Table of Contents

Validations

Authorization

Verify the validity of access token
- Return (401, 'unauthorized') in case of validation fails
Verify that token is not expired
- in case of error - return (401, 'unauthorized')
Check user scopes in order to perform this action (scope = 'service_request:write')
1. Return (403, 'invalid scopes') in case of invalid scope(s)

Check legal entity type: it has to be in me_allowed_transactions_le_types config parameter, has status = active and nhs_verified = true
- in case of error return 409 "Action is not allowed for the legal entity"

...

Validate used_by_legal_entity
1. ME.service_request.used_by_legal_enity.identifier.value=token.client_id
  1. in case of error return 409 "Service request is used by another legal entity"
Validate ~~service request status~~ program_processing_status
1. ME.service_request.program_processing_status == "in_progress"
  1. in case of error return 409 "Invalid service request program processing status status"
Validate completed_with
1. $.completed_with as a Reference(encounter| diagnostic_report)
2. if ME.service_request.category==Counseling than $.completed_with should contain Encounter
3. else - diagnostic report
Validate program according to Pre-Qualify rules.
1. it is an existing service program (type=service)
  1. in case not found or is_active==false return 422 "Program not found"
  2. in case type!= service return 422 "Invalid program type"
2. service(or service_group) is an active member of the program
  1. Select request_allowed, is_active from PRM.program_services where service_id(or group_id) == $.signed_content.code.identifier.value and program_id=$.program.identifier.value
    1. if not found or is_active==false return 422 "Service is not included in the program"
    2. if request_allowed==false return 422 "Service request is not allowed for this service(service_group) in this programm"