Page Comparison

...

Table of Contents

...

Description

...

Based on declaration

...

Doctor with an active declaration can access all the patient's medical data.

...

Based on managing organization

...

User can read entities, created in his MSP

...

Based on context episode

...

User can read medical data, that was collected during an episode of care, that user has access to.

...

Based on diagnostic report

...

User can read medical data, that was collected as a part of a diagnostic report, managed by the user's legal entity.

...

Based on origin episode

...

Doctor can read medical data, that was collected as a part of a diagnostic report or episode of care, that user has access to.
Episode of care, that contains this service request, is considered as an origin episode in that case.

...

Based on care plan

...

User with active approval on the care plan can read or write the data based on this care plan

Table of Contents

Rule base type	Description
Based on declaration	Employee with an active declaration can access all the patient's medical data.
Based on managing organization	Employee can read entities, created in his MSP
Based on context episode	Employee can read medical data, that was collected during an episode of care, that employee has access to.
Based on diagnostic report	Employee can read medical data, that was collected as a part of a diagnostic report, managed by the employee's legal entity.
Based on origin episode	Employee can read medical data, that was collected as a part of a diagnostic report or episode of care, that employee has access to. Episode of care, that contains this service request, is considered as an origin episode in that case.
Based on care plan	Employee with active approval on the care plan can read or write the data based on this care plan
Based on patient	Employee with active approval on the patient can read the data related to this patient

Rule: @rule_-2 \| Action: @read \| (GraphQL only)
Scenario:	Base	Resource	Routes	Context	Source of context	Logic
NHS employee can read patient’s data if he has Justification for monitoring Given Justification on monitoring patient's data given by the user (works only from Admin panel, graphql api) When I require read access Then I can read	Based on user token	episode	JustificationFilter schema	patient_id	person_id from JustificationFilter schema	There is an active token & an active justification
		encounter
		observation
		condition
		allergy_intolerance
		immunization
		risk_assessment
		device
		medication_statement
		medication_request
		medication_dispense
		service_request
		diagnostic_report
		procedure
		medication_administration
		care_plan
		activity

Rule: @rule_-1 \| Action: @read
Scenario:	Base	Resource	Routes	Context	Source of context	Logic
Employee can read insensitive patient’s data Given User access token with client_type not equal to cabinet When I require read access Then I can read	Based on user token	allergy_intolerance	by id by search params			There is an active token for client_type.name != CABINET
		immunization
		risk_assessment
		device
		medication_statement

Rule: @rule_0 \| Action: @read
Scenario:	Base	Resource	Routes	Context	Source of context	Logic
Patient can read it's own data Given Patient has access_token given by Cabinet When I require read access Then I can read	Based on patient token	episode	by id by search params	patient_id	patient_id from URL	There is an active token given by Cabinet to a patient
		encounter
		observation
		condition
		allergy_intolerance
		immunization
		risk_assessment
		device
		medication_statement
		service_request
		diagnostic_report
		procedure
		medication_administration
		care_plan
		activity
		clinical_impression

Rule: @rule_1 \| Action: @read
Scenario:	Base	Resource	Routes	Context

Logic

Source of context

@rule_-2 (GraphQL only)

@read @episode @encounter @observation @condition @allergy_intolerance @primmunization @risk_assessment @device @medication_statement @service_request @diagnostic_report @procedure @medication_administration@care_plan @activity

Scenario: NHS employee can read patient’s data if he has Justification for monitoring

Given Justification on monitoring patient's data given by the user (works only from Admin panel, graphql api)

When I require read access

Then I can read

Based on user token

by id

patient_id

There is an active token

by search params

There is an active token

@rule_-1

@read @allergy_intolerance @immunization @risk_assessment @device @medication_statement

Scenario: Employee can read insensitive patient’s data

Given User access token with client_type not equal to cabinet

When I require read access

Then I can read

Based on user token

by id

There is an active token

by search params

There is an active token

@rule_0

@read @episode @encounter @observation @condition @allergy_intolerance @immunization @risk_assessment @device @medication_statement @service_request @diagnostic_report @procedure @medication_administration@care_plan @activity @clinical_impression

