...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
Episode of care, that contains this service request, is considered as an origin episode in that case.
@rule_-1
@read @allergy_intolerance @immunization @risk_assessment @device @medication_statement
Scenario: Employee can read insensitive patient’s data
Given User access token with client_type not equal to cabinet
When I require read access
Then I can read
@rule_0
@read @episode @encounter @observation @condition@service_request @diagnostic_report @procedures @allergy_intolerance @immunization @risk_assessment @device @medication_statement @procedure @medication_administration
Scenario: Patient can read it's own data
Given Patient has access_token given by Cabinet
When I require read access
Then I can read
by id
@rule_1
@read @episode @encounter @observation @condition @service_request @diagnostic_report @procedures @medication_administration
Scenario: Doctor with active declaration can read all patient data
Given Active declaration with patient
And declaration from the same MSP
When I require read access
Then I can read
Based on declarationThere is an active declaration between the patient and the doctor in OPS
patient_id from URL
@rule_2
@read @episode @service_request @diagnostic_report @procedures
Scenario: Doctor can read entity created in the doctors MSP
Given Entity has been created on my MSP
When I require read access
Then I can read
Based on managing organization@rule_3
@read @encounter @observation @condition @service_request @diagnostic_report
Scenario: Doctor can read all the data of episodes created in the doctors MSP
Given Episode context has been created on my MSP
When I require read access
Then I can read
episode.managing_organization==token.client_id
DB.encounter
| Description |
---|---|
Based on declaration | Doctor with an active declaration can access all the patient's medical data. |
Based on managing organization | User can read entities, created in his MSP |
Based on context episode | User can read medical data, that was collected during an episode of care, that user has access to. |
Based on diagnostic report | User can read medical data, that was collected as a part of a diagnostic report, managed by the user's legal entity. |
Based on origin episode | Doctor can read medical data, that was collected as a part of a diagnostic report or episode of care, that user has access to. |
Based on care plan | User with active approval on the care plan can read or write the data based on this care plan |
Rule | Base | Resource | Routes | Context | Logic | Source of context |
---|---|---|---|---|---|---|
@rule_-1 @read @allergy_intolerance @immunization @risk_assessment @device @medication_statement Scenario: Employee can read insensitive patient’s data Given User access token with client_type not equal to cabinet When I require read access Then I can read | Based on user token | by id | There is an active token | |||
by search params | There is an active token | |||||
@rule_0 @read @episode @encounter @observation @condition @allergy_intolerance @immunization @risk_assessment @device @medication_statement @service_request @diagnostic_report @procedure@medication_administration @care_plan @activity Scenario: Patient can read it's own data Given Patient has access_token given by Cabinet When I require read access Then I can read | Based on patient token | by id | patient_id | There is an active token given by Cabinet to a patient | ||
by search params | ||||||
@rule_1 @read @episode @encounter @observation @condition @service_request @diagnostic_report @procedure @medication_administration @care_plan @activity @approval Scenario: Doctor with active declaration can read all patient data Given Active declaration with patient And declaration from the same MSP When I require read access Then I can read | Based on declaration | episode | by id | patient_id | There is an active declaration between the patient and the doctor in OPS | patient_id from URL |
by search params | ||||||
encounter | by id | |||||
by search params | ||||||
by id in episode context | ||||||
by search params in episode context | ||||||
observation | by id | |||||
by search params | ||||||
by id in episode context | ||||||
by search params in episode context | ||||||
condition | by id | |||||
by search params | ||||||
by id in episode context | ||||||
by search params in episode context | ||||||
service_request | by id | |||||
by search params | ||||||
diagnostic_report | by id | |||||
by search params | ||||||
care_plan | by id | |||||
by search params | ||||||
activity | by id | |||||
by search params | ||||||
approval | by id | |||||
by search params | ||||||
