| Table of Contents |
|---|
Purpose
API paragraph not found
Specification
| Page Properties | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| |||||||||||||||||||||||||||
|
Logic
Return all service requests related to specified episode of care
Find all encounters related to specified episode of care (Medical Events DB: $.encounters[*].episode.identifier.value == :episode_id)
Find all service requests related to received encounters (Medical Events DB: $.service_requests[*].context.identifier.value IN :encounters)
...
API paragraph not found
Authorize
Verify the validity of access token
Return (401, 'unauthorized') in case of validation fails
Verify that token is not expired
in case of error - return (401, 'unauthorized')
Check user scopes in order to perform this action (scope = 'service_request:read')
Return (403, 'invalid scopes') in case of invalid scope(s)
...
Otherwise - access to this data is denied. Return (403, 'forbidden')
Rule 1: User who has active declaration with patient is "authorized" to manage all patient's data
If ANY employee related to this user in this legal entity has active declaration with this patient - it has the privileges to access this data
...
| Code Block | ||
|---|---|---|
| ||
SELECT d.id
FROM declarations d
WHERE d.legal_entity_id = :client_id
AND d.employee_id IN (:employees)
AND d.status IN ('active', 'pending_verification')
AND d.person_id = :patient_id; |
Rule 2: User with active approval to this episode can view episode details and its child entities
TBD
Processing
API paragraph not found
...