Page Comparison

...

Rule base type	Description
Based on declaration	Doctor with an active declaration can access all the patient's medical data.
Based on managing organization	User can read entities, created in his MSP
Based on context episode	User can read medical data, that was collected during an episode of care, that user has access to.
Based on diagnostic report	User can read medical data, that was collected as a part of a diagnostic report, managed by the user's legal entity.
Based on origin episode	Doctor can read medical data, that was collected as a part of a diagnostic report or episode of care, that user has access to. Episode of care, that contains this service request, is considered as an origin episode in that case.

...

observationby id in episode context in episode contextcondition2 @episode request@diagnosticreport @procedures entity Entity managing organizationepisodeid
service_request
by service requestdiagnostic_reportepisode
episode.managing_organization==token.client_id
episode_id from URL (path)DB.diagnostic_report.encounter.episode.managing_organizationBased on context episode
episode
There is an active approval on the episode granted to the employee (one of user's employee) in MongoDB
encounter
from URL (path)observation
condition
service requestdiagnostic report.encounter.episodeDB.procedures.encounter.6 @diagnostic_report @encounter @procedure entity Entity origin_episodeSearch param {diagnostic_report_8 @observation @condition @allergy_intolerance @immunization @risk_assessment @device @medication_statement report @procedure @medication_administration all the of encounter created in the doctors MSPGiven Encounter context has been originated by mine MSP encounter
origin_episode.managing_organization==token.client_id
Search param {encounter_