@rule_2 @read @episode @service_request @diagnostic_report @procedures Scenario: Doctor can read entity created in the doctors MSP Given Entity has been created on my MSP When I require read access Then I can read | Based on managing organization | episode | by id | episode | managing_organization==token.client_id | DB.episode.managing_organization |
by search params | search param {managing_organization} from URL | |||||
service_request | by id | service request | DB.service_request.managing_organization | |||
by search params | search param {requester_legal_entity} from URL | |||||
diagnostic_report | by id | diagnostic_report | DB.diagnostic_report.managing_organization | |||
by search params | search param {managing_organization} from URL | |||||
procedures | by search params | managing_organization | search param {managing_organization} from URL | |||
@rule_3 @read @encounter @observation @condition @service_request @diagnostic_report @device @medication_statement @immunization @risk_assessment @medication_administration @procedure @allergy_intolerance Scenario: Doctor can read all the data of episodes created in the doctors MSP Given Episode context has been created on my MSP When I require read access Then I can read | Based on context episode | encounter | by id | episode | episode.managing_organization==token.client_id | DB.encounter.episode |
by search params | search param {episode_id} from URL | |||||
by id in episode context | episode_id from URL (path) | |||||
by search params in episode context | ||||||
observation | by id | DB.observation.episode | ||||
by search params | search param {episode_id} from URL | |||||
by id in episode context | episode_id from URL (path) | |||||
by search params in episode context | ||||||
condition | by id | DB.condition.episode | ||||
by search params | search param {episode_id} from URL | |||||
by is in episode context |
| |||||
by search params in episode context | ||||||
service_request | by id | DB.service_request.encounter.episode.managing_organization | ||||
by search params | search param {episode_id} from URL | |||||
by id in episode context | episode_id from URL (path) | |||||
diagnostic_report | by id | DB.diagnostic_report.encounter.episode.managing_organization | ||||
by search params | context_episode_id from URL (path) | |||||
medication_statement | by id | IF context is encounter THEN: | ||||
by search params | search param {episode_id} from URL | |||||
immunization | by id | IF context is encounter THEN: | ||||
by search params | search param {episode_id} from URL | |||||
by id in episode context | episode_id from URL (path) | |||||
by search params in episode context | ||||||
device | by id | IF context is encounter THEN: | ||||
by search params | search param {episode_id} from URL | |||||
risk_assessment | by id | IF context is encounter THEN: | ||||
by search params | search param {episode_id} from URL | |||||
medication_administration | by id | IF context is encounter THEN: | ||||
by search params | search param {episode_id} from URL | |||||
procedure | by id | DB.procedures.encounter.episode.managing_organization | ||||
by search params | search param {episode_id} from URL | |||||
allergy_intolerance | by id | IF context is encounter THEN: | ||||
by search params | search param {episode_id} from URL | |||||
by id in episode context | episode_id from URL (path) | |||||
by search params in episode context | ||||||
@rule_4 @read @episode @encounter @observation @condition @allergy_intolerance @immunization @risk_assessment @device @medication_statement @service_request @diagnostic_report @medication_administration Scenario: Doctor with active approval can read all the data of specified in approval patient Given Active approval on patient When I require read access Then I can read | not implemented yet | |||||
@rule_5 @read @episode @encounter @observation @condition @allergy_intolerance @immunization @risk_assessment @device @medication_statement@service_request @diagnostic_report @procedure @medication_administration Scenario: Doctor with active approval can read all the data of specified in approval episodes Given Active approval on episode When I require read access Then I can read | Based on context episode | episode | by id | episode | There is an active approval on the episode granted to the employee (one of user's employee) in MongoDB | |
encounter | by id | DB.encounter.episode | ||||
by search params | search param {episode_id} from URL | |||||
by id in episode context | episode_id from URL (path) | |||||
by search params in episode context | ||||||
observation | by id | DB.observation.episode | ||||
by search params | search param {episode_id} from URL | |||||
by id in episode context | episode_id from URL (path) | |||||
by search params in episode context | ||||||
