Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.


Rule base typeDescription
Based on declarationDoctor with an active declaration can access all the patient's medical data.
Based on managing organizationUser can read entities, created in his MSP
Based on context episodeUser can read medical data, that was collected during an episode of care, that user has access to.
Based on diagnostic reportUser can read medical data, that was collected as a part of a diagnostic report, managed by the user's legal entity.
Based on origin episodeDoctor can read medical data, that was collected as a part of a diagnostic report or episode of care, that user has access to.
Episode of care, that contains this service request,  is considered as an origin episode in that case. 

...

RuleBaseResourceRoutesContextLogicSource of context

@rule_-1

@read @allergy_intolerance @immunization @risk_assessment @device @medication_statement

Scenario: Employee can read insensitive patient’s data

Given User access token with client_type not equal to cabinet

When I require read access

Then I can read

Based on user token
by id
There is an active token
by search params
There is an active token

@rule_0

@read @episode @encounter @observation @condition@service_request @diagnostic_report @procedures @allergy_intolerance @immunization @risk_assessment @device @medication_statement @procedure @medication_administration

Scenario: Patient can read it's own data 

Given Patient has access_token given by Cabinet

When I require read access

Then I can read

Based on patient token

by id

patient_idThere is an active token given by Cabinet to a patient
by search params

@rule_1

@read @episode @encounter @observation @condition @service_request @diagnostic_report @procedures @medication_administration

Scenario: Doctor with active declaration can read all patient data

Given Active declaration with patient

And declaration from the same MSP

When I require read access

Then I can read


Based on  declaration










episodeby idpatient_id










There is an active declaration between the patient and the doctor in OPS










patient_id from URL









by search params
encounter


by id
by search params
by id in episode context
by search params in episode context
observation


by id
by search params
by id in episode context
by search params in episode context
conditionby id
by search params
by id in episode context
by search params in episode context
service_requestby id
by search params
diagnostic_reportby id
by search params
proceduresby search params

@rule_2

@read @episode @service_request @diagnostic_report @procedures

Scenario: Doctor can read entity created in the doctors MSP

Given Entity has been created on my MSP

When I require read access

Then I can read








Based on managing organization




episodeby idepisodemanaging_organization==token.client_id



DB.episode.managing_organization
by search paramssearch param {managing_organization} from URL
service_request

by idservice requestDB.service_request.managing_organization
by search paramssearch param {requester_legal_entity} from URL
diagnostic_reportby iddiagnostic_reportDB.diagnostic_report.managing_organization
by search paramssearch param {managing_organization} from URL
proceduresby search paramsmanaging_organizationsearch param {managing_organization} from URL

@rule_3

@read @encounter @observation @condition @service_request @diagnostic_report

Scenario: Doctor can read all the data of episodes created in the doctors MSP

Given Episode context has been created on my MSP

When I require read access

Then I can read

Based on context episodeencounterby idepisode















episode.managing_organization==token.client_id















DB.encounter.episode
by search paramssearch param {episode_id} from URL
by id in episode contextepisode_id from URL (path)
by search params in episode context
observationby idDB.observation.episode
by search paramssearch param {episode_id} from URL
by id in episode contextepisode_id from URL (path)
by search params in episode context
conditionby idDB.condition.episode
by search paramssearch param {episode_id} from URL
by is in episode context
episode_id from URL (path)
by search params in episode context
service_requestby idDB.service_request.encounter.episode.managing_organization
by search paramssearch param {episode_id} from URL
by id in episode contextepisode_id from URL (path)
diagnostic_reportby idDB.diagnostic_report.encounter.episode.managing_organization
by search paramscontext_episode_id from URL (path)

@rule_4

@read @episode @encounter @observation @condition @allergy_intolerance @immunization @risk_assessment @device @medication_statement @service_request @diagnostic_report @medication_administration

Scenario: Doctor with active approval can read all the data of specified in approval patient

Given Active approval on patient

When I require read access

Then I can read

not implemented yet




@rule_5

@read @episode @encounter @observation @condition @allergy_intolerance @immunization @risk_assessment @device @medication_statement @service_request @diagnostic_report @procedure @medication_administration

