Versions Compared

Version Old Version 16 New Version Current
Changes made by

Anastasiia Prokhorova (SoE eHealth) (Unlicensed)

Anzhela Kovalenko (SoE eHealth)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Note

Сторінка знаходиться в процесі розробки. Інформація на ній може бути застарілою.

Info

/wiki/spaces/EN/pages/17591304241 (remove the link block before publishing the document)

...

Page Properties
idpage_properties_method_REST API

Document type

Метод REST API

Document title

[Document statusDRAFT] REST API [Назва методу] [ID методуCreate approval [API-001-001-001-0001]

Guideline ID

GUI-0011

Author

@

Document version

1

Document status

DRAFT

Date of creation

ХХ.ХХ.ХХХХ (дата фінальної версії документа – RC або PROD)

Date of update

ХХ.ХХ.ХХХХ (дата зміни версії)

Method API ID

API-001-001-001-0001

Microservices (namespace)

ABAC

Component

Approvals/ABAC

Component ID

COM-001-001

Link на API-специфікацію

https://medicaleventsmisapi.docs.apiary.io/#reference/approvals/create-approval/create-approval

Resource

{{host}}/api/patients/{{patient_id}}/approvals

Scope

approval:create

Protocol type

REST

Request type

POST

Sync/Async

Async(def)/Sync

Public/Private

Public

...

  1. This WS is designed to create approval on entity, which aggregate other entities (episode_of_care, diagnostic_report, care_plan), OR forbidden group OR diagnoses group, OR on service_request including it’s permitted_resources OR on cancel for encounter and procedure OR patient.

  2. Approvals are processed in the async way

  3. Only authenticated and authorized employees with appropriate scope can create approval.

  4. Approvals with “write” access give “read” access by default. Employee with verified not expired approval with “write” access will be able to read data of specified in approval medical_event (if is possible according to ABAC-rules)

Logic

Description of the working algorithm of the API method and the interaction of services with each other add Service logic (if necessary)

Service logic

  1. Set is_verified = false

  2. All the approvals where is_verified = false should be deleted 12 hours after creation - env. configuration parameter

  3. All approvals depends on value of granted_resources has its own expires_at config parameter - env. configuration parameter

  4. Approvals with child_resources will be created ON entity which is context of this child_resources

  5. For approvals on child_resource with resource and on service_request:

    1. set child resource to block reason

    2. set service_request to block reason

  6. Check type of authentication_method for patient:

    1. If type = 'OTP' send SMS type of granted_to & type of entity in granted_resources:

granted_to

block

granted_resources

Sms

items with FG

w\o items with FG

employee

resources

episode_of_care

Код <code> для доступу до даних про <forbidden_groups.short_name> <forbidden_groups.sms_url>

 

If there are codes from more than 1 group:

 

Код <code> для доступу до даних про ВІЛ,РПП eHealth

Код авторизації дій в системі eHealth: <code>

diagnostic_report

care_plan

encounter

procedure

child_resources

diagnostic_report

encounter

condition

observation

activity

clinical_impression

allergy_intolerance

immunization

device

risk_assessment

procedure

service_request

episode_of_care

diagnostic_report

forbidden_group

forbidden_group

-(only with FG)

diagnoses_group

diagnoses_group

ICD10: Код <code>: доступ на групу діагнозів {diagnoses_group_code} eHealth

ICPC2: Код <code>: доступ на групу діагнозів {diagnoses_group_code} eHealth

services_group

diagnostic_reports and procedures array

Код ****: доступ на групу сервісів {service_group_code}   eHealth

patient_id

patient_id

Код авторизації дій в системі eHealth: <code>

granted_to

block

granted_resources

Sms

items with FG

w\o items with FG

legal_entity

service_request

episode_of_care

-(only w/o FG)

Код <code>: згода на обробку персональних даних eHealth

diagnostic_report

Configuration parameters

Description of the configuration parameters that are used when processing a request in the system

Dictionaries

...