condition | by id | DB.condition.episode | ||||
by search params | search param {episode_id} from URL | |||||
by id in episode context | episode_id from URL (path) | |||||
by search params in episode context | ||||||
service request | by id | DB.service_requset.encounter.episode | ||||
by search params | search param {episode_id} from URL | |||||
by id in episode context |
episode_id from URL (path) | |
diagnostic report | by id |
DB.diagnostic_report.encounter.episode | |
by search params | search param {episode_id} from URL |
procedure | by id | DB. |
procedures.encounter.episode | |
by search params | search param {episode_id} from URL |
@rule_6 @read @diagnostic_report @encounter @procedure |
Scenario: Doctor can read entity originated by episode created in the doctors MSP Given Entity has been originated by mine MSP episode When I require read access Then I can read | Based on origin episode | encounter | by id | origin_episode | origin_episode.managing_organization==token.client_id | DB.encounter.origin_episode |
by search params |
Search param {origin_episode_id} |
from URL |
diagnostic |
repost | by id | DB.diagnostic_report. |
origin_episode |
by search params |
Search param {origin_episode_id} from URL |
@rule_4
@read @episode @encounter @observation @condition @allergy_intolerance @immunization @risk_assessment @device @medication_statement @service_request @diagnostic_report @medication_administration
Scenario: Doctor with active approvalprocedures | by search params | DB.diagnostic_report.origin_episode |
@rule_7 @read @observation Scenario: Doctor can read all the data of |
Given Active approval on patient
When I require read access
Then I can read
@rule_5
@read @episode @encounter @observation @condition @allergy_intolerance @immunization @risk_assessment @device @medication_statement @service_request @diagnosticdiagnostic report originated by episode created in the doctors MSP Given Diagnostic report context has been originated by mine MSP episode When I require read access Then I can read | Based on origin episode | observation | by id | diagnostic_report | origin_episode.managing_organization==token.client_id | DB.observation.diagnostic_report.origin_episode |
by search params | Search param {diagnostic_report_id} from URL | |||||
@rule_8 @read @observation @condition @allergy_intolerance @immunization @risk_assessment @device @medication_statement @service_request @diagnostic_report @procedure @medication_administration Scenario: |
Doctor can read all the data of |
Given Active approval on episode
When Iencounter originated by episode created in the doctors MSP Given Encounter context has been originated by mine MSP episode When I require read access |
Then I can read | Based on |
origin episode |
observation | by id |
There is an active approval on the episode granted to the employee (one of user's employee) in MongoDB
encounter | origin_episode.managing_organization==token.client_id | DB.observation.context.origin_episode |
by search params |
Search param { |
encounter_id} |
from URL |
condition | by id | DB.condition. |
context.origin_episode |
by search params |
Search param { |
encounter_id} from URL |
service request | by id | DB. |
service_request.encounter.origin_episode |
by search params |
Search param { |
encounter_id} from URL | |
diagnostic_report | by id |
DB.diagnostic_report.encounter.origin_episode | ||
by search params | Search param {encounter_id} from URL | |
procedure | by id | DB. |
procedure.origin_episode |
by |
search params | Search param {encounter_id} from URL | |||||
@rule_9 @read @encounter @observation @condition @service_request @diagnostic_report Scenario: Doctor with active approval can read data, originated by the episode Given Active approval on episode When I require read access Then I can read | not implemented yet | |||||
@rule_10 @read @observation Scenario: Doctor can read all the data of diagnostic report created in the doctors MSP |
Given Diagnostic report context has been originated by mine MSP When I require read access Then I can read | Based on diagnostic report | observation | by id | diagnostic_report | diagnostic_report.managing_organization==token.client_id | DB.observation.diagnostic_report.managing_organization |
by search params |
Search param {diagnostic_report_id} from URL |
@rule |
_11 @read @observation Scenario: |
Given Entity has been originated by mine MSP episode
When IDoctor with active approval can read all the data of specified in approval diagnostic report Given Active approval on diagnostic report When I require read access |
Then I can read | Based on |
diagnostic report |
observation | by id |
diagnostic_ |
origin_episode.managing_organization==token.client_id