Scenario: Patient can read it's own data

Given Patient has access_token given by Cabinet

When I require read access

Then I can read

Based on patient token

by id

patient_id

There is an active token given by Cabinet to a patient

by search params

@rule_1

@read @episode @encounter @observation @condition @service_request @diagnostic_report @procedure @medication_administration @care_plan @activity @approval @clinical_impression

Scenario: Employee with active declaration can read all patient data

Given Active declaration with patient

And declaration from the same MSP

When I require read access

Then I can read

Based on declaration

episode

by id

patient_id

There is an active declaration between the patient and the doctor in OPS

patient_id from URL

by search params

encounter

by id

by search params

by id in episode context

by search params in episode context

observation

by id

by search params

by id in episode context

by search params in episode context

condition

by id

by search params

by id in episode context

by search params in episode context

service_request

by id

by search params

diagnostic_report

by id

by search params

care_plan

by id

by search params

activity

by id

by search params

approval

by id

by search params

clinical_impression

by id

by search params

medication_request_request

by id

by search params

medication_request

by id

by search params

medication_dispense

by id

by search params (Search Medication dispenses by Medication request ID)

@rule_2

@read @episode @service_request @diagnostic_report @procedures

Scenario: Doctor can read entity created in the doctors MSP

Given Entity

	Logic
Employee with active declaration can read all patient data Given Active declaration with patient And declaration from the same MSP When I require read access Then I can read	Based on declaration and user token	episode	by id	person_id	person_id from URL	There is an active declaration between the patient and the employee in OPS from the same MSP from token
			by search params
		encounter	by id
			by search params
			by id in episode context
			by search params in episode context
		observation	by id
			by search params
			by id in episode context
			by search params in episode context
		condition	by id
			by search params
			by id in episode context
			by search params in episode context
		service_request	by id
			by search params
		diagnostic_report	by id
			by search params
		procedure	by id
			by search params
		medication_administration	by id
			by search params
		care_plan	by id
			by search params
		activity	by id
			by search params
		approval	by id
			by search params
		clinical_impression	by id
			by search params
		medication_request_request & medication_request & medication_dispense	by id
			by search params

Rule: @rule_2 \| Action: @read
Scenario:	Base	Resource	Routes	Context	Source of context	Logic
Employee can read entity created in the employee's MSP Given Entity has been created on my MSP When I require read access Then I can read	Based on managing organization	service_request	by id	requester_legal_entity + patient_id	DB.service_request.managing_organization	managing_organization==id
			by search param		search param {managing_organization} from URL	managing_organization (requester_legal_entity, )==token.client_id
		episode diagnostic_report procedures encounter condition observation	by id	managing_organisation + patient_id	DB.episode.managing_organization OR DB.diagnostic_report.managing_organization	managing_organization==id
			by search param		search param {requester_legal_entity} from URL	managing_organization (requester_legal_entity, )==token.client_id
		medication_request_request & medication_request & medication_dispense	by id	legal_entity + patient_id	search param {legal_entity_id} from URL	legal_entity_id==id
			by search param			legal_entity_id==token.client_id

Rule: @rule_3 | Action: @read

Scenario:

Base

Resource

Routes

Context*

Source of context

Logic

Employee can read all the data of episodes created in the employee's MSP

Given Episode context has been created on my MSP

When

I

I require read access

Then

I

I can read

Based on

managing organization

context episode

episode

encounter	by id	episode	DB.encounter.episode	episode.managing_organization==token.client_id
	by search params		search param {episode_id} from URL
	by id in episode context		episode_id from URL (path)
	by search params in episode context
observation	by id	episode	DB.observation.episode

.managing_organization


by search params	search param {

managing

episode_

organization

id} from URL

service_request

by id in episode context	episode_id from URL (path)
by search params in episode context
condition	by id

service request

episode

DB.

service_request.managing_organization

condition.episode
by search params	search param {

requester_legal_entity} from URLdiagnostic_report

episode_id} from URL
by id in episode context	episode_id from URL (path)
by search params in episode context
service_request	by id

diagnostic_report

episode

DB.

diagnostic

service_

report.managing_organization

request.encounter.episode
by search params	search param {

managing

episode_

organization

@rule_3

@read @encounter @observation @condition @service_request @diagnostic_report @device @medication_statement @immunization @risk_assessment @medication_administration @procedure @allergy_intolerance @clinical_impression

