Table of Contents

style	none

Filtration Logic

For each method described in Table “Medical events to filter“ use following logic to define if User has an access to medical events with data included in the Forbidden groups.

1. Define forbidden group Items

Define forbidden group Items presented in Medical events the User should not see

Get Forbidden group Items from cache.
- if cache is empty - fill it with all active forbidden group items (forbidden_group_codes and forbidden_group_services)
Get all active and approved user's employees
Get all active Approvals on forbidden groups granted by patient to all user's employees
- if it merged person/preperson - get all active Approvals on forbidden groups granted by active master_person to all user's employees
Form list of forbidden group items that still are restricted for the User: eliminate items in approvals from the all forbidden group items.

2. Check Medical event is allowed to access

Check Medical event data is allowed to access according to Forbidden groups

Do usual validations in methods described in the table “Medical events to filter” (column “Method”)
If client_type from token is not CABINET, then additionally filter Medical events by rule: values in fields at column “Filter by“ (table below) are not in the forbidden list of items defined at p.1 OR user is an author of the ME OR there is an approval (granted_resource) on particular medical event
- in case values in forbidden list and user is not an author - return error described at “Result“ column (table below)

Info

How to define user is an author of the Medical event?

Check party_users table: If inserted_by user in ME belongs to the same party as user from the token, then this is an author.

