Rule base type | Description |
---|---|
Based on declaration | Doctor with an active declaration can access all the patient's medical data. |
Based on managing organization | User can read entities, created in his MSP |
Based on context episode | User can read medical data, that was collected during an episode of care, that user has access to. |
Based on diagnostic report | User can read medical data, that was collected as a part of a diagnostic report, managed by the user's legal entity. |
Based on origin episode | Doctor can read medical data, that was collected as a part of a diagnostic report or episode of care, that user has access to. Episode of care, that contains this service request, is considered as an origin episode in that case. |
...
Rule | Base | Resource | Routes | Context | Logic | Source of context |
---|---|---|---|---|---|---|
@rule_-1 @read @allergy_intolerance @immunization @risk_assessment @device @medication_statement Scenario: Employee can read insensitive patient’s data Given User access token with client_type not equal to cabinet When I require read access Then I can read | Based on user token | by id | There is an active token | |||
by search params | There is an active token | |||||
@rule_0 @read @episode @encounter @observation @condition@service_request @diagnostic_report @procedures @allergy_intolerance @immunization @risk_assessment @device @medication_statement @procedure @medication_administration Scenario: Patient can read it's own data Given Patient has access_token given by Cabinet When I require read access Then I can read | Based on patient token | by id | patient_id | There is an active token given by Cabinet to a patient | ||
by search params | ||||||
@rule_1 @read @episode @encounter @observation @condition @service_request @diagnostic_report @procedures @medication_administration Scenario: Doctor with active declaration can read all patient data Given Active declaration with patient And declaration from the same MSP When I require read access Then I can read | Based on declaration | episode | by id | patient_id | There is an active declaration between the patient and the doctor in OPS | patient_id from URL |
by search params | ||||||
encounter | by id | |||||
by search params | ||||||
by id in episode context | ||||||
by search params in episode context | ||||||
observation | by id | |||||
by search params | ||||||
by id in episode context | ||||||
by search params in episode context | ||||||
condition | by id | |||||
by search params | ||||||
by id in episode context | ||||||
by search params in episode context | ||||||
service_request | by id | |||||
by search params | ||||||
diagnostic_report | by id | |||||
by search params | ||||||
procedures | by search params | |||||
@rule_2 @read @episode @service_request @diagnostic_report @procedures Scenario: Doctor can read entity created in the doctors MSP Given Entity has been created on my MSP When I require read access Then I can read | Based on managing organization | episode | by id | episode | managing_organization==token.client_id | DB.episode.managing_organization |
by search params | search param {managing_organization} from URL | |||||
service_request | by id | service request | DB.service_request.managing_organization | |||
by search params | search param {requester_legal_entity} from URL | |||||
diagnostic_report | by id | diagnostic_report | DB.diagnostic_report.managing_organization | |||
by search params | search param {managing_organization} from URL | |||||
procedures | by search params | managing_organization | search param {managing_organization} from URL | |||
@rule_3 @read @encounter @observation @condition @service_request @diagnostic_report @device @medication_statement @immunization @risk_assessment @medication_administration @procedure @allergy_intolerance Scenario: Doctor can read all the data of episodes created in the doctors MSP Given Episode context has been created on my MSP When I require read access Then I can read | Based on context episode | encounter | by id | episode | episode.managing_organization==token.client_id | DB.encounter.episode |
by search params | search param {episode_id} from URL | |||||
by id in episode context | episode_id from URL (path) | |||||
by search params in episode context | ||||||
observation | by id | DB.observation.episode | ||||
by search params | search param {episode_id} from URL | |||||
by id in episode context | episode_id from URL (path) | |||||
by search params in episode context | ||||||
condition | by id | DB.condition.episode | ||||
by search params | search param {episode_id} from URL | |||||
by is in episode context | episode_id from URL (path) | |||||
by search params in episode context | ||||||
service_request | by id | DB.service_request.encounter.episode.managing_organization | ||||
by search params | search param {episode_id} from URL | |||||
by id in episode context | episode_id from URL (path) | |||||
diagnostic_report | by id | DB.diagnostic_report.encounter.episode.managing_organization | ||||
by search params | context_episode_id from URL (path) | |||||
medication_statement | by id | IF context is encounter THEN: | ||||
by search params | search param {episode_id} from URL | |||||
immunization | by id | IF context is encounter THEN: DB.immunizations.context.episode.managing_organization | ||||
by search params | search param {episode_id} from URL | |||||
by id in episode context | episode_id from URL (path) | |||||
by search params in episode context | ||||||
device | by id | IF context is encounter THEN: DB.devices.context.episode.managing_organization | ||||
by search params | search param {episode_id} from URL | |||||
risk_assessment | by id | IF context is encounter THEN: DB.risk_assessments.context.episode.managing_organization | ||||
by search params | search param {episode_id} from URL | |||||
medication_administration | by id | IF context is encounter THEN: DB.medication_administrations.context.episode.managing_organization | ||||
by search params | search param {episode_id} from URL | |||||