DB.encounter.origin_episode
report | There is an active approval on the diagnostic report granted to the employee (one of user's employee) in MongoDB | DB.observation.diagnostic_report |
by search params | Search param { |
diagnostic_ |
report_id} from URL |
@rule_7
@read @observation
Scenario: Doctor can read all the data of diagnostic report originated by episode created in the doctors MSP
Given Diagnostic report context has been originated by mine MSP episode
When I require read access
Then I can read
@rule_8
@read @observation @condition @allergy_intolerance @immunization @risk_assessment @device @medication_statement @service_request @diagnostic_report @procedure @medication_administration
Scenario: Doctor can read all the data of encounter originated by episode created in the doctors MSP
Given Encounter context has been originated by mine MSP episode
When I require read access
Then I can read
origin_episode.managing_organization==token.client_id
@rule_9
@read @encounter @observation @condition @service_request @diagnostic_report
Scenario: Doctor with active approval can read data, originated by the episode
Given Active approval on episode
When I require read access
Then I can read
@rule_10
@read @observation
Scenario: Doctor can read all the data of diagnostic report created in the doctors MSP
Given Diagnostic report context has been originated by mine MSP
When I require read access
Then I can read
@rule_11
@read @observation
Scenario: Doctor with active approval can read all the data of specified in approval diagnostic report
Given Active approval on diagnostic report
When I require read access
Then I can read
@rule_12 @read @care_plan @activity @medication_request @medication_request_request Scenario: Doctor with active approval can read the data associated with the care plan. Given Active approval on care_plan When I require read access Then I can read | Based on care plan | care_plan | by id | care_plan | There is an active approval (access_level=read) on the care_plan granted to the employee (one of user's employee) in MongoDB | DB.care_plan.id=approvals.granted_resources[].value |
activity | by id | care_plan_id from URL (path) DB.activities.care_plan[].id=approvals.granted_resources[].value | ||||
by search params | ||||||
medication_request_requests | by search params | care_plan_id from URL (path) DB.medication_request_requests.based_on.care_plan[].id=approvals.granted_resources[].value | ||||
medication_requests | by search params | care_plan_id from URL (path) DB.medication_requests.based_on.care_plan[].id=approvals.granted_resources[].value | ||||
@rule_13 @write @care_plan @activity @medication_request @medication_request_request Scenario: Doctor with active approval can write the data associated with the care plan. Given Active approval on care_plan When I require write access Then I can write | Based on care plan | care_plan | by id | care_plan | There is an active approval (access_level=write) on the care_plan granted to the employee (one of user's employee) in MongoDB | DB.care_plan.id=approvals.granted_resources[].value |
complete | ||||||
cancel | ||||||
activity | by id | care_plan_id from URL (path) DB.activities.care_plan[].id=approvals.granted_resources[].value | ||||
by search params | ||||||
create | ||||||
complete | ||||||
cancel | ||||||
medication_request_requests | by search params | care_plan_id from URL (path) DB.medication_request_requests.based_on.care_plan[].id=approvals.granted_resources[].value | ||||
medication_requests | by search params | care_plan_id from URL (path) DB.medication_requests.based_on.care_plan[].id=approvals.granted_resources[].value | ||||
@rule_14 @read @service_request @encounter @diagnostic_report @procedure Scenario: User with active approval on the care plan can read the data based on this care plan. Given Entity based on care_plan And Active approval on care_plan When I require read access Then I can read | Based on care plan | service_request | by id | care_plan | There is an active approval (access_level=read/write) on the care_plan granted to the employee (one of user's employee) in MongoDB | DB.service_request.based_on.care_plan[].id=approvals.granted_resources[].value |
by search params | DB.service_request.based_on.care_plan[].id=approvals.granted_resources[].value | |||||
encounter | by id | DB.encounters.incoming_referral.[].service_requests.based_on.care_plan[].id=approvals.granted_resources[].value | ||||
diagnostic_report | by id | DB.diagnostic_reports.based_on.[].service_requests.based_on.care_plan[].id=approvals.granted_resources[].value | ||||
procedure | by id | DB.procedures.based_on.[].service_requests.based_on.care_plan[].id=approvals.granted_resources[].value |