Page Comparison

...

Rule base type

Description

Based on declaration

Doctor with an active declaration can access all the patient's medical data.

Based on managing organization

User can read entities, created in his MSP

Based on context episode

User can read medical data, that was collected during an episode of care, that user has access to.

Based on diagnostic report

User can read medical data, that was collected as a part of a diagnostic report, managed by the user's legal entity.

Based on origin episode

Doctor can read medical data, that was collected as a part of a diagnostic report or episode of care, that user has access to.
Episode of care, that contains this service request, is considered as an origin episode in that case.

Rule

Base

Resource

Routes

Context

Logic

Source of context

@rule_-1

@read @allergy_intolerance @immunization @risk_assessment @device @medication_statement

Scenario: Employee can read insensitive patient’s data

Given User access token with client_type not equal to cabinet

When I require read access

Then I can read

Based on user token

by id

There is an active token

by search params

There is an active token

@rule_0

@read @episode @encounter @observation @condition@service_request @diagnostic_report @procedures @allergy_intolerance @immunization @risk_assessment @device @medication_statement @procedure @medication_administration

Scenario: Patient can read it's own data

Given Patient has access_token given by Cabinet

When I require read access

Then I can read

Based on patient token

by id

patient_id

There is an active token given by Cabinet to a patient

by search params

@rule_1

@read @episode @encounter @observation @condition @service_request @diagnostic_report @procedures @medication_administration

Scenario: Doctor with active declaration can read all patient data

Given Active declaration with patient

And declaration from the same MSP

When I require read access

Then I can read

Based on declaration

episode

by id

patient_id
There is an active declaration between the patient and the doctor in OPS
patient_id from URL

by search params

encounter

by id

by search params

by id in episode context

by search params in episode context

observation

by id

by search params

by id in episode context

by search params in episode context

condition

by id

by search params

by id in episode context

by search params in episode context

service_request

by id

by search params

diagnostic_report

by id

by search params

procedures

by search params

@rule_2

@read @episode @service_request @diagnostic_report @procedures

Scenario: Doctor can read entity created in the doctors MSP

Given Entity has been created on my MSP

When I require read access

Then I can read

Based on managing organization

episode

by id

episode

managing_organization==token.client_id
DB

Rule base type	Description
Based on declaration	Doctor with an active declaration can access all the patient's medical data.
Based on managing organization	User can read entities, created in his MSP
Based on context episode	User can read medical data, that was collected during an episode of care, that user has access to.
Based on diagnostic report	User can read medical data, that was collected as a part of a diagnostic report, managed by the user's legal entity.
Based on origin episode	Doctor can read medical data, that was collected as a part of a diagnostic report or episode of care, that user has access to. Episode of care, that contains this service request, is considered as an origin episode in that case.
Based on care plan	User with active approval on the care plan can read or write the data based on this care plan

