Purpose

...

Logic

1. Save signed content to media storage.

2. Update Medication request in OPS DB:

   1. set status = 'REJECTED'

   2. set reject_reason_code = $.reject_reason_code

   3. set reject_reason = $.reject_reason

   4. set updated_by = user_id

   5. set updated_at = now()

3. Send SMS for person

   1. If Medication request has program with medical program setting medication_request_notification_disabled request_notification_disabled = true, then don't send SMS.

      Else:

      1. Get authentication_method of person from MPI

      2. If authentication_method == OTP, then send SMS to a person from Medication request:

         1. Generate SMS text (

            1. get template from reject_template_sms parameter

            2. enrich template with data from Medication request

         2. Send SMS to a person

4. Add new status to event manager

5. f the medication request is based on the activity with quantity:

   1. Recalculate and set remaining_quantity for the activity as described at Create Medication Request: Validate based_on (p. 2.d.1 )and do not include current MR but include all MD which related to current MR

Технічний опис бізнес-процесу виписування рецепту в ЕСОЗ (загальний процес для усіх рецептурних ЛЗ, в т.ч. і тих, які підлягають реімбурсації)

...

1. Verify the validity of access token

   • in case of error - return 401 (“Invalid access token”) in case of validation fails

2. Verify that token is not expired

   • in case of error - return 401 (“Invalid access token”)

3. Check user scopes in order to perform this action (scope = 'medication_request:reject')

   • return 403 (“Your scope does not allow to access this resource. Missing allowances: medication_request:reject”) in case of invalid scope(s)

4. If BLOCK_UNVERIFIED_PARTY_USERS is true, then check party's data match following condition: verification_status != NOT_VERIFIED or (verification_status = NOT_VERIFIED and updated_at <= current_date - UNVERIFIED_PARTY_PERIOD_DAYS_ALLOWED):

   • in case not match - return 403 ("Access denied. Party is not verified")

Headers

Content-Type:application/json

...

Medication Request rejection is allowed for user if he has one of the following active and approved employee that:

• is anauthor of the Medication request Request (medication_request.employee_id);

• has an approval on write Care plan if Medication Request based on the Care plan (medication_request.based_on);

• isMed_Admin from legal entity where Medication Request is created

  • in case of error - return 409 ("Employee is not author of medication request, doesn't have approval or required employee type").

• is an Employee from legal entity where Medication Request is created

  • in case of error - return 409 ("Only an employee from legal entity where medication request is created can reject medication request")

Validate content

• Validate request using JSON schema

  • in case of error - return 422 ('schema does not allow additional properties' OR 'required property type was not present').

• Check that signed content contains all required fields and is equal to stored object

  • Decode signed content.

  • Render requested medication request.

  • Check that rendered and decoded data matches (except for reject_reason_code and reject_reason fields)

    • in case of error - return 422 ("Signed content does not match the previously created content").

...

For more information look at Medication request status model .

Validate reject reason code

• Validate $.reject_reason_code is a value from MEDICATION_REQUEST_REJECT_REASON dictionary

  • in case of error - return 422 ("value is not allowed in enum")

Parameters that are used when processing the request

...