Then I can read
Based on declaration
...
episode
...
by id
patient_id
...
There is an active declaration between the patient and the doctor in OPS
patient_id from URL
...
by search params
...
encounter
...
by id
...
by search params
...
by id in episode context
...
by search params in episode context
...
observation
...
by id
...
by search params
...
by id in episode context
...
by search params in episode context
...
condition
...
by id
...
by search params
...
by id in episode context
...
by search params in episode context
...
service_request
...
by id
...
by search params
...
diagnostic_report
...
by id
...
by search params
...
care_plan
...
by id
...
by search params
...
activity
...
by id
...
by search params
...
approval
...
by id
...
by search params
...
clinical_impression
...
by id
...
by search params
...
medication_request_request
...
by id
...
by search params
...
medication_request
...
by id
...
by search params
...
medication_dispense
...
by id
...
by search params (Search Medication dispenses by Medication request ID)
@rule_2
@read @episode @service_request @diagnostic_report @procedures
Scenario: Doctor can read entity created in the doctors MSP
Given Entity has been created on my MSP
When I require read access
Then I can read
Based on managing organization
...
episode
...
by id
...
episode
managing_organization==token.client_id
...
DB.episode.managing_organization
...
by search params
...
search param {managing_organization} from URL
...
service_request
...
by id
...
service request
...
DB.service_request.managing_organization
...
by search params
...
search param {requester_legal_entity} from URL
...
diagnostic_report
...
by id
...
diagnostic_report
...
DB.diagnostic_report.managing_organization
...
by search params
...
search param {managing_organization} from URL
...
procedures
...
by search params
...
managing_organization
...
search param {managing_organization} from URL
...
medication_request_request
...
by id
...
legal_entity + patient_id
...
legal_entity_id==id
...
search param {legal_entity_id} from URL
...
by search param
...
legal_entity_id ==token.client_id
...
medication_request
...
by id
...
legal_entity + patient_id
...
legal_entity_id==id
...
search param {legal_entity_id} from URL
...
by search param
...
legal_entity_id ==token.client_id
...
medication_dispense
...
by id
...
legal_entity + patient_id
...
legal_entity_id==id
...
search param {legal_entity_id} from URL
...
by search param (Search Medication dispenses by Medication request ID)
...
legal_entity_id ==token.client_id
...
@rule_3
@read @encounter @observation @condition @service_request @diagnostic_report @device @medication_statement @immunization @risk_assessment @medication_administration @procedure @allergy_intolerance @clinical_impression
Scenario: Doctor can read all the data of episodes created in the doctors MSP
Given Episode context has been created on my MSP
When I require read access
Then I can read
...
Based on context episode
...
encounter
...
by id
episode
episode.managing_organization==token.client_id
...
DB.encounter.episode
...
by search params
...
search param {episode_id} from URL
...
by id in episode context
...
episode_id from URL (path)
...
by search params in episode context
...
observation
...
by id
...
DB.observation.episode
...
by search params
...
search param {episode_id} from URL
...
by id in episode context
...
episode_id from URL (path)
...
by search params in episode context
...
condition
...
by id
...
DB.condition.episode
...
by search params
...
search param {episode_id} from URL
...
by is in episode context
...
by search params in episode context
...
service_request
...
by id
...
Table of Contents |
---|
...
Description
...
Based on declaration
...
Doctor with an active declaration can access all the patient's medical data.
...
Based on managing organization
...
User can read entities, created in his MSP
...
Based on context episode
...
User can read medical data, that was collected during an episode of care, that user has access to.
...
Based on diagnostic report
...
User can read medical data, that was collected as a part of a diagnostic report, managed by the user's legal entity.
...
Based on origin episode
...
Doctor can read medical data, that was collected as a part of a diagnostic report or episode of care, that user has access to.
Episode of care, that contains this service request, is considered as an origin episode in that case.
...
Based on care plan
...
User with active approval on the care plan can read or write the data based on this care plan
...
Rule
...
Base
...
Resource
...
Routes
...
Context
...
Logic
...
Source of context
...
@rule_-2 (GraphQL only)
@read @episode @encounter @observation @condition @allergy_intolerance @primmunization @risk_assessment @device @medication_statement @service_request @diagnostic_report @procedure @medication_administration@care_plan @activity
Scenario: NHS employee can read patient’s data if he has Justification for monitoring
Given Justification on monitoring patient's data given by the user (works only from Admin panel, graphql api)
When I require read access
Then I can read
...
