/wiki/spaces/EN/pages/17591304241 (remove the link block before publishing the document)

Properties of a REST API method document

...

Document type

...

Метод REST API

...

Document title

...

[DRAFT] [UPD] Create approval [API-007-011-001-0478]

...

Guideline ID

...

GUI-0011

...

Author

...

@

...

Document version

...

1

...

Document status

...

DRAFT

...

Date of creation

...

/wiki/spaces/EN/pages/17591304241 (remove the link block before publishing the document)

Properties of a REST API method document

Document type	Метод REST API
Document title	[DRAFT] [UPD] Create approval [API-007-011-001-0478]
Guideline ID	GUI-0011
Author	@
Document version	1
Document status	DRAFT
Date of creation	ХХ.ХХ.ХХХХ (дата фінальної версії документа – RC або PROD)
Date of update	ХХ.ХХ.ХХХХ (дата зміни версії)
Method API ID	API-007-011-001-0478
Microservices (namespace)	ME
Component	Compositions_ME
Component ID	COM-007-011
Link на API-специфікацію	https://ehealthmisapi1.docs.apiary.io/#reference/public.-medical-service-provider-integration-layer/manage-client-configuration/get-client-details
Resource	{{host}}//api.ehealth.gov.ua/api/patients/id/encounter_package
Scope
Protocol type	REST
Request type
Sync/Async
Public/Private

...

Set is_verified value to:
1. false if patient is person.
2. true if patient is preperson.
All the approvals where is_verified = false should be deleted 12 hours after creation - env. configuration parameter (APPROVAL_TTL_HOURS)
All approvals depends on value of granted_resources has its own expires_at config parameter - env. configuration parameter
Approvals with child_resources will be created ON entity which is context of this child_resources
For approvals on child_resource with resource and on service_request:
1. set child resource to block reason
2. set service_request to block reason
If block resource_types passed in request - it must be saved to db.approvals.granted_resource_types. db.approvals.granted_resources must be empty
1. in all other scenarios db.approvals.granted_resource_types must be empty
Specific approvals can request and provide additional permissions from patient to employee to get access to some sensitive information in requested resource
1. If approval is requested on Composition (block $.composition is presented in request)
  1. Check each resource from composition.section[].entry[] (any level of hierarchy) to see if it matches with any of the rule of forbidden groups according to Medical Events filtration by Forbidden groups
  2. If if does - put forbidden group identifier to approval
    1. append approval.forbidden_groups with the Reference to forbidden group(s)
  3. If some resources matches with the same forbidden group that was already added - do not duplicate it
  4. Determine SMS template based on the list of matched forbidden groups (see table below)
2. If approval is requested on child_resource (block $.composition is presented in request)
  1. Check the resource from child_resource to see if it matches with any of the rules of forbidden groups according to Medical Events filtration by Forbidden groups
  2. If if does - put forbidden group identifier to approval
    1. append approval.forbidden_groups with the Reference to forbidden group(s)
  3. Determine SMS template based on the list of matched forbidden groups (see table below)
If block composition passed in request - put $.composition reference to db.approvals.granted_resources
Check type of authentication_method for patient:
1. If type = 'OTP' send SMS type of granted_to & type of entity in granted_resources:

Configuration parameters

N/A

Dictionaries

N/A

Input parameters

...

Input parameter

...

Mandatory

...

Type

...

Description

...

Example

...

patient_id

...

String

...

mpi_id. Required

...

aff00bf6-68bf-4b49-b66d-f031d48922b3

...

Request structure

See on API-specification

...

title	Example

...

language	json

...

