Overview

This web service is designed to return only diagnostic reports that were allowed to read by patient's approval to the current user.

...

Authorization

Validate token

• Verify the validity of access token
  • Return 401 in case validation fails
• Verify token is not expired
  • in case error return 401 

Validate scopes

• Check user scopes in order to perform this action (scope = 'diagnostic_report:read')
  1. Return 403 in case invalid scope(s)

...

1. Select all diagnostic reports(approvals.granted_resources.identifier.value) from patients approvals that meet the requirements:
   1. patient_id= hashed patient_id from URL
   2. status= 'active'
   3. granted_to contains one of user's employees' id
   4. granted_resources.identifier.type.coding[].code="diagnostic_report"
2. Select this diagnostic reports from ME.patients.diagnostic_reports
3. Add filters requested by the user (search params)