Rule	Base	Resource	Routes	Context	Logic	Source of context
@rule_-1 @read @allergy_intolerance @immunization @risk_assessment @device @medication_statement Scenario: Employee can read insensitive patient’s data Given User access token with client_type not equal to cabinet When I require read access Then I can read	Based on user token		by id		There is an active token
	Based on user token		by search params		There is an active token
@rule_0 @read @episode @encounter @observation @condition @allergy_intolerance @immunization @risk_assessment @device @medication_statement @service_request @diagnostic_report @procedure@medication_administration @care_plan @activity Scenario: Patient can read it's own data Given Patient has access_token given by Cabinet When I require read access Then I can read	Based on patient token		by id	patient_id	There is an active token given by Cabinet to a patient
	Based on patient token		by search params	patient_id	There is an active token given by Cabinet to a patient
@rule_1 @read @episode @encounter @observation @condition @service_request @diagnostic_report @procedure @medication_administration @care_plan @activity @approval Scenario: Doctor with active declaration can read all patient data Given Active declaration with patient And declaration from the same MSP When I require read access Then I can read	Based on declaration	episode	by id	patient_id	There is an active declaration between the patient and the doctor in OPS	patient_id from URL
		episode	by search params
		encounter	by id
			by search params
			by id in episode context
			by search params in episode context
		observation	by id
			by search params
			by id in episode context
			by search params in episode context
		condition	by id
			by search params
			by id in episode context
			by search params in episode context
		service_request	by id
		service_request	by search params
		diagnostic_report	by id
		diagnostic_report	by search params
		care_plan	by id
		care_plan	by search params
		activity	by id
		activity	by search params
		approval	by id
		approval	by search params
@rule_2 @read @episode @service_request @diagnostic_report @procedures Scenario: Doctor can read entity created in the doctors MSP Given Entity has been created on my MSP When I require read access Then I can read	Based on managing organization	episode	by id	episode	managing_organization==token.client_id	DB.episode.managing_organization
		episode	by search params	episode		search param {managing_organization} from URL
		service_request	by id	service request		DB.service_request.managing_organization
		service_request	by search params	service request		search param {requester_legal_entity} from URL
		diagnostic_report	by id	diagnostic_report		DB.diagnostic_report.managing_organization
		diagnostic_report	by search params	diagnostic_report		search param {managing_organization} from URL
		procedures	by search params	managing_organization		search param {managing_organization} from URL
@rule_3 @read @encounter @observation @condition @service_request @diagnostic_report @device @medication_statement @immunization @risk_assessment @medication_administration @procedure @allergy_intolerance Scenario: Doctor can read all the data of episodes created in the doctors MSP Given Episode context has been created on my MSP When I require read access Then I can read	Based on context episode	encounter	by id	episode	episode.managing_organization==token.client_id	DB.encounter.episode
			by search params			search param {episode_id} from URL
			by id in episode context			episode_id from URL (path)
			by search params in episode context			episode_id from URL (path)
		observation	by id			DB.observation.episode
			by search params			search param {episode_id} from URL
			by id in episode context			episode_id from URL (path)
			by search params in episode context			episode_id from URL (path)
		condition	by id			DB.condition.episode
			by search params			search param {episode_id} from URL
			by is in episode context			episode_id from URL (path)
			by search params in episode context			episode_id from URL (path)
		service_request	by id			DB.service_request.encounter.episode.managing_organization
			by search params			search param {episode_id} from URL
			by id in episode context			episode_id from URL (path)
		diagnostic_report	by id			DB.diagnostic_report.encounter.episode.managing_organization
		diagnostic_report	by search params			context_episode_id from URL (path)
		medication_statement	by id			IF context is encounter THEN: DB.medication_statements.context.episode.managing_organization
		medication_statement	by search params			search param {episode_id} from URL
		immunization	by id			IF context is encounter THEN: DB.immunizations.context.episode.managing_organization
			by search params			search param {episode_id} from URL
			by id in episode context			episode_id from URL (path)
			by search params in episode context			episode_id from URL (path)
		device	by id			IF context is encounter THEN: DB.devices.context.episode.managing_organization
		device	by search params			search param {episode_id} from URL
		risk_assessment	by id			IF context is encounter THEN: DB.risk_assessments.context.episode.managing_organization
		risk_assessment	by search params			search param {episode_id} from URL
		medication_administration	by id			IF context is encounter THEN: DB.medication_administrations.context.episode.managing_organization
		medication_administration	by search params			search param {

managing

episode_

organization

id} from URL

service_request

procedure

by id

service request

DB

.service_request

.procedures.encounter.episode.managing_organization
by search params	search param {

requester

episode_

legal_entity

id} from URL

diagnostic

allergy_

report

intolerance

by id

diagnostic_report

IF context is encounter THEN:
DB.

diagnostic_report

allergy_intolerances.context.episode.managing_organization
by search params	search param {

managing

episode_

organization

id} from URL

procedures


by id in episode context	episode_id from URL (path)
by search params in episode context

managing

@rule_

organization

search param {managing_organization} from URL

@rule_3

@read @encounter @observation @condition @service_request @diagnostic_report @device @medication_statement @immunization @risk_assessment @medication_administration @procedure @allergy_intolerance

Scenario: Doctor

4

@read @episode @encounter @observation @condition @allergy_intolerance @immunization @risk_assessment @device @medication_statement @service_request @diagnostic_report @medication_administration

Scenario: Doctor with active approval can read all the data of specified in approval patient

