...
Table of Contents |
---|
...
Rule base type
...
Description
...
Based on declaration
...
Employee with an active declaration can access all the patient's medical data.
...
Based on managing organization
...
Employee can read entities, created in his MSP
...
Based on context episode
...
Employee can read medical data, that was collected during an episode of care, that employee has access to.
...
Based on diagnostic report
...
Employee can read medical data, that was collected as a part of a diagnostic report, managed by the employee's legal entity.
...
Based on origin episode
...
Employee can read medical data, that was collected as a part of a diagnostic report or episode of care, that employee has access to.
Episode of care, that contains this service request, is considered as an origin episode in that case.
...
Based on care plan
...
Employee with active approval on the care plan can read or write the data based on this care plan
...
Based on patient
...
Employee with active approval on the patient can read the data related to this patient
Table of Contents |
---|
Rule base type | Description |
---|---|
Based on declaration | Employee with an active declaration can access all the patient's medical data (including person's/preperson's medical data which were merged with person with active declaration). |
Based on managing organization | Employee can read entities, created in his legal entity |
Based on context episode | Employee can read medical data, that was collected during an episode of care, that employee has access to. |
Based on diagnostic report | Employee can read medical data, that was collected as a part of a diagnostic report, managed by the employee's legal entity. |
Based on origin episode | Employee can read medical data, that was collected as a part of a diagnostic report or episode of care, that employee has access to. |
Based on care plan | Employee with active approval on the care plan can read or write the data based on this care plan |
Based on patient | Employee with active approval on the patient can read the data related to this patient (including person's/preperson's medical data which were merged with person ) |
Rule: @rule_-2 | Action: @read | (GraphQL only) | ||||||
Scenario: | Base | Resource | Routes | Context | Source of context | Logic |
NHS employee can read patient’s data if he has Justification for monitoring
Given Justification on monitoring patient's data given by the user (works only from Admin panel, graphql api) | Based on user token | episode | JustificationFilter schema | patient_id | person_id from JustificationFilter schema | There is an active token & an active justification |
encounter | ||||||
observation | ||||||
condition | ||||||
allergy_intolerance | ||||||
immunization | ||||||
risk_assessment | ||||||
device | ||||||
medication_statement | ||||||
medication_request | ||||||
medication_dispense | ||||||
service_request | ||||||
diagnostic_report | ||||||
procedure | ||||||
medication_administration | ||||||
care_plan | ||||||
activity |
Rule: @rule_-1 | Action: @read | ||||||
Scenario: | Base | Resource | Routes | Context | Source of context | Logic |
Employee can read insensitive patient’s data When I require read access Then I can read | Based on user token | allergy_intolerance | by id |
| There is an active token for client_type.name != CABINET | |
immunization | ||||||
risk_assessment | ||||||
device | ||||||
medication_statement | ||||||
specimen |
Rule: @rule_0 | Action: @read | ||||||
Scenario: | Base | Resource | Routes | Context | Source of context | Logic |
Patient can read it's own data When I require read access Then I can read | Based on patient token | episode | by id | patient_id | patient_id from URL | There is an active token given by Cabinet to a patient |
encounter | ||||||
observation | ||||||
condition | ||||||
allergy_intolerance | ||||||
immunization | ||||||
risk_assessment | ||||||
device | ||||||
medication_statement | ||||||
service_request | ||||||
diagnostic_report | ||||||
procedure | ||||||
medication_administration | ||||||
care_plan | ||||||
activity | ||||||
clinical_impression | ||||||
specimen |
Rule: @rule_1 | Action: @read | ||||||
Scenario: | Base | Resource | Routes | Context | Source of context | Logic |
Employee with active declaration can read all patient data (including merged persons/prepersons data) Given Active declaration with patientin the MSP from token And declaration from the same legal entity When I require read access Then I can read | Based on declaration and user token | episode | by id | person_id | person_id from URL | There is an active declaration between the patient and the employee in OPS from the same legal entity from token |
by search params | ||||||
