Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
REST API method / Метод REST API (настанова)
Info
Note

Сторінка знаходиться в процесі розробки. Інформація на ній може бути застарілою.

Info

/wiki/spaces/EN/pages/17591304241 (remove the link block before publishing the document)

Table of Contents

Properties of a REST API method document

Page Properties
idpage_properties_method_REST API

Document type

Метод REST API

Document title

[Document status] REST API [Назва методу] [ID методуDRAFT] Cancel Encounter Package [API-007-004-004-0253]

Guideline ID

GUI-0011

Author

@

Document version

1

Document status

DRAFT

Date of creation

ХХ.ХХ.ХХХХ (дата фінальної версії документа – RC або PROD)

Date of update

ХХ.ХХ.ХХХХ (дата зміни версії)

Method API ID

API-007-004-004-0253

Microservices (namespace)

ME

Component

EDP

Component ID

COM-007-004

Link на API-специфікацію

https://ehealthmedicaleventsapimedicaleventsmisapi.docs.apiary.io/#reference/medical-events/episodeencounter-ofdata-carepackage/cancel-encounter-package

Resource

{{host}}/api/patients/{{id}}/encounter_package

Scope

encounter:cancel

Protocol type

REST

Request type

PATCH

Sync/Async

Async

Public/Private

Public

Purpose

This web service allows to cancel encounter and other components of Data Package such as conditions, observations, allergy_intolerances and immunizations in case they were entered in error.

...

Note

Note: Current diagnoses on the episode will be replaced automatically with the last accurate diagnoses in case encounter was cancelled.

Logic

This web service allows to cancel encounter and other components of Data Package they were entered in case in error.

Configuration parameters

Description of the configuration parameters that are used when processing a request in the system

Dictionaries

Provides a list of links to dictionaries that are available in Confluence

Input parameters

Description of input N/A

Dictionaries

N/A

Input parameters

composition_id

Input parameter

Mandatory

Type

Description

Example

1

 M

String ($uuid) (path)

Composition object ID

 89678f60-4cdc-4fe3-ae83-e8b3ebd35c59

2

Request structure

See on API-specification (посилання на сторінку з API-специфікацією)Description of the REST API request structure, example

Expand
titleExample
Code Block
languagejson
{
  "signed_data": "ew0KICAicGVyaW9kIjogew0KIC..."
}

Headers

...

Key

...

Value

...

Mandatory

...

Description

...

Example

...

Content-Type

...

application/json

...

M

...

Тип контенту

...

Content-Type:application/json

...

Authorization

...

Bearer {{access_token}}

...

Authorization:Bearer {{access_token}}

...

API-key

...

{{secret}}

...

API-key:{{secret}}

...

Headers

Request data validation

Authorize

Request to process the request using a token in the headers

  • Verify the validity of access token

    • return 401 (“Invalid access token”) in case validation fails

  • Verify token is not expired

    • in case of error - return 401 (“Invalid access token”) 

  • Check user scopes in order to perform this action (scope = 'encounter:cancel')

    • Return 403 in case invalid scope(s)

  • If BLOCK_UNVERIFIED_PARTY_USERS is true, then check party's data match following condition: verification_status != NOT_VERIFIED or (verification_status = NOT_VERIFIED and updated_at <= current_date - UNVERIFIED_PARTY_PERIOD_DAYS_ALLOWED):

    • in case not match - return 403 ("Access denied. Party is not verified")

 

  1. Validate digital signature

    1. ds.drfo == PRM.parties.tax_id where PRM.parties.id==PRM.employees.party_id where:

      1. PRM.employees.id==$.encounter.performer.identifier.value)

      2. OR PRM.employees.id==$.approval.granted_to.identifier.value ($.approvals.granted_resources.identifier.value==$.encounter_id AND $.approvals.access_level='write')

      3. OR PRM.employees.employee_type==MED_ADMIN

  2. Compare signed_content to previously created content

    1. select encounter, select * from observations, conditions, immunizations, allergy_intolerances where context.identifier.value=encounter_id and compare to signed_content (do not include statuses to comparation, cancellation_reason and  explanatory_letter )

      1. in case of inconsistencies return "Submitted signed content does not correspond to previously created content"

  3. Validate diagnoses still valid

    1. if ($.encounter.status!="entered_in_error") validate ($.conditions[?(@.verification_status=="entered_in_error")].id is not IN $.encounter.diagnoses[*].condition.identifier.value)

