Authentication and authorization
This is how the PMP-APPC format (policy document) is used in the eMedication aggregator.
Rules
Patient
A patient has a full read-write access to its record. This behavior cannot be modified.
Healthcare professional
Healthcare professionals can be granted or denied a read-write access to all eMedication documents, through their GLN or their HPD groups.
Assistant
Assistant cannot be directly targeted by an access rule. Access rules are evaluated against the assistant’s responsible person’s GLN or HPD groups. This behavior cannot be modified.
Technical user
Under discussions
The technical users access rules are still under discussion and may evolve.
Technical users can publish documents, and may search and retrieve medication card documents if and only if the following two conditions are true:
- the TCU belongs to an organization that is whitelisted by the eMedication service.
- the patient has granted access to an organization that is part of the whitelisted organization.
This behavior cannot be modified.
Document administrator
Document administrators have a read-write access to all eMedication documents of all patient records. They can’t read or write policy documents. This behavior cannot be modified.
Policy administrator
Policy administrators have a read-write access to all policy documents of all patient records. They can’t read or write eMedication documents. This behavior cannot be modified.
Emergency access
Emergency access (“break-the-glass”) is only possible for healthcare professionals and assistants. It is globally allowed or forbidden by a specific rule in the policy document.
Representative
Not implemented
This is not supported yet because CARA’s platform does not expose its representative directory.
Representatives can be granted a read-write access to all documents, through their representative identifier (which is community-specific).
ATNA
The service generates ATNA messages as required by IHE and Annex 5.1. They will be sent to CARA’s EPR Audit Record Repository if it is possible. Clients are expected to also generate logs and send them to the same ARR.
As of yet, it’s unsure if die Post’s platform can accept these audit messages. If not, another ARR will have to be deployed by CARA.