encounter | by id | |||||
by search params | ||||||
by id in episode context | ||||||
by search params in episode context | ||||||
observation | by id | |||||
by search params | ||||||
by id in episode context | ||||||
by search params in episode context | ||||||
condition | by id | |||||
by search params | ||||||
by id in episode context | ||||||
by search params in episode context | ||||||
service_request | by id | |||||
by search params | ||||||
diagnostic_report | by id | |||||
by search params | ||||||
procedure | by id | |||||
by search params | ||||||
medication_administration | by id | |||||
by search params | ||||||
care_plan | by id | |||||
by search params | ||||||
activity | by id | |||||
by search params | ||||||
approval | by id | |||||
by search params | ||||||
clinical_impression | by id | |||||
by search params | ||||||
medication_request_request & medication_request & | by id | |||||
by search params | ||||||
device_request | ||||||
device_dispense | ||||||
Rule: @rule_2 | Action: @read | ||||||
Scenario: | Base | Resource | Routes | Context | Source of context | Logic |
Employee can read entity created in the employee's legal entity
When I require read access Then I can read | Based on managing organization | service_request | by id | requester_legal_entity | DB.service_request.managing_organization | managing_organization==id |
by search param | search param {managing_organization} from URL | managing_organization (requester_legal_entity, )==token.client_id | ||||
episode | by id | managing_organisation + patient_id | DB.episode.managing_organization OR DB.diagnostic_report.managing_organization | managing_organization==id | ||
by search param | search param {requester_legal_entity} from URL | managing_organization (requester_legal_entity, )==token.client_id | ||||
care_plan | managing_organisation | DB.care_plan.managing_organization | managing_organization ==token.client_id | |||
activity | managing_organisation | DB.care_plan.managing_organization | managing_organization ==token.client_id | |||
search param {managing_organization_id} from URL | ||||||
medication_request_request & medication_request & | by id | legal_entity + patient_id | search param {legal_entity_id} from URL | legal_entity_id==id | ||
by search param | legal_entity_id==token.client_id | |||||
device_request | requester_legal_entity | search param {requester_legal_entity} from URL | requester_legal_entity==token.client_id | |||
DB.device_requests.requester_legal_entity | requester_legal_entity==token.client_id | |||||
device_dispenses | performer_legal_entity | search param {performer_legal_entity} from URL | performer_legal_entity==token.client_id | |||
DB.device_requests.performer_legal_entity | performer_legal_entity==token.client_id |
Rule: @rule_3 | Action: @read | ||||||
Scenario: | Base | Resource | Routes | Context* | Source of context | Logic |
Employee can read |
Given Justification on monitoring patient's data given by the user (works only from Admin panel, graphql api)
all the data of episodes created in the employee's legal entity Given Episode context has been created on my legal entity When I require read access Then I can read | Based on |
context episode |
encounter |
Rule: @rule_-1 | Action: @read
Scenario:
Base
Resource
Routes
Context
Source of context
Logic
Employee can read insensitive patient’s data
Given User access token with client_type not equal to cabinet
When I require read access
Then I can read
Based on user token
allergy_intolerance
by id
by search params
There is an active token for client_type.name != CABINET
immunization
risk_assessment
device
medication_statement
Rule: @rule_0 | Action: @read
Scenario:
Base
Resource
Routes
Context
Source of context
Logic
Patient can read it's own data
Given Patient has access_token given by Cabinet
When I require read access
Then I can read
Based on patient token
episode
by id
by search params
patient_id
patient_id from URL
There is an active token given by Cabinet to a patient
encounter
observation
condition
allergy_intolerance
immunization
risk_assessment
device
medication_statement
service_request
diagnostic_report
procedure
medication_administration
care_plan
activity
clinical_impression
Rule: @rule_1 | Action: @read
Scenario:
Base
Resource
Routes
Context
Source of context
Logic
Employee with active declaration can read all patient data
Given Active declaration with patient
And declaration from the same MSP
When I require read access
Then I can read
Based on declaration and user token
episode
by id
person_id
person_id from URL
There is an active declaration between the patient and the employee in OPS from the same MSP from token
by search params
encounter
by id
by search params
by id in episode context
by search params in episode context