Configuration parameters

N/A

Dictionaries

N/A

Input parameters

Input parameter

Mandatory

Type

Description

Example

1

patient_id

 

String

mpi_id. Required

aff00bf6-68bf-4b49-b66d-f031d48922b3

2

Request structure

See on API-specification

Expand
titleExample
Code Block
languagejson
{
  "resources": [
    {
      "identifier": {
        "type": {
          "coding": [
            {
              "system": "eHealth/resources",
              "code": "episode_of_care"
            }
          ],
          "text": ""
        },
        "value": "97d57238-ffbe-4335-92ea-28d4de117ea2"
      }
    }
  ],
  "granted_to": {
    "identifier": {
      "type": {
        "coding": [
          {
            "system": "eHealth/resources",
            "code": "employee"
          }
        ]
      },
      "value": "9183a36b-4d45-4244-9339-63d81cd08d9c"
    }
  },
  "access_level": "read",
  "authorize_with": "cc949559-5dfe-420f-ac05-065e443b2cc6"
}

Headers

...

Key

...

Value

...

Mandatory

...

Description

...

Example

...

Content-Type

...

application/json

...

Тип контенту

...

Content-Type:application/json

...

Authorization

...

Bearer d368a4b0-4a0e-457a-b267-32359fa6288f

...

Перевірка користувача

...

Authorization:Bearer d368a4b0-4a0e-457a-b267-32359fa6288f

...


  "authorize_with": "cc949559-5dfe-420f-ac05-065e443b2cc6"
}

Headers

Headers

Request data validation

Authorize

...

  1. Granted_to.employee_id should be active

    1. in case of error - return 422 “Should be active“

  2. Check if employee from the same legal entity as user:

    1. client_id from token should be linked with employee_id from granted_to object.

      1. in case of error - return 422 “Employee <employee_id> doesn't belong to your legal entity“

  3. Check employee_type is from list of employee types configuration CREATE_APPROVAL_ALLOWED_EMPLOYEE_TYPES

    1. in case of error - return 422 “Invalid employee type“

Validate resources or block of resources

...

  1. if episode_of_care is presented in request as the code of resource

    1. Check episode_of_care in the request exists and is in active or closed status in DB

      1. in case of error return - 422 (Episode is canceled)

    2. Check if resource from granted_to = 'employee':

      1. in case of error return - 422 ("$.resource. value is not allowed in enum")

  2. if diagnostic_report is presented in request as the code of resource

    1. Check diagnostic_report block in the request exists and is in final status in DB

      1. in case of error return - 422 (Diagnostic report in \"entered_in_error\" status can not be referenced or Diagnostic report with such id is not found)

    2. Check if resource from granted_to = 'employee':

      1. in case of error return - 422 ("$.resource. value is not allowed in enum")

  3. if care_plan is presented in request as the code of resource

    1. Check care_plan in the request exists in DB

      1. in case of error return - 422 (Care plan with such id is not found)

    2. Check there no other objects in request

      1. in case of error return - 422 (Approval for care plan can not contain other entities)

    3. Check if resource from granted_to = 'employee':

      1. in case of error return - 422 ("$.resource. value is not allowed in enum")

    4. if access_level = 'write':

      1. Check if care_plans.managing_organization = granted_to.employees.legal_entity_id:

        1. in case of error return - 422 ('User is not allowed to write care plan from another legal_entity')

  4. if encounter  is presented in request as the code of resource

    1. Check encounter in the request exists in DB

      1. in case of error return - 422 (not found)

    2. Check if resource from granted_to = 'employee':

      1. in case of error return - 422 ("$.resource. value is not allowed in enum")

    3. Check is status of episode from encounter = 'active'

      1. in case of error return - 422 ("Encounter refers to episode that is not active")

  5. if procedure is presented in request as the code of resource

    1. Check procedure in the request exists in DB

      1. in case of error return - 422 (not found)

    2. Check if resource from granted_to = 'employee':

      1. in case of error return - 422 ("$.resource. value is not allowed in enum")

...

