All of the API operations require a token to confirm the client organization, and for most of the operations also the healthcare professional performing the operation. The parties identified by the token is authorative, and will override all information in the data. Inconsistency may cause processing errors.
The Norwegian e-resept requires strong signature on most messages, including the healthcare professional. For the document messages (M1 Resept and M25 LIB/PLL) the signature also represent a content commitment statement. Where strong PKI based on personal certificates has been used for this in the past, SFM implements an alternative scheme: Providing PKI signature (XML-dsig) from SFM, including the token representing the organization and user to the national systems. Using SFM does impose granting the right to sign messages on behalf of both the participating organization and the participating healthcare professional.
It is mandatory that the client system clearly informs the user that issuing prescriptions and PLL via SFM entails the act of signing the documents. Requirements may include requesting a local PIN code for the signing operation.
Powered by SIMPLIFIER.NET