Authentication and authorization

Owned by Kjernejournal systembruker
Last updated: 02 Sept, 2021
1 min read

Introduction

Use of the API requires that the user is authenticated with “HelseID” (see Technical Documentation ) on security level high (4) and that the REST calls contains a ticket from kjernejournal “HelseIndikator” (see Integrationguide with API).

Kjernejournal will verify that the user is an authorized health care professional and that the user organization is a healthcare business.

The service checks that the user is not blocked by the patient, whether the patient has blocked access to alert information, or whether the patient has blocked all information in kjernejournal.

Read, create or modify alert information

In the kjernejournal portal all professional healthcare roles can read alert information, but mainly doctors can create or modify alert information.

The API allows all professional healthcare roles to create or modify alert information and trusts that the user has an official need to use the API. Thus, the consumer is responsible for the access control in the EHR.

 

Deletion of alert information

The service allows all roles to delete alert information. However, the http verb DELETE is intended to use only when a registration is “entered-in-error”. For all other cases use the http verb PUT and set the verification status to “refuted”.

Records will not be physically deleted, but will have the “clinical status” element set to “entered-in-error”.

 

© Norsk helsenett - kjernejournal