Based on user token
...
by id
...
patient_id
...
There is an active token
...
by search params
...
There is an active token
...
@rule_-1
@read @allergy_intolerance @immunization @risk_assessment @device @medication_statement
Scenario: Employee can read insensitive patient’s data
Given User access token with client_type not equal to cabinet
When I require read access
Then I can read
...
Based on user token
...
by id
...
There is an active token
...
by search params
...
There is an active token
...
@rule_0
@read @episode @encounter @observation @condition @allergy_intolerance @immunization @risk_assessment @device @medication_statement @service_request @diagnostic_report @procedure @medication_administration@care_plan @activity @clinical_impression
Scenario: Patient can read it's own data
Given Patient has access_token given by Cabinet
When I require read access
Then I can read
...
Based on patient token
...
by id
...
patient_id
...
There is an active token given by Cabinet to a patient
...
by search params
@rule_1
@read @episode @encounter @observation @condition @service_request @diagnostic_report @procedure @medication_administration @care_plan @activity @approval @clinical_impression
Scenario: Employee with active declaration can read all patient data
Given Active declaration with patient
And declaration from the same MSP
When I require read access
Table of Contents |
---|
Rule base type | Description |
---|---|
Based on declaration | Employee with an active declaration can access all the patient's medical data (including person's/preperson's medical data which were merged with person with active declaration). |
Based on managing organization | Employee can read entities, created in his legal entity |
Based on context episode | Employee can read medical data, that was collected during an episode of care, that employee has access to. |
Based on diagnostic report | Employee can read medical data, that was collected as a part of a diagnostic report, managed by the employee's legal entity. |
Based on origin episode | Employee can read medical data, that was collected as a part of a diagnostic report or episode of care, that employee has access to. |
Based on care plan | Employee with active approval on the care plan can read or write the data based on this care plan |
Based on patient | Employee with active approval on the patient can read the data related to this patient (including person's/preperson's medical data which were merged with person ) |
Rule: @rule_-2 | Action: @read | (GraphQL only) | ||||||
Scenario: | Base | Resource | Routes | Context | Source of context | Logic |
NHS employee can read patient’s data if he has Justification for monitoring
Given Justification on monitoring patient's data given by the user (works only from Admin panel, graphql api) | Based on user token | episode | JustificationFilter schema | patient_id | person_id from JustificationFilter schema | There is an active token & an active justification |
encounter | ||||||
observation | ||||||
condition | ||||||
allergy_intolerance | ||||||
immunization | ||||||
risk_assessment | ||||||
device | ||||||
medication_statement | ||||||
medication_request | ||||||
medication_dispense | ||||||
service_request | ||||||
diagnostic_report | ||||||
procedure | ||||||
medication_administration | ||||||
care_plan | ||||||
activity |
Rule: @rule_-1 | Action: @read | ||||||
Scenario: | Base | Resource | Routes | Context | Source of context | Logic |
Employee can read insensitive patient’s data When I require read access Then I can read | Based on user token | allergy_intolerance | by id |
| There is an active token for client_type.name != CABINET | |
immunization | ||||||
risk_assessment | ||||||
device | ||||||
medication_statement | ||||||
specimen |
Rule: @rule_0 | Action: @read | ||||||
Scenario: | Base | Resource | Routes | Context | Source of context | Logic |
Patient can read it's own data When I require read access Then I can read | Based on patient token | episode | by id | patient_id | patient_id from URL | There is an active token given by Cabinet to a patient |
encounter | ||||||
observation | ||||||
condition | ||||||
allergy_intolerance | ||||||
immunization | ||||||
risk_assessment | ||||||
device | ||||||
medication_statement | ||||||
service_request | ||||||
diagnostic_report | ||||||
procedure | ||||||
medication_administration | ||||||
care_plan | ||||||
activity | ||||||
clinical_impression | ||||||
specimen |
Rule: @rule_1 | Action: @read | ||||||
Scenario: | Base | Resource | Routes | Context | Source of context | Logic |
Employee with active declaration can read all patient data (including merged persons/prepersons data) Given Active declaration with patientin the MSP from token And declaration from the same legal entity When I require read access Then I can read | Based on declaration and user token | episode | by id | person_id | person_id from URL | There is an active declaration between the patient and the employee in OPS from the same legal entity from token |
