Sign-On projektet. HL7-CCOW Context Management: A National Sign-on Profile

Transcription

1 Sign-On projektet HL7-CCOW Context Management: A National Sign-on Profile Version Dato Ansvarlig Kommentarer / CHE Minimal profilering, 1 side med nødvendige SSO specifikationer til HL7-CCOW / CHE Udvidelse af profilering til EUA / CHE Udvidelse af profilering med patient subject / CHE JRI kvalitetssikring

2 Abstract The international standard HL7-CCOW [HL7-CCOW] is a specification of how context is shared between clinical applications. This document describes the Danish, national profile of the HL7-CCOW context management standard, version 1.5. The national sign-on profile describes a number of specifications within the HL7- CCOW standard. These specifications define the national data items used in order to uniquely identify clinical users and patients. Side 2 af 12

3 Table of Contents 1 Introduction Conventions Used in This Document Specifications Definitions, Requirements, and Constants HL7-CCOW compliancy Digital certificates User Subject Patient Subject Profiling limitations Appendix A: HL7-CCOW User Subject Specification Appendix B: HL7-CCOW Patient Subject Specification References Side 3 af 12

4 Introduction The HL7-CCOW standard for context management involves use of subjects as data holders for different clinical and systemic aspects of a context. The standard defines data items for each subject, describing the most important aspects of each subject. Subjects can be extended with data items as seen necessary, both by vendors of clinical systems, and by national and international parties. In the Danish healthcare system, a number of attributes are defined on a national level, such as medical autorization code and a nationally unique personal identification number (CRS-number, or CPR-nummer ) [AUTH][CPR]. The purpose of this profile is to define the relevant data items necessary in a Danish context, allowing all vendors and other actors in the domain to communicate the attributes using the same terms and definitions Conventions Used in This Document The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119] Specifications This section describes SSO within [HL7-CCOW] in the Danish Healthcare domain and for supporting the national requirements for unique identification of users and patients. Briefly, this document defines the following specifications and clarifications within [HL7-CCOW]: 1. The implementations SHOULD NOT make use of the Certificate Annotation Subject defined in HL7-CCOW, but SHOULD instead utilize standard Operating System mechanisms for digital certificates. 2. IT-systems participating in a HL7-CCOW context session MUST ensure that data items are not already specified in this profile or the HL7-CCOW standard before defining custom data items a. The User Subject is customized with a number of data items, defining a common glossary for attributes used nationally, e.g. medical authorization code and person identification number. b. The Patient Subject is customized with a specification of a national person identification number and two types of provisional person identification numbers. Section 3.1 of this document describes the clarifications in greater detail. Side 4 af 12

5 Definitions, Requirements, and Constants HL7-CCOW compliancy All HL7-CCOW implementations in the Danish Healthcare sector MUST: be HL7-CCOW compliant as defined in [HL7-CCOW] Be compliant with the clarifications to the HL7-CCOW standard as specified in this memo Digital certificates The HL7-CCOW standard specifies a Certificate Annotation Subject, where a password protected certificate file can be stored. The purpose of this subject is to allow clinical systems to give the user access the certificate in a standardised way. The use of the Certificate Annotation Subject is permitted, but implementations SHOULD NOT use the Certificate Annotation Subject for two reasons. First, a number of actors in the healthcare sector are currently using mobility solutions for digital signatures, and in the implemented solutions the digital certificate of the active user is available for use either through standard methods or an exposed API. Second, the viability of physical tokens is currently being explored in a number of projects, and it is very likely that a solution where hardware based certificates are part of the solution will be implemented in one or more healthcare domains. The Certificate Annotation Subject is strictly software oriented, and hardware based certificates, e.g. smart cards or other physical tokens, cannot be used in conjunction with this subject User Subject The custom data items are named following the naming convention specified by HL7- CCOW. Please refer to Appendix A: HL7-CCOW User Subject Specification for the HL7-CCOW specification of the User Subject. Clinical systems participating in a HL7-CCOW context session MUST use the following data items instead of specifying custom data items with the same semantic meaning: User Subject Identifier Item Name User.Id.[sdsd.dk]Cpr Number User s national identification number (No meaning for HL7); Central Person Register number Type Semantic Constraints on Values ST None No Case Sensitive Side 5 af 12

6 User Subject Corroborating Item Name User.Co. [sdsd.dk]idcardid User.Co.[sdsd.dk]Se ssionid Key to the ID-card used to acquire access to the national services Hashed value uniquely identifying the security session established by the user (e.g. hashed value of the Kerberos TGT) Type Semantic Constraints on Values ST None Yes ST None Yes Case Sensitive Patient Subject The Patient Subject is defined with a set of identity data items and a number of corroborative data items. Please refer to Appendix B: HL7-CCOW Patient Subject Specification for a complete reference to the Patient Subject. In a Danish context all patients are uniquely identified with nationally unique personal identification number (CRS-number, or CPR-nummer ) [CPR]. In the case where it is not possible to obtain this identifier 1 a provisional identification number is assigned to the patient. This clarification of the patient subject defines how these numbers MUST be set in the Patient Subject. The HL7-CCOW standard has slated all of the Patient Subject identity data items but the Patient.Id.IdList for deprecation, and the standard encourages vendors to use the IdList data item instead of the other patient identifier data items. In order to ensure future compatibility with HL7-CCOW this profile not only encourages but requires the use of IdList, and applications setting the patient context therefore MUST use the standard repeating data item Patient.Id.IdList. Patient Subject Identifier Item Name Patient.Id.IdList A list of patient identifiers for a patient. Type CX Semantic Constraints on Values Each entry in this list (MAY be one entry only) MUST follow the specification of CX item values as defined below. Case Sensitive The data type CX is a composite value consisting of a number of elements, including an optional check digit, and is specified in the HL7-CCOW standard [HL7-CCOW section 11.2]. The data type is illustrated in the table below as adapted by IHE from HL7-CCOW: No 1 E.g. if the patient is unconscious and carries no identification papers Side 6 af 12

