Forvaltningsrutiner for samarbeidet
The administration include the management of the service after it is in production.
Routines for administration
It is important that any actor in PHR follows the administration routines. This is to ensure that incidents and processes are followed in the same manner. See Deling av pasientens journaldokumenter, section Spesielle bruksvilkår for Pasientens journaldokumenter* og forvaltningsrutiner (NB: In norwegian)
Administration of the document registry
The metadata in the document registry must be maintained to ensure the information is accessible. This can be done by a document administrator. They must be capable of searching the metadata, aswell as updating the information in the registry. This will require its own interface and accesses.
Administration of document ownership
There are multiple scenarios in which the document source has to make changes to their organization or system that affects the access to their stored documents. Some of these cases are:
A general practitioner who shares documents concludes their practice or switches EHR (Electronic Health Record) providers.
When an organization intends to replace or merge its document repository solution or transfer its responsibilities to another organization.
If an organization upgrades or changes its entire system platform, such as transitioning from an older version to a newer one, it can impact document links in terms of accessibility and compatibility.
In the event of business mergers or divestitures, there may be a need to review and update document links to reflect the new organizational structures and responsibilities.
Architectural principles
This section will cover business, informational and security-realted principles for document sources.
Business-principles
Business principle | Comment |
|---|---|
Deviations from the reference architecture and/or standards must be explicitly considered, justified and approved by other actors. |
|
Any shared document shall have its quality approved by the document source. |
|
Consumers of a document are responsible for the use of the document. | Access and handling of documents shall follow current laws related to the management of health information. |
There shall be a central overview over who has accessed a document. | The overview shall cover document accesses done by healthcare personell in other healthcare facilities. The overview shall be available to residents via helsenorge.no. |
Information principles
Information principle | Comment |
|---|---|
Documents shall only be made available using standardized formats decided upon on a national level. | Formats are tied to content standards for document sharing. |
Documents shall not be updated, rather replaced with a new version | This means the document shall not be overwritten with new content, as its ID will then refer to a document which has been changed, resulting in inconsistent data. The previous version is retired (marked as obsolete). An example is a test result, which one result replaces the previous result. |
Documents which are not relevant or wrongly made accessible, should be retired from the document registry, or marked as inaccessible. | In the event of incorrect publication or when e.g. the patient is dead and the period of access to relatives have expired, there must be functionality to be able to withdraw documents. Documents that have been withdrawn shall not be searchable. NB: Copies that have been downloaded cannot be withdrawn back. |
The documents can be stored in a regional/common (e.g. cloud-based) document storage, in local storage or is retrieved if necessary from the document source. | Principle of great flexibility when it comes to architecture for document stores. |
Document metadata shall be made available based on national metadata-profile. | National profile for IHE XDS metadata. |
Security principles
Security principle | Comment |
|---|---|
Only authenticated and authorized users (and/or businesses) with official need can be granted access to documents containing personal and health information. Only authenticated residents or persons with authorization can be given access to their own documents. |
|
The document source shall verify and perform access control on all incoming requests. | These are requests on document metadata search, aswell as document retrieval (ITI18 and ITI43). |
The transferring process of documents shall be done in a way that preserves the established guidelines for confidentiality and integrity. |
|