by search params | ||||||
encounter | by id | |||||
by search params | ||||||
by id in episode context | ||||||
by search params in episode context | ||||||
observation | by id | |||||
by search params | ||||||
by id in episode context | ||||||
by search params in episode context | ||||||
condition | by id | |||||
by search params | ||||||
by id in episode context | ||||||
by search params in episode context | ||||||
service_request | by id | |||||
by search params | ||||||
diagnostic_report | by id | |||||
by search params | ||||||
procedure | by id | |||||
by search params | ||||||
medication_administration | by id | |||||
by search params | ||||||
care_plan | by id | |||||
by search params | ||||||
activity | by id | |||||
by search params | ||||||
approval | by id | |||||
by search params | ||||||
clinical_impression | by id | |||||
by search params | ||||||
medication_request_request & medication_request & | by id | |||||
by search params | ||||||
device_request | ||||||
device_dispense | ||||||
Rule: @rule_2 | Action: @read | ||||||
Scenario: | Base | Resource | Routes | Context | Source of context | Logic |
Employee can read entity created in the employee's legal entity
When I require read access Then I can read | Based on managing organization | service_request | by id | requester_legal_entity | DB.service_request.managing_organization | managing_organization==id |
by search param | search param {managing_organization} from URL | managing_organization (requester_legal_entity, )==token.client_id | ||||
episode | by id | managing_organisation + patient_id | DB.episode.managing_organization OR DB.diagnostic_report.managing_organization | managing_organization==id | ||
by search param | search param {requester_legal_entity} from URL | managing_organization (requester_legal_entity, )==token.client_id | ||||
care_plan | managing_organisation | DB.care_plan.managing_organization | managing_organization ==token.client_id | |||
activity | managing_organisation | DB.care_plan.managing_organization | managing_organization ==token.client_id | |||
search param {managing_organization_id} from URL | ||||||
medication_request_request & medication_request & | by id | legal_entity + patient_id | search param {legal_entity_id} from URL | legal_entity_id==id | ||
by search param | legal_entity_id==token.client_id | |||||
device_request | requester_legal_entity | search param {requester_legal_entity} from URL | requester_legal_entity==token.client_id | |||
DB.device_requests.requester_legal_entity | requester_legal_entity==token.client_id | |||||
device_dispenses | performer_legal_entity | search param {performer_legal_entity} from URL | performer_legal_entity==token.client_id | |||
DB.device_requests.performer_legal_entity | performer_legal_entity==token.client_id |
Rule: @rule_3 | Action: @read | ||||||
Scenario: | Base | Resource | Routes | Context* | Source of context | Logic |
Employee can read all the data of episodes created in the employee's legal entity Given Episode context has been created on my legal entity When I require read access Then I can read | Based on context episode | encounter | by id | episode | DB.encounter.episode | episode.managing_organization==token.client_id |
by search params | search param {episode_id} from URL | |||||
by id in episode context | episode_id from URL (path) | |||||
by search params in episode context | ||||||
observation | by id | episode | DB.observation.episode | |||
by search params | search param {episode_id} from URL | |||||
by id in episode context | episode_id from URL (path) | |||||
by search params in episode context | ||||||
condition | by id | episode | DB.condition.episode | |||
by search params | search param {episode_id} from URL | |||||
by id in episode context | episode_id from URL (path) | |||||
by search params in episode context | ||||||
service_request | by id | episode | DB.service_request.encounter.episode | |||
by search params | search param {episode_id} from URL | |||||
by id in episode context | episode_id from URL (path) | |||||
by search params in episode context | ||||||
diagnostic_report | by id | episode | DB.diagnostic_report.encounter.episode | |||
by search params | context_episode_id from URL (path) | |||||
procedure | by id | episode | DB.procedures.encounter.episode | |||
by search params | search param {episode_id} from URL | |||||
medication_administration | by id | episode | IF context is encounter THEN: | |||
by search params | search param {episode_id} from URL | |||||
device | by id | episode | IF context is encounter THEN: | |||
by search params | search param {episode_id} from URL | |||||
risk_assessment | by id | episode | IF context is encounter THEN: | |||
by search params | search param {episode_id} from URL | |||||
medication_statement | by id | episode | IF context is encounter THEN: | |||
by search params | search param {episode_id} from URL | |||||
