Versions Compared

Old Version 16

changes.mady.by.user Anastasiia Prokhorova (SoE eHealth)

Saved on

compared with

New Version 17

changes.mady.by.user Anzhela Kovalenko (SoE eHealth)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Table of Contents

...

Rule base type

Description

Based on declaration

Employee with an active declaration can access all the patient's medical data (including person's/preperson's medical data which were merged with person with active declaration).

Based on managing organization

Employee can read entities, created in his MSP

Based on context episode

Employee can read medical data, that was collected during an episode of care, that employee has access to.

Based on diagnostic report

Employee can read medical data, that was collected as a part of a diagnostic report, managed by the employee's legal entity.

Based on origin episode

Employee can read medical data, that was collected as a part of a diagnostic report or episode of care, that employee has access to.
Episode of care, that contains this service request,  is considered as an origin episode in that case. 

Based on care plan

Employee with active approval on the care plan can read or write the data based on this care plan

Based on patient

Employee with active approval on the patient can read the data related to this patient (including person's/preperson's medical data which were merged with person with active declaration)

 

Rule: @rule_-2 | Action: @read | (GraphQL only)

Scenario: 

Base

Resource

Routes

Context

Source of context

Logic

NHS employee can read patient’s data if he has Justification for monitoring 

 

Given Justification on monitoring patient's data given by the user (works only from Admin panel, graphql api)
When I require read access
Then I can read

Based on user token

episode

JustificationFilter schema

patient_id

person_id from JustificationFilter schema

There is an active token & an active justification 

encounter

observation

condition

allergy_intolerance

immunization

risk_assessment

device

medication_statement

medication_request

medication_dispense

service_request

diagnostic_report

procedure

medication_administration

care_plan

activity

...

Rule: @rule_1 | Action: @read 

Scenario: 

Base

Resource

Routes

Context

Source of context

Logic

Employee with active declaration can read all patient data (including merged persons/prepersons data)
Given Active declaration with patient
And declaration from the same MSP

When I require read access

Then I can read

Based on  declaration and user token

episode

by id

person_id

person_id from URL

There is an active declaration between the patient and the employee in OPS from the same MSP from token

by search params

encounter

by id

by search params

by id in episode context

by search params in episode context

observation

by id

by search params

by id in episode context

by search params in episode context

condition

by id

by search params

by id in episode context

by search params in episode context

service_request

by id

by search params

diagnostic_report

by id

by search params

procedure

by id

by search params

medication_administration

by id

by search params

care_plan

by id

by search params

activity

by id

by search params

approval

by id

by search params

clinical_impression

by id

by search params

medication_request_request 

& medication_request &
medication_dispense

by id

by search params

...

Rule: @rule_4 | Action: @read 

Scenario: 

Base

Resource

Routes

Context

Source of context

Logic

Employee with active approval can read all the data (including merged persons/prepersons data) of specified in approval patient

Given Active approval on patient

When I require read access

Then I can read

Based on patient_id

 

 

 

 

 

episode

by id

 patient_id

 

 

 

 

patient_id from URL

 

 

 

 

There is an active approval on patient’s data granted to the to the employee (one of user's employee) in MongoDB

 

by search params

active diagnosis

short episodes by search params

by patient_id in observation context

by patient_id in condition context

by patient_id in procedure context

by patient_id in diagnostic_report context

encounter

by id

by search params

by id in episode context

by search params in episode context

short encounters by search params

short encounters by ID

observation

by id

by search params

short observations by search params

short observation by id

condition

by id

by search params

short conditions by search params

short conditions by id

service_request

list in episode context

by search params

by id in episode context

by id

by requisition

procedure

by id

by search params

short procedures by id

short procedures by search params

diagnostic_report

 by id

by search params

approved by patient_id

short diagnostic_reports by search params

by patient_id in observation context

short diagnostic_reports by id

care_plan

by id

by search params

by requisition

by activity id

activity

by id

by search params

clinical_impression

by id

by search params

medication_request_request

by id

by search params

medication_request

by id

by search params

medication_dispense

by id (details in person context)

by search params (by medication request id)

...