observation
by id
by search params
by id in episode context
by search params in episode context
condition
by id
by search params
by id in episode context
by search params in episode context
service_request
by id
by search params
diagnostic_report
by id
by search params
procedure
by id
by search params
medication_administration
by id
by search params
care_plan
by id
by search params
activity
by id
by search params
approval
by id
by search params
clinical_impression
by id
by search params
medication_request_request
& medication_request &
medication_dispense
by id
by search params
device_requests
by id |
person_id from JustificationFilter schema
There is an active token & an active justification
encounter
observation
condition
allergy_intolerance
immunization
risk_assessment
device
medication_statement
medication_request
medication_dispense
service_request
diagnostic_report
procedure
medication_administration
care_plan
activity
episode | DB.encounter.episode | episode.managing_organization==token.client_id | ||
by search params | search param {episode_id} from URL | |||
by id in episode context | episode_id from URL (path) | |||
by search params in episode context | ||||
observation | by id | episode | DB.observation.episode | |
by search params | search param {episode_id} from URL | |||
by id in episode context | episode_id from URL (path) | |||
by search params in episode context | ||||
condition | by id | episode | DB.condition.episode | |
by search params | search param {episode_id} from URL | |||
by id in episode context | episode_id from URL (path) | |||
by search params in episode context | ||||
service_request | by id | episode | DB.service_request.encounter.episode | |
by search params | search param {episode_id} from URL | |||
by id in episode context | episode_id from URL (path) | |||
by search params in episode context | ||||
diagnostic_report | by id | episode | DB.diagnostic_report.encounter.episode | |
by search params | context_episode_id from URL (path) | |||
procedure | by id | episode | DB.procedures.encounter.episode | |
by search params | search param {episode_id} from URL | |||
medication_administration | by id | episode | IF context is encounter THEN: | |
by search params | search param {episode_id} from URL | |||
device | by id | episode | IF context is encounter THEN: | |
by search params | search param {episode_id} from URL | |||
risk_assessment | by id | episode | IF context is encounter THEN: | |
by search params | search param {episode_id} from URL | |||
medication_statement | by id | episode | IF context is encounter THEN: | |
by search params | search param {episode_id} from URL | |||
immunization | by id | episode | IF context is encounter THEN: | |
by search params | search param {episode_id} from URL | |||
allergy_intolerance | by id | episode | IF context is encounter THEN: | |
by search params | search param {episode_id} from URL | |||
medication_request | by id | episode | DB.medication_request.context_episode_id | |
by search params | search param {episode_id} from URL | |||
medication_dispense | by id | episode | DB.medication_request.context_episode_id | |
by search params | search param {episode_id} from URL | |||
medication_request_request | by id | episode | DB.medication_request_request.context_episode_id | |
by search params | search param {episode_id} from URL | |||
clinical_impression | by id | episode | DB.clinical_impression.context_episode_id | |
by search params | search param {episode_id} from URL | |||
device_request | episode | search param {context_episode_id} from URL | episode.managing_organization==token.client_id | |
DB.device_requests.context_episode_id | device_requests.context_episode_id.managing_organization==token.client_id | |||
device_dispense | episode | search param {context_episode_id} from URL | episode.managing_organization==token.client_id | |
DB.device_dispenses.context_episode_id | device_dispenses.context_episode_id.managing_organization==token.client_id |
Rule: @rule_4 | Action: @read | ||||||
Scenario: | Base | Resource | Routes | Context | Source of context | Logic |
Employee with active approval can read |
Given Entity has been created on my MSP
When I require read access
Then I can read
Based on managing organization
service_request
by id
requester_legal_entity
+ patient_id
DB.service_request.managing_organization
managing_organization==id
by search param
search param {managing_organization} from URL
managing_organization (requester_legal_entity, )==token.client_id
episode
diagnostic_report
procedures
encounter
condition
observation
by id
managing_organisation + patient_id
DB.episode.managing_organization OR DB.diagnostic_report.managing_organization
managing_organization==id
by search param