immunization | by id | episode | IF context is encounter THEN: | |||
by search params | search param {episode_id} from URL | |||||
allergy_intolerance | by id | episode | IF context is encounter THEN: | |||
by search params | search param {episode_id} from URL | |||||
medication_request | by id | episode | DB.medication_request.context_episode_id | |||
by search params | search param {episode_id} from URL | |||||
medication_dispense | by id | episode | DB.medication_request.context_episode_id | |||
by search params | search param {episode_id} from URL | |||||
medication_request_request | by id | episode | DB.medication_request_request.context_episode_id | |||
by search params | search param {episode_id} from URL | |||||
clinical_impression | by id | episode | DB.clinical_impression.context_episode_id | |||
by search params | search param {episode_id} from URL | |||||
device_request | episode | search param {context_episode_id} from URL | episode.managing_organization==token.client_id | |||
DB.device_requests.context_episode_id | device_requests.context_episode_id.managing_organization==token.client_id | |||||
device_dispense | episode | search param {context_episode_id} from URL | episode.managing_organization==token.client_id | |||
DB.device_dispenses.context_episode_id | device_dispenses.context_episode_id.managing_organization==token.client_id |
Rule: @rule_4 | Action: @read | ||||||
Scenario: | Base | Resource | Routes | Context | Source of context | Logic |
Employee with active approval can read all the data (including merged persons/prepersons data) of specified in approval patient Given Active approval on patient When I require read access Then I can read | Based on patient_id
| episode | patient_id
| patient_id from URL
| There is an active approval on patient’s data granted to the to the employee (one of user's employee) in MongoDB
| |
encounter | ||||||
observation | ||||||
condition | ||||||
service_request | ||||||
procedure | ||||||
diagnostic_report | ||||||
care_plan | ||||||
activity | ||||||
clinical_impression | by id | |||||
by search params | ||||||
medication_request_request | by id | |||||
by search params | ||||||
medication_request | by id | |||||
by search params | ||||||
medication_dispense | by id (details in person context) | |||||
by search params (by medication request id) | ||||||
device_request | ||||||
device_dispense | ||||||
Rule: @rule_5 | Action: @read | ||||||
Scenario: | Base | Resource | Routes | Context* | Source of context | Logic |
Employee with active approval or employees from legal_entity with active approval can read all the data of specified in approval episodes Given Active approval on episode When I require read access Then I can read | Based on context episode | episode | by id |
| There is an active approval on the episode granted to the employee (one of user's employee) OR to the legal_entity (one of legal_entity's employee) in MongoDB | |
encounter | by id | episode | DB.encounter.episode | |||
by search params | search param {episode_id} from URL | |||||
by id in episode context | episode_id from URL (path) | |||||
by search params in episode context | ||||||
observation | by id | episode | DB.observation.episode | |||
by search params | search param {episode_id} from URL | |||||
by id in episode context | episode_id from URL (path) | |||||
by search params in episode context | ||||||
condition | by id | episode | DB.condition.episode | |||
by search params | search param {episode_id} from URL | |||||
by id in episode context | episode_id from URL (path) | |||||
by search params in episode context | ||||||
service request | by id | episode | DB.service_requset.encounter.episode | |||
by search params | search param {episode_id} from URL | |||||
by id in episode context | episode_id from URL (path) | |||||
by search params in episode context | ||||||
diagnostic_report | by id | episode | DB.diagnostic_report.encounter.episode | |||
by search params | search param {episode_id} from URL | |||||
medication_administration | by id | episode | IF context is encounter THEN: | |||
by search params | search param {episode_id} from URL | |||||
procedure | by id | episode | DB.procedures.encounter.episode | |||
by search params | search param {episode_id} from URL | |||||
medication_request & medication_dispense | by id | episode | DB.medication_request.context_episode_id | |||
by search params | search param {episode_id} from URL (can be used with {encounter_id} search param for sort by encounter) | |||||
medication_request_request | by id | episode | DB.medication_request_request.context_episode_id | |||
by search params | search param {episode_id} from URL (can be used with {encounter_id} search param for sort by encounter) | |||||
clinical_impression | by id | episode | DB.clinical_impression.context_episode_id | |||
by search params | search param {episode_id} from URL (can be used with {encounter_id} search param for sort by encounter) | |||||
