| Table of Contents | ||
|---|---|---|
|
...
This web service (set of services) is designed to provide access to specific episode of care and all its child entities for those users who has appropriate privileges
- User who has active declaration with patient is "authorized" to manage all patient's data (view history, add new medical events)
- User with active approval to this episode can view episode details and its child entities
Specification
- Get encounters in episode context
- Get encounter details in episode context
- Get conditions in episode context
- Get condition details in episode context
- Get observations in episode context
- Get observation details in episode context
- Get allergy intolerances in episode context
- Get allergy intolerance details in episode context
- Get immunizations in episode context
- Get immunization details in episode context
Service logic
Validate token
- Verify the validity of access token
- Return 401 Return (401, 'unauthorized') in case of validation fails
- Verify that token is not expired
- in case of error - return (401, 'unauthorized')
Validate scopes
- Check user scopes in order to perform this action (scope = 'episode_of_care:read')
- Return (403, 'forbidden') in case of invalid scope(s)
...
Otherwise - access to this data is denied. Return (403, 'forbidden')
Rule 1: User who has active declaration with patient is "authorized" to manage all patient's data
| Info | ||
|---|---|---|
| ||
If ANY employee related to this user in this legal entity has active declaration with this patient - it has the privileges to access this data |
...
| Code Block | ||
|---|---|---|
| ||
SELECT d.id
FROM declarations d
WHERE d.legal_entity_id = :client_id
AND d.employee_id IN (:employees)
AND d.status IN ('active', 'pending_verification')
AND d.person_id = :patient_id; |
Rule 2: User with active approval to this episode can view episode details and its child entities
TBD