Table of Contents | ||||
---|---|---|---|---|
|
...
Specification
Page Properties | ||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
...
Input parameter | Values | Type | Description | Example |
---|---|---|---|---|
patient_id | String | mpi_id. Required | aff00bf6-68bf-4b49-b66d-f031d48922b3 |
Request structure
See on Apiary
Example:
Expand | ||||||
---|---|---|---|---|---|---|
| ||||||
|
...
Verify the validity of access token
in case of error - return 401 (“Invalid access token”) in case of validation fails
Verify that token is not expired
in case of error - return 401 (“Invalid access token”)
Check user scopes in order to perform this action (scope = 'approval:create ')
return 403 (“Your scope does not allow to access this resource. Missing allowances: approval:create ”) in case of invalid scope(s)
Headers
Наприклад:
Content-Type:application/json
...
if episode_of_care is presented in request as the code of resource
Check episode_of_care in the request exists and is in active or closed status in DB
in case of error return - 422 (Episode is canceled)
Check if resource from granted_to = 'employee':
in case of error return - 422 ("$.resource. value is not allowed in enum")
if diagnostic_report is presented in request as the code of resource
Check diagnostic_report block in the request exists and is in final status in DB
in case of error return - 422 (Diagnostic report in \"entered_in_error\" status can not be referenced or Diagnostic report with such id is not found)
Check if resource from granted_to = 'employee':
in case of error return - 422 ("$.resource. value is not allowed in enum")
if care_plan is presented in request as the code of resource
Check care_plan in the request exists in DB
in case of error return - 422 (Care plan with such id is not found)
Check there no other objects in request
in case of error return - 422 (Approval for care plan can not contain other entities)
Check if resource from granted_to = 'employee':
in case of error return - 422 ("$.resource. value is not allowed in enum")
If access_level = 'write':
Check if care_plans.managing_organization = granted_to.employees.legal_entity_id:
in case of error return - 422 ('User is not allowed to write care plan from another legal_entity')
if encounter is presented in request as the code of resource
Check encounter in the request exists in DB
in case of error return - 422 (not found)
Check if resource from granted_to = 'employee':
in case of error return - 422 ("$.resource. value is not allowed in enum")
if procedure is presented in request as the code of resource
Check procedure in the request exists in DB
in case of error return - 422 (not found)
Check if resource from granted_to = 'employee':
in case of error return - 422 ("$.resource. value is not allowed in enum")
...
Validate person authentication_method
If resource = care_plan & care_plans.terms_of_service = 'INPATIENT'&granted_to.employees.legal_entity_id = care_plans.managing_organization:
skip validation of person authentication_method
set approvals.urgent = null
In other cases: Check patient_id:
if belongs to person, then GET auth_method from MPI using {patient_id}
If it's OTP:
send SMS to the auth_phone via otp_verification service POST /verifications
save approval to DB
save authentication_method_current.type and number to DB
return authentication_method_current.type = OTP
If it is offline
save approval to DB
save authentication_method_current.type and number to DB
return authentication_method_current.type = offline
if it is null:
return error 409 (Person does not have active authentication method)
if belongs to preperson:
save approval to DB
set approval status = active
set approval urgent = null
...
block | granted_resources | access_level | access to | reason |
---|---|---|---|---|
resources | episode_of_care | read | Reading all the data of specified in approval episode | null |
diagnostic_report | read | Reading all the data of specified in approval diagnostic report | null | |
diagnostic_report | write | Canceling diagnostic report package | ||
care_plan | read | Reading all the data of specified in approval care plan | null | |
care_plan | write | Creating activities for care plan, cancelling medication requests or recalling/cancelling service requests based on care plan | ||
encounter | write | Canceling encounter data package | null | |
procedure | write | Canceling procedure | null | |
child_resources | diagnostic_report | read | Reading all the data of specified in context for diagnostic_report | null |
encounter | Reading all the data of specified in context for encounter | null | ||
condition | Reading all the data of specified in context for condition | null | ||
observation | Reading all the data of specified in context for observation | null | ||
activity | Reading all the data of specified in context for activity | null | ||
clinical_impression | Reading all the data of specified in context for clinical_impression | null | ||
allergy_intolerance | Reading all the data of specified in context for allergy_intolerance | null | ||
immunization | Reading all the data of specified in context for immunization | null | ||
device | Reading all the data of specified in context for device | null | ||
risk_assessment | Reading all the data of specified in context for risk_assessment | null | ||
procedure | Reading all the data of specified in context for procedure | null | ||
service_request | episode_of_care | read | Reading data from granted_resources in approval service request | service_request |
diagnostic_report | read | |||
forbidden_group | forbidden_group | read | Reading all the medical events with items (codes/services/service_groups) of specified in approval forbidden groups | null |
diagnoses_group | episode_of_care array | read | Reading all data of episodes with current_diagnoses.codes that specified in approval diagnoses group | null |
patient_id | patient_id | read | Reading all the data of specified patient | null |
Validate authorize_with
The patient can pass the id of his auth_method which he wants to confirm the approval. The necessary auth method can be found by making Get person's auth methods
...
All the approvals in status "new" should be deleted 12 hours after creation - env. configuration parameter
All approvals with diagnoses_group has its own expires_at config parameter - env. configuration parameter
All approvals with forbidden_group has its own expires_at config parameter - env. configuration parameter
All approvals with care_plan has its own expires_at config parameter - env. configuration parameter
All approvals with patient has its own expires_at config parameter - env. configuration parameter
Approvals with child_resources will be created ON entity which is context of this child_resources
For approvals on child_resource with resource and on service_request:
set child resource to block reason
set service_request to block reason
Approvals with child_resources will be created ON entity which is context of this child_resources
For approvals on child_resource with resource and on service_request:
set child resource to block reason
set service_request to block reason
If resource from granted_to = employee:
Check if for granted_resource and\or for reason there are forbidden groups:if there are items from forbidden group
check type of authentication_method for patient
If type = 'OTP' send SMS (Код <code> для доступу до даних про ВІЛ/РПП https://bit.ly/nszu1677f )
if there NO forbidden group items and diagnoses_group block is presented in request
if diagnoses_group type is ICD10:
check type of authentication_method for patient
If type = 'OTP' send SMS (Код <code>: доступ на групу діагнозів {diagnoses_group_code} http://bit.ly/nszu1677b )
if diagnoses_group type is ICPC2:
check type of authentication_method for patient
If type = 'OTP' send SMS (Код <code> доступ на групу діагнозів {diagnoses_group_code} http://bit.ly/nszu1677e )
else if there NO forbidden group items
check type of authentication_method for patient
If type = 'OTP' send SMS (Код авторизації дій в системі eHealth: <code>')
If resource from granted_to = legal_entity:
check type of authentication_method for patient
If type = 'OTP' send SMS (Код <code>: згода на обробку персональних даних eZdorovya )
...
Expand | |||||
---|---|---|---|---|---|
| |||||
|
...
Page Properties | ||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|