Scenario: Doctor can read all the data of episodes created in the doctors MSP

Given Episode context has been created on my MSP

When I require read access

Then I can read

Based on context episode

encounter

by id

episode

episode.managing_organization==token.client_id

DB.encounter

id} from URL

procedures

by search params

managing_organization

search param {managing_organization} from URL

medication_request_request

by id

legal_entity + patient_id

legal_entity_id==id

search param {legal_entity_id} from URL

by search param

legal_entity_id ==token.client_id

medication_request

by id

legal_entity + patient_id

legal_entity_id==id

search param {legal_entity_id} from URL

by search param

legal_entity_id ==token.client_id

medication_dispense

by id

legal_entity + patient_id

legal_entity_id==id

search param {legal_entity_id} from URL

by search param (Search Medication dispenses by Medication request ID)

legal_entity_id ==token.client_id

by id in episode context	episode_id from URL (path)
by search params in episode context
diagnostic_report	by id	episode	DB.diagnostic_report.encounter.episode
	by search params		context_episode_id from URL (path)
procedure	by id	episode	DB.procedures.encounter.episode
	by search params		search param {episode_id} from URL
medication_administration	by id	episode	IF context is encounter THEN: DB.medication_administrations.context.episode
	by search params		search param {episode_id} from URL
device	by id	episode	IF context is encounter THEN: DB.devices.context.episode
	by search params		search param {episode_id} from URL
risk_assessment	by id	episode	IF context is encounter THEN: DB.risk_assessments.context.episode
	by search params		search param {episode_id} from URL
medication_statement	by id	episode	IF context is encounter THEN: DB.medication_statements.context.episode
	by search params		search param {episode_id} from URL
immunization	by id

in episode context

episode

_id from URL (path)

by search params in episode context

observation

by id

IF context is encounter THEN:
DB.

observation

immunizations.context.episode
by search params	search param {episode_id} from URL
allergy_intolerance	by id

in episode context

episode

_id from URL (path)

by search params in episode context

condition

by id

DB.condition

	IF context is encounter THEN: DB.allergy_intolerances.context.episode
	by search params	search param {episode_id} from URL
medication_request	by

is in episode context

id

episode

DB.medication_request.context_episode_id

from URL (path)

by search params

in episode contextservice_request

	search param {episode_id} from URL
medication_dispense	by id	episode	DB.

service

medication_request.

encounter.

context_episode

.managing

_

organization

id
by search params	search param {episode_id} from URL
medication_request_request	by id

in episode context

	episode	DB.medication_request_request.context_episode_id
by search params	episode	search param {episode_id} from URL

(path)

diagnostic

clinical_

report

impression

by id

episode

DB.

diagnostic

clinical_

report

impression.

encounter.

context_episode

.managing

_

organization

id

by search params

context_

search param {episode_id} from URL

(path)

medication_statement

by id

IF context is encounter THEN:
DB.medication_statements.context.episode.managing_organization

by search params

search param {episode_id} from URL

immunization

by id

IF context is encounter THEN:
DB.immunizations.context.episode.managing_organization

by search params

search param {episode_id} from URL

by id in episode context

episode_id from URL (path)

by search params in episode context

device

by id

IF context is encounter THEN:
DB.devices.context.episode.managing_organization

by search params

search param {episode_id} from URL

risk_assessment

by id

IF context is encounter THEN:
DB.risk_assessments.context.episode.managing_organization

by search params

search param {episode_id} from URL

medication_administration

by id

IF context is encounter THEN:
DB.medication_administrations.context.episode.managing_organization

by search params

search param {episode_id} from URL

procedure

by id

DB.procedures.encounter.episode.managing_organization

by search params

search param {episode_id} from URL

allergy_intolerance

by id

IF context is encounter THEN:
DB.allergy_intolerances.context.episode.managing_organization

by search params

search param {episode_id} from URL

by id in episode context

episode_id from URL (path)

by search params in episode context

clinical_impression

by id

DB.clinical_impression.episode

by search params

search param {episode_id} from URL (can be used with {encounter_id} search param for sort by encounter)

medication_request

by id

episode

DB.medication_request.context_episode_id

by search params

search param {episode_id} from URL (can be used with {encounter_id} search param for sort by encounter)

medication_dispense

by id

episode

DB.medication_request.context_episode_id

by search params (Search Medication dispenses by Medication request ID)

search param {episode_id} from URL (can be used with {encounter_id} search param for sort by encounter)

medication_request_request

by id

episode

DB.medication_request_request.context_episode_id

by search params

search param {episode_id} from URL (can be used with {encounter_id} search param for sort by encounter)