device_request | episode | search param {context_episode_id} from URL | ||||
DB.device_requests.context_episode_id | ||||||
device_dispense | episode | search param {context_episode_id} from URL | ||||
DB.device_dispenses.context_episode_id |
Rule: @rule_6 | Action: @read | ||||||
Scenario: | Base | Resource | Routes | Context* | Source of context | Logic |
Employee can read entity originated by episode created in the employee's legal entity Given Entity has been originated by mine legal entity episode When I require read access Then I can read | Based on origin episode | encounter | by id | origin_episode | DB.encounter.origin_episode | origin_episode.managing_organization==token.client_id |
by search params | Search param {origin_episode_id} from URL | |||||
diagnostic repost | by id | origin_episode | DB.diagnostic_report.origin_episode | |||
by search params | Search param {origin_episode_id} from URL | |||||
procedures | by id | origin_episode | DB.procedures.encounter.episode | |||
by search params | search param {episode_id} from URL | |||||
device_dispense |
origin_episode | Search param {origin_episode_id} from URL |
DB. |
device_ |
dispense. |
by search params
context_episode_id from URL (path)
medication_statement
by id
IF context is encounter THEN:
DB.medication_statements.context.episode.managing_organization
by search params
search param {episode_id} from URL
immunization
by id
IF context is encounter THEN:
DB.immunizations.context.episode.managing_organization
by search params
search param {episode_id} from URL
by id in episode context
episode_id from URL (path)
by search params in episode context
device
by id
IF context is encounter THEN:
DB.devices.context.episode.managing_organization
by search params
search param {episode_id} from URL
risk_assessment
by id
IF context is encounter THEN:
DB.risk_assessments.context.episode.managing_organization
by search params
search param {episode_id} from URL
medication_administration
by id
IF context is encounter THEN:
DB.medication_administrations.context.episode.managing_organization
by search params
search param {episode_id} from URL
procedure
by id
DB.procedures.encounter.episode.managing_organization
by search params
search param {episode_id} from URL
allergy_intolerance
by id
IF context is encounter THEN:
DB.allergy_intolerances.context.episode.managing_organization
by search params
search param {episode_id} from URL
by id in episode context
episode_id from URL (path)
by search params in episode context
clinical_impression
by id
origin_episode_id |
Rule: @rule_7 | Action: @read | ||||||
Scenario: | Base | Resource | Routes | Context* | Source of context | Logic |
Employee can read all the data of diagnostic report originated by episode created in the employee's legal entity Given Diagnostic report context has been originated by mine legal entity episode When I require read access Then I can read | Based on origin episode | observation | by id | diagnostic_report | DB.observation.diagnostic_report.origin_episode | origin_episode.managing_organization==token.client_id |
by search params | Search param {diagnostic_report_id} from URL |
Rule: @rule_8 | Action: @read | ||||||
Scenario: | Base | Resource | Routes | Context* | Source of context | Logic |
Employee can read all the data of encounter originated by episode created in the employee's legal entity Given Encounter context has been originated by mine legal entity episode When I require read access Then I can read | Based on origin episode | observation | by id | encounter | DB.observation.context.origin_episode | origin_episode.managing_organization==token.client_id |
by search params | Search param {encounter_id} from URL | |||||
condition | by id | encounter | DB.condition.context.origin_episode | |||
by search params | Search param {encounter_id} from URL | |||||
diagnostic_report | by id | encounter | DB.diagnostic_report.encounter.origin_episode | |||
by search params | Search param {encounter_id} from URL | |||||
medication_administration | by id | encounter | IF context is encounter THEN: | |||
by search params | search param { |
encounter_id} from URL |
procedure | by id |
encounter | DB.procedures. |
encounter. |
episode |
by search params | search param { |
encounter_id} from URL |
|
|
|
|
|
|
|
| |
|
|
|
|
|
|
encounter
by id
DB.encounter.episode
by search params
search param {episode_id} from URL
by id in episode context
episode_id from URL (path)
by search params in episode context
observation
by id
DB.observation.episode
by search params
search param {episode_id} from URL
by id in episode context
episode_id from URL (path)
by search params in episode context
condition
by id
DB.condition.episode
by search params
search param {episode_id} from URL
by id in episode context
episode_id from URL (path)
by search params in episode context
service request
by id
DB.service_requset.encounter.episode
by search params
search param {episode_id} from URL
by id in episode context
episode_id from URL (path)
