DRAFT VERSION!

 

The main goal of this page is to clarify the Emergency Workflow. It will try to match the epSOS Specifications with the current implementation of OpenNCP, raising any faulty situations.

Table of contents:

 

1. Emergency workflow accordint to epSOS specifications

In this piece of the full PS workflow we can understand the following:

#StepOptionObservation
1HCP confirms that he checked the correctness of patient's ID details (Port-B)YESWith the selected option the HCP should then choose if it is an emergency case or not. We will proceed to follow the diagram as if it was one.
2Emergency case (button to confirm or deny)YESWith the selected option the system should send a request to the Patient's country right away, avoiding ask for previous consent. It is up to Country-A to provide or not the information, based on Emergency situation policy.

 

The next steps will depend on the Country-A Emergency situation policy. But the important part that is taken from the specs is the folllowing:

  1. The value XSPA Purpose of Use of the TRC (Treatment Relationship Confirmation) Assertion should be EMERGENCY;
  2. There should be produced an Audit Message stating the occurrence;

2. OpenNCP implementation

2.1. Portal Implementation

In the current Gnomon Portal implementation you have to select both the "Purpose of Use" and the "Previous Consent confirmation" options in order to proceed.

With this situation you cannot chose "EMERGENCY" and then go straight to the document search result, as the epSOS specifications state.

You can see that in the following picture:

2.1.1. Portuguese modified compliant version

In the Portuguese portal modified version we adapted the workflow to be more aligned with the specs. It has the following behaviour:

  1. Select the "document search" for the chosen patient;
  2. Select if it is an EMERGENCY or NOT EMERGENCY situation;
  3. If it is an EMERGENCY you are transported imediatly to document search result (depending, of course, on Country A decision);
  4. if it is NOT AN EMERGENCY you must specify if the patient has given previous consent. The next workflow will depend on the selected option;

This steps can be explained by the following animated picture:

This modification was achieved mainly by changing the default confirmation page (viewPatientConfirmationForDocuments.xhtml), that now contains the following code:

<!DOCTYPE html PUBLIC "-W3CDTD XHTML 1.0 TransitionalEN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"
      xmlns:h="http://java.sun.com/jsf/html"
      xmlns:f="http://java.sun.com/jsf/core"
      xmlns:ui="http://java.sun.com/jsf/facelets"
      xmlns:p="http://primefaces.org/ui">
    <h:head>
    </h:head>
    <body>
        <h:form>
            <p:panel header="#{translationBean.report_summary}">
                <table>
                    <tr>
                        <td><b><h:outputText
                                    value="#{translationBean.patient_data_givenname}" /></b></td>
                        <td>&nbsp;</td>
                        <td><h:outputText value="#{myBean.selectedPatient.name}" /></td>
                    </tr>
                    <tr>
                        <td><b><h:outputText
                                    value="#{translationBean.patient_data_surname}" /></b></td>
                        <td>&nbsp;</td>
                        <td><h:outputText value="#{myBean.selectedPatient.familyName}" /></td>
                    </tr>
                    <tr>
                        <td><b><h:outputText
                                    value="#{translationBean.patient_data_street_address}" /></b></td>
                        <td>&nbsp;</td>
                        <td><h:outputText value="#{myBean.selectedPatient.address}" /></td>
                    </tr>
                    <tr>
                        <td><b><h:outputText
                                    value="#{translationBean.patient_data_code}" /></b></td>
                        <td>&nbsp;</td>
                        <td><h:outputText value="#{myBean.selectedPatient.postalCode}" /></td>
                    </tr>
                    <tr>
                        <td><b><h:outputText
                                    value="#{translationBean.patient_data_city}" /></b></td>
                        <td>&nbsp;</td>
                        <td><h:outputText value="#{myBean.selectedPatient.city}" /></td>
                    </tr>
                    <tr>
                        <td><b><h:outputText
                                    value="#{translationBean.patient_data_country}" /></b></td>
                        <td>&nbsp;</td>
                        <td><h:outputText value="#{myBean.selectedPatient.country}" /></td>
                    </tr>
                </table>
            </p:panel>
            <p:panel
                header="Confirmar com o doente (acesso aos seus dados clínicos):" id="confirmationPanel">
                <p:outputPanel id="customPanel">
                    <td><b><h:outputText value="Atendimento:" /></b></td>
                    <p:selectOneRadio id="customRadio"
                                      value="#{confirmationBean.purposeOfUse}" layout="custom">
                        <f:selectItem itemLabel="&nbsp;&nbsp;EMERGENTE (não é possível obter o consentimento)"
                                      itemValue="EMERGENCY" />                                                                                       
                        <f:selectItem itemLabel="&nbsp;&nbsp;NÃO URGENTE"
                                      itemValue="TREATMENT" />
                        <p:ajax update="confirmationPanel"/>
                    </p:selectOneRadio>
                    <h:panelGrid columns="2">
                        <p:radioButton id="opt2" for="customRadio" itemIndex="0" />
                        <h:outputLabel for="opt2" value="&nbsp;&nbsp;EMERGENTE (não é possível obter o consentimento)" />
                        <p:radioButton id="opt1" for="customRadio" itemIndex="1" />
                        <h:outputLabel for="opt1" value="&nbsp;&nbsp;NÃO URGENTE" />
                    </h:panelGrid>
                </p:outputPanel>
                <p:outputPanel rendered="#{confirmationBean.purposeOfUse=='TREATMENT'}" id="customPanel2">      
                    <td><b><h:outputText
                                value="Deu consentimento prévio?" /></b></td>
                    <p:selectOneRadio id="customRadio2"
                                      value="#{confirmationBean.confirm}" layout="custom">
                        <f:selectItem itemLabel="Yes" itemValue="Yes" />
                        <f:selectItem itemLabel="No" itemValue="No" />
                    </p:selectOneRadio>
                    <h:panelGrid columns="2">
                        <p:radioButton id="opt11" for="customRadio2" itemIndex="0" />
                        <h:outputLabel for="opt11" value="&nbsp;&nbsp;Sim" />
                        <p:radioButton id="opt22" for="customRadio2" itemIndex="1" />
                        <h:outputLabel for="opt22" value="&nbsp;&nbsp;Não" />
                    </h:panelGrid>
                </p:outputPanel>
                <p:commandButton id="submitButton" 
                                 value="Confirmar" 
                                 ajax="false"
                                 action="/viewDocuments.xhtml?faces-redirect=true&amp;javax.portlet.faces.PortletMode=view&amp;javax.portlet.faces.WindowState=normal"
                                 disabled="#{confirmationBean.purposeOfUse==null}"
                                 onclick="customRadio.selectValue('')">
                    <p:resetInput target="confirmationPanel" />
                    <f:setPropertyActionListener value="#{confirmationBean.purposeOfUse}"
                                                 target="#{myBean.purposeOfUseForPS}" />
                    <f:setPropertyActionListener value="#{confirmationBean.confirm}"
                                                 target="#{myBean.previousConsent}" />
                    <f:setPropertyActionListener value="null"
                                                 target="#{confirmationBean.purposeOfUse}" />
                    <f:setPropertyActionListener value="null"
                                                 target="#{confirmationBean.confirm}" />
                </p:commandButton>
                <p:commandButton id="cancelButton" value="Cancelar" ajax="false"
                                 action="/view1.xhtml?javax.portlet.faces.PortletMode=view&amp;javax.portlet.faces.WindowState=normal" />
            </p:panel>
        </h:form>
    </body>
</html>