@rule_4

@read @episode @encounter @observation @condition @allergy_intolerance @immunization @risk_assessment @device @medication_statement @service_request @diagnostic_report @medication_administration

Scenario: Doctor

Rule: @rule_4 \| Action: @read
Scenario:	Base	Resource	Routes	Context	Source of context	Logic
Employee with active approval can read all the data of specified in approval patient Given Active approval on patient When I require read access Then I can read	Based on patient_id	episode	by id	patient_id	patient_id from URL	There is an active approval on patient’s data granted to the to the employee (one of user's employee) in MongoDB
			by search params
			active diagnosis
			short episodes by search params
			by patient_id in observation context
			by patient_id in condition context
			by patient_id in procedure context
			by patient_id in diagnostic_report context
		encounter	by id
			by search params
			by id in episode context
			by search params in episode context
			short encounters by search params
			short encounters by ID
		observation	by id
			by search params
			short observations by search params
			short observation by id
		condition	by id
			by search params
			short conditions by search params
			short conditions by id
		service_request	list in episode context
			by search params
			by id in episode context
			by id
			by requisition
		procedure	by id
			by search params
			short procedures by id
			short procedures by search params
		diagnostic_report	by id
			by search params
			approved by patient_id
			short diagnostic_reports by search params
			by patient_id in observation context
			short diagnostic_reports by id
		care_plan	by id
			by search params
			by requisition
			by activity id
		activity	by id
		activity	by search params
		clinical_impression	by id
		clinical_impression	by search params

Rule: @rule_5 \| Action: @read
Scenario:	Base	Resource	Routes	Context*	Source of context	Logic
Employee with active approval can read all the data of specified in approval

patient

episodes

Given

Active

Active approval on

patient

episode

When

I require read access

Then I can read

not implemented yet

@rule_5

@read @episode @encounter @observation @condition @allergy_intolerance @immunization @risk_assessment @device@medication_statement @service_request @diagnostic_report @procedure @medication_administration @clinical_impression

Scenario: Doctor with active approval can read all the data of specified in approval episodes

Given Active approval on episode

When I require read access

Then I can read

Based on context episode

episode

by id

episode

There is an active approval on the episode granted to the employee (one of user's employee) in MongoDB

DB.episode.id

encounter

by id

DB.encounter

I require read access Then I can read	Based on context episode	episode	by id		DB.episode.id	There is an active approval on the episode granted to the employee (one of user's employee) in MongoDB
		encounter	by id	episode	DB.encounter.episode
			by search params		search param {episode_id} from URL
			by id in episode context		episode_id from URL (path)
			by search params in episode context
		observation	by id	episode	DB.observation.episode
			by search params		search param {episode_id} from URL
			by id in episode context		episode_id from URL (path)
			by search params in episode context
		condition	by id	episode	DB.condition.episode
			by search params		search param {episode_id} from URL
			by id in episode context		episode_id from URL (path)
			by search params in episode context

observation

service request

by id

episode

DB.service_requset.

observation

encounter.episode
by search params	search param {episode_id} from URL
by id in episode context	episode_id from URL (path)
by search params in episode context	episode_id from URL (path)

condition

diagnostic_report

by id

episode

DB.

condition

diagnostic_report.encounter.episode
by search params	search param {episode_id} from URL
medication_administration	by id

in

	episode	IF context is encounter THEN: DB.medication_administrations.context.episode
by search params	episode	search param {episode_id} from URL

(path)


procedure	by id	episode	DB.procedures.encounter.episode
	by search params

in episode contextservice request

	search param {episode_id} from URL
medication_request & medication_dispense	by id	episode	DB.

