Content Comparison

Rule: @rule_1 \| Action: @read
Scenario:	Base	Resource	Routes	Context	Source of context	Logic
Employee with active declaration can read all patient data (including merged persons/prepersons data) Given Active declaration with patient in the MSP from token And declaration from the same legal entity When I require read access Then I can read	Based on declaration and user token	episode	by id	person_id	person_id from URL	There is an active declaration between the patient and the employee in OPS from the same legal entity from token
		episode	by search params
		encounter	by id
			by search params
			by id in episode context
			by search params in episode context
		observation	by id
			by search params
			by id in episode context
			by search params in episode context
		condition	by id
			by search params
			by id in episode context
			by search params in episode context
		service_request	by id
		service_request	by search params
		diagnostic_report	by id
		diagnostic_report	by search params
		procedure	by id
		procedure	by search params
		medication_administration	by id
		medication_administration	by search params
		care_plan	by id
		care_plan	by search params
		activity	by id
		activity	by search params
		approval	by id
		approval	by search params
		clinical_impression	by id
		clinical_impression	by search params
		medication_request_request & medication_request & medication_dispense	by id
			by search params
		device_request	by search params
		device_request	by id (details in person context)
		device_dispense	by search params in patient context
		device_dispense	by id (details in person context)
		device	by search params
		device	by id (details in person context)
		device_association	by search params
		device_association	by id (details in person context)
		detected_issue	by search params
		detected_issue	by id (details in person context)

...

Rule: @rule_12 \| Action: @read
Scenario:	Base	Resource	Routes	Context	Source of context	Logic
Employee with active approval can read the data associated with the care plan Given Active approval on care_plan When I require read access Then I can read	Based on care plan	care_plan	by id	care_plan + patient_id	DB.care_plan.id=approvals.granted_resources[].value	There is an active approval (access_level=read) on the care_plan granted to the employee by the patient (one of user's employee) in MongoDB
			by search params		DB.care_plan.based_on.care_plan_id=approvals.granted_resources[].value
		activity	by id	care_plan + patient_id	care_plan_id & patient_id from URL (path)
			by search params
		medication_request_request	by id	care_plan + patient_id	care_plan_id & patient_id from URL (path)
			by search params
		medication_request	by id	care_plan + patient_id	care_plan_id & patient_id from URL (path)
			by search params
		medication_dispense	by id	care_plan + patient_id	care_plan_id & patient_id from URL (path)
			by search params
		device_request	by id	care_plan + patient_id	DB.device_request.based_on.care_plan[].id=approvals.granted_resources[].value
			by search params		care_plan & patient_id from URL (path)=approvals.granted_resources[].value.care_plan

Version	Old Version 1	New Version Current
Changes made by	Natalia Horodytska (SoE eHealth)	Natalia Horodytska (SoE eHealth)
Saved on	Feb 12, 2025	Feb 12, 2025

Versions Compared

Key

Rule: @rule_1 | Action: @read

Rule: @rule_12 | Action: @read