procedure | by id | DB.procedures.encounter.episode.managing_organization | ||||
by search params | search param {episode_id} from URL | |||||
allergy_intolerance | by id | IF context is encounter THEN: DB.allergy_intolerances.context.episode.managing_organization | ||||
by search params | search param {episode_id} from URL | |||||
by id in episode context | episode_id from URL (path) | |||||
by search params in episode context | ||||||
@rule_4 @read @episode @encounter @observation @condition @allergy_intolerance @immunization @risk_assessment @device @medication_statement @service_request @diagnostic_report @medication_administration Scenario: Doctor with active approval can read all the data of specified in approval patient Given Active approval on patient When I require read access Then I can read | not implemented yet | |||||
@rule_5 @read @episode @encounter @observation @condition @allergy_intolerance @immunization @risk_assessment @device @medication_statement @service_request @diagnostic_report @procedure @medication_administration Scenario: Doctor with active approval can read all the data of specified in approval episodes Given Active approval on episode When I require read access Then I can read | Based on context episode | episode | by id | episode | There is an active approval on the episode granted to the employee (one of user's employee) in MongoDB | DB.episode.id |
encounter | by id | DB.encounter.episode | ||||
by search params | search param {episode_id} from URL | |||||
by id in episode context | episode_id from URL (path) | |||||
by search params in episode context | ||||||
observation | by id | DB.observation.episode | ||||
by search params | search param {episode_id} from URL | |||||
by id in episode context | episode_id from URL (path) | |||||
by search params in episode context | ||||||
condition | by id | DB.condition.episode | ||||
by search params | search param {episode_id} from URL | |||||
by id in episode context | episode_id from URL (path) | |||||
by search params in episode context | ||||||
service request | by id | DB.service_requset.encounter.episode | ||||
by search params | search param {episode_id} from URL | |||||
by id in episode context | episode_id from URL (path) | |||||
diagnostic report | by id | DB.diagnostic_report.encounter.episode | ||||
by search params | search param {episode_id} from URL | |||||
procedure | by id | DB.procedures.encounter.episode | ||||
by search params | search param {episode_id} from URL | |||||
@rule_6 @read @diagnostic_report @encounter @procedure Scenario: Doctor can read entity originated by episode created in the doctors MSP Given Entity has been originated by mine MSP episode When I require read access Then I can read | Based on origin episode | encounter | by id | origin_episode | origin_episode.managing_organization==token.client_id | DB.encounter.origin_episode |
by search params | Search param {origin_episode_id} from URL | |||||
diagnostic repost | by id | DB.diagnostic_report.origin_episode | ||||
by search params | Search param {origin_episode_id} from URL | |||||
procedures | by search params | DB.diagnostic_report.origin_episode | ||||
@rule_7 @read @observation Scenario: Doctor can read all the data of diagnostic report originated by episode created in the doctors MSP Given Diagnostic report context has been originated by mine MSP episode When I require read access Then I can read | Based on origin episode | observation | by id | diagnostic_report | origin_episode.managing_organization==token.client_id | DB.observation.diagnostic_report.origin_episode |
by search params | Search param {diagnostic_report_id} from URL | |||||
@rule_8 @read @observation @condition @allergy_intolerance @immunization @risk_assessment @device @medication_statement @service_request @diagnostic_report @procedure @medication_administration Scenario: Doctor can read all the data of encounter originated by episode created in the doctors MSP Given Encounter context has been originated by mine MSP episode When I require read access Then I can read | Based on origin episode | observation | by id | encounter | origin_episode.managing_organization==token.client_id | DB.observation.context.origin_episode |
by search params | Search param {encounter_id} from URL | |||||
condition | by id | DB.condition.context.origin_episode | ||||
by search params | Search param {encounter_id} from URL | |||||
service request | by id | DB.service_request.encounter.origin_episode | ||||
by search params | Search param {encounter_id} from URL | |||||
diagnostic_report | by id | DB.diagnostic_report.encounter.origin_episode | ||||
by search params | Search param {encounter_id} from URL | |||||
procedure | by id | DB.procedure.origin_episode | ||||
by search params | Search param {encounter_id} from URL | |||||
@rule_9 @read @encounter @observation @condition @service_request @diagnostic_report Scenario: Doctor with active approval can read data, originated by the episode Given Active approval on episode When I require read access Then I can read | not implemented yet | |||||
@rule_10 @read @observation Scenario: Doctor can read all the data of diagnostic report created in the doctors MSP Given Diagnostic report context has been originated by mine MSP When I require read access Then I can read | Based on diagnostic report | observation | by id | diagnostic_report | diagnostic_report.managing_organization==token.client_id | DB.observation.diagnostic_report.managing_organization |
by search params | Search param {diagnostic_report_id} from URL | |||||
@rule_11 @read @observation Scenario: Doctor with active approval can read all the data of specified in approval diagnostic report Given Active approval on diagnostic report When I require read access Then I can read | Based on diagnostic report | observation | by id | diagnostic_report | There is an active approval on the diagnostic report granted to the employee (one of user's employee) in MongoDB | DB.observation.diagnostic_report |
by search params | Search param {diagnostic_report_id} from URL |
...