04.07.2019 | Thomas Kessler

EPR HCP Administration: Vision Meets Reality


The management of healthcare professionals in the national Health Provider Directory of the electronic patient dossier follows a long-term vision of the legislator. This article shows how this vision can be linked to today’s reality.

Healthcare professionals (HCPs) who wish to use the electronic patient dossier must be listed in the national Health Provider Directory (HPD). The maintenance of the HPD directory entries is organized by the EP (master) communities. However, it is the task of the healthcare facilities to provide up-to-date data on healthcare professionals and their classification into CFP groups. For this purpose, attributes must be collected from various sources, some of which are outside the healthcare institutions. The following explanations should make it clearer why this is the case.

The vision of the legislator …

Behind the legal requirements for the administration of the HPD, a long-term vision is recognizable as outlined below: A working healthcare professional moves simultaneously in the three different spheres according to the diagram (below): Firstly, she is part of our civil society as a natural person; secondly, she is part of the Swiss healthcare system as a professional; and thirdly, she belongs to the sphere of the healthcare institution(s) in which she works. The person has specific attributes in each sphere, such as addresses and access rights, which are managed in one or more directories for each sphere.

The vision is now based on the fact that the attributes of the superordinate spheres are also used in the directories of the subordinate spheres: When a healthcare professional enters “Hospital Switzerland”, their E-ID register number in the HPD is linked to the Global Location Number (GLN) and the specialization listed in a professional register. When a healthcare professional starts work in a hospital, this information is transferred from the HPD to the hospital’s HR system, where it is linked to other attributes such as function and hospital affiliation. These onboarding processes establish a connection between the attributes of this person across all spheres and make it possible for a single national identity provider to be used for login to all applications. This vision is coherent in itself, minimizes the administrative effort at all levels and is also user-friendly. The only problem is that we are still a long way from this in reality.

HCP Administration in the EPR

The graphic on the left shows the vision of integrated identity management across the three spheres of “civil society” (orange), “Swiss Hospital” (green) and the healthcare facilities connected to the EPR (blue). The top right shows the bitter reality in which there is no connection between these spheres. The illustration at the bottom right shows how a well-functioning system for user and authorization management (also known as Identity and Access Management or IAM) can connect the internal sphere of the hospital or care home with the national sphere of the electronic patient dossier._

… and today’s reality

In today’s reality, hospitals and care homes are already under considerable pressure to keep user administration under control within their own sphere. They struggle with systems and processes so that new employees can use the required applications and departing employees can be deleted from the various user directories in a reasonably timely manner. In many places, today’s systems for user and authorization management (also known as Identity and Access Management or IAM) resemble a patchwork quilt that connects the various directory services of a hospital with each other.

From the perspective of day-to-day IT practice, the national identity and the “Swiss hospital” are little more than pipe dreams. However, with the connection to the electronic patient dossier, the very concrete practical problem must now be solved that the users authorized to use the EPD must be registered in the HPD. For this purpose, attributes belonging to the national sphere must be obtained, in particular the Globa Location Number (GLN) issued by the Refdata Foundation or the specializations managed in various professional registers. In addition, healthcare professionals must be identified on the basis of an officially recognized identity document.

Practitioners are now faced with the question of how the sometimes visionary requirements can best be met with the resources actually available.

A “bottom-up” solution approach

In the short term, it is to be expected that the HPD will largely be maintained manually because suitable electronic interfaces between the directory services are not yet available. In addition, it will hardly be possible to avoid healthcare professionals having to identify themselves to a national identity provider for healthcare professionals with an official ID card separately from or in addition to the HR processes established within the healthcare institution. This is practicable as long as the number of users is small.

In the medium term, the connection of the national directories should be automated by connecting the HPD and at least one national IdP for healthcare professionals to the IAM system of the healthcare institution. This reduces manual effort and improves data quality, especially if the GFP group assignments are also made by the IAM system according to defined rules.

This connection should be designed to be bidirectional from the outset. If, in the long term, the national HPD is used as the source for the attributes of the civil identity and the data from the medical professional registers for the internal systems, then the HR processes of the hospital or care home can be relieved and improved. This would be a major step towards the vision described at the beginning and a milestone on the way to an integrated Swiss healthcare system.

From today’s perspective, the “bottom-up” solution approach outlined here is the most promising way of connecting vision and reality. This path will also be bumpy for a long time. However, the long-term potential should motivate us to take on this hardship.

Note: This article was also published in the magazine HEIME & SPITĂ„LER 3 | AUGUST 2019.

Identity and Access Management (IAM) Security Architecure

About the author
Thomas Kessler
About the author
Thomas Kessler, Partner, Managing Security Consultant