search param {requester_legal_entity} from URL
managing_organization (requester_legal_entity, )==token.client_id
care_plan
managing_organisation
DB.care_plan.managing_organization
managing_organization ==token.client_id
activity
managing_organisation
DB.care_plan.managing_organization
managing_organization ==token.client_id
search param {managing_organization_id} from URL
medication_request_request
& medication_request &
medication_dispense
by id
legal_entity + patient_id
search param {legal_entity_id} from URL
legal_entity_id==id
by search param
legal_entity_id==token.client_id
device_requests
requester_legal_entity
search param {requester_legal_entity} from URL
requester_legal_entity==token.client_id
DB.device_requests.requester_legal_entity
requester_legal_entity==token.client_id
Rule: @rule_3 | Action: @read
Scenario:
Base
Resource
Routes
Context*
Source of context
Logic
Employee can read all the data of episodes created in the employee's MSP
Given Episode context has been created on my MSP
When I require read access
Then I can read
Based on context episode
encounter
by id
episode
DB.encounter.episode
episode.managing_organization==token.client_id
by search params
search param {episode_id} from URL
by id in episode context
episode_id from URL (path)
by search params in episode context
observation
by id
episode
DB.observation.episode
by search params
search param {episode_id} from URL
by id in episode context
episode_id from URL (path)
by search params in episode context
condition
by id
episode
DB.condition.episode
by search params
search param {episode_id} from URL
by id in episode context
episode_id from URL (path)
by search params in episode context
service_request
by id
episode
DB.service_request.encounter.episode
by search params
search param {episode_id} from URL
by id in episode context
episode_id from URL (path)
by search params in episode context
diagnostic_report
by id
episode
DB.diagnostic_report.encounter.episode
by search params
context_episode_id from URL (path)
procedure
by id
episode
all the data (including merged persons/prepersons data) of specified in approval patient Given Active approval on patient When I require read access Then I can read | Based on patient_id
| episode | patient_id
| patient_id from URL
| There is an active approval on patient’s data granted to the to the employee (one of user's employee) in MongoDB
| |
encounter | ||||||
observation | ||||||
condition | ||||||
service_request | ||||||
procedure | ||||||
diagnostic_report | ||||||
care_plan | ||||||
activity | ||||||
clinical_impression | by id | |||||
by search params | ||||||
medication_request_request | by id | |||||
by search params | ||||||
medication_request | by id | |||||
by search params | ||||||
medication_dispense | by id (details in person context) | |||||
by search params (by medication request id) | ||||||
device_request | ||||||
device_dispense | ||||||
Rule: @rule_5 | Action: @read | ||||||
Scenario: | Base | Resource | Routes | Context* | Source of context | Logic |
Employee with active approval or employees from legal_entity with active approval can read all the data of specified in approval episodes Given Active approval on episode When I require read access Then I can read | Based on context episode | episode | by id |
| There is an active approval on the episode granted to the employee (one of user's employee) OR to the legal_entity (one of legal_entity's employee) in MongoDB | |
encounter | by id | episode | DB.encounter.episode | |||
by search params | search param {episode_id} from URL |
by id in episode context | episode_id from URL (path) | |
by search params in episode context | ||
observation | by id | episode |
DB. |
observation. |
episode | |
by search params | search param {episode_id} from URL |
by id |
in episode |
context |
episode_id from URL (path) |
by search params |
search param {episode_id} from URL
in episode context | ||
condition | by id | episode |
DB |
. |
condition.episode | |
by search params | search param {episode_id} from URL |
by id in episode context | episode_id from URL (path) | |
by search params in episode context | ||
service request | by id | episode |
DB. |
service_ |
requset. |
encounter.episode | |
by search params | search param {episode_id} from URL |
by id in episode context | episode |
DB.immunizations.context
_id from URL (path) | |||
by search params in episode context | |||
diagnostic_report | by id | episode | DB.diagnostic_report.encounter.episode |
by search params | search param {episode_id} from URL |
medication_ |
administration | by id | episode | IF context is encounter THEN: |
medication_ |
administrations.context.episode | |
by search params | search param {episode_id} from URL |
procedure | by id | episode | DB. |