      1. in case of error "The condition can not be canceled while encounter is not canceled" 

  4. Validate cancellation_reason

    1. $.cancellation_reason.coding[*].system == "eHealth/cancellation_reasons"

  5. Validate entities are not canceled yet (status!= "entered_in_error")

    1. in case of error "Invalid transition"

  6. Validate at least one entity in the request marked as "entered_in_error"

    1. in case of error "At least one entity should have status "entered_in_error""

  7. Validate user performs action with an episode that belong to his legal entity

    1. ME.patient{patinet_id}.episodes{episode_id}.managing_organization==token.client_id

      1. in case of error return 422 "Managing_organization in the episode does not correspond to user`s legal_entity"

  8. Validate reasons (eHealth/ICPC2/reasons dictionary)

    1. is case is_active = false return error 422 “value is not allowed in enum

 

Validate legal entity

  • Validate episode belongs to the legal entity where the current user works

    • ME.episode.managing_organization==token.client_id

      • in case of error return 409 "User is not allowed to perform actions with an episode that belongs to another legal entity"

Validate patient

  • Validate patient is active

    •  ME.patient.status=="active"

      • in case of error return "Patient is not active"

Validate User

  • Extract user_id from token

  • Get list of APPROVED employees with this user_id in current Legal Entity

  • Check that for user one of the conditions is TRUE:

    • user has an employee that specified as author of the encounter ($.encounter .recorded_by.identifier.value is in the list of APPROVED employees)

    • OR check that user has an employee which has approval granted by the patient with access_level:write for this encounter resource ($.approvals.granted_resources.identifier.value==$.encounter_id AND $.approvals.granted_to.identifier.value==PRM.employees.id AND $.approvals.access_level='write')

    • OR user has an employee has MED_ADMIN employee type

    • otherwise, return error 409  "Employee is not performer of encounter, don't has approval or required employee type"

Processing

  1. Save signed_content to Media Storage

  2. Set status `entered_in_error` for objects, submitted with status `entered_in_error`

  3. Set cancellation_reason

  4. Set explanatory_letter 

  5. Deactivate corresponding diagnoses in the episode in case encounter was entered_in_error

    1. Find episode where id == encouners{encounter_id}.context.identifier.value

    2. Find record in episodes{episode_id}.diagnoses_hstr.evidence.identifier.value==encounter_id

    3. Set is_active = false for this record

  6. Replace current diagnoses 

    1. Set in episodes.current_diagnoses the last record from diagnoses_history where is_active==true

Response structure examples

See on API-specification (посилання на сторінку з API-специфікацією)

See on Apiary

Expand
titleExample
Code Block
languagejson
{
  "data": {
    "status": "pending",
    "eta": "2018-08-02T10:45:16.000Z",
    "links": [
      {
        "entity": "job",
        "href": "/Jobs/NBXk9EyErUZv1RhXgyvgg"
      }
    ]
  },
  "meta": {
    "code": 202,
    "url": "http://example.com/resource",
    "type": "object",
    "request_id": "req-adasdoijasdojsda"
  }
}
Expand
Code Block
languagejson
{
  "meta": {
    "code": 404,
    "url": "http://example.com/resource",
    "type": "object",
    "request_id": "req-adasdoijasdojsda"
  },
  "error": {
    "type": "NOT_FOUND",
    "message": "Patient not found"
  }
}

HTTP status codes

Unauthorized

Response code

HTTP Status code

Message

Internal name

Description

1

Базові

2

202

 

 

3

401

 

Access token validation failed

4

401

Invalid access token

5

401

Помилка підтвердження

6

403

Access denied. Party is not verified

76

403

 

Invalid scope

87

1000

404

Composition not found

COMPOSITION_NOT_FOUND_404

Не знайдено медичний висновок

9

404

 not found

 

108

409

Employee is not performer of encounter, don't has approval or required employee type

119

422

Managing_organization in the episode does not correspond to user`s legal_entity

1210

422

User is not allowed to perform actions with an episode that belongs to another legal entity

1311

422

value is not allowed in enum

1412

Специфічні

15

422

Only for active MPI record can be created medication request!

13

Post-processing processes

Description of actions performed on data after processing

Technical modules where the method is used

List of pages describing technical N/A

Technical modules where the method is used

Page Properties Report
headingsID ТМ, Статус
cqllabel = "tr-mis"

...