In order to access information stored in the Multisafe environment the user requesting the information much first be authenticated. (see Authentication)
An authenticated user cannot access all information in the Multisafe environment. The information he or she is allowed to access is based on the patients consent and the patient - user relationship.
If the user is the patient he or she will only be allowed to see her own information. If the patient is a medical professional, he or she will only be allowed to see information about the patients when the patient - user relationship has been set up.
Setting up this relationship is done in the Multisafe portal. (See Portal)
Besides the patient - user relationship there has to also be a patient consent registered in the BGN network. If there is no patient concent, no information will be returned, even if a patient - user relationship has been set up.
Authentication and Authorization are supplied to the Multisafe environment using a SAML token. The SAML token is based on the XUA profile as descbribed by IHE.