service

medication_

requset

request.

encounter.

diagnostic report

by id

DB.diagnostic_report.encounter.episode

context_episode_id
by search params	search param {episode_id} from URL

by id in episode context

episode_id from URL (path)

(can be used with {encounter_id} search param for sort by encounter)
medication_request_request	by id	episode	DB.medication_request_request.context_episode_id
medication_request_request	by search params	episode	search param {episode_id} from URL

procedure

(can be used with {encounter_id} search param for sort by encounter)
clinical_impression	by id	episode	DB.

procedures.encounter.episode

medication_request

by id

episode

DB.medication_request.context_episode

clinical_impression.context_episode_id
by search params	search param {episode_id} from URL

clinical_impression

by id

DB.clinical_impression.episode

by search params

search param {episode_id} from URL

(can be used with {encounter_id} search param for sort by encounter)

Rule: @rule_6 \| Action: @read
Scenario:	Base	Resource	Routes	Context*	Source of context	Logic
Employee can read entity originated by episode created in the employee's MSP Given Entity has been originated by mine MSP episode When I require read access Then I can read	Based on origin episode	encounter	by id	origin_episode	DB.encounter.origin_episode	origin_episode.managing_organization==token.client_id
			by search params

search param

Search param {origin_episode_id} from URL

(can be used with {encounter_id} search param for sort by encounter)medication_dispense


diagnostic repost	by id	origin_episode	DB.

medication

diagnostic_

request

report.

context

origin_episode

_id

by search

param (Search Medication dispenses by Medication request ID)search param {

params

Search param {origin_episode_id} from URL

(can be used with {encounter_id} search param for sort by encounter)medication_request_request


procedures	by id	origin_episode	DB

.medication_request_request.context_episode_id

.procedures.encounter.episode
by search params	search param {episode_id} from URL

(can be used with {encounter_id} search param for sort by encounter)

@rule_6

@read @diagnostic_report @encounter @procedure

Scenario: Doctor can read entity

Rule: @rule_7 \| Action: @read
Scenario:	Base	Resource	Routes	Context*	Source of context	Logic
Employee can read all the data of diagnostic report originated by episode created in the

doctors

employee's MSP

Given

Entity

Diagnostic report context has been originated by mine MSP episode

When

I

I require read access

Then

I

I can read

Based

on origin episode

encounter

by id

origin_episode

origin_episode.managing_organization==token.client_id

DB.encounter.origin_episode

by search params

Search param {origin_episode_id} from URL

diagnostic repost

by id

DB

on origin episode

observation

by id

diagnostic_report

DB.observation.diagnostic_report.origin_episode

by search params

Search param {

origin_episode.managing_

id} from URLprocedures

organization==token.client_id
	by search params

DB.

Search param {diagnostic_report

.origin_episode

@rule_7

@read @observation

Scenario: Doctor

_id} from URL

Rule: @rule_8 \| Action: @read
Scenario:	Base	Resource	Routes	Context*	Source of context	Logic
Employee can read all the data of

diagnostic report

encounter originated by episode created in the

doctors

employee's MSP

Given

Diagnostic report

Encounter context has been originated by mine MSP episode

When

I

I require read access

Then

I

I can read

Based on origin episode

observation

by id

	by id	encounter	DB.observation.context.origin_episode	origin_episode.managing_organization==token.client_id
	by search params		Search param {encounter_id} from URL
condition	by id	encounter	DB.condition.context.origin_episode
	by search params		Search param {encounter_id} from URL
diagnostic_report

origin_episode.managing_organization==token.client_id

by id

encounter

DB.

observation.

diagnostic_report.encounter.origin_episode
by search params	Search param {

diagnostic_report

by search params

Search param

encounter_id} from URL

@rule_8

@read @observation @condition @allergy_intolerance @immunization @risk_assessment @device @medication_statement @service_request @diagnostic_report @procedure @medication_administration @clinical_impression

Scenario: Doctor can read all the data of encounter originated by episode created in the doctors MSP

