Healthcare

Experiences about Finnish Personal Health Record data repository (part 1)

Kalle Marjokorpi

3 min read

I recently familiarized myself with the Omatietovaranto (Finnish Personal Health Record) data repository service and web interfaces in a work project. Omatietovaranto (PHR) is a centralized national location for health and well-being data that is produced or measured in applications or devices. Measurable data (observations) can be steps, activity, weight, blood pressure, etc. Omatietovaranto (PHR) is owned by the National Institute for Health and Welfare. The system is developed and maintained by Kela.

PHR data repository accepts data models in HL7 FIHR standard data format which is a common standard in health systems all around the world. The data content is developed nationally with HL 7 Finland. You can find more information about HL7 Finland from https://www.hl7.fi and generally from https://www.hl7.org.

Suppliers can integrate their well-being and health applications into the PHR if various acceptance criteria are accepted and the test process is successfully passed. Tests are controlled and managed by Kela. Acceptance criteria are mostly related to general security practices, social and health regulations, and data protection of the application. Acceptance criteria must be accepted before applying to the QA environment (aka AT-test). If healthcare professionals can use citizen's PHR data then the application should be validated and certified as a Class A application (Social and healthcare data system). You can get more information about healthcare professional application requirements from Kela.

Suppliers can freely familiarize themselves with the PHR data repository via the Sandbox environment which is offered by Kela. Sandbox environment is not fully identically with the real production environment but It's a good place to start. The official site of PHR and information about the Sandbox environment can be found here https://www.kanta.fi/en/system-developers/sandbox-environments

Knowledge prerequisites before starting

I listed a few technologies with you should familiarize before start developing and integrating your application to the PHR data repository.

Oauth 2.0

Authorization is handled with the Oauth 2.0 protocol in the PHR data repository. You should be familiar with the Oauth 2.0 authorization flow and the most important terms of the flow: authorization server, authorization code, access token, refresh token, and resource server.

Client certificates

PHR QA and production environments require a client certificate which should be passed in requests that are heading to the Token or Resource Server endpoints. Note: Sandbox environment does not require a client certificate. A certificate (well-being application certificate) should be applied from the Population Register Centre (VRK) when the application is approved for the acceptance test.

REST API

You should understand how to consume REST API because the Omatietovaranto PHR resource server is a REST API.

FIHR data models

Simplifier Finnish PHR site contains a lot of information about national data models. You can find data model examples from the site. The Finnish PHR implementation guide contains ex. min and max data contents of the models.

A few notes about the Sandbox environment

  • Sandbox Environment does not require a Client certificate
  • Sandbox Environment is not updated so frequently as other environments
  • Sandbox Environment has known issues with the service portal (ex. PHR application client information is not possible to edit after creation - 27.10.2018 fixed)
  • If you use the HAPI-FIHR Resource server tool and you want to observe queries with the browser developer tool or Fiddler, notice that the tool might use obsolete query standards. You should check all Resource server query parameters from https://www.hl7.org/fhir/http.html
  • There are differences in server URLs when using Authorization, Token, and Resource endpoints in Sandbox and other environments

Comments