diagnostic report
by id
DB.diagnostic_report.encounter.episode
by search params
search param {episode_id} from URL
procedure
by id
DB.procedures.encounter.episode
by search params
search param {episode_id} from URL
clinical_impression
by id
DB.clinical_impression.episode
by search params
search param {episode_id} from URL
medication_request
by id
episode
DB.medication_request.context_episode_id
by search params
search param {episode_id} from URL
medication_dispense
by id
episode
DB.medication_request.context_episode_id
by search param (Search Medication dispenses by Medication request ID)
search param {episode_id} from URL
medication_request_request
by id
episode
DB.medication_request_request.context_episode_id
by search params
search param {episode_id} from URL
@rule_6
@read @diagnostic_report @encounter @procedure
Scenario: Doctor can read entity originated by episode created in the doctors MSP
Given Entity has been originated by mine MSP episode
When I require read access
Then I can read
Based on origin episode
encounter
by id
origin_episode
origin_episode.managing_organization==token.client_id
DB.encounter.origin_episode
by search params
Search param {origin_episode_id} from URL
diagnostic repost
by id
DB.diagnostic_report.origin_episode
by search params
Search param {origin_episode_id} from URL
procedures
by search params
DB.diagnostic_report.origin_episode
@rule_7
@read @observation
Scenario: Doctor can read all the data of diagnostic report originated by episode created in the doctors MSP
Given Diagnostic report context has been originated by mine MSP episode
When I require read access
Then I can read
Based on origin episode
observation
by id
diagnostic_report
origin_episode.managing_organization==token.client_id
DB.observation.diagnostic_report.origin_episode
by search params
Search param {diagnostic_report_id} from URL
@rule_8
@read @observation @condition @allergy_intolerance @immunization @risk_assessment @device @medication_statement @service_request @diagnostic_report @procedure @medication_administration @clinical_impression
Scenario: Doctor can read all the data of encounter originated by episode created in the doctors MSP
Given Encounter context has been originated by mine MSP episode
When I require read access
Then I can read
Based on origin episode
observation
by id
encounter
origin_episode.managing_organization==token.client_id
DB.observation.context.origin_episode
by search params
Search param {encounter_id} from URL
condition
by id
DB.condition.context.origin_episode
by search params
Search param {encounter_id} from URL
service request
by id
DB.service_request.encounter.origin_episode
by search params
Search param {encounter_id} from URL
diagnostic_report
by id
DB.diagnostic_report.encounter.origin_episode
by search params
Search param {encounter_id} from URL
procedure
by id
DB.procedure.origin_episode
by search params
Search param {encounter_id} from URL
medication_request
by id
encounter
DB.medication_request.context
by search params
|
@rule_4
@read @episode @encounter @observation @condition @allergy_intolerance @immunization @risk_assessment @device @medication_statement @service_request @diagnostic_report @medication_administration
Scenario: Doctor with active approval can read all the data of specified in approval patient
Given Active approval on patient
When I require read access
Then I can read
not implemented yet
@rule_5
@read @episode @encounter @observation @condition @allergy_intolerance @immunization @risk_assessment @device@medication_statement @service_request @diagnostic_report @procedure @medication_administration @clinical_impression
Scenario: Doctor with active approval can read all the data of specified in approval episodes
Given Active approval on episode
When I require read access
Then I can read
Based on context episode
episode
by id
episode
There is an active approval on the episode granted to the employee (one of user's employee) in MongoDB
device_dispense | encounter | Search param {encounter_id} from URL | ||
DB.device_dispense.encounter.origin_episode_id |
Rule: @rule_9 | Action: @read | NOT IMPLEMENTED YET | ||||||
Scenario: | Base | Resource | Routes | Context | Source of context | Logic |
Employee with active approval can read data, originated by the episode Given Active approval on patient When I require read access Then I can read |
| encounter |
|
|
|
|
| observation |
|
|
|
| |
| condition |
|
|
|
| |
| service_request |
|
|
|
| |
| diagnostic_report |
|
|
|
|
Rule: @rule_10 | Action: @read | ||||||
Scenario: | Base | Resource | Routes | Context* | Source of context | Logic |
Employee can read all the data of diagnostic report created in the employee's legal entity Given Diagnostic report context has been originated by mine legal entity When I require read access Then I can read | Based on diagnostic report | observation | by id | diagnostic_report | DB.observation.diagnostic_report.managing_organization | diagnostic_report.managing_organization==token.client_id |