granted_to	block	granted_resources	Sms
granted_to	block	granted_resources	items with FG	w\o items with FG
employee	resources	episode_of_care	Код <code> для доступу до даних про <forbidden_groups.short_name> <forbidden_groups.sms_url> If there are codes from more than 1 group: Код <code> для доступу до даних про ВІЛ,РПП https://bit.ly/nszu1677f	Код авторизації дій в системі eHealth: <code>
		diagnostic_report
		care_plan
		encounter
		procedure
		specimen
	child_resources	diagnostic_report
		encounter
		condition
		observation
		activity
		clinical_impression
		allergy_intolerance
		immunization
		device
		risk_assessment
		procedure
	service_request	episode_of_care
	service_request	diagnostic_report
	forbidden_group	forbidden_group		-(only with FG)
	diagnoses_group	diagnoses_group		ICD10: Код <code>: доступ на групу діагнозів {diagnoses_group_code} http://bit.ly/nszu1677b ICPC2: Код <code>: доступ на групу діагнозів {diagnoses_group_code} http://bit.ly/nszu1677e
	services_group	services_group		Код ****: доступ на групу сервісів {service_group_code} http://bit.ly/nszu1677e
	patient_id	patient_id		Код авторизації дій в системі eHealth: <code>
	resource_types	device		Код <code>: доступ до інформації про медичні вироби пацієнта
		device_association
		detected_issue
	composition	composition		Код авторизації дій в системі eHealth: <code>
granted_to	block	granted_resources	Sms
granted_to	block	granted_resources	items with FG	w\o items with FG
legal_entity	service_request	episode_of_care	-(only w/o FG)	Код <code>: згода на обробку персональних даних https://bit.ly/nszu1677i)

Configuration parameters

N/A

Dictionaries

N/A

Input parameters

	Input parameter	Mandatory	Type	Description	Example
1	patient_id		String	mpi_id. Required	aff00bf6-68bf-4b49-b66d-f031d48922b3
2

Request structure

See on API-specification

Expand

title	Example

Code Block

language	json

Headers

Request data validation

...

if episode_of_care is presented in request as the code of resource
1. Check episode_of_care in the request exists and is in active or closed status in DB
  1. in case of error return - 422 (Episode is canceled)
2. Check if resource from granted_to = 'employee':
  1. in case of error return - 422 ("$.resource. value is not allowed in enum")
if diagnostic_report is presented in request as the code of resource
1. Check diagnostic_report block in the request exists and is in final status in DB
  1. in case of error return - 422 (Diagnostic report in \"entered_in_error\" status can not be referenced or Diagnostic report with such id is not found)
2. Check if resource from granted_to = 'employee':
  1. in case of error return - 422 ("$.resource. value is not allowed in enum")
if care_plan is presented in request as the code of resource
1. Check care_plan in the request exists in DB
  1. in case of error return - 422 (Care plan with such id is not found)
2. Check there no other objects in request
  1. in case of error return - 422 (Approval for care plan can not contain other entities)
3. Check if resource from granted_to = 'employee':
  1. in case of error return - 422 ("$.resource. value is not allowed in enum")
4. If access_level = 'write':
  1. Check if care_plans.managing_organization = granted_to.employees.legal_entity_id:
    1. in case of error return - 422 ('User is not allowed to write care plan from another legal_entity')
if encounter is presented in request as the code of resource
1. Check encounter in the request exists in DB and is not in “entered_in_error” status in DB
  1. (Encounter in \"entered_in_error\" status can not be referenced or Encounter with such id is not found)
2. Check if resource from granted_to = 'employee':
  1. in case of error return - 422 ("$.resource. value is not allowed in enum")
if procedure is presented in request as the code of resource
1. Check procedure in the request exists in DB and is not in “entered_in_error” status in DB
  1. in case of error return - 422 (Procedure in \"entered_in_error\" status can not be referenced)
2. Check if resource from granted_to = 'employee':
  1. in case of error return - 422 ("$.resource. value is not allowed in enum")
if specimen is presented in request as the code of resource
1. Check specimen in the request exists in DB and is not in “entered_in_error” status in DB
  1. in case of error return - 422 (Specimen in \"entered_in_error\" status can not be referenced)
2. Check if resource from granted_to = 'employee':
  1. in case of error return - 422 ("$.resource. value is not allowed in enum")
if composition is presented in request as the code of resource
1. Check composition in the request exists in DB and is notin “entered_in_error” status in DB
  1. in case of error return - 422 (Composition in \"entered_in_error\" status can not be referenced)
2. Check if resource from granted_to = 'employee':
  1. in case of error return - 422 ("$.resource. value is not allowed in enum")

Validate service_request

If service_request block is presented in request
1. Get Service_request details (only in active status)
2. use Response.permitted_resources as resources for approval(could be episode or diagnostic_report).
If resource from granted_to = 'legal_entity':
1. Check if status of legal_entity in (ACTIVE, SUSPENDED, REORGANIZED):
  1. in case of error return - 422 (Legal entity should be active)

...

if service_group block is presented in request
1. Check services_group in the request exists and is_active in DB
  1. in case of error return - 404 (not found)
Check if resource from granted_to = 'employee':
1. in case of error return - 422 ("$.resource. value is not allowed in enum")

Validate composition

If composition block is presented in request do the following validations

Validate value in the field $.composition, Reference, optional.

