Find Document References

Endpoint

POST https://api.pjd.test.nhn.no/R4/fhir/DocumentReference/_search

Scopes

The endpoint requires one of the following two scopes. It's not possible to use both scopes in the same request.

Scope Lovverk Description
nhn:phr/mhd/read-documentreferences Helsepersonelloven p. 45 No access basis header parameter. No filtering according to Kjernejournalforskriften.
nhn:phr/mhd/read-documentreferences/kjernejournalforskriften Kjernejournalforskriften Access basis header parameter is required. Filtering according to Kjernejournalforskriften.

Filtering according to Kjernejournalforskriften

If using the second scope.

Category Dokumentgruppe Varighet på visning i kjernejournal Eksempler på dokumenter
A00-1 Epikriser og sammenfatninger Ubegrenset Epikriser etter innleggelse, poliklinikk m.m.
C00-1 Prøvesvar, vev og vesker 1 år Medisinks biokjemi, patologi m.m.
D00-1 Organfunksjon 5 år Ultralyd av hjerte, spirometri m.m.
E00-1 Bildediagnostikk 5 år Radiologi, ultralyd m.m.
I00-1 Korrespondanse 1 år Henvisninger

Example

Simple POST to retreive all document references for LINE DANSER

Example POST Body

POST api.pjd.test.nhn.no/fhir/DocumentReference/_search	  
Host api.pjd.test.nhn.no
Content-Type: application/x-www-form-urlencoded
Accept: application/fhir+json; fhirVersion=4.0
nhn-source-system: EPJ System 1.0
nhn-event-id: <unique id>
Authorization: DPoP <DPoP authorization bearer token>
DPoP: <DPoP proof token>

patient.identifier=13116900216&status=current

Header Parameters

Header parameter Required? Possible values
nhn-access-basis Only for Kjernejournalforskriften UNNTAK, SAMTYKKE, FORHOYET_SAMTYKKE, AKUTT, FORHOYET_AKUTT
nhn-source-system Required Name and version of the EPJ system
nhn-event-id Optional Unique id from consumer
Accept Required application/fhir+json; fhirVersion=4.0

Query Parameters

See ITI-67 for full details

Query parameter Required? Type Description
patient.identifier required token Patient identifier (NIN)
status required token The status (availabilityStatus) of the DocumentReference Resource
author.given string Given name of the author person
author.family string Family name of the author person
category token General classification (classCode) of the DocumentReference Resource
creation DateTime Specifies a search against the DocumentReference.content.attachment.creation
date The time when the DocumentReference was created
event token Specifies the main clinical acts (eventCodeList) documented by the DocumentReference Resource
facility token The kind of facility found in DocumentReference.context.facilityType (healthcareFacilityTypeCode)
format token The format (formatCode ) of the DocumentReference Resource
identifier token An identifier for this DocumentReference and/or the contained document. The search results represent the results of a search on DocumentReference.masterIdentifier and DocumentReference.identifier
period date Represents the time of service that is being documented by the DocumentReference. This query parameter represents from/to parameters for the serviceStartTime and serviceStopTime of the Document Entry
related reference Represents other identifiers (referenceIdList) associated with the DocumentReference Resource
security-label token The security labels (confidentialityCode) of the document referenced by DocumentReference Resource
setting token The specific practice setting (practiceSettingCode) of the DocumentReference Resource
type token The specific type of the DocumentReference resource or in Document Sharing nomenclature, the typeCode of the Document Entry

Return value

If 200 OK then the endpoint returns a FHIR bundle according to ITI-67. See below for further response details.

Return header parameters

Response header parameter
NHN-SecurityLabel-Nors-Count The total count of documents with security label 'NORS'

Response validation

The structure of the response has been validated with Matchbox.health validation service and should be compliant with FHIR R4 and ITI-67.

Personverninnstillinger (PVK stream)

The endpoint has access control according to Personverninnstillinger for patient in Helsenorge.

Possible responses

Status code Body Description
200 - OK Bundle Document references and possibly an OperationOutcome resource with errors reported from various locations
400 - Bad Request If the request parameters are not valid
401 - Unauthorized OperationOutcome If the patient has confidential address
401 - Unauthorized OperationOutcome If the HPR number is not allowed to access health records for this patient
401 - Unauthorized OperationOutcome If the API cannot change the access token into a SAML assertion token
400 - Bad Request OperationOutcome If sending elevated access (in 'nhn-access-basis') when the patient has not set restrictions
402 - Not Found OperationOutcome Could not retreive document references. For example if API cannot contact XCA gateway.
413 - Payload Too Large OperationOutcome If the payload of the request is too large (max 1 MB)
406 - Not Acceptable Missing ContentType 'application/fhir+json'
500 - Internal Server Error OperationOutcome Unhandled exception in API
503 - Service Unavailable OperationOutcome When the API is not available, for example due to problems with dependencies
503 - Service Unavailable OperationOutcome When the XCA gateway is not available

OperationOutcome resource in bundle when the response is 200 OK

When the API responds with status code 200 OK and a bundle with document references then the bundle may also contain a resource with "resourceType": "OperationOutcome".

