Publisert - 10.03.2026

Patch Document Reference

Endpoint

PATCH https://api.pjd.test.nhn.no/R4/fhir/DocumentReference/{id}

Description

This endpoint updates an existing DocumentReference.

Current implementation is intentionally limited to updating DocumentReference.securityLabel only (confidentiality / access control classification). Updates to other elements are not supported.

Supported request payloads:

Send a DocumentReference resource containing only resourceType, id and the full new securityLabel array.
Send a JSON Patch document (RFC6902) with a single replace operation on path /securityLabel.

If the request attempts to update any other field/path than securityLabel, the API returns 400 Bad Request.

Routing: the required query parameter homeCommunityId is used to route the request to the correct registry/repository instance.

Scopes

The endpoint requires the following scope. We may extend with its own scope in the future.

Scope	Description
nhn:phr/mhd/create-documents-with-reference	Use the same scope as for the ITI-65 Provide Document Bundle endpoint

Examples

Simple PATCH to update DocumentReference.SecurityLabel on a document reference

FHIR server root is https://api.pjd.test.nhn.no
Patient id is 17855599120 (USNOBBET KLOKKE)

Example 1: PATCH Body by sending a DocumentReference resource with only the new list of security labels

PATCH api.pjd.test.nhn.no/R4/fhir/DocumentReference/57a07380-1818-460f-85bb-81f8e4e45c42?homeCommunityId=2.16.578.1.12.4.5.100.3.15
Host api.pjd.test.nhn.no
Content-Type: application/fhir+json
Accept: application/fhir+json; fhirVersion=4.0
nhn-source-system: EPJ System 1.0
nhn-event-id: <unique id>
Authorization: DPoP <DPoP authorization bearer token>
DPoP: <DPoP proof token>

{
    "resourceType": "DocumentReference",
    "id": "57a07380-1818-460f-85bb-81f8e4e45c42",
    "securityLabel": [
        {
            "coding": [
                {
                    "system": "urn:oid:2.16.840.1.113883.5.25",
                    "code": "N",
                    "display": "Normal"
                }
            ]
        },
        {
            "coding": [
                {
                    "system": "urn:oid:2.16.578.1.12.4.1.1.9603",
                    "code": "NORS",
                    "display": "Sperret"
                }
            ]
        }
    ]
}

Example 2: JSON PATCH (RFC6902). For now, we only support updating the securityLabel

PATCH api.pjd.test.nhn.no/R4/fhir/DocumentReference/57a07380-1818-460f-85bb-81f8e4e45c42?homeCommunityId=2.16.578.1.12.4.5.100.3.15
Host api.pjd.test.nhn.no
Content-Type: application/json-patch+json
Accept: application/fhir+json; fhirVersion=4.0
nhn-source-system: EPJ System 1.0
nhn-event-id: <unique id>
Authorization: DPoP <DPoP authorization bearer token>
DPoP: <DPoP proof token>

[
    {
        "op": "replace",
        "path": "/securityLabel",
        "value": [
            {
                "coding": [
                    {
                        "system": "urn:oid:2.16.840.1.113883.5.25",
                        "code": "N",
                        "display": "Normal"
                    }
                ]
            },
            {
                "coding": [
                    {
                        "system": "urn:oid:2.16.578.1.12.4.1.1.9603",
                        "code": "NORS",
                        "display": "Sperret"
                    }
                ]
            }
        ]
    }
]

Header Parameters

Header parameter	Required?	Possible values
nhn-source-system	Required	Name and version of the EPJ system
nhn-event-id	Optional	Unique id from consumer
Accept	Required	application/fhir+json; fhirVersion=4.0

Query Parameters

Query parameter	Required?	Type	Description
homeCommunityId	required	string (OID)	Identifies your instance of NHN dokumentlager

Return value

If 200 OK then the endpoint returns the updated DocumentReference.

Possible responses

Status code	Body	Description
200 - OK	DocumentReference	The updated document reference (application/fhir+json)
400 - Bad Request	OperationOutcome	If the request is invalid. Returns OperationOutcome with a list of errors.
401 - Unauthorized	OperationOutcome	If the request cannot be authorized with the HelseID token
402 - Not Found	OperationOutcome	Could not find the document reference identified by id parameter.
500 - Internal Server Error	OperationOutcome	Unhandled exception in API
503 - Service Unavailable	OperationOutcome	When the API is not available, for example due to problems with dependencies or if the instance NHN dokumentlager is not available

Why this endpoint updates a DocumentReference in-place

This endpoint updates the existing DocumentReference using the same logical id because this is an administrative metadata change (currently limited to securityLabel), not a new clinical document artifact.

In FHIR, changes to a resource are represented as a new version of the same resource (same id, new meta.versionId), which preserves a full history/audit trail.
Creating a new DocumentReference (new id) and linking it with relatesTo.target is intended for document-to-document relationships such as replaces, transforms, signs, or appends (i.e., when you publish a new/derived document), not for reclassifying confidentiality.
Keeping the same id avoids breaking existing references to DocumentReference/{id} in client systems.

Søket er fullført!