Handling at Login

When a user performs login at the eHealth Infrastructure, various checks are performed and security artefacts (such as the security token) are produced. In addition, certain resources are read, created, or possibly updated. The following applies to users of the Practitioner type.

The external security token contains one to many organizational scopes in which the user can have:

Zero, one or many different careteams in which the user can have one or many user roles
Zero, one or many user roles in the organizational scope

For the recognized user roles bound to a recognized and pre-existing CareTeam, it is ensured that:

a CareTeam.participant exists where the CareTeam.participant.member references the Practitioner. A participant can have multiple roles in a CareTeam.
- If such an entry is not present or does not contain the current role then the CareTeam is updated.
  - When a CareTeam.participantis added, the CareTeam.participant.period is set with a Period.start of date/time at update. The Period.end is left without value to form an open-ended period.

For all the organizational scopes where the organization identification can be resolved to an Organization in the eHealth Infrastructure, it is ensured that:

a PractitionerRole exists where the PractitionerRole.practitioner references the Practitioner and the PractitionerRole.organization references the Organization