The OperationOutcome resource may contain a list of issues which is a the list of registry errors received from various registry locations.

Example OperationOutcome resource type

 {
      "fullUrl": "urn:uuid:cfe86f3f-c21f-42c3-9d8b-878cd4217298",
      "resource": {
        "resourceType": "OperationOutcome",
        "meta": {
          "profile": [
            "http://hl7.org/fhir/StructureDefinition/OperationOutcome"
          ]
        },
        "issue": [
          {
            "severity": "error",
            "code": "exception",
            "details": {
              "coding": [
                {
                  "system": "urn:ihe:iti:xds",
                  "code": "XDSRegistryError",
                  "display": "XDSRegistryError"
                }
              ],
              "text": "Access denied"
            },
            "diagnostics": "{\"location\":\"urn:oid:2.16.578.1.12.4.1.7.1.11\",\"locationName\":\"Diakonhjemmet Sykehus\",\"errorCode\":\"XDSRegistryError\"}"
          },
          {
            "severity": "error",
            "code": "not-found",
            "details": {
              "coding": [
                {
                  "system": "urn:ihe:iti:xds",
                  "code": "XDSUnavailableCommunity",
                  "display": "XDSUnavailableCommunity"
                }
              ],
              "text": "Cannot retrieve from  target domain 2.16.578.1.12.4.1.2.5604"
            },
            "diagnostics": "{\"location\":\"urn:oid:2.16.578.1.12.4.1.2.5604\",\"locationName\":\"Helse S\\u00F8r-\\u00D8st regionalt helseforetak\",\"errorCode\":\"XDSUnavailableCommunity\"}"
          }
        ]
      }
    }

Issues

Property Value Description
resource.resourceType OperationOutcome
resource.issue[] Array List of issues reported by various registry locations
resource.issue.severity "error"
resource.issue.code Depends on the code received from the registry location See mapping below
resource.issue.details.coding.system "urn:ihe:iti:xds"
resource.issue.details.coding.code ebXML Registry Error Code
resource.issue.details.coding.display ebXML Registry Error Code
resource.issue.details.text Description of the error
resource.issue.diagnostics JSON string containing a diagnostics object See below

Diagnostics object

The diagnosstics object can be used to find the name of the location. Our API automatically maps OID to name and fills in the locationName.

We may expand the diagnostics object in later versions of the API

Property Value
location OID of location
locationName Name of location
errorCode ebXML Registry Error Code

Example diagnostics object (deserialized from resource.issue.diagnostics)

{
  "location": "urn:oid:2.16.578.1.12.4.1.2.5604",
  "locationName": "Helse S\\u00F8r-\\u00D8st regionalt helseforetak",
  "errorCode": "XDSUnavailableCommunity"
}

Mapping from ebXML Registry Error Code to 'resource.issue.code' in issue object

Error Code Mapped to
XDSUnknownPatientId ⇒ OperationOutcome.IssueType.Invalid
XDSUnknownDocument ⇒ OperationOutcome.IssueType.NotFound
XDSUnknownRepositoryId ⇒ OperationOutcome.IssueType.NotFound
XDSRegistryError ⇒ OperationOutcome.IssueType.Exception
XDSRepositoryError ⇒ OperationOutcome.IssueType.Exception
XDSDocumentUniqueIdError ⇒ OperationOutcome.IssueType.Invalid
XDSMissingDocumentMetadata ⇒ OperationOutcome.IssueType.Required
XDSMissingDocument ⇒ OperationOutcome.IssueType.Required
XDSInvalidRequest ⇒ OperationOutcome.IssueType.Invalid
XDSDuplicateUniqueIdInRegistry ⇒ OperationOutcome.IssueType.Duplicate
XDSUnknownCommunity ⇒ OperationOutcome.IssueType.NotFound
XDSUnavailableCommunity ⇒ OperationOutcome.IssueType.NotFound
XDSNonIdenticalHash ⇒ OperationOutcome.IssueType.Security
XDSNonIdenticalSize ⇒ OperationOutcome.IssueType.Security
XDSMissingHomeCommunityId ⇒ OperationOutcome.IssueType.Required
XDSUnsupportedCommunity ⇒ OperationOutcome.IssueType.NotSupported
XDSUnsupportedQueryParameters ⇒ OperationOutcome.IssueType.NotSupported
XDSStoredQueryParamNumber ⇒ OperationOutcome.IssueType.Invalid
Unknown OperationOutcome.IssueType.Unknown

Best practice for handling issues in bundled OperationOutcome:

  • If there are issues with severity 'error' in the 'issues' array, then there has been errors reported from one or more registry locations
  • Loop through the list of issues and deserialize the resource.issues.diagnostics property.
  • Display a list of unavailable locations to the user, using the locationName property.

Option 2 - display a general error

  • If there are any items with severity 'error' in the 'issues' array then you may simply display a general error notifying the user that some sources/locations are unavailable.