Organizations in HelseID and SFM, and the relation to an Aktør in RF

Organizations in HelseID and SFM, and the relation to Aktør in RF

In order for the solutions to work together, the organization represented in the token from HelseID must match the created organizations in SFM and the correct Aktør in RF.

Aktør in RF

To use SFM against Reseptformidleren, an "Aktør" must be created in RF (Tilkobling til e-resept produksjonsmiljø). An "Aktør" in RF is identified with a HER-id (from Adresseregisteret) and is linked to an organization number. RF uses the HER-id to identify the receipt of asynchronous messages so that they end up in the correct Journal.

The organization represented in the token from HelseID

The user logs into the EPJ in context of an Organization that the user wants to represent. The EPJ requests a token from HelseID for this Organization and information about the Organization will be included in the token from HelseID (either in form of OrgnrParent, or OrgnrParent + OrgnrChild). The Organization for which the token is requested, MUST be represented with an Orgnr in Brønnøysundregisteret.

Organizations in SFM

In addition, the Orgnr from the token MUST match an organization that is written to SFM (in the correct Journal identified with SFM-id/Journal-id, see Instances and organizations in production).

SFM will then attempt to find the current HER-id for this Organization to identify the correct Aktør in RF.

The figure above shows two common setups of organizations in SFM:

A single organization or sub-organization with HER-id and Orgnr
- Here, the EPJ will register an organization (sfm-Organization) in SFM with the identifier for the Orgnr used in the HelseID token, and with the HER-id that identifies the Aktør in RF. An organization in SFM can only be registered with one HER-id.
Two sub-organizations that provide the same "tjeneste" can share a HER-id and thus also share an Aktør in RF.
This can be done in two ways:
- Create organizations (sfm-Organization) in SFM for the two subunits with the same HER-id.
- Set up an organization tree, where the EPJ “links” sfm-Organization elements by using “partOf”.
  The entry point will always be the Orgnr from the token (OrgnrChild is selected if it exists, otherwise SFM tries OrgnrParent). If SFM does not find a HER-id at this level, SFM will follow “partOf” until an element with a HER-id is found.

Sender information such as address and telephone number will (independently of HER-id) be retrieved at the lowest possible level. In this way, several sub-organizations (e.g. helsestasjoner) can share a HER-id and represent the same Aktør in RF, but have different sender information on the prescription.

The same HERid can therefore be used for several organizations within a Journal (instance of SFM), but the same HER-id cannot be used across Journals because RF also uses this to identify the receipt of asynchronous messages so that these end up in the correct Journal.

HelseID-klients for multi and single tenancy

When using Single tenant HelseID towards SFM, the HelseID client represent a Journal (SFM-id). At least one HelseID client therefore has to be created for each Journal. More that one HelseID client can point to the same Journal.

When using multi tenant HelseID towards SFM, it is the provided Journal-id from the token that points to a Journal. When the EPJ requests a token from HelseID for a sub-organization, both Parent and Child must be included in the request.

Note that when using multi tenant, HelseID verifies that the top level (Parent) has delegated rights to act on behalf of the organization in HelseID, to the organization that owns the HelseID client. Delegation must therefore always be done at the top level (top level org from Enhetsregisteret)!

For more about multi and single tenancy, see HelseID for SFM.