Health NZ | Te Whatu Ora FHIR Screening Implementation Guide - Local Development build (v1.0.2) built by the FHIR (HL7® FHIR® Standard) Build Tools. See the Directory of published versions
API consumption sequence diagrams
FHIR screening summary API typical operation
Cervical screening summary API - typical sequence HNZ digital services hub / connector plane HNZ FHIR APIs health practitioner (screening) health practitioner (screening) NZ health app/PMS NZ health app/PMS API authn. server API authn. server API gateway API gateway Screening FHIR API Screening FHIR API HNZ FHIR API HNZ FHIR API National Health Index / Health Provider Index National Health Index / Health Provider Index API consumer OAUTH authentication at PMS initialisation [01] OAUTH2.0 Client Credentials Flow (client creds, scopes, audiences) [02] OAUTH token "scope": [ "system/DocumentReference.rs", "system/Patient.r" ] "aud": "https://fhir-ig.digital.health.nz/screening/StructureDefinition/nz-screening-summary " normal API usage [03] enter patient name, NHI [04] NHI search [05] present NHI matches [06] request screening summaries for selected NHI and programme type App/PMS sets the following user metadata in Request-Context " hpiPractitioner " - practitioner's Common Person Number (CPN) from Health Provider Index " hpiFacility | hpiOrganisation " - HPI facility OR organisation identifier from Health Provider Index [07] GET /DocumentReference?{search-params} [08] validate OAUTH token (issuer,sig) [09] GET / DocumentReference ?<params> break alt [Bad/missing access OAUTH token (issuer, scope, audience, expiry)] [10] HTTP 401 error: Unauthorized alt [Bad/missing Request-Context custom header] [11] HTTP 400 error: Bad Request [12] Search for Prior Terms Acceptance Form Search for FHIR QuestionnaireResponses GET /v1/ QuestionnaireResponse Queries based on available params: Org/facility acceptance search by facility : ? questionnaire =https://fhir-ig.digital.health.nz/screening/Questionnaire/ TermsOfUseOrgFacility & subject =https://standards.digital.health.nz/ns/hpi-facility-id| FZZ958-K Org/facility acceptance search by org : ? questionnaire =https://fhir-ig.digital.health.nz/screening/Questionnaire/ TermsOfUseOrgFacilityr & subject =https://standards.digital.health.nz/ns/hpi-organisation-id| GZZ956-B Practitioner acceptance search by facility : ? questionnaire =https://fhir-ig.digital.health.nz/screening/Questionnaire/ TermsOfUsePractitioner & author =https://standards.digital.health.nz/ns/hpi-person-id| 91ZABY & subject =https://standards.digital.health.nz/ns/hpi-facility-id| FZZ958-K Practitioner acceptance search by org : author =https://standards.digital.health.nz/ns/hpi-person-id| 91ZABY & subject =https://standards.digital.health.nz/ns/hpi-organisation-id| GZZ956-B [13] MATCHES [14] Confirm matching Practitioner and Org/Facility Terms of Use acceptance alt [normal report generation] [15] get data from backend APIs [16] generate screening summary content as HTML and PDF [17] include participant data as Patient instance [18] 200 OK , FHIR searchset Bundle In normal search response is a FHIR searchset Bundle. Each Bundle entry comprises a DocumentReference (mode:#match) containing the formatted screening summary, AND a Patient (mode:#include) instance for the patient demographic detail [No screening summary is available] [19] 200 OK , Bundle of mode: #outcome When screening history not available for specified subject, the Bundle contains one or more OperationOutcome s ( mode: #outcome ) describing the reason(s). [technical error] [20] HTTP 4xx|5xx error code In technical error scenarios, the response is just a FHIR OperationOutcome [21] process results and display to user [22] present screening summary / search result
User/practitioner special data access terms acceptance sequence
Cervical screening API data access - Practitioner terms acceptance form flow HNZ FHIR APIs health practitioner (screening) health practitioner (screening) NZ health app/PMS NZ health app/PMS Screening FHIR API Screening FHIR API Health Provider Index Health Provider Index HNZ FHIR API HNZ FHIR API HNZ Application Form API HNZ Application Form API API first time use by new practitioner/user [01] request screening summary for a patient App/PMS sets the following user metadata in Request-Context " hpiPractitioner " - practitioner's Common Person Number (CPN) from Health Provider Index " hpiFacility | hpiOrganisation " - HPI facility OR organisation identifier from Health Provider Index [02] Get screening summaries by NHI GET / DocumentReference ?<params> [03] Search for completed Terms Acceptance Form by Practitioner at current Org | Facility GET /v1/ QuestionnaireResponse ? questionnaire = https://fhir-ig.digital.health.nz/screening/Questionnaire/TermsOfUsePractitioner & author =https://standards.digital.health.nz/ns/hpi-person-id| 91ZABY & subject =https://standards.digital.health.nz/ns/hpi-organisation-id| GZZ956-B Or where facility identified rather than org & subject =https://standards.digital.health.nz/ns/hpi-facility-id| FZZ958-K [04] Empty Bundle alt [The practitioner user has not previously accepted the Terms of Access] Validate HPI identifiers [05] Validate Practitioner, Org / Facility identifiers [06] HPI match Bundle break [Practitioner | Organisation | Facility Id not valid] [07] HTTP 400 Bad Request Prepare Terms Acceptance Form [08] Generate Terms Acceptance Form POST /v1/auth/{formName}/generate-questionnaire-link The facade prepares a Terms Acceptance form by sending information about the practitioner, organisation | facility in magic link claims. [09] Prepare Form [10] Prepopulated Form Url (aka 'magic link') [11] Prepare OperationOutcome 403 response containing 'magic link' [12] HTTP 403 Forbidden error + 'magic link' On receipt of a 403 response, the App/PMS must check for magic link in the FHIR OperationOutcome.diagnostics property. [13] Display form in browser using magic link [14] Read special terms of access; complete form; submit to accept [15] Record practitioner's acceptance of terms [16] Practitioner terms acceptance complete API request processing can now proceed - see Typical Operation diagram Now that terms acceptance has been recored, the practitioner/user can retry their request for screening summaries in the PMS.