Given Encounter context has been originated by mine MSP episode

When I require read access

Then I can read

Based on origin episode

observation

by id

encounter

origin_episode.managing_organization==token.client_id

DB.observation.context.origin_episode

medication_administration	by id	encounter	IF context is encounter THEN: DB.medication_administrations.context.encounter
	by search params		search param {encounter_id} from URL
procedure	by id	encounter	DB.procedures.encounter.episode
	by search params		search param {encounter_id} from URL
~~medication_request~~	~~by id~~	~~encounter~~	~~DB.medication_request.context~~
	~~by search params~~		~~search param {encounter_id} from URL~~

condition

~~medication_request_request~~

~~by id~~

~~encounter~~

~~DB.~~

condition

~~medication_request_request.context~~

.origin_episode

~~by search params~~

Search param

~~search param {encounter_id} from URL~~

service request

by id

DB.service_request.encounter.origin_episode

by search params

Search param {encounter_id} from URL

diagnostic_report

by id

DB.diagnostic_report.encounter.origin_episode

by search params

Search param {encounter_id} from URL

procedure

by id

DB.procedure.origin_episode

by search params

Search param {encounter_id} from URL

~~medication_request~~

~~by id~~

~~encounter~~

~~DB.medication_request.context~~

~~by search params~~

~~search param {encounter_id} from URL~~

~~medication_request_request~~

~~by id~~

~~encounter~~

~~DB.medication_request_request.context~~

~~by search params~~

~~search param {encounter_id} from URL~~

@rule_9

@read @encounter @observation @condition @service_request @diagnostic_report

Scenario: Doctor with active approval can read data, originated by the episode

Given Active approval on episode

When I require read access

Then I can read

not implemented yet

@rule_10

@read @observation

Scenario: Doctor

Rule: @rule_9\| Action: @read \| NOT IMPLEMENTED YET
Scenario:	Base	Resource	Routes	Context	Source of context	Logic
Employee with active approval can read data, originated by the episode Given Active approval on patient When I require read access Then I can read		encounter
		observation
		condition
		service_request
		diagnostic_report

Rule: @rule_10 \| Action: @read
Scenario:	Base	Resource	Routes	Context*	Source of context	Logic
Employee can read all the data of diagnostic report created in the

doctors

employee's MSP

Given

Diagnostic

Diagnostic report context has been originated by mine MSP

When

I

I require read access

Then

I

I can read

Based on diagnostic report

observation

by id

diagnostic_

report

DB.observation.diagnostic_report.managing_organization

diagnostic_report.managing_organization==token.client_id

DB.observation.diagnostic_report.managing_organization

by search params

Search param {diagnostic_report_id} from URL

Rule: @rule_

11 @read @observation

11 \| Action: @read
Scenario:

Doctor

Base

Resource

Routes

Context*

Source of context

Logic

Employee with active approval can read all the data of specified in approval diagnostic report

Given

Active

Active approval on diagnostic report

When

I

I require read access

Then

I

I can read

Based on diagnostic report

observation

by id

diagnostic_report

DB.observation.diagnostic_report.managing_organization

There is an active approval on the diagnostic report granted to the employee (one of user's employee) in MongoDB

DB.observation.diagnostic_report


	by search params	Search param {diagnostic_report

_id} from URL

@rule_12

@read @care_plan @activity @medication_request @medication_request_request

Scenario: Doctor

_id} from URL

Rule: @rule_12 \| Action: @read
Scenario:	Base	Resource	Routes	Context	Source of context	Logic
Employee with active approval can read the data associated with the care plan

.

Given

Active

Active approval on care_plan

When

I

I require read access

Then

I

I can read

Based on care plan

care_plan

by id

care_plan + patient_id

DB.care_plan.id=approvals.granted_resources[].value

There is an active approval (access_level=read) on the care_plan granted to the employee by the patient (one of user's

employee) in MongoDBDB.care_plan.id=approvals.granted_resources[].value

employee) in MongoDB
	activity	by id	care_plan + patient_id

from URL (path)

DB.activities.

care_plan

[].id=approvals.granted_resources[].value

_id & patient_id from URL (path)
	by search params
medication_request_

requests

request

by

search paramscare_plan_

id

from URL (path)

DB.medication_request_requests.based_on.

care_plan

[].id=approvals.granted_resources[].value

medication_requests

by search params

+ patient_id	care_plan_id & patient_id from URL (path)
		by search params

DB.medication_requests.based_on.