  1. if diagnoses_group block is presented in request

    1. Check diagnoses_group in the request exists and is_active in DB

      1. in case of error return - 404 (not found)

    2. Check if resource from granted_to = 'employee':

      1. in case of error return - 422 ("$.resource. value is not allowed in enum")

Validate service_group

  1. if service_group block is presented in request

    1. Check services_group in the request exists and is_active in DB

      1. in case of error return - 404 (not found)

  2. Check if resource from granted_to = 'employee':

    1. in case of error return - 422 ("$.resource. value is not allowed in enum")

Validate patient

  1. if patient block is presented in request

    1. Get patient_id from URL:

      1. Check person_id from the request equal to the patient_id from URL

        1. in case of error return - 404 (“Approval for one patient can not be created in another patient’s context”)

      2. exists and is_active in DB

        1. in case of error return - 404 (Person is not found)

    2. Check if resource from granted_to = 'employee':

      1. in case of error return - 422 ("$.resource. value is not allowed in enum")

...

Validate person authentication_method

  1. if resource = care_plan & care_plans.terms_of_service = 'INPATIENT'&granted_to.employees.legal_entity_id = care_plans.managing_organization:

    1. skip validation of person authentication_method

    2. set approvals.urgent = null

  2. In other cases: Check patient_id:

    1. if belongs to person, then GET auth_method from MPI using {patient_id}

      1. If it's OTP:

        1. send SMS to the auth_phone via otp_verification service POST /verifications

        2. save approval to DB

        3. save authentication_method_current.type and number to DB

        4. return authentication_method_current.type = OTP

      2. If it is offline

        1. save approval to DB

        2. save authentication_method_current.type and number to DB

        3. return  authentication_method_current.type = offline

      3.  if it is null:

        1. return error 409 (Person does not have active authentication method)

    2. if belongs to preperson:

      1. save approval to DB

      2. set approval status = active

      3. set approval urgent = null 

...

  1. Validate that access_level correspond to granted_resources:

    1. In case error return 422 ("Resource types [\"$.granted_resources[].code\"] not allowed to use write access_level")

block

granted_resources

context

access_level

access to

reason

resources

episode_of_care

 

read

Reading all the data of specified in approval episode

null

diagnostic_report

 

read

Reading all the data of specified in approval diagnostic report

null

diagnostic_report

 

write

Canceling diagnostic report package

care_plan

 

read

Reading all the data of specified in approval care plan

null

care_plan

 

write

Creating activities for care plan, cancelling medication requests or recalling/cancelling service requests based on care plan

encounter

 

write

Canceling encounter data package

null

procedure

 

write

Canceling procedure

null

child_resources

diagnostic_report

episode_of_care

read

Reading all the data of specified in context for diagnostic_report

null

encounter

episode_of_care

Reading all the data of specified in context for encounter

null

condition

episode_of_care

Reading all the data of specified in context for condition

null

observation

episode_of_care

diagnostic_report

Reading all the data of specified in context for observation

null

activity

care_plan

Reading all the data of specified in context for activity

null

clinical_impression

episode_of_care

Reading all the data of specified in context for clinical_impression

null

allergy_intolerance

episode_of_care

Reading all the data of specified in context for allergy_intolerance

null

immunization

episode_of_care

Reading all the data of specified in context for immunization

null

device

episode_of_care

Reading all the data of specified in context for device

null

risk_assessment

episode_of_care

Reading all the data of specified in context for risk_assessment

null

procedure

episode_of_care

Reading all the data of specified in context for procedure

null

service_request

episode_of_care

 

read

Reading data from granted_resources in approval service request

service_request

diagnostic_report

 

read

forbidden_group

forbidden_group

 

read

Reading all the medical events with items (codes/services/service_groups) of specified in approval forbidden groups 

null

diagnoses_group

episode_of_care array

 

read

Reading all data of episodes with current_diagnoses.codes that specified in approval diagnoses group 

null

services_group

diagnostic_reports and procedures array

 

read

Reading all data of diagnostic reports and procedures with code.identifier.value that specified in approval service group

null

patient_id

patient_id

 

read

Reading all the data of specified patient

null

Validate authorize_with

The patient can pass the id of his auth_method which he wants to confirm the approval. The necessary auth method can be found by making Get person's auth methods

...