Check composition exists in DB, is notin “entered_in_error” status and belongs to patient
1. in case of error return - 404 (not found)
Check the resource from granted_to = 'employee':
1. in case of error return - 422 ("$.resource. value is not allowed in enum")

Validate patient

if patient block is presented in request
1. Get patient_id from URL:
  1. Check person_id from the request equal to the patient_id from URL
    1. in case of error return - 404 (“Approval for one patient can not be created in another patient’s context”)
  2. exists and is_active in DB
    1. in case of error return - 404 (Person is not found)
Check if resource from granted_to = 'employee':
1. in case of error return - 422 ("$.resource. value is not allowed in enum")

...

Extract user_id from token. Check that author belongs to one of the user’s employee.
- in case of error - return 422 ('User is not allowed to create approval for the employee')
Check that author is an active and approved employee and related to the legal entity (client_id from token).
- in case of error - return 403 ('Access denied')

Validate block child_resource

if child_resource is not empty:
1. validate that access_level == read
  1. in case of error return - 422 ("$.access_level. value is not allowed in enum")
2. check that $.child_resource.identifier.value context is equal to $.resource.identifier.value
  1. in case of error return - 422 (Child resource context id is not equal to granted resource id)
3. validate that service_requests / forbidden_groups / diagnoses_group / patients are not filled
  1. in case of error return - 422 (schema does not allow additional properties)
4. validate that resources max items = 1
  1. in case of error return - 422 ($.resources.expected a maximum of 1 items but got 2)
Check if resource from granted_to = 'employee':
1. in case of error return - 422 ("$.resource. value is not allowed in enum")

Validate access_level

Validate that access_level correspond to granted_resources:
1. In case error return 422 ("Resource types [\"$.granted_resources[].code\"] not allowed to use write access_level")
If employee_type of granted_to.identifier.value employee == ASSISTANT:
1. Check that access_level == ‘read’:
  1. In case error return 422 ("Role ASSISTANT is not allowed to use write access_level for approval")

block	granted_resources	context	access_level	access to	reason
resources	episode_of_care		read	Reading all the data of specified in approval episode	null or child_resource
	diagnostic_report		read	Reading all the data of specified in approval diagnostic report
	diagnostic_report		write	Canceling diagnostic report package
	care_plan		read	Reading all the data of specified in approval care plan
	care_plan		write	Creating activities for care plan, cancelling medication requests or recalling/cancelling service requests based on care plan
	encounter		write	Canceling encounter data package
	procedure		write	Canceling procedure
	specimen		write	Canceling specimen
	composition		write	Mark in error composition
child_resources	diagnostic_report	episode_of_care	read	Reading all the data of specified in context for diagnostic_report	null
	encounter	episode_of_care		Reading all the data of specified in context for encounter	null
	condition	episode_of_care		Reading all the data of specified in context for condition	null
	observation	episode_of_care diagnostic_report		Reading all the data of specified in context for observation	null
	activity	care_plan		Reading all the data of specified in context for activity	null
	clinical_impression	episode_of_care		Reading all the data of specified in context for clinical_impression	null
	allergy_intolerance	episode_of_care		Reading all the data of specified in context for allergy_intolerance	null
	immunization	episode_of_care		Reading all the data of specified in context for immunization	null
	device	episode_of_care		Reading all the data of specified in context for device	null
	risk_assessment	episode_of_care		Reading all the data of specified in context for risk_assessment	null
	procedure	episode_of_care		Reading all the data of specified in context for procedure	null
service_request	episode_of_care		read	Reading data from granted_resources in approval service request	service_request
service_request	diagnostic_report		read		service_request
forbidden_group	forbidden_group		read	Reading all the medical events with items (codes/services/service_groups) of specified in approval forbidden groups	null
diagnoses_group	diagnoses_group		read	Reading short data of episodes with current_diagnoses.codes that specified in approval diagnoses group	null
services_group	services_group		read	Reading short data of diagnostic reports and procedures with code.identifier.value that specified in approval service group	null
patient_id	patient_id		read	Reading all the data of specified patient	null
resource_types	device		read	Read all the data of specified patient and resource type	null
	device_association		read	Read all the data of specified patient and resource type	null
	detected_issue		read	Read all the data of specified patient and resource type	null
composition	composition		read	Read all the data of specified in approval composition including resources in composition sections and forbidden groups associated with such resources	null