Given Active approval on patient

When I require read access

Then I can read

not implemented yet

@rule_5

@read @episode @encounter @observation @condition @allergy_intolerance @immunization @risk_assessment @device @medication_statement@service_request @diagnostic_report @procedure @medication_administration

Scenario: Doctor with active approval can read all the data of

episodes created in the doctors MSP

Given Episode context has been created on my MSP

When I require read access

Then I can read

Based on context episode

encounter

by id

episode
episode.managing_organization==token.client_

specified in approval episodes Given Active approval on episode When I require read access Then I can read	Based on context episode	episode	by id	episode	There is an active approval on the episode granted to the employee (one of user's employee) in MongoDB	DB.episode.id
		encounter	by id			DB.encounter.episode
			by search params			search param {episode_id} from URL
			by id in episode context			episode_id from URL (path)
			by search params in episode context
		observation	by id			DB.observation.episode
			by search params			search param {episode_id} from URL
			by id in episode context			episode_id from URL (path)
			by search params in episode context
		condition	by id			DB.condition.episode
			by search params			search param {episode_id} from URL
			by

is

id in episode context	episode_id from URL (path)
by search params in episode context
service

_

request

by id

DB.service_

request

requset.encounter.episode

.managing_organization


by search params	search param {episode_id} from URL
by id in episode context	episode_id from URL (path)
diagnostic

_

report

by id

DB.diagnostic_report

.encounter.episode.managing_organization

by search params

context_episode_id from URL (path)

medication_statement

by id

IF context is encounter THEN:
DB.medication_statements.context.episode.managing_organization

.encounter.episode
by search params	search param {episode_id} from URL

immunization

procedure

by id

IF context is encounter THEN:

DB.

immunizations

procedures.

context

encounter.episode

.managing_organization


by search params	search param {episode_id} from URL

by id in episode context

episode_id from URL (path)

by search params in episode context

device

by id

IF context is encounter THEN:
DB.devices.context.episode.managing_organization

by search params

search param {episode_id} from URL

risk_assessment

by id

IF context is encounter THEN:
DB.risk_assessments.context.episode.managing_organization

by search params

search param {

@rule_6

@read @diagnostic_report @encounter @procedure

Scenario: Doctor can read entity originated by episode created in the doctors MSP

Given Entity has been originated by mine MSP episode

When I require read access

Then I can read

Based on origin episode

encounter

by id

origin_episode

origin_episode.managing_organization==token.client_id

DB.encounter.origin_episode

by search params

Search param {origin_episode_id} from URL

medication_administration

diagnostic repost

by id

IF context is encounter THEN:

DB.

medication

diagnostic_

administrations.context.episode.managing_organization

report.origin_episode

by search params

search param

Search param {origin_episode_id} from URL

procedure

procedures

by

id

search params

DB.

procedures.encounter.episode.managing_organization

by search params

search param {episode_id} from URL

allergy_intolerance

by id

IF context is encounter THEN:
DB.allergy_intolerances.context.episode.managing_organization

by search params

search param {episode_id} from URL

by id in episode context

episode_id from URL (path)

by search params in episode context

@rule_4

@read @episode @encounter @observation @condition @allergy_intolerance @immunization @risk_assessment @device @medication_statement @service_request @diagnostic_report @medication_administration

Scenario: Doctor with active approval can read all the data of specified in approval patient

Given Active approval on patient

When I require read access

Then I can read

not implemented yet

@rule_5

@read @episode @encounter @observation @condition @allergy_intolerance @immunization @risk_assessment @device @medication_statement @service_request @diagnostic_report @procedure @medication_administration

Scenario: Doctor with active approval can read all the data of specified in approval episodes

Given Active approval on episode

When I require read access

Then I can read

Based on context episode

episode

by id

episode
There is an active approval on the episode granted to the employee (one of user's employee) in MongoDB