by search params | Search param {diagnostic_report_id} from URL |
Rule: @rule_11 | Action: @read | ||||||
Scenario: | Base | Resource | Routes | Context* | Source of context | Logic |
Employee with active approval or employees from legal_entity with active approval can read all the data of specified in approval diagnostic report Given Active approval on diagnostic report When I require read access Then I can read | Based on diagnostic report | diagnostic_report | by id | diagnostic_report | DB.diagnostic_report | There is an active approval on the diagnostic report granted to the employee (one of user's employee) OR to the legal_entity (one of legal_entity's employee) in MongoDB |
observation | by id | diagnostic_report | DB.observation.diagnostic_report.managing_organization | |||
by search params | Search param {diagnostic_report_id} from URL |
Rule: @rule_12 | Action: @read | ||||||
Scenario: | Base | Resource | Routes | Context | Source of context | Logic |
Employee with active approval can read the data associated with the care plan Given Active approval on care_plan When I require read access Then I can read | Based on care plan | care_plan | by id | care_plan + patient_id | DB.care_plan.id=approvals.granted_resources[].value | There is an active approval (access_level=read) on the care_plan granted to the employee by the patient (one of user's employee) in MongoDB |
activity | by id | care_plan + patient_id | care_plan_id & patient_id from URL (path) | |||
by search params | ||||||
medication_request_request | by id | care_plan + patient_id | care_plan_id & patient_id from URL (path) | |||
by search params | ||||||
medication_request | by id | care_plan + patient_id | care_plan_id & patient_id from URL (path) | |||
by search params | ||||||
medication_dispense | by id | care_plan + patient_id | care_plan_id & patient_id from URL (path) | |||
by search params | ||||||
device_request | by id | care_plan | DB.device_request.based_on.care_plan[].id=approvals.granted_resources[].value | |||
by search params | care_plan & patient_id from URL (path)=approvals.granted_resources[].value.care_plan |
@rule_12
@read @care_plan @activity @medication_request @medication_request_request
Scenario: Doctor with active approval can read the data associated with the care plan.
Given Active approval on care_plan
When I require read access
Then I can read
Based on care plan
care_plan
by id
care_plan
There is an active approval (access_level=read) on the care_plan granted to the employee (one of user's employee) in MongoDB
Rule: @rule_13 | Action: @write | |||||||
Scenario: | Base | Resource | Routes | Context | Source of context | Logic | |
Employee with active write approval can write the data associated with the care plan Given Active write approval on care_plan When I require write access Then I can write | Based on care plan | care_plan |
Cancel | care_plan | DB.care_plan.id=approvals.granted_resources[].value | There is an active approval (access_level=write) on the care_plan granted to the employee by the patient (one of user's employee) in MongoDB | |
Complete | |||||||
activity |
Prequalify |
care_plan_id from URL (path) =approvals.granted_resources[].value | |||||
Create | |||||||
Cancel | |||||||
Complete | |||||||
|
|
encounter
DB.medication_request_request.context
by search params
search param {encounter_id} from URL
@rule_9
@read @encounter @observation @condition @service_request @diagnostic_report
Scenario: Doctor with active approval can read data, originated by the episode
Given Active approval on episode
When I require read access
Then I can read
not implemented yet
@rule_10
@read @observation
Scenario: Doctor can read all the data of diagnostic report created in the doctors MSP
Given Diagnostic report context has been originated by mine MSP
When I require read access
Then I can read
Based on diagnostic report
observation
by id
diagnostic_report
diagnostic_report.managing_organization==token.client_id
DB.observation.diagnostic_report.managing_organization
by search params
Search param {diagnostic_report_id} from URL
@rule_11
@read @observation
Scenario: Doctor with active approval can read all the data of specified in approval diagnostic report
Given Active approval on diagnostic report
When I require read access
Then I can read
Based on diagnostic report
observation
by id
diagnostic_report
There is an active approval on the diagnostic report granted to the employee (one of user's employee) in MongoDB
DB.observation.diagnostic_report
by search params
Search param {diagnostic_report_id} from URL
|
| |||
| ||||
|
|
|
| |
| ||||
|
|
|
| |
| ||||
device_request | by id | care_plan | DB.device_request.based_on.care_plan[].id=approvals.granted_resources[].value | |
by search params | care_plan & patient_id from URL (path)=approvals.granted_resources[].value.care_plan |
Rule: @rule_14 | Action: @read | ||||||
Scenario: | Base | Resource | Routes | Context | Source of context | Logic |