Please give importance to:

<p:selectOneRadio id="customRadio" value="#{confirmationBean.purposeOfUse}" layout="custom">
	<f:selectItem itemLabel="&nbsp;&nbsp;EMERGENTE (não é possível obter o consentimento)" itemValue="EMERGENCY" />                                                                                       
    <f:selectItem itemLabel="&nbsp;&nbsp;NÃO URGENTE" itemValue="TREATMENT" />
	<p:ajax update="confirmationPanel"/>
</p:selectOneRadio>

That will trigger the "hide and show" of the question that asks for the previous consent, together with the following tag:

<p:outputPanel rendered="#{confirmationBean.purposeOfUse=='TREATMENT'}" id="customPanel2">
...
</p:outputPanel>

2.2. Assertion type

The current implementation will produce a Treatment Relationship Confirmation (TRC) assertion with a specific XSPA Purpose of Use value, based on the selected purpose of use (EMERGENCY or NOT EMERGENCY <=> TREATMENT) 

...
<saml2:Attribute FriendlyName="XSPA Purpose Of Use" Name="urn:oasis:names:tc:xspa:1.0:subject:purposeofuse" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
	<saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">EMERGENCY</saml2:AttributeValue>
</saml2:Attribute>
...

According to specifications, this action is correct and no action is required.

2.3. Audit message

In the current implementation there is no Audit Message when the Emergency workflow is triggered;

  The non-functional requirement NFR06 - Audit Trail, present int the document D3.2.2 "Final definition of functional service requirements" states the following:

 "Extraordinary and/or emergency accesses must be specially marked in order to facilitate the local management of those."

Therefore an extra audit message needs to be triggered in this particular situations. The main issue is that there is not any audit message specified for this particular situation.

3. Actions to be taken in OpenNCP

TaskRelated IssuesComments
Adjust Portal implementation to match epSOS specs

The workflow of the portal has been adjusted to allow the specific consent final question. (To be asked to the patient).

Specify Emergency triggered Audit MessageNothing to doAlready supported by the security header, present in the produced assertions.
Add functionality to send the specified audit messageNothing to doAlready supported by the produced assertions.

 

4. References