PatientPrivacyAccessRestrictions API documentation
The AccessRestrictions concerning Patient Privacy API-area covers APIs to manpulate data that is related to privacy of the patient.
Fields
Field: privacyType
- Shield (Skjerming) - healthcare personnel act on behalf of the patient and set access restriction if there is reason to believe the patient wants this
- Block (Sperring) - the patient wants/sets access restriction (Helse Norge) by himself/herself or receives help to do this from healthcare personnel
For privacyType Block the access restriction will be synchronized with Helse Norge and the setting must comply with the possible access restrictions supported by Helse Norge.
Field: privacyLevel
- Soft - Can be circumvented by healthcare personnel in emergency situation (e.g. "blue light" situation)
- Hard - Cannot be circumvented by healthcare personnel even in emergency situation
Field: restrictionDomain
- PPS - Pasientens prøvesvar (alias: Nilar)
Examples - Patient Privacy Access Restrictions
Examples on how to use this API
List Patient Privacy Access Restrictions
API for search and retrieving a list of patient privacy access restrictions.
Endpoint: HTTP POST /access-restrictions/patient-privacy/_search
These endpoints list all connected patient privacy access restrictions for a specified offid. OffId is a required parameter.
{
"offId": "12345678901"
}
Manipulate patient privacy access restriction-data
Examples on how to call the different endpoints to manipulate patient privacy access restrictions.
Add patient privacy access restriction of type Shield by domain
Endpoint: HTTP POST /access-restrictions/patient-privacy
Add patient privacy access restriction of privacyType Shield.
- Restrict all objects of domain PPS
- Restrict only specific healthcare professionals
- Restrict only within specific time-ranges
{
"privacyType": "Shield",
"privacyLevel": "Hard",
"restrictionDomain": "PPS",
"objectScope": {
"type": "All"
},
"subjectScope": {
"type": "Specified",
"identifiers": [
{
"type": "OfficialIdentifier",
"value": "1234567890"
},
{
"type": "HealthcareProfessionalRegistryNumber",
"value": "1234567"
}
]
},
"timeScope": {
"type": "Specified",
"timeRanges": [
{
"fromTime": "2024-08-10T12:41:24.910016Z",
"toTime": "2024-08-14T12:41:24.910017Z"
},
{
"fromTime": "2024-08-07T12:41:24.910017Z",
"toTime": "2024-08-17T12:41:24.910017Z"
}
]
},
"dataOwner": {
"offId": "12345678901"
}
}
Add patient privacy access restriction of type Shield by domain except specific objects
Endpoint: HTTP POST /access-restrictions/patient-privacy
Add patient privacy access restriction of privacyType Shield.
- Restrict all objects of domain PPS except for specifed objects (TestResult/Requisition)
- Restrict all healthcare professionals except for specific persons
- Restrict for all time (indefinitely)
{
"privacyType": "Shield",
"privacyLevel": "Soft",
"restrictionDomain": "PPS",
"objectScope": {
"type": "ExceptSpecified",
"objects": [
{
"type": "TestResult",
"value": "1246ee2b-166a-444d-9a44-a28320b2921b"
},
{
"type": "Requisition",
"value": "ad7261e8-ebba-4f32-b082-9cf79e0daa3f"
}
]
},
"subjectScope": {
"type": "ExceptSpecified",
"identifiers": [
{
"type": "OfficialIdentifier",
"value": "1234567890"
},
{
"type": "HealthcareProfessionalRegistryNumber",
"value": "1234567"
}
]
},
"timeScope": {
"type": "All"
},
"dataOwner": {
"offId": "12345678901"
}
}
Add patient privacy access restriction of type Block (level Hard) by domain
Endpoint: HTTP POST /access-restrictions/patient-privacy
Add patient privacy access restriction of privacyType Block (level Hard).
- Restrict all objects of domain PPS
- Restrict only specific healthcare professionals
- Restrict only within specific time-ranges
{
"privacyType": "Block",
"privacyLevel": "Hard",
"restrictionDomain": "PPS",
"objectScope": {
"type": "All"
},
"subjectScope": {
"type": "Specified",
"identifiers": [
{
"type": "HealthcareProfessionalRegistryNumber",
"value": "431001906"
},
{
"type": "HealthcareProfessionalRegistryNumber",
"value": "431001907"
}
]
},
"timeScope": {
"type": "Specified",
"timeRanges": [
{
"fromTime": "2024-08-10T12:41:24.910376Z",
"toTime": "2024-08-14T12:41:24.910376Z"
},
{
"fromTime": "2024-08-07T12:41:24.910376Z",
"toTime": "2024-08-17T12:41:24.910376Z"
}
]
},
"dataOwner": {
"offId": "27047706365"
}
}
Add patient privacy access restriction of type Block (level Soft) by domain
Endpoint: HTTP POST /access-restrictions/patient-privacy
Add patient privacy access restriction of privacyType Block (level Soft).
- Restrict all objects of domain PPS
- Restrict all healthcare professionals
- Restrict only within specific time-ranges
{
"privacyType": "Block",
"privacyLevel": "Soft",
"restrictionDomain": "PPS",
"objectScope": {
"type": "All"
},
"subjectScope": {
"type": "All"
},
"timeScope": {
"type": "Specified",
"timeRanges": [
{
"fromTime": "2024-08-10T12:41:24.910617Z",
"toTime": "2024-08-14T12:41:24.910618Z"
},
{
"fromTime": "2024-08-07T12:41:24.910618Z",
"toTime": "2024-08-17T12:41:24.910618Z"
}
]
},
"dataOwner": {
"offId": "27047706365"
}
}
Get patient privacy access restriction
Endpoint: HTTP GET /access-restrictions/patient-privacy/
Get patient privacy access restriction based on the unique identified of the access restriction (patientPrivacyRestrictionId).
Update patient privacy access restriction
Endpoint: HTTP PUT /access-restrictions/patient-privacy/
Update patient privacy access restriction based on the unique identified of the access restriction (patientPrivacyRestrictionId). There will not be allowed to change dataOwner (the patient) or the privacyType (Shield/Block).
Delete patient privacy access restriction
Endpoint: HTTP DELETE /access-restrictions/patient-privacy/
Delete patient privacy access restriction based on the unique identified of the access restriction (patientPrivacyRestrictionId).