PatientPrivacyAccessRestrictions API documentation

The AccessRestrictions concerning Patient Privacy API-area covers APIs to manpulate data that is related to privacy of the patient.

Fields

Field: privacyType

  • Shield (Skjerming) - healthcare personnel act on behalf of the patient and set access restriction if there is reason to believe the patient wants this
  • Block (Sperring) - the patient wants/sets access restriction (Helse Norge) by himself/herself or receives help to do this from healthcare personnel

For privacyType Block the access restriction will be synchronized with Helse Norge and the setting must comply with the possible access restrictions supported by Helse Norge.

Field: privacyLevel

  • Soft - Can be circumvented by healthcare personnel in emergency situation (e.g. "blue light" situation)
  • Hard - Cannot be circumvented by healthcare personnel even in emergency situation

Field: restrictionDomain

  • PPS - Pasientens prøvesvar (alias: Nilar)

Examples - Patient Privacy Access Restrictions

Examples on how to use this API

List Patient Privacy Access Restrictions

API for search and retrieving a list of patient privacy access restrictions.

Endpoint: HTTP POST /access-restrictions/patient-privacy/_search

These endpoints list all connected patient privacy access restrictions for a specified offid. OffId is a required parameter.

{
  "offId": "12345678901"
}

Manipulate patient privacy access restriction-data

Examples on how to call the different endpoints to manipulate patient privacy access restrictions.

Add patient privacy access restriction of type Shield by domain

Endpoint: HTTP POST /access-restrictions/patient-privacy

Add patient privacy access restriction of privacyType Shield.

  • Restrict all objects of domain PPS
  • Restrict only specific healthcare professionals
  • Restrict only within specific time-ranges
{
  "privacyType": "Shield",
  "privacyLevel": "Hard",
  "restrictionDomain": "PPS",
  "objectScope": {
    "type": "All"
  },
  "subjectScope": {
    "type": "Specified",
    "identifiers": [
      {
        "type": "OfficialIdentifier",
        "value": "1234567890"
      },
      {
        "type": "HealthcareProfessionalRegistryNumber",
        "value": "1234567"
      }
    ]
  },
  "timeScope": {
    "type": "Specified",
    "timeRanges": [
      {
        "fromTime": "2024-08-10T12:41:24.910016Z",
        "toTime": "2024-08-14T12:41:24.910017Z"
      },
      {
        "fromTime": "2024-08-07T12:41:24.910017Z",
        "toTime": "2024-08-17T12:41:24.910017Z"
      }
    ]
  },
  "dataOwner": {
    "offId": "12345678901"
  }
}

Add patient privacy access restriction of type Shield by domain except specific objects

Endpoint: HTTP POST /access-restrictions/patient-privacy

Add patient privacy access restriction of privacyType Shield.

  • Restrict all objects of domain PPS except for specifed objects (TestResult/Requisition)
  • Restrict all healthcare professionals except for specific persons
  • Restrict for all time (indefinitely)
{
  "privacyType": "Shield",
  "privacyLevel": "Soft",
  "restrictionDomain": "PPS",
  "objectScope": {
    "type": "ExceptSpecified",
    "objects": [
      {
        "type": "TestResult",
        "value": "1246ee2b-166a-444d-9a44-a28320b2921b"
      },
      {
        "type": "Requisition",
        "value": "ad7261e8-ebba-4f32-b082-9cf79e0daa3f"
      }
    ]
  },
  "subjectScope": {
    "type": "ExceptSpecified",
    "identifiers": [
      {
        "type": "OfficialIdentifier",
        "value": "1234567890"
      },
      {
        "type": "HealthcareProfessionalRegistryNumber",
        "value": "1234567"
      }
    ]
  },
  "timeScope": {
    "type": "All"
  },
  "dataOwner": {
    "offId": "12345678901"
  }
}

Add patient privacy access restriction of type Block (level Hard) by domain

Endpoint: HTTP POST /access-restrictions/patient-privacy

Add patient privacy access restriction of privacyType Block (level Hard).

  • Restrict all objects of domain PPS
  • Restrict only specific healthcare professionals
  • Restrict only within specific time-ranges
{
  "privacyType": "Block",
  "privacyLevel": "Hard",
  "restrictionDomain": "PPS",
  "objectScope": {
    "type": "All"
  },
  "subjectScope": {
    "type": "Specified",
    "identifiers": [
      {
        "type": "HealthcareProfessionalRegistryNumber",
        "value": "431001906"
      },
      {
        "type": "HealthcareProfessionalRegistryNumber",
        "value": "431001907"
      }
    ]
  },
  "timeScope": {
    "type": "Specified",
    "timeRanges": [
      {
        "fromTime": "2024-08-10T12:41:24.910376Z",
        "toTime": "2024-08-14T12:41:24.910376Z"
      },
      {
        "fromTime": "2024-08-07T12:41:24.910376Z",
        "toTime": "2024-08-17T12:41:24.910376Z"
      }
    ]
  },
  "dataOwner": {
    "offId": "27047706365"
  }
}

Add patient privacy access restriction of type Block (level Soft) by domain

Endpoint: HTTP POST /access-restrictions/patient-privacy

Add patient privacy access restriction of privacyType Block (level Soft).

  • Restrict all objects of domain PPS
  • Restrict all healthcare professionals
  • Restrict only within specific time-ranges
{
  "privacyType": "Block",
  "privacyLevel": "Soft",
  "restrictionDomain": "PPS",
  "objectScope": {
    "type": "All"
  },
  "subjectScope": {
    "type": "All"
  },
  "timeScope": {
    "type": "Specified",
    "timeRanges": [
      {
        "fromTime": "2024-08-10T12:41:24.910617Z",
        "toTime": "2024-08-14T12:41:24.910618Z"
      },
      {
        "fromTime": "2024-08-07T12:41:24.910618Z",
        "toTime": "2024-08-17T12:41:24.910618Z"
      }
    ]
  },
  "dataOwner": {
    "offId": "27047706365"
  }
}

Get patient privacy access restriction

Endpoint: HTTP GET /access-restrictions/patient-privacy/

Get patient privacy access restriction based on the unique identified of the access restriction (patientPrivacyRestrictionId).

Update patient privacy access restriction

Endpoint: HTTP PUT /access-restrictions/patient-privacy/

Update patient privacy access restriction based on the unique identified of the access restriction (patientPrivacyRestrictionId). There will not be allowed to change dataOwner (the patient) or the privacyType (Shield/Block).

Delete patient privacy access restriction

Endpoint: HTTP DELETE /access-restrictions/patient-privacy/

Delete patient privacy access restriction based on the unique identified of the access restriction (patientPrivacyRestrictionId).