7 92 Table 1 Components of the HL7 Type CX (source: [IHE-App, Appendix E]) Please refer to [IHE-App], Appendix E, for a complete description of the data type and examples of use. Only the ID (component 1) and the Assigning Authority (component 4) are mandatory. The optional components are not specified in this profile, and applications SHOULD omit them, but are not required to do so. This profile specifies how the Assigning Authority-component of entries in the Patient.Id.IdList MUST be assigned, when an application sets the CPR-number for the patient. Assigning Authority MUST be unique within a given HL7 implementation, and therefore this profile specifies the relevant authorities in the user-defined HL7- table There are three possible assigning authorities for the unique patient identifier number in a Danish context (the real CPR-number, a local provisional CPR-number, and a national provisional CPR-number), and they are listed in the table below. Applications setting the Patient.Id.IdList data item MUST specify the Assigning Authority exactly as defined in the table below: Table 2 extension of the HL7 user-defined table 0363: Assigning Authority. Literal Description Usage scenario Value CPR The Central Office of Civil Specify this Assigning Authority Registration (the CPR-office). The when the CPR-number is the CPR-office is the national authority real identifier of the patient. for CPR-numbers. LCPR Local authority for provisional CPRnumbers. The local authority is typically the first clinical system an anonymous patient is submitted into, or a common IT-system that generates locally unique provisional CPR-numbers. NCPR National authority for provisional CPR-numbers. The national authority for provisional CPRnumbers is used when a patient with a local provisional CPR-number is transferred to another domain (either the patient or information about the patient) Specify this Assigning Authority when the CPR-number is provisional and created locally. Specify this Assigning Authority when the CPR-number is provisional and created nationally. Side 7 af 12

8 Profiling limitations The profile specifies only the context needed to handle the tasks regarding single sign-on. In HL7-CCOW the User Subject is the primary data container for the user, and the profile specifies data items for this subject in order to provide enough data items to cater the needs in a single sign-on context both locally and on a national level. Side 8 af 12

9 Appendix A: HL7-CCOW User Subject Specification The User Subject contains two data items as specified in the standard [HL7-CCOW]. For reference purposes the User Subject specification is included below: User Subject Identifier Item Name User.Id.Logon.Suffix User Subject Corroborating Item Name User.Co.Name User s logon name (No meaning for HL7) User s name (No meaning for HL7) Type 2 Semantic Constraints on Values Case Sensitive ST None Value is case sensitive. For example, ksmith and Ksmith are two different logon id values. Type Semantic Constraints on Values XPN None No Case Sensitive 2 HL7-CCOW specifies a number of types, including ST = String and XPN = Extended Person Name Side 9 af 12

10 Appendix B: HL7-CCOW Patient Subject Specification The Patient Subject contains four data items as specified in the standard [HL7- CCOW]. For reference purposes the Patient Subject specification is included below: Patient Subject Identifier Item Name Patient.Id.MRN. Suffix Patient.Id.MPI Patient.Id.NationalId Number Patient.Id.IdList Patient s medical record number, per PID-2 Patient s identifier in the Master Patient Index, per PID-2 Patient s national identifier number, per PID-2 A list of patient identifiers for a patient, per PID-3 Type Semantic Constraints on Values ST HL7 Table 0203 Identifier Type = MR ST HL7 Table 0203 Identifier Type = PT or PI (as agreed upon by context sharing systems) and Assigning Authority represents the MPI system CX HL7 Table 0203 Identifier Type = PT and Assigning Authority represents agreed upon National Authority CX May be a repeating set of CX item values (per Section 1.7), each of which contains one identifier that denotes the same patient (Driver s license and social security number may be among these identifiers) Case Sensitive According to the HL7-CCOW standard, an application participating in a context session shall set a value for at least one of the items defined above, whenever it sets the patient context. This is to ensure enough data for a correct mapping between all identifier data items for all participating systems. It should be noted, that Patient.Id.IdList is the primary data item for identifying the patient; according to the HL7-CCOW standard the three other data items (MRN.Suffix, MPI, and NationalIdNumber) are all slated for deprecation in the future. No No No No Side 10 af 12

11 The following data items MAY optionally be set by an application setting the patient context: Patient Subject Corroborating Item Name Patient.Co. PatientName Patient.Co. AliasName Patient.Co. DateTimeOfBirth Patient.Co.Sex Patient.Co.DLN Patient.Co.SSN Patient s legal name, per PID-5 Alias name for the patient, per PID-9 Patient s Date and time of birth, per PID- 7 Patient s gender, per PID-8 Patient s driver s license number, per PID-20 Patient s Social Security Number, per PID-19 Type Semantic Constraints on Values XPN Table 0200 No XPN Table 0200 No TS None No IS Table 0001 No DLN None No ST None No Case Sensitive Side 11 af 12

12 References HL7- CCOW SST RFC CPR AUTH ter.aspx (Language: Danish) IHE-App Side 12 af 12