picel meta
work table with laptop
Health sector

How to incorporate appropriate informed consent to the GDPR in a PHP portal

There are many customers who call us to incorporate in their solutions or websites electronic signature technology appropriate to the RGPD. Although we have several products that fit in different scenarios, today we are going to focus on one of them, Viafirma Documents, and on a very specific use case: electronically sign an informed consent.

To put us a little in context, consent is one of the basic pillars that characterizes any data protection policy, in this sense, paragraph 11 of Article 4 of the General Data Protection Regulation (GDPR) tells us that consent of the data subject is “Any freely given, specific, informed and unambiguous indication of his or her wishes by which the data subject consents, either by a statement or by a clear affirmative action, to the processing of personal data relating to him or her”.

In other words, the GDPR determines how consent has to be given, which has 4 characteristics, which are:

  • Free Consent: It cannot be given under any type of coercion nor can it be conditioned as it can be (for example) in the case of a discount on a service.
  • Specific consent: It is not appropriate to grant a general consent, as has been the case in the past, but the purpose of the consent must be specified.
  • Informed consent: This is to inform the user of the purpose of the processing, the name of the data controller, how the data will be processed and the rights of the data subject.
  • Unequivocal consent: Consent that has been given by means of a manifestation of the interested party or by means of a clear affirmative action. It is understood that the interested party gives this consent when he/she knows, without any doubt, that he/she is giving his/her consent. That is why it does not admit forms of tacit consent or consent by omission (based on inaction).

In order to consider a consent valid, the responsible must be able to demonstrate that the data subject consented to the processing of his/her data and for this purpose, in our case, we will use electronic evidence that will help us to prove it.

There are different ways to sign an electronic document: signature with electronic certificate, biometric signature, signature by OTP/SMS as well as other evidences such as the geographical location at the time of signing, photographs, attachments, time stamp…

If you have a portal or web application in PHP to manage your clinic and you want to generate the consent based on your own document/template where your customers can fill in their data and sign continue reading…

Let’s explain it step by step

To begin with, we are going to make use of an API with PHP with cURL support that allows to make requests to remote servers. In our case, we will integrate with the REST services exposed for integrators by Viafirma Documents and that are secured with OAuth, for which we will use the library that you will find in this link. If you prefer you can download the complete example together with the libraries used.

In our example we will use a single php file that we will name demo-consent.php and we will describe it briefly below:

Library and Definition of constants:


//We define the path to the oAuth libraries indicated above, in our case we have left it in the root inside a folder that we have named library

require_once dirname(__FILE__) . '/library/OAuthRequestSigner.php';

define(DOCUMENTS_API_URL, "https://sandbox.viafirma.com/documents/api/v3");

define(DOCUMENTS_CONSUMER_KEY, "xxxxx");

define(DOCUMENTS_CONSUMER_SECRET, "xxxxxxxxxx");

The variables DOCUMENTS_CONSUMER_KEY and DOCUMENTS_CONSUMER_SECRET will be provided by Viafirma through the contact form of its web for integrators: https://www.viafirma.com/es/api-firma-electronica/

Function send_message().


function send_message ()
{
    error_reporting(E_ALL);

    //Constructing the URL of the service to invoke
    $url=DOCUMENTS_API_URL.“/messages/”;

    //Access to secure services via oAuth
    OAuthStore::instance('MySQL', array('conn'=>false));

    $req = new OAuthRequestSigner($url, 'POST');

    $date = new DateTime();

    $secrets = array(
                'consumer_key' =>; DOCUMENTS_CONSUMER_KEY,
                'consumer_secret' =>; DOCUMENTS_CONSUMER_SECRET,
                'token' =>“”,
                'token_secret' =>“”,
                'signature_methods' => array('HMAC-SHA1'),
                'nonce' => '',
                'timestamp' => $date->getTimestamp(),
                );

    $req->sign(0, $secrets);

    //JSON with data required for Viafirma Documents that we will describe later on

    $string_json = file_get_contents(“./demo_consentimiento.json”);

    ///Start and run CuRL

    $ch = curl_init($url);

    curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
    curl_setopt($ch, CURLOPT_CUSTOMREQUEST, “POST”);
    curl_setopt($ch, CURLOPT_POSTFIELDS, $string_json);
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);

     // OAuth Header
    $headr = array();
    $headr[] = 'Content-Length: ' . strlen($string_json);
    $headr[] = 'Content-type: application/json';
    $headr[] = ''.$req->getAuthorizationHeader();
    curl_setopt($ch, CURLOPT_HTTPHEADER,$headr);

    $result = curl_exec($ch);
    $array = json_decode($result);
    $link=$array->notification->sharedLink->link;

    //We obtain the link to the reply sent by Viafirma Documents 
    return $link;

    echo 'NombreiFrame.location.href = “‘.$link.’”;'; 
    echo “Url to redirect or mount iframe: ”;
    echo prettyPrint($result); 

    // Closing
    curl_close($ch);

}

demo-consent.json

Although we could define many more variables, with this simple .json and a template defined in Viafirma Documents would be enough to carry out the example:


{
 "groupCode" : "String",
 "workflow" : {
   "type" : "PRESENTIAL"
 },
 "notification" : {
   "text" : "Text of the signature request",
   "detail" : "Detail of the signature request"
 },
  "document": {
    "templateCode": "name_template",
    "formRequired": true
  },
 "callbackMails" : "[email protected]"
}

code.hljs { background: #fafafa !important; padding: 2em 4em; border: 1px solid #eaeaea; border-radius: 4px; }

Important:

  • Remember to replace the values of the example by the ones provided by Viafirma for the attribute: groupCode. The group will determine preconfigured behavior related to factors such as automatic transfers, style sheets, permissions, etc. It is important that the groupCode coincides with the group with which you intend to complete your signature process.
  • Define in this variable the code of your existing template in Viafirma documents document.templateCode
  • In the callbackMails field you will be able to inform an email account, or several comma-separated ones, to which we will automatically inform when your process is finished, being able to include as an attachment the signed document with a personalized message and style.

Once you have implemented both files, you only have to call them from the button of your page or inside your application and it will generate an automatic signature request based on the template defined in Viafirma Documents as you can see in the example included at the beginning of this article.

The result is that from a PHP web page I can get my patients to fill in and sign the consent form in a fast and secure way.

We hope you found it useful

Keep on signing with Viafirma!!!!

Do you have questions or need more details?

We are here to provide you with all the information you need.
Click here to speak to our sales team.

Contact with us

We’re just one step away!

The best electronic signature and digital signature solution for your business.

Scroll to Top