Rule	Base	Resource	Routes	Context	Logic	Source of context
@rule_-1 @read @allergy_intolerance @immunization @risk_assessment @device @medication_statement Scenario: Employee can read insensitive patient’s data Given User access token with client_type not equal to cabinet When I require read access Then I can read	Based on user token		by id		There is an active token
	Based on user token		by search params		There is an active token
@rule_0 @read @episode @encounter @observation @condition@service_request @diagnostic_report @procedures @allergy_intolerance @immunization @risk_assessment @device @medication_statement @procedure @medication_administration Scenario: Patient can read it's own data Given Patient has access_token given by Cabinet When I require read access Then I can read	Based on patient token		by id	patient_id	There is an active token given by Cabinet to a patient
	Based on patient token		by search params	patient_id	There is an active token given by Cabinet to a patient
@rule_1 @read @episode @encounter @observation @condition @service_request @diagnostic_report @procedures @medication_administration Scenario: Doctor with active declaration can read all patient data Given Active declaration with patient And declaration from the same MSP When I require read access Then I can read	Based on declaration	episode	by id	patient_id	There is an active declaration between the patient and the doctor in OPS	patient_id from URL_id from URL
		episode	by search params
		encounter	by id
			by search params
			by id in episode context
			by search params in episode context
		observation	by id
			by search params
			by id in episode context
			by search params in episode context
		encountercondition	by id
			by search params
			by id in episode context
			by search params in episode context
		service_request	by id
		service_request	by search params
		diagnostic_report	by id
		diagnostic_report	by search params
		procedures	by search params
@rule_2 @read @episode @service_request @diagnostic_report @procedures Scenario: Doctor can read entity created in the doctors MSP Given Entity has been created on my MSP When I require read access Then I can read	Based on managing organization	episode	by id
		episode	by search params
		episode	managing_organization==token.client_id	DB.episode.managing_organization
		episode		by search params		search param {managing_organization} from URL
		service_request		by id	service request	DB.service_request.managing_organization
		service_request		by search params	service request	search param {requester_legal_entity} from URL
		diagnostic_report		by id in episode context
by search params in episode context		diagnostic_report
service_request	by id	diagnostic_report		DB.diagnostic_report.managing_organization
service_request	by search params	diagnostic_report	diagnostic_report	by idsearch param {managing_organization} from URL
procedures	by search params	proceduresmanaging_organization	diagnostic_report	by search paramssearch param {managing_organization} from URL
@rule_	3 @read	@encounter @observation @condition @service_	request @diagnostic_	report Scenario: Doctor can read	all the data of episodes created in the doctors MSP Given	Episode context has been created on my MSP When I require read access Then I can read	Based on	context episode	encounter	by id	episode	episode.managing_organization==token.client_	DB.episode.managing_organization
										by search params			search param {managing_organization} from URL
										id				DB.service_request.managing_organizationencounter.episode
														by search params	search param {requesterepisode_legal_entityid} from URL
									by id in episode context					episode_id from URL (path)
									by search params in episode context					episode_id from URL (path)
									observation					by id	diagnostic_report	DB.diagnostic_report.managing_organizationobservation.episode
														by search params	diagnostic_report	search param {managingepisode_organizationid} from URL
														proceduresby id in episode context	episode_id from URL (path)
														by search params managing_organizationin episode context	episode_id from URL (path)
									condition					by id	DB.condition.episode
														by search params	search param {managingepisode_organizationid} from URL
														@rule_3 @read @encounter @observation @condition @service_request @diagnostic_report Scenario: Doctor can read all the data of episodes created in the doctors MSP Given Episode context has been created on my MSP When I require read access Then I can read	Based on context episode	encounter	by id	DB.encounter.episodeby is in episode context	episode_id from URL (path)
																	by search params in episode context		episode_id from URL (path)
									service_request								by id	DB.service_request.encounter.episode.managing_organization
																	by search params	search param {episode_id} from URL
																by id in episode context	episode_id from URL (path)
by search params in episode context
observation	by id	DB.observation.episode
	by search params	search param {episode_id} from URL
	by id in episode context	episode_id from URL (path)
	by search params in episode context	episode_id from URL (path)
condition	by id	DB.condition.episode
	by search params	search param {episode_id} from URL
	by is in episode context
	by search params in episode context
service_request	by id	DB.service_request.encounter.episode.managing_organization
	diagnostic_report	by id	DB.diagnostic_report.encounter.episode.managing_organization
	diagnostic_report	by search params	context_episode_id from URL (path)
@rule_4 @read @episode @encounter @observation @condition @allergy_intolerance @immunization @risk_assessment @device @medication_statement @service_request @diagnostic_report @medication_administration Scenario: Doctor with active approval can read all the data of specified in approval patient Given Active approval on patient When I require read access Then I can read	not implemented yet
@rule_5 @read @episode @encounter @observation @condition @allergy_intolerance @immunization @risk_assessment @device @medication_statement @service_request @diagnostic_report @procedure @medication_administration Scenario: Doctor with active approval can read all the data of specified in approval episodes Given Active approval on episode When I require read access Then I can read	Based on context episode	episode	by id	episode	There is an active approval on the episode granted to the employee (one of user's employee) in MongoDB	DB.episode.id
		encounter	by id			DB.encounter.episode
			by search params			search param {episode_id} from URL
			by id in episode context			episode_id from URL (path)	diagnostic_report	by id
			by search params			episode_id from URL (path)	diagnostic_report	context_episode_id from URL (path)		@rule_4 @read @episode @encounter @observation @condition @allergy_intolerance @immunization @risk_assessment @device @medication_statement @service_request @diagnostic_report @medication_administration Scenario: Doctor with active approval can read all the data of specified in approval patient Given Active approval on patient When I require read access Then I can read	not implemented yet	@rule_5 @read @episode @encounter @observation @condition @allergy_intolerance @immunization @risk_assessment @device @medication_statement @service_request @diagnostic_report @procedure @medication_administration Scenario: Doctor with active approval can read all the data of specified in approval episodes Given Active approval on episode When I require read access Then I can read	episode	by id	DB.episode.id	by id	DBin episode context
		observation	by id			DB.observation.episode
			by search params			search param {episode_id} from URL
			by id in episode context			episode_id from URL (path)
			by search params in episode context			episode_id from URL (path)
		condition	by id			DB.condition.episode
			by search params			search param {episode_id} from URL
			by id in episode context			episode_id from URL (path)
			by search params in episode context			episode_id from URL (path)
		service request	by id			DB.service_requset.encounter.episode
			by search params			search param {episode_id} from URL
			by id in episode context			episode_id from URL (path)
		diagnostic report	by id			DB.diagnostic_report.encounter.episode
		diagnostic report	by search params			search param {episode_id} from URL
		procedure	by id in episode context			DB.procedures.encounter.episode
		procedure	by search params			search param {episode_id
by search params in episode context
by id	DB.observation.episode
by search params	search param {episode_id} from URL
by id in episode context	episode_id from URL (path)
by search params in episode context	episode_id from URL (path)
by id	DB.condition.} from URL
@rule_6 @read @diagnostic_report @encounter @procedure Scenario: Doctor can read entity originated by episode created in the doctors MSP Given Entity has been originated by mine MSP episode When I require read access Then I can read	Based on origin episode	encounter	by id	origin_episode	origin_episode.managing_organization==token.client_id	DB.encounter.origin_episode
		encounter	by search params			search param Search param {origin_episode_id} from URL
		by id in episode context	episode_id from URL (path)
		by search params in episode context	episode_id from URL (path)
		from URL
diagnostic repost	by id	DB.servicediagnostic_requsetreport.encounter.origin_episode
diagnostic repost	by search params	search param Search param {origin_episode_id} from URL
by id in episode context	episode_id from URL (path)

