Status
The status-endpoint returns the privacy settings the patient may have set.
If the patient has set a kjernejournal reservation no patient health records (journaldokumenter) for the patient exists in kjernejournal.
If the patient has set a restriction for access to kjernejournal for all health personell or specifically for patient health records (journaldokumenter) for all health personell then an extra consent must be given for access. We also check for restriction to Besøkshistorikk i Kjernejournal.
Note that we prefer that clients requests the status-endpoint first for each session in order to determine whether the patient has set restriction or reservation. This will improve the user experience as extra consent must be given for access in that case. See the nhn-access-basis header for how to set consent.
Technical Details
hasReservationKjernejournal = trueif the patient has set a reservation against the whole of kjernejournal- b39f778a-07e3-41ea-99c7-eb332ad45c82 (partkode
KJ)
- b39f778a-07e3-41ea-99c7-eb332ad45c82 (partkode
isRestricted = trueif the patient has set a restriction for access to Kjernejournal for all health personell OR only for access to journaldokumenter for all health personell.- 86f64955-fb61-4e5e-8a0c-7d7728363891 (partkode
KJ) - f0a455c5-c95f-4382-9cf0-4481a732a694 (partkode
kj-journaldok)
- 86f64955-fb61-4e5e-8a0c-7d7728363891 (partkode
isBlocked = trueif the patient has blocked access to Kjernejournal for individual health personell ORBesøkshistorikk and journaldokumenterfor all health personell.- 36870d8a-b37b-4386-8689-c656005cb296 (partkode
KJ) - c8ed0076-7482-4566-81f9-a41f2179b0ae (partkode
kj-besokhist)
- 36870d8a-b37b-4386-8689-c656005cb296 (partkode
Authorization
The endpoint requires a HelseID user token for authentication. DPoP must be used.
NOTE: In test environment we also support machine-to-machine (client credientials) with scope nhn:phr/status
When a user token is used, the response contains a flag if the users HPR number is blocked or not (see below).
Also when a user token is used all the required headers must be set as usual. The "nhn-access-basis" header MUST in this case always be set to UNNTAK. Note that we do not do any audit logging for requests to the /status endpoint.
Allowed scopes
All of the following scopes are allowed
| Scope | Type | Requires attest from tillitsrammeverket | Environments |
|---|---|---|---|
| nhn:phr/mhd/read-documentreferences | HelseID user token | Required | Test, QA, Production |
| nhn:phr/mhd/read-documentreferences/kjernejournalforskriften | HelseID user token | Required | Test, QA, Production |
| nhn:phr/status | HelseID user token | - | Test, QA |
Input
| Attribute | Format | Description |
|---|---|---|
| nin | String | Norwegian national identification number |
Curl example: Request status for patient
curl --location --request POST 'https://api.pjd.test.nhn.no/status' \
--header 'Authorization: DPoP eyJhbGciOiJSUzI1NiI......<<DPoP authorization bearer token>' \
--header 'DPoP: <DPoP proof token>' \
--header 'nhn-source-system: My EPJ system name' \
--header 'nhn-patient-nin: 10086055555' \
--data '{"nin":"10086055555"}'
Response
| Attribute | Format | Description |
|---|---|---|
| patientNIN | String | The patient NIN (National Identification Number). It's the same as FNR/DNR. |
| privacySetting.hasReservationKjernejournal | Boolean | If the patient has set a kjernejournal reservation or not. |
| privacySetting.isRestricted | Boolean | Patient has set restriction for access to patient health records (journaldokumenter). Extra consent must be given for access. |
| privacySetting.isBlocked | Boolean | Always false for machine JWTs. True if a user JWT is used and the HPR-number is blocked. Cannot be overruled. |
Response example
{
"patientNIN": "10086055555",
"privacySetting": {
"hasReservationKjernejournal": false,
"isRestricted": false,
"isBlocked": false
}
}