Table of Contents |
---|
...
Requirements
Specification
Validations
Authorization
Verify the validity of access token
Return (401, 'unauthorized') in case of validation fails
Verify that token is not expired
in case of error - return (401, 'unauthorized')
Check user scopes in order to perform this action (scope = 'service_request:use')
Return (403, 'invalid scopes') in case of invalid scope(s)
If BLOCK_UNVERIFIED_PARTY_USERS is true, then check party's data match following condition: verification_status != NOT_VERIFIED or (verification_status = NOT_VERIFIED and updated_at <= current_date - UNVERIFIED_PARTY_PERIOD_DAYS_ALLOWED):
in case not match - return 403 ("Access denied. Party is not verified")
Validate request using JSON Schema
Return 422 with the list of validation errors in case validation fails
Validate legal entity
Check legal entity type: it has to be in me_allowed_transactions_le_types config parameter, has status = active
in case of error return 409 "Action is not allowed for the legal entity"
Validate transition
Only active and unused (released) service request can be used
Get service request by ID
Service request contains medical program
$.program is NOT NULL
in case of error return 409 "Service request without a program can not be used"
Service request must be active
$.status == "active"
in case of error return 409 "Invalid service request status"
Service request must be unused
$.used_by is empty object
in case of error return 409 "Service request is already used"
Validate program
Validate program is an existing service program (type=service)
in case not found or is_active==false return 422 "Program not found"
in case type!= service return 409 "Invalid program type"
Service(or service_group) is an active member of the program
Select request_allowed, is_active from PRM.program_services where service_id(or group_id) == $.signed_content.code.identifier.value and program_id=$.program.identifier.value
if not found or is_active==false return 409 "Service is not included in the program"
Qualify service request
Validate request
Get token metadata
Extract user_id, client_id, client_type
Ensure that employee belongs to client
$.used_by_employee.identifier.type.coding[*].system == "eHealth/resources"
$.used_by_employee.identifier.type.coding[*].code == "employee"
$.used_by_employee.identifier.value must belong to client_id (prm.employees.legal_entity_id == :client_id)
in case of error return 422 "You can assign service request only to employee within your legal entity"
Check employee_type - only DOCTOR or SPECIALIST can use service request
employee_type == DOCTOR OR SPECIALIST OR ASSISTANT if service_request.category="laboratory_procedure", "diagnostic_procedure" OR "procedure"
else employee_type == DOCTOR OR SPECIALIST
in case of error, return 422 "Invalid employee type"
Validate used_by_legal_entity is a current legal_entity
$.used_by_legal_entity.identifier.value==token.client_id
in case of error return 409 "You can assign service request only to your legal entity"
Validate used_by_division
if SR.category = hospitalization
validate used_by_division is sent, in case error return 422, "Division is mandatory for $category category"
validate used_by_division.legal_entity_id = used_by_legal_entity_id
Is SR.category = transfer_of_care
validate used_by_division is sent, in case error return 422, "Division is mandatory for $category category"
Validate $division.legal_entity_id = SR.Performer, in case error return 422, "Patient is transferred to another legal entity"
Service logic
Update service request attributes
Set Medical Events DB:
If used_by_employee exists in requests set service_requests[<id>].used_by_employee = Request: $.used_by_employee
set service_requests[<id>].used_by_legal_entity = Request: $.used_by_legal_entity
if medical program exists in request
Set Medical Events DB: service_requests[<id>].medical_program = Request: $.medical_program.identifier.value
Change program_processing_status to `in_queue`