DB.episode.id

encounter

by id

DB.encounter.episode

by search params

search param {episode_id} from URL

by id in episode context

episode_id from URL (path)

by search params in episode context

observation

by id

DB.observation.episode

by search params

search param {episode_id} from URL

by id in episode context

episode_id from URL (path)

by search params in episode context

condition

by id

DB.condition.episode

by search params

search param {episode_id} from URL

by id in episode context

episode_id from URL (path)

by search params in episode context

service request

by id

DB.service_requset.encounter.episode

by search params

search param {episode_id} from URL

by id in episode context

episode_id from URL (path)

diagnostic report

by id

DB.diagnostic_report.encounter.episode

by search params

search param {episode_id} from URL

procedure

by id

DB.procedures.encounter.episode

by search params

search param {episode_id} from URL

@rule_6

@read @diagnostic_report @encounter @procedure

Scenario: Doctor can read entity originated by episode created in the doctors MSP

Given Entity has been originated by mine MSP episode

When I require read access

Then I can read

Based on origin episode

encounter

by id

origin_episode
origin_episode.managing_organization==token.client_id

DB.encounter.origin_episode

by search params

Search param {origin_episode_id} from URL

diagnostic repost

by id

DB.diagnostic_report.origin_episode

by search params

Search param {origin_episode_id} from URL

procedures

by search params

DB.diagnostic_report.origin_episode

@rule_7

@read @observation

Scenario: Doctor can read all the data of diagnostic report originated by episode created in the doctors MSP

Given Diagnostic report context has been originated by mine MSP episode

When I require read access

Then I can read

Based on origin episode

observation

by id

diagnostic_report

origin_episode.managing_organization==token.client_id

DB.observation.diagnostic_report.origin_episode

by search params

Search param {diagnostic_report_id} from URL

@rule_8

@read @observation @condition @allergy_intolerance @immunization @risk_assessment @device @medication_statement @service_request @diagnostic_report @procedure @medication_administration

Scenario: Doctor can read all the data of encounter originated by episode created in the doctors MSP

Given Encounter context has been originated by mine MSP episode

When I require read access

Then I can read

Based on origin episode

observation

by id

encounter
origin_episode.managing_organization==token.client_id

DB.observation.context.origin_episode

by search params

Search param {encounter_id} from URL

condition

by id

DB.condition.context.origin_episode

by search params

Search param {encounter_id} from URL

service request

by id

DB.service_request.encounter.origin_episode

by search params

Search param {encounter_id} from URL

diagnostic_report

by id

DB.diagnostic_report.encounter.origin_episode

by search params

Search param {encounter_id} from URL

procedure

by id

DB.procedure.origin_episode

by search params

Search param {encounter_id} from URL

@rule_9

@read @encounter @observation @condition @service_request @diagnostic_report

Scenario: Doctor with active approval can read data, originated by the episode

Given Active approval on episode

When I require read access

Then I can read

not implemented yet

@rule_10

@read @observation

Scenario: Doctor can read all the data of diagnostic report created in the doctors MSP

Given Diagnostic report context has been originated by mine MSP

When I require read access

Then I can read

Based on diagnostic report

observation

by id

diagnostic_report

diagnostic_report.managing_organization==token.client_id

DB.observation.diagnostic_report.managing_organization

by search params

Search param {diagnostic_report_id} from URL

@rule_11

@read @observation

Scenario: Doctor with active approval can read all the data of specified in approval diagnostic report

Given Active approval on diagnostic report

When I require read access

Then I can read

Based on diagnostic report

observation

by id

diagnostic_report

There is an active approval on the diagnostic report granted to the employee (one of user's employee) in MongoDB

