| Table of Contents | ||
|---|---|---|
|
...
if episode_of_care is presented in request as the code of resource
Check episode_of_care in the request exists and is in active or closed status in DB
in case of error return - 422 (Episode is canceled)
Check if resource from granted_to = 'employee':
in case of error return - 422 ("$.resource. value is not allowed in enum")
if diagnostic_report is presented in request as the code of resource
Check diagnostic_report block in the request exists and is in final status in DB
in case of error return - 422 (Diagnostic report in \"entered_in_error\" status can not be referenced or Diagnostic report with such id is not found)
Check if resource from granted_to = 'employee':
in case of error return - 422 ("$.resource. value is not allowed in enum")
if care_plan is presented in request as the code of resource
Check care_plan in the request exists in DB
in case of error return - 422 (Care plan with such id is not found)
Check there no other objects in request
in case of error return - 422 (Approval for care plan can not contain other entities)
Check if resource from granted_to = 'employee':
in case of error return - 422 ("$.resource. value is not allowed in enum")
If access_level = 'write':
Check if care_plans.managing_organization = granted_to.employees.legal_entity_id:
in case of error return - 422 ('User is not allowed to write care plan from another legal_entity')
if encounter is presented in request as the code of resource
Check encounter in the request exists in DB and is not in “entered_in_error” status in DB
(Encounter in \"entered_in_error\" status can not be referenced or Encounter with such id is not found)
Check if resource from granted_to = 'employee':
in case of error return - 422 ("$.resource. value is not allowed in enum")
if procedure is presented in request as the code of resource
Check procedure in the request exists in DB and is not in “entered_in_error” status in DB
in case of error return - 422 (Procedure in \"entered_in_error\" status can not be referenced)
Check if resource from granted_to = 'employee':
in case of error return - 422 ("$.resource. value is not allowed in enum")
if specimen is presented in request as the code of resource
Check specimen in the request exists in DB and is not in “entered_in_error” status in DB
in case of error return - 422 (Specimen in \"entered_in_error\" status can not be referenced)
Check if resource from granted_to = 'employee':
in case of error return - 422 ("$.resource. value is not allowed in enum")
if composition is presented in request as the code of resource
Check composition in the request exists in DB and is notin “entered_in_error” status in DB
in case of error return - 422 (Composition in \"entered_in_error\" status can not be referenced)
Check if resource from granted_to = 'employee':
in case of error return - 422 ("$.resource. value is not allowed in enum")
Validate service_request
If service_request block is presented in request
Get Service_request details (only in active status)
use Response.permitted_resources as resources for approval(could be episode or diagnostic_report).
If resource from granted_to = 'legal_entity':
Check if status of legal_entity in (ACTIVE, SUSPENDED, REORGANIZED):
in case of error return - 422 (Legal entity should be active)
...
if service_group block is presented in request
Check services_group in the request exists and is_active in DB
in case of error return - 404 (not found)
Check if resource from granted_to = 'employee':
in case of error return - 422 ("$.resource. value is not allowed in enum")
Validate composition
If composition block is presented in request do the following validations
Validate value in the field $.composition, Reference, optional.
Check composition exists in DB, is notin “entered_in_error” status and belongs to patient
in case of error return - 404 (not found)
Check the resource from granted_to = 'employee':
in case of error return - 422 ("$.resource. value is not allowed in enum")
Validate patient
if patient block is presented in request
Get patient_id from URL:
Check person_id from the request equal to the patient_id from URL
in case of error return - 404 (“Approval for one patient can not be created in another patient’s context”)
exists and is_active in DB
in case of error return - 404 (Person is not found)
Check if resource from granted_to = 'employee':
in case of error return - 422 ("$.resource. value is not allowed in enum")
...
