to the WS Consent. Concerned patient is deceased. | Actor(s) | Parent or mandatary of concerned patient | Requirements | - End-user is a parent or mandatary of the concerned patient
- End-user acts as author of the request through his software and manages himself throughout his usual software
- Valid eID of the end-user
- Consent WS is integrated in the software of the end-user
- End-user software information
- Identification of the end-user
°SSIN number °First and last name (optional) - Information on the consent
°Identification of concerned patient: Patient SSIN, first and family name (optional) °Type of consent: retrospective °Signing date of consent - Concerned patient is deceased
| Trigger | The user wants to update a Patient Consent | Precondition(s) | - The user has an account for the application
- The user is logged out
| Flow | - The user attempts to access the eHealth Consent WS
- The user needs to request a SAML Token by using his eID
- A request for a SAML Token is sent to the Secure Token Service (STS)
- The STS responds with a SAML Token
- The user has access to the eHealth WS Consent
- The user does a request for Put Patient Consent
- The Put Patient Consent Request is sent to the WS Consent
- The WS Consent responds with a Put Patient Consent Response: error message (an informed consent of a deceased patient cannot be updated
| Post Condition(s) | error message (an informed consent of a deceased patient cannot be updated | Test Data | | End point(s) | - WS Consent
- eHealth Database
|
|
Exception Flow 2
Flow | Specifications |
---|
| ID | UC-115-EF02 | Name | Put Patient Consent - Patient, parent of mandatary of concerned patient - Active consent already exists for the concerned patient | Description | Patient, parent of mandatary of a patient wants to update an "Informed Patient Consent" by using the WS Consent. The Certificate from the eID of the end-user is used to access to the WS Consent. Active consent already exists for the concerned patient | Actor(s) | Patient, parent or mandatary of concerned patient | Requirements | - End-user is a parent or mandatary of the concerned patient
- End-user acts as author of the request through his software and manages himself throughout his usual software
- Valid eID of the end-user
- Consent WS is integrated in the software of the end-user
- End-user software information
- Identification of the end-user
°SSIN number °First and last name (optional) - Information on the consent
°Identification of concerned patient: Patient SSIN, first and family name (optional) °Type of consent: retrospective °Signing date of consent - Active consent already exists for the concerned patient
| Trigger | The user wants to put a Patient Consent | Precondition(s) | - The user has an account for the application
- The user is logged out
| Flow | - The user attempts to access the eHealth Consent WS
- The user needs to request a SAML Token by using his eID
- A request for a SAML Token is sent to the Secure Token Service (STS)
- The STS responds with a SAML Token
- The user has access to the eHealth WS Consent
- The user does a request for Put Patient Consent
- The Put Patient Consent Request is sent to the WS Consent
- The WS Consent responds with a Put Patient Consent Response: error message
| Post Condition(s) | Error message | Test Data | | End point(s) | - WS Consent
- eHealth Database
|
|