Employee with active approval on the care plan can read the data based on this care plan Given Entity based on care_plan When I require read access Then I can read | Based on care plan | service_request | by id | care_plan (based_on) + patient_id | DB.service_request.based_on.care_plan[].id=approvals.granted_resources[].value | There is an active approval (access_level=read/ |
by search params | care_plan + patient_id | care_plan_id from URL (search param) & patient_id from path | ||||
encounter | by id | patient_id ->. care_plan (based_on service_request) | DB.encounter.based_on.service_request.based_on.care_plan[].id=approvals.granted_resources[].value OR DB.diagnostic_report.based_on.service_request.based_on.care_plan[].id=approvals.granted_resources[].value |
activity
by id
care_plan_id from URL (path)
DB.activitiesOR DB.procedure.based_on.service_request.based_on.care_plan[].id=approvals.granted_resources[].value | |
diagnostic_report | by id |
procedure | by |
id |
device_ |
dispense |
care |
_plan (based_on device_request) | DB |
.device_dispense.based_on.device_request |
.based_on.care_plan[].id=approvals.granted_resources[].value |
medication_requests
by search params
care_plan_id from URL (path)
DB.medication_requests.based_on.care_plan[].id=approvals.granted_resources[].value
medication_dispense
by id
care_plan + patient_id
care_plan_id & patient_id from URL (path)
by search params (Search Medication dispenses by Medication request ID)
@rule_13
@write @care_plan @activity @medication_request @medication_request_request
Scenario: Doctor with active approval can writeRule: @rule_15 | Action: @read | ||||||
Scenario: | Base | Resource | Routes | Context* | Source of context | Logic |
Employee with verified unexpired approval on procedure can read all the data of this procedure Given Active approval on procedure When I require read access Then I can read | Based on procedure | procedure | by id | procedure | DB.procedures._id | There is a verified unexpired approval on procedure granted to the employee (one of user's employee) in MongoDB |
Rule: @rule_16 | Action: @read | ||||||
Scenario: | Base | Resource | Routes | Context* | Source of context | Logic |
Rule: @rule_17 | Action: @read | ||||||
Scenario: | Base | Resource | Routes | Context* | Source of context | Logic |
Employee can read all the data associated with the care plan |
Given Active approval on care_plan
When I require write access
Then I can writecreated in the employee's legal entity Given Care plan has been created on my legal entity When I require read access Then I can read
| Based on care plan | activity | care_plan |
+ patient_id | DB.activities.care_plan[].id | care_plan |
There is an active approval (access_level=write) on the care_plan granted to the employee (one of user's employee) in MongoDB
DB.care_plan.id=approvals.granted_resources[].value
complete
cancel
activity
by id
care_plan_id from URL (path)
DB.activities.managing_organization.id==token.client_id | ||
care_plan_id from URL (search param) & patient_id from path | ||
medication_request_request |
| DB.medication_request_request.based_on.care_plan[].id |
care_plan_id from URL (search param) & patient_id from path | ||
care_plan_id & person_id from URL (search param) | ||
medication_request | DB.medication_request.based_on.care_plan[].id |
medication_request_requests
create
complete
cancel
care_plan_id from URL (search param) & patient_id from path | |
care_plan_id & person_id from URL ( |
search param) | ||
service_request | DB. |
service_request |
.based_on.care_plan[].id |
care_plan_id from URL ( |
search param) & patient_id from path | ||
device_request | DB. |
device_ |
request.based_on.care_plan[].id |
care_plan |
_id |
from URL ('based_on' search param) & patient_id from |
path |
encounter |
@rule_14
@read @service_request @encounter @diagnostic_report @procedure @medication_dispense
Scenario: User with active approval on the care plan can read the data based on this care plan.
Given Entity based on care_plan
And Active approval on care_plan
When I require read access
Then I can read
Based on care plan
service_request
by id
care_plan
There is an active approval (access_level=read/write) on the care_plan granted to the employee (one of user's employee) in MongoDB
care_plan (based_on service_request)+ patient_id | DB.encounter.based_on.service_request.based_on.care_plan[].id | |
diagnostic_report | DB.diagnostic_report.based_on.service_request.based_on.care_plan[].id | |
procedure | DB.procedure.based_on.service_request.based_on.care_plan[].id |
medication_dispense | care_plan |
(based_on medication_request)+ patient_id | DB.medication_dispense.based_on.medication_request.based_on |
_care_plan |
_id | ||
device_dispense | care_plan (based_on device_request)+ patient_id |
DB.device_dispense.based_on. |
device_ |
request.based_on.care_plan[].id |
diagnostic_report
by id
procedure
- all routes need to have patient_id in context as an additional parameter