procedures	by search params	DB.diagnostic_report.origin_episode
@rule_7 @read @observation Scenario: Doctor can read all the data of diagnostic report originated by episode created in the doctors MSP Given Diagnostic report context has been originated by mine MSP episode When I require read access Then I can read	Based on origin episode	observation	by idDB.	diagnostic_report
	Based on origin episode	observation	by search params	diagnostic_report	search param {episode_id} from URL
procedure	by id		origin_episode.managing_organization==token.client_id	DB.observation.diagnostic_report.origin_episode
procedure	by search params		origin_episode.managing_organization==token.client_id	search param {episodeSearch param {diagnostic_report_id} from URL
@rule_	8 @read	@observation @condition @allergy_intolerance @immunization @risk_assessment @device @medication_statement @service_request @diagnostic_report @procedure @medication_administration Scenario: Doctor can read	all the data of encounter originated by episode created in the doctors MSP Given	Encounter context has been originated by mine MSP episode When I require read access Then I can read	Based on origin episode	encounterobservation	by id	encounter	origin_episode.managing_organization==token.client_id	DB.observation.encountercontext.origin_episode
						encounterobservation	by search params			Search param {originencounter_episode_id} from URL
						diagnostic repostcondition	by id			DB.diagnostic_reportcondition.context.origin_episode
						diagnostic repostcondition	by search params			Search param {origin_episodeencounter_id} from URL
						procedures	by search params			DB.diagnostic_report.origin_episode
						@rule_7 @read @observation Scenario: Doctor can read all the data of diagnostic report originated by episode created in the doctors MSP Given Diagnostic report context has been originated by mine MSP episode When I require read access Then I can read	Based on origin episode			observation	by id	diagnostic_report	origin_episode.managing_organization==token.client_id	DB.observation.diagnostic_report.origin_episode
							Based on origin episode			observation	by search params	diagnostic_report	origin_episode.managing_organization==token.client_id	service request	by id	DB.service_request.encounter.origin_episode
						by search params	Search param {encounter_id} from URL							service request
						diagnostic_report	by id			DB.diagnostic_report.encounter.origin_episode
						diagnostic_report	by search params			Search param {encounter_id} from URL
procedure	by id	DB.procedure.origin_episode
procedure	by search params	Search param {encounter_id} from URL
@rule_	9 @read	@encounter @observation @condition @service_request @diagnostic_	report Scenario: Doctor with active approval can read	data	, originated by the episode	Given Active approval on episode When I require read access Then I can read	Based on origin episode	observation	by id	DB.observation.context.origin_episode
by search params	Search param {encounter_id} from URL							observation
condition	by id	DB.condition.context.origin_episode
condition	by search params	Search param {encounter_id} from URL
service request	by id	DB.service_request.encounter.origin_episode
service request	by search params	Search param {encounter_id} from URL
diagnostic_report	by id	DB.diagnostic_report.encounter.origin_episode
diagnostic_report	by search params	Search param {encounter_id} from URL
procedure	by id	DB.procedure.origin_episode
procedure
by search params	@rule_10 @read @observation Scenario: Doctor can read all the data of diagnostic report created in the doctors MSP Given Diagnostic report context has been originated by mine MSP episode When I require read access Then I can read	Based on diagnostic report	observation	by id	diagnostic_report	diagnostic_report.managing_organization==token.client_id	DB.observation.diagnostic_report.managing_organization
by search params		Based on diagnostic report	observation	Search param {diagnostic_report_id} from URL	diagnostic_report	diagnostic_report.managing_organization==token.client_id
@rule_9 @read @encounter @observation @condition @service_request @diagnostic_report Scenario: Doctor with active approval can read data, originated by the episode Given Active approval on episode When I require read access Then I can read Based on origin episode11

Versions Compared

Old Version 21

New Version 22

Key