medication_request

by id

care_plan + patient_id

care_plan

[].id=approvals.granted_resources[].value

_id & patient_id from URL (path)
	by search params
medication_dispense	by id	care_plan + patient_id	care_plan_id & patient_id from URL (path)
	by search params

(Search Medication dispenses by Medication request ID)

@rule_13

@write @care_plan @activity @medication_request @medication_request_request

Scenario: Doctor

Rule: @rule_13 \| Action: @write
Scenario:	Base	Resource	Routes	Context	Source of context	Logic
Employee with active approval can write the data associated with the care plan

.

Given Active

Given Active approval on care_plan

When

I

I require write access

Then

I can write

Based on care plan

care_plan

by id

care_plan + patient_id

DB.care_plan.id=approvals.granted_resources[].value

There is an active approval (access_level=write) on the care_plan granted to the employee by the patient (one of user's employee

) in MongoDB

DB.care_plan.id=approvals.granted_resources[].value

complete

cancel

) in MongoDB
	activity	by id	care_plan + patient_id

from URL (path)

DB.activities.

care_plan

[].id=approvals.granted_resources[].value

by search params

create

complete

cancel

medication_request_requests

by search params

care_plan_

_id & patient_id from URL (path)

DB.medication_request_requests.based_on.care_plan[].id=approvals.granted_resources[].value

medication_requests

by search params


	by search params
medication_request_request	by id	care_plan + patient_id	care_plan_id & patient_id from URL (path)

DB.medication_requests.based_on.care_plan[].id=approvals.granted_resources[].value

@read @service_request @encounter @diagnostic_report @procedure @medication_dispense

Scenario: User


	by search params
medication_request	by id	care_plan + patient_id	care_plan_id & patient_id from URL (path)
	by search params
medication_dispense	by id	care_plan + patient_id	care_plan_id & patient_id from URL (path)

by search params (Search Medication dispenses by Medication request ID)

@rule_14

by search params

Rule: @rule_14 \| Action: @read
Scenario:	Base	Resource	Routes	Context	Source of context	Logic
Employee with active approval on the care plan can read the data based on this care plan

.

Given Entity When I

Given Entity based on care_plan

And Active approval on care_plan

When I require read access

Then

I can read

Based on care plan

service_request

by id

care

plan

_plan (based_on) + patient_id

DB.service_request

by id

.based_on.care_plan[].id=approvals.granted_resources[].value

There is an active approval (access_level=read/write) on the care_plan granted to the

employee (one of user's employee) in MongoDBDB

employee by the patient (one of user's employee) in MongoDB
	by search params	care_plan + patient_id	care_plan_id from URL (search param) & patient_id from path
	encounter	by id	patient_id ->. care_plan (based_on service_request)	DB.encounter.based_on.service_request.based_on.care_plan[].id=approvals.granted_resources[].value

by search params

care_plan_id from URL (search param)

DB

OR DB.diagnostic_report.based_on.service_request.based_on.care_plan[].id=approvals.granted_resources[].value

encounter

by id

care_plan_id from URL (search param)

DB

OR DB.procedure.based_on.service_

requests

request.based_on.care_plan[].id=approvals.granted_resources[].value
	diagnostic_report	by id
	procedure	by id

- all routes need to have patient_id in context as an additional parameter

Versions Compared

Old Version 7

New Version 8

Key

Rule: @rule_-2 | Action: @read | (GraphQL only)

Rule: @rule_-1 | Action: @read

Rule: @rule_0 | Action: @read

Rule: @rule_1 | Action: @read

Rule: @rule_2 | Action: @read

Rule: @rule_3 | Action: @read

Rule: @rule_4 | Action: @read

Rule: @rule_5 | Action: @read

Rule: @rule_6 | Action: @read

Rule: @rule_7 | Action: @read

Rule: @rule_8 | Action: @read

Rule: @rule_9| Action: @read | NOT IMPLEMENTED YET

Rule: @rule_10 | Action: @read

Rule: @rule_

11 | Action: @read

Rule: @rule_12 | Action: @read

Rule: @rule_13 | Action: @write

Rule: @rule_14 | Action: @read