procedures.encounter.episode | |
by search params | search param {episode_id} from URL |
medication_request & medication_dispense | by id | episode | DB.medication_request.context_episode_id |
by search params | search param {episode_id} from URL (can be used with {encounter_id} search param for sort by encounter) | ||
medication_request_request | by id | episode | DB.medication_request_request.context_episode_id |
by search params | search param {episode_id} from URL (can be used with {encounter_id} search param for sort by encounter) | ||
clinical_impression | by id | episode | DB.clinical_impression.context_episode_id |
by search params | search param {episode_id} from URL (can be used with {encounter_id} search param for sort by encounter) | ||
device_ |
request | episode | search param {context_episode_id} from URL |
DB.device_requests.context_episode |
_id | ||||
device_dispense | episode | search param {context_episode_id} from URL | ||
DB.device_dispenses.context_episode |
_id |
Rule: @rule_ |
6 | Action: |
@read | ||||||
Scenario: | Base | Resource | Routes | Context* | Source of context | Logic |
Employee with active approval can read all the data of specified in approval patient
Given Active approval on patient
When I require read access
Then I can read
Based on patient_id
episode
patient_id
patient_id from URL
There is an active approval on patient’s data granted to the to the employee (one of user's employee) in MongoDB
encounter
observation
condition
service_request
procedure
diagnostic_report
care_plan
activity
clinical_impression
by id
by search params
medication_request_request
by id
by search params
medication_request
by id
by search params
medication_dispense
by id (details in person context)
by search params (by medication request id)
device_requests
Rule: @rule_5 | Action: @read
Scenario:
Base
Resource
Routes
Context*
Source of context
Logic
Employee with active approval or employees from legal_entity with active approval can read all the data of specified in approval episodes
Given Active approval on episode
When I require read access
Then I can read
Based on context episode
episode
by id
DB.episode.id
There is an active approval on the episode granted to the employee (one of user's employee) OR to the legal_entity (one of legal_entity's employee) in MongoDB
encounter
by id
episode
Employee can read entity originated by episode created in the employee's legal entity Given Entity has been originated by mine legal entity episode When I require read access Then I can read | Based on origin episode | encounter | by id | origin_episode | DB.encounter.origin_episode | origin_episode.managing_organization==token.client_id |
by search params | Search param {origin_episode_id} from URL | |||||
diagnostic repost | by id | origin_episode | DB.diagnostic_report.origin_episode | |||
by search params | Search param {origin_episode_id} from URL | |||||
procedures | by id | origin_episode | DB.procedures.encounter.episode | |||
by search params | search param {episode_id} from URL | |||||
device_dispense | origin_episode | Search param {origin_episode_id} from URL | ||||
DB.device_dispense.origin_episode_id |
Rule: @rule_7 | Action: @read | ||||||
Scenario: | Base | Resource | Routes | Context* | Source of context | Logic |
Employee can read all the data of diagnostic report originated by episode created in the employee's legal entity Given Diagnostic report context has been originated by mine legal entity episode When I require read access Then I can read | Based on origin episode | observation | by id | diagnostic_report | DB.observation.diagnostic_report.origin_episode | origin_episode.managing_organization==token.client_id |
by search params | Search param {diagnostic_report_id} from URL |
Rule: @rule_8 | Action: @read | ||||||
Scenario: | Base | Resource | Routes | Context* | Source of context | Logic |
Employee can read all the data of encounter originated by episode created in the employee's legal entity Given Encounter context has been originated by mine legal entity episode When I require read access Then I can read | Based on origin episode | observation | by id | encounter | DB.observation.context.origin_episode | origin_episode.managing_organization==token.client_id |
by search params | Search param {encounter_id} from URL | |||||
condition | by id | encounter | DB.condition.context.origin_episode | |||
by search params | Search param {encounter_id} from URL | |||||
diagnostic_report | by id | encounter | DB.diagnostic_report.encounter.origin_episode | |||
by search params | Search param {encounter_id} from URL | |||||
medication_administration | by id | encounter | IF context is encounter THEN: | |||
by search params | search param {encounter_id} from URL | |||||