Medical events to filter

Medical event	Method	Filter by	Forbidden group items	Result	Additional info
Episode	Get Episode by id	diagnoses_history	codes from dictionaries: eHealth/ICD10_AM/condition_codes eHealth/ICPC2/condition_codes	Return 403 error with type “forbidden“ and message “Access denied“	Get Episode by id
	Get Episode by search params			Do not render in the response	Get Episodes by search params
	Get approved Episodes			Do not render in the response	Get Approved Episodes
	Get Active Diagnoses Summary	current_diagnoses		Do not render in the response	Patient summary Summary active Diagnoses
	Get Short Episodes Summary	diagnoses_history		Do not render in the response	Patient summary
	Get Short Episodes by Diagnoses Groups	diagnoses_history		Do not render in the response	Get Short Episodes by Diagnoses Groups
	Get Episode details in Composition context	diagnoses_history		Return 403 error with type “forbidden“ and message “Access denied“	RC_(MC-1180)_[NEW] Get Episode details in Composition context
Encounter	Get encounter by id	diagnoses actions reasons action_references	diagnoses by codes from dictionaries: eHealth/ICD10_AM/condition_codes eHealth/ICPC2/condition_codes actions by codes from dictionary eHealth/ICPC2/actions reasons by codes from dictionary eHealth/ICPC2/reasons code by service_id	Return 403 error with type “forbidden“ and message “Access denied“	Get Encounter by id
	Get encounters by search params			Do not render in the response	Get Encounters by search params
	Get encounters in episode context			Do not render in the response
	Get encounter details in episode context			Return 403 with type “forbidden“ and message “Access denied“
	Get Encounters summary			Do not render in the response	Summary Encounters_UA
	Get Encounter summary by ID			Return 403 with type “forbidden“ and message “Access denied“	Get Short Encounter by id
	Get Encounter details in Composition context			Return 403 with type “forbidden“ and message “Access denied“	RC_(MC-1180)_[NEW] Get Encounter details in Composition context
Condition	Get conditions in episode context	code evidences	code by codes from dictionaries: eHealth/ICD10_AM/condition_codes eHealth/ICPC2/condition_codes evidences by codes from dictionary eHealth/ICPC2/reasons	Do not render in the response
	Get condition details in episode context			Return 403 error with type “forbidden“ and message “Access denied“
	Get conditions by search params			Do not render in the response	Get Condition by id
	Get condition by id			Return 403 error with type “forbidden“ and message “Access denied“	Get Condition by id
	Get Conditions Summary			Do not render in the response	Summary Conditions
	Get Condition Summary by id			Return 403 error with type “forbidden“ and message “Access denied“	Get Condition by id (Summary)
	Get Condition details in Composition context			Return 403 error with type “forbidden“ and message “Access denied“	RC_(MC-1180)_[NEW] Get Condition details in Composition context
Diagnostic report	Get Diagnostic report by id	conclusion_code code	conclusion_code by codes from dictionary eHealth/ICD10_AM/condition_codes code by service_id	Return 403 error with type “forbidden“ and message “Access denied“	Get Diagnostic Report by id
	Get Diagnostic reports by search params			Do not render in the response	Get Diagnostic Report by search params
	Get approved Diagnostic report			Do not render in the response	Get Approved Diagnostic Reports
	Get Diagnostic report Summary by id			Return 403 error with type “forbidden“ and message “Access denied“	Summary Diagnostic Reports
	Get Diagnostic reports Summary			Do not render in the response	Summary Diagnostic Reports
	Get Short Diagnostic Reports by Service Groups			Do not render in the response	RC_Get Short Diagnostic Reports by Service Groups (CSI-1834)
	Get Diagnostic Report details in Composition context			Return 403 error with type “forbidden“ and message “Access denied“	RC_(MC-1180)_[NEW] Get Diagnostic Report details in Composition context
Procedure	Get Procedure by id	code	service_id	Return 403 error with type “forbidden“ and message “Access denied“	Get Procedure by id
	Get Procedures by search params			Do not render in the response	Get Procedures by search params
	Get Procedure Summary by id			Return 403 error with type “forbidden“ and message “Access denied“	Summary procedures
	Get Procedures Summary			Do not render in the response	Summary procedures
	Get Short Procedures by Service Groups			Do not render in the response	RC_Get Short Procedures by Service Groups (CSI-1834)
	Get Procedure details in Composition context			Return 403 error with type “forbidden“ and message “Access denied“	RC_(MC-1180)_[NEW] Get Procedure details in Composition context
Care plan	Get Care plan by id	addresses	codes from dictionaries: eHealth/ICD10_AM/condition_codes eHealth/ICPC2/condition_codes	Return 403 error with type “forbidden“ and message “Access denied“	Get Care plan by ID
	Get Care Plan details in Composition context	addresses			RC_(MC-1180)_[NEW] Get Care Plan details in Composition context
	Get Care plans	Filtration is not used. Response of this method does not return sensetive data			Get Care Plans by search params
	Get Care plan by requisition				Get Care Plans by requisition
Care plan activity	Get Activity by id	reason_code product_reference (if kind=service_request)	reason_code by codes from dictionaries: eHealth/ICD10_AM/condition_codes product_reference by: service_id if resource type=service service_group_id if resource type=service_group	Return 403 error with type “forbidden“ and message “Access denied“	RС_[UPD] API. Get activity by ID
Care plan activity	Get Activities	reason_code product_reference (if kind=service_request)		Do not render in the response	RС_[UPD] API. Get activities by search params
Service request	Get Service request by search params	code context_program_service	code by: service_id if resource type=service service_group_id if resource type=service_group context_program_service.service_id by service_id context_program_service.service_group_id by service_group_id	Do not render in the response
	Get Service request by id			Return 403 error with type “forbidden“ and message “Access denied“
	Get Service request list in episode context			Do not render in the response	Get Service requests by search params
	Get Service request details in episode context			Return 403 error with type “forbidden“ and message “Access denied“	Get Service requests by search params
	Get Service request by requisition			Do not render in the response	Search for a Service Request_EN
	Get Service Request details in Composition context			Return 403 error with type “forbidden“ and message “Access denied“	RC_(MC-1180)_[NEW] Get Service Request details in Composition context

Versions Compared

Old Version 1

New Version Current

Key

Filtration Logic

1. Define forbidden group Items

2. Check Medical event is allowed to access

Medical events to filter

Page Comparison

Versions Compared

Old Version 1

New Version Current

Key

Filtration Logic

1. Define forbidden group Items

2. Check Medical event is allowed to access

Medical events to filter