Skip to main content

Problem definition

A healthcare organisation usually has a multitude of vendors providing digital services. In some cases a use-case requires multiple systems. It could also be the case that certain data could be usefull to display in different systems. Without support for handling this, a healthcare organisation would probably need an integrator for certain use-cases.

Legislation dictates that the healthcare organisation is responsible for controlling access to patient data. In use-cases, that organisation grants access to other organisations and not to individual systems. For example: when organisation "A" grants access to "B" for a patient regarding medication data, than any system from "B" should be able to fetch the medication data. It should also be possible for "B" to fetch this data from any system of "A", not only the system that granted the access.

Within the scope of the Nuts specifications (V1) this is a challenge because the Verifiable Credentials (VC) use the Decentralized Identifier (DID) as technical ID for issuer and subject. Because DIDs are bound to a private key, these credentials can't be shared accross systems.