Scenario: Doctor with active approval can read all the data of specified in approval episodes

Given Active approval on episode

When I require read access

Then I can read

Based on context episode


















episodeby idepisode


















There is an active approval on the episode granted to the employee (one of user's employee) in MongoDB


















DB.episode.id
encounter


by idDB.encounter.episode
by search paramssearch param {episode_id} from URL
by id in episode contextepisode_id from URL (path)
by search params in episode context
observation


by idDB.observation.episode
by search paramssearch param {episode_id} from URL
by id in episode contextepisode_id from URL (path)
by search params in episode context
condition


by idDB.condition.episode
by search paramssearch param {episode_id} from URL
by id in episode contextepisode_id from URL (path)
by search params in episode context
service request

by idDB.service_requset.encounter.episode
by search paramssearch param {episode_id} from URL
by id in episode contextepisode_id from URL (path)
diagnostic reportby idDB.diagnostic_report.encounter.episode
by search paramssearch param {episode_id} from URL
procedureby idDB.procedures.encounter.episode
by search paramssearch param {episode_id} from URL

@rule_6

@read @diagnostic_report @encounter @procedure

Scenario: Doctor can read entity originated by episode created in the doctors MSP

Given Entity has been originated by mine MSP episode

When I require read access

Then I can read

Based on origin episode



encounterby idorigin_episode



origin_episode.managing_organization==token.client_id


DB.encounter.origin_episode
by search paramsSearch param {origin_episode_id} from URL
diagnostic repostby idDB.diagnostic_report.origin_episode
by search paramsSearch param {origin_episode_id} from URL
proceduresby search paramsDB.diagnostic_report.origin_episode

@rule_7

@read @observation

Scenario: Doctor can read all the data of diagnostic report originated by episode created in the doctors MSP

Given Diagnostic report context has been originated by mine MSP episode

When I require read access

Then I can read

Based on origin episodeobservationby iddiagnostic_reportorigin_episode.managing_organization==token.client_idDB.observation.diagnostic_report.origin_episode
by search paramsSearch param {diagnostic_report_id} from URL

@rule_8

@read @observation @condition @allergy_intolerance @immunization @risk_assessment @device @medication_statement @service_request @diagnostic_report @procedure @medication_administration

Scenario: Doctor can read all the data of encounter originated by episode created in the doctors MSP

Given Encounter context has been originated by mine MSP episode

When I require read access

Then I can read

Based on origin episodeobservationby idencounter







origin_episode.managing_organization==token.client_id







DB.observation.context.origin_episode
by search paramsSearch param {encounter_id} from URL
conditionby idDB.condition.context.origin_episode
by search paramsSearch param {encounter_id} from URL
service requestby idDB.service_request.encounter.origin_episode
by search paramsSearch param {encounter_id} from URL
diagnostic_reportby idDB.diagnostic_report.encounter.origin_episode
by search paramsSearch param {encounter_id} from URL
procedureby idDB.procedure.origin_episode
by search paramsSearch param {encounter_id} from URL

@rule_9 

@read  @encounter @observation @condition @service_request @diagnostic_report

Scenario: Doctor with active approval can read data, originated by the episode

Given Active approval on episode

When I require read access

Then I can read

Based on origin episode




@rule_10 

@read @observation

ScenarioDoctor can read all the data of diagnostic report created in the doctors MSP

Given Diagnostic report context has been originated by mine MSP

When I require read access

Then I can read

Based on diagnostic reportobservationby iddiagnostic_report

diagnostic_report.managing_organization==token.client_idDB.observation.diagnostic_report.managing_organization
by search paramsSearch param {diagnostic_report_id} from URL

@rule_11 

@read @observation @diagnostic_report@observation

Scenario: Doctor with active approval can read all the data of specified in approval diagnostic report

Given Active approval on diagnostic report

When I require read access

Then I can read

Based on diagnostic reportobservationby iddiagnostic_reportThere is an active approval on the diagnostic report granted to the employee (one of user's employee) in MongoDBDB.observation.diagnostic_report
by search paramsSearch param {diagnostic_report_id} from URL

...