If approval doesn't have this field, then choose that method which is returned from mpi as person's default method.

Processing

A list of processes related to receiving, changing or transmitting data according to the logic defined in the REST APIN/A

Response structure examples

...

Expand
titleExample
Code Block
languagejson
{
  "data": {
    "id": "d5a5d991-0bf7-476f-b3cf-bec73f044b2e",
    "granted_resources": [
      {
        "identifier": {
          "type": {
            "coding": [
              {
                "system": "eHealth/resources",
                "code": "episode_of_care"
              }
            ]
          },
          "value": "d5a5d991-0bf7-476f-b3cf-bec73f044b2e"
        },
        "display_value": "null"
      }
    ],
    "granted_to": {
      "identifier": {
        "type": {
          "coding": [
            {
              "system": "eHealth/resources",
              "code": "employee"
            }
          ]
        },
        "value": "9183a36b-4d45-4244-9339-63d81cd08d9c"
      },
      "display_value": "null"
    },
    "expires_at": 1498749591,
    "reason": {
      "identifier": {
        "type": {
          "coding": [
            {
              "system": "eHealth/resources",
              "code": "service_request"
            }
          ]
        },
        "value": "9183a36b-4d45-4244-9339-63d81cd08d9c"
      },
      "display_value": "null"
    },
    "status": "new",
    "access_level": "read",
    "authentication_method_current": {
      "type": "OTP",
      "number": "+38093*****85"
    }
  },
  "meta": {
    "code": 201,
    "url": "http://example.com/resource",
    "type": "object",
    "request_id": "req-adasdoijasdojsda"
  }
}
Expand
titleExample
Code Block
languagejson
{
  "data": {
    "status": "pending",
    "eta": "2018-08-02T10:45:16.000Z",
    "links": [
      {
        "entity": "job",
        "href": "/Jobs/NBXk9EyErUZv1RhXgyvgg"
      }
    ]
  },
  "meta": {
    "code": 202,
    "url": "http://example.com/resource",
    "type": "object",
    "request_id": "req-adasdoijasdojsda"
  }
}

HTTP status codes

Response code

HTTP Status code

Message

Internal name

Description

1

Базові

2

201

 response

 

3

202

 response

 

4

401

Invalid access token

 

5

403

Your scope does not allow to access this resource. Missing allowances: approval:create

 

6

404

Approval for one patient can not be created in another patient’s context

 

7

404

not found

8

404

Person is not found

9

409

Person does not have active authentication method

 

10

422

Approval for care plan can not contain other entities

11

422

Сannot be confirmed by a method with type= NA. Use a different method

12

422

Care plan with such id is not found

13

422

Child resource context id is not equal to granted resource id

14

422

Diagnostic report in \"entered_in_error\" status can not be referenced or Diagnostic report with such id is not found

15

422

Employee <employee_id> doesn't belong to your legal entity

16

422

Episode is canceled

17

422

Encounter refers to episode that is not active

18

422

Invalid employee type

19

422

Legal entity should be active

20

422

not found

21

422

$.resource. value is not allowed in enum

22

422

$.access_level. value is not allowed in enum

23

422

$.resources.expected a maximum of 1 items but got 2

24

422

Should be active

25

422

schema does not allow additional properties

26

422

such authentication method does not belong to this person

27

422

such authentication method doesn't exist

28

422

Resource types ["$.granted_resources[].code"] not allowed to use write access_level

29

422

User is not allowed to write care plan from another legal_entity

30

Специфічні

31

Post-processing processes

Description of actions performed on data after processing

Technical modules where the method is used

List of pages describing technical N/A

Technical modules where the method is used

Page Properties Report
headingsID ТМ, Статус
cqllabel = "tr-mis"

...