block | granted_resources | context | access_level | access to | reason |
|---|---|---|---|---|---|
resources | episode_of_care |
| read | Reading all the data of specified in approval episode |
null or child_resource |
diagnostic_report | read | Reading all the data of specified in approval diagnostic report | |||
diagnostic_report | write | Canceling diagnostic report package | |||
care_plan | read | Reading all the data of specified in approval care plan | |||
care_plan | write | Creating activities for care plan, cancelling medication requests or recalling/cancelling service requests based on care plan | |||
encounter | write | Canceling encounter data package | |||
procedure | write | Canceling procedure | |||
specimen | write | Canceling specimen | |||
composition | write | Mark in error composition | |||
child_resources | diagnostic_report | episode_of_care | read | Reading all the data of specified in context for diagnostic_report | null |
encounter | episode_of_care | Reading all the data of specified in context for encounter | null | ||
condition | episode_of_care | Reading all the data of specified in context for condition | null | ||
observation | episode_of_care diagnostic_report | Reading all the data of specified in context for observation | null | ||
activity | care_plan | Reading all the data of specified in context for activity | null | ||
clinical_impression | episode_of_care | Reading all the data of specified in context for clinical_impression | null | ||
allergy_intolerance | episode_of_care | Reading all the data of specified in context for allergy_intolerance | null | ||
immunization | episode_of_care | Reading all the data of specified in context for immunization | null | ||
device | episode_of_care | Reading all the data of specified in context for device | null | ||
risk_assessment | episode_of_care | Reading all the data of specified in context for risk_assessment | null | ||
procedure | episode_of_care | Reading all the data of specified in context for procedure | null | ||
service_request | episode_of_care |
| read | Reading data from granted_resources in approval service request | service_request |
diagnostic_report |
| read | |||
forbidden_group | forbidden_group |
| read | Reading all the medical events with items (codes/services/service_groups) of specified in approval forbidden groups | null |
diagnoses_group | diagnoses_group |
| read | Reading short data of episodes with current_diagnoses.codes that specified in approval diagnoses group | null |
services_group | services_group |
| read | Reading short data of diagnostic reports and procedures with code.identifier.value that specified in approval service group | null |
patient_id | patient_id |
| read | Reading all the data of specified patient | null |
resource_types | device |
| read | Read all the data of specified patient and resource type | null |
device_association |
| read | Read all the data of specified patient and resource type | null | |
detected_issue |
| read | Read all the data of specified patient and resource type | null | |
composition | composition |
| read | Read all the data of specified in approval composition including resources in composition sections and forbidden groups associated with such resources | null |
Validate authorize_with
The patient can pass the id of his auth_method which he wants to confirm the approval. The necessary auth method can be found by making Get person's auth methods
...
Set is_verified value to:
false if patient is person.
true if patient is preperson.
All the approvals where is_verified = false should be deleted 12 hours after creation - env. configuration parameter (APPROVAL_TTL_HOURS)
All approvals depends on value of granted_resources has its own expires_at config parameter - env. configuration parameter
Approvals with child_resources will be created ON entity which is context of this child_resources
For approvals on child_resource with resource and on service_request:
set child resource to block reason
set service_request to block reason
If block
resource_typespassed in request - it must be saved todb.approvals.granted_resource_types.db.approvals.granted_resourcesmust be emptyin all other scenarios
db.approvals.granted_resource_typesmust be empty
Specific approvals can request and provide additional permissions from patient to employee to get access to some sensitive information in requested resource
If approval is requested on Composition (block $.composition is presented in request)
Check each resource from
composition.section[].entry[](any level of hierarchy) to see if it matches with any of the rule of forbidden groups according to Medical Events filtration by Forbidden groupsIf if does - put forbidden group identifier to approval
append approval.forbidden_groups with the Reference to forbidden group(s)
If some resources matches with the same forbidden group that was already added - do not duplicate it
Determine SMS template based on the list of matched forbidden groups (see table below)
If approval is requested on child_resource (block $.composition is presented in request)
Check the resource from child_resource to see if it matches with any of the rules of forbidden groups according to Medical Events filtration by Forbidden groups
If if does - put forbidden group identifier to approval
append approval.forbidden_groups with the Reference to forbidden group(s)
Determine SMS template based on the list of matched forbidden groups (see table below)
If block
compositionpassed in request - put $.composition reference todb.approvals.granted_resourcesCheck type of authentication_method for patient:
If type = 'OTP' send SMS type of granted_to & type of entity in granted_resources:
granted_to | block | granted_resources | Sms | |
items with FG | w\o items with FG | |||
employee | resources | episode_of_care | Код <code> для доступу до даних про <forbidden_groups.short_name> <forbidden_groups.sms_url>
If there are codes from more than 1 group:
Код <code> для доступу до даних про ВІЛ,РПП https://bit.ly/nszu1677f | Код авторизації дій в системі eHealth: <code> |
diagnostic_report | ||||
care_plan | ||||
encounter | ||||
procedure | ||||
specimen | ||||
child_resources | diagnostic_report | |||
encounter | ||||
condition | ||||
observation | ||||
activity | ||||
clinical_impression | ||||
allergy_intolerance | ||||
immunization | ||||
device | ||||
risk_assessment | ||||
procedure | ||||
service_request | episode_of_care | |||
diagnostic_report | ||||
forbidden_group | forbidden_group | -(only with FG) | ||
diagnoses_group | diagnoses_group | ICD10: Код <code>: доступ на групу діагнозів {diagnoses_group_code} http://bit.ly/nszu1677b ICPC2: Код <code>: доступ на групу діагнозів {diagnoses_group_code} http://bit.ly/nszu1677e | ||
services_group | services_group | Код ****: доступ на групу сервісів {service_group_code} http://bit.ly/nszu1677e | ||
patient_id | patient_id | Код авторизації дій в системі eHealth: <code> | ||
resource_types | device | Код <code>: доступ до інформації про медичні вироби пацієнта | ||
| device_association | |||
| detected_issue | |||
composition | composition | Код авторизації дій в системі eHealth: <code> | ||
granted_to | block | granted_resources | Sms | |
items with FG | w\o items with FG | |||
legal_entity | service_request | episode_of_care | -(only w/o FG) | Код <code>: згода на обробку персональних даних https://bit.ly/nszu1677i) |
diagnostic_report | ||||