DB.observation.diagnostic_report

by search params

Search param {diagnostic_report_id} from URL

diagnostic_report.origin_episode
@rule_7 @read @observation Scenario: Doctor can read all the data of diagnostic report originated by episode created in the doctors MSP Given Diagnostic report context has been originated by mine MSP episode When I require read access Then I can read	Based on origin episode	observation	by id	diagnostic_report	origin_episode.managing_organization==token.client_id	DB.observation.diagnostic_report.origin_episode
			by search params			Search param {diagnostic_report_id} from URL
@rule_8 @read @observation @condition @allergy_intolerance @immunization @risk_assessment @device @medication_statement @service_request @diagnostic_report @procedure @medication_administration Scenario: Doctor can read all the data of encounter originated by episode created in the doctors MSP Given Encounter context has been originated by mine MSP episode When I require read access Then I can read	Based on origin episode	observation	by id	encounter	origin_episode.managing_organization==token.client_id	DB.observation.context.origin_episode
			by search params			Search param {encounter_id} from URL
		condition	by id			DB.condition.context.origin_episode
			by search params			Search param {encounter_id} from URL
		service request	by id			DB.service_request.encounter.origin_episode
			by search params			Search param {encounter_id} from URL
		diagnostic_report	by id			DB.diagnostic_report.encounter.origin_episode
			by search params			Search param {encounter_id} from URL
		procedure	by id			DB.procedure.origin_episode
			by search params			Search param {encounter_id} from URL
@rule_9 @read @encounter @observation @condition @service_request @diagnostic_report Scenario: Doctor with active approval can read data, originated by the episode Given Active approval on episode When I require read access Then I can read	not implemented yet
@rule_10 @read @observation Scenario: Doctor can read all the data of diagnostic report created in the doctors MSP Given Diagnostic report context has been originated by mine MSP When I require read access Then I can read	Based on diagnostic report	observation	by id	diagnostic_report	diagnostic_report.managing_organization==token.client_id	DB.observation.diagnostic_report.managing_organization
			by search params			Search param {diagnostic_report_id} from URL
@rule_11 @read @observation Scenario: Doctor with active approval can read all the data of specified in approval diagnostic report Given Active approval on diagnostic report When I require read access Then I can read	Based on diagnostic report	observation	by id	diagnostic_report	There is an active approval on the diagnostic report granted to the employee (one of user's employee) in MongoDB	DB.observation.diagnostic_report
			by search params			Search param {diagnostic_report_id} from URL
@rule_12 @read @care_plan @activity @medication_request @medication_request_request Scenario: Doctor with active approval can read the data associated with the care plan. Given Active approval on care_plan When I require read access Then I can read	Based on care plan	care_plan	by id	care_plan	There is an active approval (access_level=read) on the care_plan granted to the employee (one of user's employee) in MongoDB	DB.care_plan.id=approvals.granted_resources[].value
		activity	by id			care_plan_id from URL (path) DB.activities.care_plan[].id=approvals.granted_resources[].value
			by search params
		medication_request_requests	by search params			care_plan_id from URL (path) DB.medication_request_requests.based_on.care_plan[].id=approvals.granted_resources[].value
		medication_requests	by search params			care_plan_id from URL (path) DB.medication_requests.based_on.care_plan[].id=approvals.granted_resources[].value
@rule_13 @write @care_plan @activity @medication_request @medication_request_request Scenario: Doctor with active approval can write the data associated with the care plan. Given Active approval on care_plan When I require write access Then I can write	Based on care plan	care_plan	by id	care_plan	There is an active approval (access_level=write) on the care_plan granted to the employee (one of user's employee) in MongoDB	DB.care_plan.id=approvals.granted_resources[].value
			complete
			cancel
		activity	by id			care_plan_id from URL (path) DB.activities.care_plan[].id=approvals.granted_resources[].value
			by search params
			create
			complete
			cancel
		medication_request_requests	by search params			care_plan_id from URL (path) DB.medication_request_requests.based_on.care_plan[].id=approvals.granted_resources[].value
		medication_requests	by search params			care_plan_id from URL (path) DB.medication_requests.based_on.care_plan[].id=approvals.granted_resources[].value
@rule_14 @read @service_request @encounter @diagnostic_report @procedure Scenario: User with active approval on the care plan can read the data based on this care plan. Given Entity based on care_plan And Active approval on care_plan When I require read access Then I can read	Based on care plan	service_request	by id	care_plan	There is an active approval (access_level=read/write) on the care_plan granted to the employee (one of user's employee) in MongoDB	DB.service_request.based_on.care_plan[].id=approvals.granted_resources[].value
			by search params			DB.service_request.based_on.care_plan[].id=approvals.granted_resources[].value
		encounter	by id			DB.encounters.incoming_referral.[].service_requests.based_on.care_plan[].id=approvals.granted_resources[].value
		diagnostic_report	by id			DB.diagnostic_reports.based_on.[].service_requests.based_on.care_plan[].id=approvals.granted_resources[].value
		procedure	by id			DB.procedures.based_on.[].service_requests.based_on.care_plan[].id=approvals.granted_resources[].value

Versions Compared

Old Version 40

New Version Current

Key