procedure | by id | encounter | DB.procedures.encounter.episode | |||
by search params | search param { |
encounter_id} from URL | |
|
|
episode_id from URL (path)
by search params in episode context
|
| |
|
| |
|
|
|
|
| |
|
|
device_dispense |
encounter | Search param {encounter_id} from URL | ||
episode_id from URL (path)
by search params in episode context
condition
by id
episode
DB.condition.episode
by search params
search param {episode_id} from URL
by id in episode context
episode_id from URL (path)
by search params in episode context
service request
by id
episode
DB.service_requset.encounter.episode
by search params
search param {episode_id} from URL
by id in episode context
episode_id from URL (path)
by search params in episode context
diagnostic_report
by id
episode
DB.diagnostic_report.encounter.episode
by search params
search param {episode_id} from URL
medication_administration
by id
episode
IF context is encounter THEN:
DB.medication_administrations.context.episode
by search params
search param {episode_id} from URL
procedure
by id
episode
DB.procedures.encounter.episode
by search params
search param {episode_id} from URL
medication_request & medication_dispense
by id
episode
DB.medication_request.context_episode_id
by search params
search param {episode_id} from URL (can be used with {encounter_id} search param for sort by encounter)
medication_request_request
by id
episode
DB.medication_request_request.context_episode_id
by search params
search param {episode_id} from URL (can be used with {encounter_id} search param for sort by encounter)
clinical_impression
by id
episode
DB.clinical_impression.context_episode_id
by search params
search param {episode_id} from URL (can be used with {encounter_id} search param for sort by encounter)
device_requests
episode
search param {context_episode_id} from URL
DB.device_requests.context_episode_id
DB.device_dispense.encounter.origin_episode_id |
Rule: @rule_9 | Action: @read | NOT IMPLEMENTED YET | ||||||
Scenario: | Base | Resource | Routes | Context | Source of context | Logic |
Employee with active approval can read data, originated by the episode Given Active approval on patient When I require read access Then I can read |
| encounter |
|
|
|
|
| observation |
|
|
|
| |
| condition |
|
|
|
| |
| service_request |
|
|
|
| |
| diagnostic_report |
|
|
|
|
Rule: @rule_10 | Action: @read | ||||||
Scenario: | Base | Resource | Routes | Context* | Source of context | Logic |
Employee can read all the data of diagnostic report created in the employee's legal entity Given Diagnostic report context has been originated by mine legal entity When I require read access Then I can read | Based on diagnostic report | observation | by id | diagnostic_report | DB.observation.diagnostic_report.managing_organization | diagnostic_report.managing_organization==token.client_id |
by search params | Search param {diagnostic_report_id} from URL |
Rule: @rule_11 | Action: @read | ||||||
Scenario: | Base | Resource | Routes | Context* | Source of context | Logic |
Employee with active approval or employees from legal_entity with active approval can read all the data of specified in approval diagnostic report Given Active approval on diagnostic report When I require read access Then I can read | Based on diagnostic report | diagnostic_report | by id | diagnostic_report | DB.diagnostic_report | There is an active approval on the diagnostic report granted to the employee (one of user's employee) OR to the legal_entity (one of legal_entity's employee) in MongoDB |
observation | by id | diagnostic_report | DB.observation.diagnostic_report.managing_organization | |||
by search params | Search param {diagnostic_report_id} from URL |
Rule: @rule_12 | Action: @read | ||||||
Scenario: | Base | Resource | Routes | Context |
Source of context | Logic | |
Employee with active approval can read |
Given Entity has been originated by mine MSP episode
When Ithe data associated with the care plan Given Active approval on care_plan When I require read access |
Then I can read | Based on |
care plan | care_plan | by id |
care_plan + patient_id | DB. |
care_plan.id=approvals.granted_resources[].value | There is an active approval (access_level=read) on the care_plan granted to the employee by the patient (one of user's employee) in MongoDB | ||
activity | by id | care_plan + patient_id | care_plan_id & patient_id from URL (path) |
by search params |
Search param {origin_episode_id} from URL
medication_request_request | by id |
origin_episode
care_plan + patient_id | care_plan_id & patient_id from URL (path) |
by search params |
Search param {origin_episode_id} from URL
procedures
by search params
search param {episode_id} from URL
Rule: @rule_7 | Action: @read
Scenario:
Base
Resource
