Versions Compared

Old Version 1

changes.mady.by.user Aleksandr Virny (Unlicensed)

Saved on

compared with

New Version Current

changes.mady.by.user Iryna Biiovska

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Table of Contents
maxLevel3

Overview

This web service (set of services) is designed to provide access to specific episode of care and all its child entities for those users who has appropriate privileges

  1. User who has active declaration with patient is "authorized" to manage all patient's data (view history, add new medical events)
  2. User with active approval to this episode can view episode details and its child entities

Specification

  1. Get encounters in episode context
  2. Get encounter details in episode context
  3. Get conditions in episode context
  4. Get condition details in episode context
  5. Get observations in episode context
  6. Get observation details in episode context
  7. Get allergy intolerances in episode context
  8. Get allergy intolerance details in episode context
  9. Get immunizations in episode context
  10. Get immunization details in episode context

Service logic

Validate token

  • Verify the validity of access token

      ...

        • Return (401, 'unauthorized') in case of validation fails
      • Verify that token is not expired
        • in case of error - return (401, 'unauthorized')

      Validate scopes

      • Check user scopes in order to perform this action (scope = 'episode

      ...

      • :read')
        1. Return (403, 'forbidden') in case of invalid scope(s)

      Validate data consistency

      • Ensure that requested episode of care relates to requested patient
        1. Return (404, 'not found') in case of error

      Check user privileges

      If ANY of this rules is met - user has privileges to access this data

      Otherwise - access to this data is denied. Return (403, 'forbidden')

      Rule 1: User who has active declaration with patient is "authorized" to manage all patient's data

      Info
      iconfalse

      If ANY employee related to this user in this legal entity has active declaration with this patient - he it has the privileges to access this data

      1. Get token metadata

      • Extract user_id, client_id, client_type

      2. Determine the party_id associated with this user_id

      ...

      Code Block
      languagesql
      SELECT e.id
FROM employees e
WHERE e.party_id = :party_id
AND e.legal_entity_id = :client_id;

      4. Find patient declarations in this MSP

      Code Block
      languagesql
      SELECT d.id
FROM declarations d
WHERE d.legal_entity_id = :client_id
AND d.employee_id IN (:employees)
AND d.status IN ('active', 'pending_verification')
AND d.person_id = :patient_id;

      Rule 2: User with active approval to this episode can view episode details and its child entities

      TBD

      References

      1. Get Encounter
      2. Get Conditions
      3. Get Observations
      4. Get Allergy Intolerances
      5. Get Immunizations