Introduction

This simulator is developed in conformance with Swiss Integration profiles and IHE Technical Framework. This simulator emulates actor from CH:ATC (Audit Trail Consumption) profile. This profile defines the audit trail consumption requirements a community has to provide for a patient’s audit trail. The profile CH:ATC defines and precises the actors and transaction [ITI-81] of the IHE IT Infrastructure Technical Framework Supplement Add RESTful Query to ATNA 1 and defines the content of the Audit Messages. The different types of the Audit Messages are based on the requirements for Document and Policy Access management in order to achieve the Swiss regulation needs on the audit trail access by patients. Therefore it can act as a Patient Audit Consumer or as a Patient Audit Record Repository.

As a Patient Audit Consumer, this simulator is aimed to send messages to a Patient Audit Record Repository. Consequently, if your system (named SUT or System Under Test) is reachable from the Internet, you will be able to receive messages from the simulator.

As a Patient Audit Record Repository, this simulator can be requested Audit Events by your system.

# Patient Audit Consumer

When acting as a Patient Audit Consumer, this simulator is able to send multiple requests to your SUT to test the handling of parameters :

  • date
  • entity-id
  • entity-role
  • source
  • type
  • subtype
  • outcome
  • entity-type
  • user
  • address
  • _format

It can also send bad requests (missing requested parameters, parameters providing no matches, etc) to test the behavior of the SUT against erroneous requests.

## How to access the Simulator ?

The simulator is accessible via Gazelle Webservice Tester. If the simulator is available on the instance of the tool, it should appear in the project list with the name ATC_Repository. This name may also be followed with the version of the specification in brackets.

ATC Simulator for Patient Audit Consumer

## How to send messages to an SUT ?

If the simulator is available on the instance of Gazelle Webservice Tester you are using, it can then be launched as any other project from the tools.

Go to Run. Select the ATC_Repository project. You will have two Test suite available. The NormalCases test suite will send a request to test each parameter listed earlier. The ErrorCases test suite will focus on error cases.

Run the ATC Repository Project

You can then chose if you want to execute one specific test suite or the entire project. You will then be able to chose the endpoint the simulator will use, as well as the parameter from the requests that will be sent to your SUT.

Form defining parameters to use to execute NormalCases test suite

Once you defined all parameters for the Simulator to send requests, simply press Run and it will send messages to your SUT and keep track of exchanges in an Execution. This Execution can be retrieved anytime in the Execution List menu.

# Patient Audit Record Repository

The ATC Simulator can also simulates a CH:ATC Patient Audit Record Repository. A Patient Audit Consumer queries a Patient Audit Record Repository for Audit Events defined by this profile. The Patient Audit Consumer used entity-id (Patient ID) and date before/after as parameters to asked the Audit Record Repository. In all, there are only three mandatory parameters. There are also optional parameters : entity-type, entity-role, source, type, user, subtype, outcome and address. Each request sent must have a security token in the header, this part is used to check access rights. In this token, two elements will be checked :

  • Is the assertion valid in time ? (Time not Before in the past and Time not After in the future)
  • Does the mock know the patient ID passed as a resource-id attribute ? If not, the mock will say you do not have the right to acces the information. The list of available patient ID is displayed below.

## Data Set

###Token Security

Here are the ID to put in the SAML token in resource-id attribute. If you query any other patient id, the mock will respond with an error message saying that you are not authorized to access information related to the given patient ID.

resource-id
761337610430891416^^^SPID&2.16.756.5.30.1.127.3.10.3&ISO
761337610423590456^^^SPID&2.16.756.5.30.1.127.3.10.3&ISO
761337610435209810^^^SPID&2.16.756.5.30.1.127.3.10.3&ISO
761337610436974489^^^SPID&2.16.756.5.30.1.127.3.10.3&ISO

AuditEvent

Here are all couples of Dates/PatientID to effectively access audit events. However, using optional parameters can lead you to no Audit event returned, even with those date and patient ID. Indeed, if the events does not match even one of the optional parameters, the audit event will not be returned by the ATC Mock.

Patient ID Dates
urn:oid:2.16.756.5.30.1.127.3.10.3|761337610430891416 ge2015-01-01 / le2020-01-01
urn:oid:2.16.756.5.30.1.127.3.10.3|761337610435209810 ge2015-01-01 / le2017-01-01
urn:oid:2.16.756.5.30.1.127.3.10.3|761337610436974489 ge2017-01-01 / le2019-01-01

End Point

Here are the endpoints to use to send your request to the Patient Audit Record Repository simulator :

It requires TLS mutual authentication with testing certificate (from GSS PKI).

##ATC URI example

Here is an example URI for a requets on patient with ID 761337610430891416^^^SPID&2.16.756.5.30.1.127.3.10.3&ISO looking for audit events between 2015-01-01 and 2020-01-01

http://ehealthsuisse.ihe-europe.net:8096/atc-record-repository/ARRservice/AuditEvent?date=ge2015-01-00&date=le2020-01-00&entity-id=urn:oid:2.16.756.5.30.1.127.3.10.3|761337610430891416