Routes
Context*
Source of context
Logic
Employee can read all the data of diagnostic report originated by episode created in the employee's MSP
Given Diagnostic report context has been originated by mine MSP episode
When I require read access
Then I can read
Based on origin episode
observation
by id
diagnostic_report
DB.observation.diagnostic_report.origin_episode
origin_episode.managing_organization==token.client_id
by search params
Search param {diagnostic_report_id} from URL
medication_request | by id |
origin_episode
DB.procedures.encounter.episode
care_plan + patient_id | care_plan_id & patient_id from URL (path) | ||
by search params | |||
medication_dispense | by id | care_plan + patient_id | care_plan_id & patient_id from URL (path) |
by search params | |||
device_request | by id | care_plan | DB.device_request.based_on.care_plan[].id=approvals.granted_resources[].value |
by search params | care_plan & patient_id from URL (path)=approvals.granted_resources[].value.care_plan |
Rule: @rule_13 | Action: @write | |||||||
Scenario: | Base | Resource | Routes | Context |
Source of context | Logic | ||
Employee |
Given Encounter context has been originated by mine MSP episode
When I require read access
Then I can read
Based on origin episode
observation
by id
encounter
DB.observation.context.origin_episode
origin_episode.managing_organization==token.client_id
by search params
Search param {encounter_id} from URL
condition
by id
encounter
DB.condition.context.origin_episode
by search params
Search param {encounter_id} from URL
diagnostic_report
by id
encounter
DB.diagnostic_report.encounter.origin_episode
by search params
Search param {encounter_id} from URL
medication_administration
by id
encounter
IF context is encounter THEN:
DB.medication_administrations.context.encounter
by search params
search param {encounter_id} from URL
procedure
by id
encounter
DB.procedures.encounter.episode
by search params
search param {encounter_id} from URL
medication_request
by id
encounter
DB.medication_request.context
by search params
search param {encounter_id} from URL
medication_request_request
by id
encounter
DB.medication_request_request.context
by search params
search param {encounter_id} from URL
with active write approval can write the data associated with the care plan Given Active write approval on care_plan When I require write access Then I can write | Based on care plan | care_plan |
Cancel | care_plan | DB.care_plan.id=approvals.granted_resources[].value | There is an active approval (access_level=write) on the care_plan granted to the employee by the patient (one of user's employee) in MongoDB | |
Complete | |||||||
activity |
Prequalify |
care_plan_id from URL (path) =approvals.granted_resources[].value | |||||
Create | |||||||
Cancel | |||||||
Complete | |||||||
|
|
|
| ||||
| |||||||
|
|
|
| ||||
| |||||||
|
|
|
| ||||
| |||||||
device_request | by id | care_plan | DB.device_request.based_on.care_plan[].id=approvals.granted_resources[].value | ||||
by search params | care_plan & patient_id from URL (path)=approvals.granted_resources[].value.care_plan |
Rule: @rule_14 | Action: @read | ||||||
Scenario: | Base | Resource | Routes | Context | Source of context | Logic |
Employee with active approval on the care plan can read |
the data based on this care plan Given Entity based on care_plan When I require read access |
Then I can read |
encounter
observation
condition
service_request
diagnostic_report
Rule: @rule_10 | Action: @read
Scenario:
Base
Resource
Routes
Context*
Source of context
Logic
Employee can read all the data of diagnostic report created in the employee's MSP
Given Diagnostic report context has been originated by mine MSP
When I require read access
Then I can read
Based on diagnostic report
observation
by id
diagnostic_report
DB.observation.diagnostic_report.managing_organization
diagnostic_report.managing_organization==token.client_id
by search params
Search param {diagnostic_report_id} from URL
Rule: @rule_11 | Action: @read
Scenario:
Base
Resource
Routes
Context*
Source of context
Logic
Employee with active approval or employees from legal_entity with active approval can read all the data of specified in approval diagnostic report
Given Active approval on diagnostic report
When I require read access
Then I can read
Based on diagnostic report
observation
by id
diagnostic_report
DB.observation.diagnostic_report.managing_organization
There is an active approval on the diagnostic report granted to the employee (one of user's employee) OR to the legal_entity (one of legal_entity's employee) in MongoDB
by search params
Search param {diagnostic_report_id} from URL
Based on care plan | service_request | by id | care_plan (based_on) + patient_id | DB.service_request.based_on.care_plan[].id=approvals.granted_resources[].value | There is an active approval (access_level=read/ |
