eHealthSuisse ATC Audit Record Repository MockUp

eHealthSuisse ATC (Audit Trail Consumption) MockUp simulates a CH:ATC Patient Audit Record Repository.

This profile defines the audit trail consumption requirements a community has to provide for a patient?s audit trail. The profile CH:ATC defines and precises the actors and transaction [ITI-81] of the IHE IT Infrastructure Technical Framework Supplement Add RESTful Query to ATNA 1 and defines the content of the Audit Messages. The different types of the Audit Messages are based on the requirements for Document and Policy Access management in order to achieve the Swiss regulation needs on the audit trail access by patients

Patient Audit Consumer queries a Patient Audit Record Repository for Audit Events defined by this profile.

The Patient Audit Consumer used patientId and dates/Times before/after as parameters to asked the Audit Record Repository; in all, there are only three mandatory parameters. There also optional parameters : entity-id, entity-type, entity-role, source, type, user, subtype, outcome and address. Each request sent must have a security token in the header, this part is used to check access rights. In this token, two elements will be checked :

Is the assertion valid in time ? (Time not Before in the past and Time not After in the future)
Does the mock know the patient ID passed as a "resource-id" attribute ? If not, the mock will say you do not have the right to acces the information. The list of available patient ID is displayed below.

Data Set

Token Security

Here are the ID to put in the SAML token in "resource-id" attribute. If you query any other patient id, the mock will respond with an error message saying that you are not authorized to acces informations related to the given patient ID.

resource-id	761337610430891416^^^SPID&2.16.756.5.30.1.127.3.10.3&ISO	761337610423590456^^^SPID&2.16.756.5.30.1.127.3.10.3&ISO	761337610435209810^^^SPID&2.16.756.5.30.1.127.3.10.3&ISO	761337610436974489^^^SPID&2.16.756.5.30.1.127.3.10.3&ISO

AuditEvent

Here are all couples of Dates/PatientID to effectivly access audit events. However, using optional parameters can lead you to no Audit event returned, even with those date and patient ID. Indeed, if the events does not match even one of the optional parameters, the audit event will not be returned by the ATC Mock.

Patient ID	urn:oid:2.16.756.5.30.1.127.3.10.3\|761337610430891416	urn:oid:2.16.756.5.30.1.127.3.10.3\|761337610435209810	urn:oid:2.16.756.5.30.1.127.3.10.3\|761337610436974489
Dates	ge2015-01-01 / le2020-01-01	ge2015-01-01 / le2017-01-01	ge2017-01-01 / le2019-01-01

End Point

http://ehealthsuisse.ihe-europe.net:8096/atc-record-repository?wadl
https://ehealthsuisse.ihe-europe.net:10443/atc-record-repository?wadl

It requires TLS mutual authentication with testing certificate (from GSS PKI).

ATC URI example :

http://ehealthsuisse.ihe-europe.net:8096/atc-record-repository/ARRservice/AuditEvent?date=ge2015-01-00&date=le2020-01-00&entity-id=urn:oid:2.16.756.5.30.1.127.3.10.3|761337610435200998