by search params | care_plan + patient_id | care_plan_id from URL (search param) & patient_id from path | |||
encounter | by id | patient_id ->. care_plan (based_on service_request) | DB.encounter.based_on.service_request.based_on.care_plan[].id=approvals.granted_resources[].value OR DB.diagnostic_report.based_on.service_request.based_on.care_plan[].id=approvals.granted_resources[].value OR DB.procedure.based_on.service_request.based_on.care_plan[].id=approvals.granted_resources[].value | ||
diagnostic_report | by id | ||||
procedure | by id | ||||
device_dispense | care_plan (based_on device_request) | DB.device_dispense.based_on.device_request.based_on.care_plan[].id=approvals.granted_resources[].value |
Rule: @rule_15 | Action: @read | ||||||
Scenario: | Base | Resource | Routes | Context* | Source of context | Logic |
Employee with |
verified unexpired approval on procedure can read all the data |
Given Active approval on care_plan
When Iof this procedure Given Active approval on procedure When I require read access |
Then I can read | Based on |
procedure | procedure | by id |
procedure | DB.procedures. |
_ |
id |
There is |
a verified unexpired approval on procedure granted to the employee |
(one of user's employee) in MongoDB |
activity
by id
care_plan_id & patient_id from URL (path)
by search params
medication_request_request
by id
care_plan + patient_id
care_plan_id & patient_id from URL (path)
by search params
medication_request
by id
care_plan + patient_id
care_plan_id & patient_id from URL (path)
by search params
medication_dispense
by id
care_plan + patient_id
care_plan_id & patient_id from URL (path)
by search params
Rule: @rule_16 | Action: @read | ||||||
Scenario: | Base | Resource | Routes | Context* | Source of context | Logic |
Rule: @rule_17 | Action: @read | ||||||
Scenario: | Base | Resource | Routes | Context* | Source of context | Logic |
Employee |
can |
read all the data associated with the care plan |
Given Active approval on care_plan
When I require write access
Then I can writecreated in the employee's legal entity Given Care plan has been created on my legal entity When I require read access Then I can read
| Based on care plan |
activity | care_plan+ patient_id | DB.activities.care_plan[].id | care_plan.managing_organization.id== |
token. |
There is an active approval (access_level=write) on the care_plan granted to the employee by the patient (one of user's employee) in MongoDB
activity
by id
client_id | ||
care_plan_id from URL (search param) & patient_id from path | ||
medication_request_request |
| DB.medication_request_request.based_on.care_plan[].id |
care_plan_id from URL (search param) & patient_id from |
path |
by search params
medication_request_request
by id
care_plan_id & |
person_id from URL ( |
search param) |
by search params
medication_request | DB.medication_request.based_on.care_plan |
[].id | |
care_plan_id from URL (search param) & patient_id from |
path |
by search params
medication_dispense
by id
care_plan_id & |
person_id from URL ( |
search param) | |
service_request |
Rule: @rule_14 | Action: @read
Scenario:
Base
Resource
Routes
Context
Source of context
Logic
Employee with active approval on the care plan can read the data based on this care plan
Given Entity based on care_plan
When I require read access
Then I can read
Based on care plan
service_request
by id
care_plan (based_on) + patient_id
DB.service_request.based_on.care_plan[].id | ||
care_plan_id from URL (search param) & patient_id from path | ||
device_request | DB.device_request.based_on.care_plan[].id |
care_plan_id from URL ('based_on' search param) & patient_id from |
path | |
encounter |
care_plan (based_on service_request)+ patient_id | DB.encounter.based_on.service_request.based_on.care_plan[].id |
diagnostic_report | DB.diagnostic_report.based_on.service_request.based_on.care_plan[].id |
procedure | DB.procedure.based_on.service_request.based_on.care_plan[].id |
medication_dispense |
procedure
by id
Rule: @rule_15 | Action: @read
Scenario:
Base
Resource
Routes
Context*
Source of context
Logic
Employee with verified unexpired approval on procedure can read all the data of this procedure
Given Active approval on procedure
When I require read access
Then I can read
Based on procedure
procedure
by id
procedure
DB.procedures._id
care_plan (based_on medication_request)+ patient_id | DB.medication_dispense.based_on.medication_request.based_on_care_plan_id | ||
device_dispense | care_plan (based_on device_request)+ patient_id | DB.device_dispense.based_on.device_request.based_on.care_plan[].id |
- all routes need to have patient_id in context as an additional parameter