Validate authorize_with

The patient can pass the id of his auth_method which he wants to confirm the approval. The necessary auth method can be found by making Get person's auth methods

...

granted_to	block	granted_resources	Sms
granted_to	block	granted_resources	items with FG	w\o items with FG
employee	resources	episode_of_care	Код <code> для доступу до даних про <forbidden_groups.short_name> <forbidden_groups.sms_url> If there are codes from more than 1 group: Код <code> для доступу до даних про ВІЛ, ~~РПП~~ психіатріюhttps://bit.ly/nszu1677f	Код авторизації дій в системі eHealth: <code>
		diagnostic_report
		care_plan
		encounter
		procedure
		specimen
	child_resources	diagnostic_report
		encounter
		condition
		observation
		activity
		clinical_impression
		allergy_intolerance
		immunization
		device
		risk_assessment
		procedure
	service_request	episode_of_care
	service_request	diagnostic_report
	forbidden_group	forbidden_group		-(only with FG)
	diagnoses_group	diagnoses_group		ICD10: Код <code>: доступ на групу діагнозів {diagnoses_group_code} http://bit.ly/nszu1677b ICPC2: Код <code>: доступ на групу діагнозів {diagnoses_group_code} http://bit.ly/nszu1677e
	services_group	~~diagnostic_reports and procedures array~~		Код ****: доступ на групу сервісів {service_group_code} http://bit.ly/nszu1677e
	patient_id	patient_id		Код авторизації дій в системі eHealth: <code>
	resource_types	device		Код <code>: доступ до інформації про медичні вироби пацієнта
		device_association
		detected_issue
granted_to	block	granted_resources	Sms
granted_to	block	granted_resources	items with FG	w\o items with FG
legal_entity	service_request	episode_of_care	-(only w/o FG)	Код <code>: згода на обробку персональних даних https://bit.ly/nszu1677i)

Response structure examples

See on API-specification

Expand

title	Example

Code Block

{
  "data": {
    "id": "d5a5d991-0bf7-476f-b3cf-bec73f044b2e",
    "granted_resources": [
      {
        "identifier": {
          "type": {
            "coding": [
              {
                "system": "eHealth/resources",
                "code": "episode_of_care"
              }
            ]
          },
          "value": "d5a5d991-0bf7-476f-b3cf-bec73f044b2e"
        },
        "display_value": "null"
      }
    ],
    "granted_to": {
      "identifier": {
        "type": {
          "coding": [
            {
              "system": "eHealth/resources",
              "code": "employee"
            }
          ]
        },
        "value": "9183a36b-4d45-4244-9339-63d81cd08d9c"
      },
      "display_value": "null"
    },
    "expires_at": 1498749591,
    "reason": {
      "identifier": {
        "type": {
          "coding": [
            {
              "system": "eHealth/resources",
              "code": "service_request"
            }
          ]
        },
        "value": "9183a36b-4d45-4244-9339-63d81cd08d9c"
      },
      "display_value": "null"
    },
    "status": "new",
    "access_level": "read",
    "authentication_method_current": {
      "type": "OTP",
      "number": "+38093*****85"
    }
  },
  "meta": {
    "code": 201,
    "url": "http://example.com/resource",
    "type": "object",
    "request_id": "req-adasdoijasdojsda"
  }
}

...

title	Example

...

language	json

...

_groups.short_name> <forbidden_groups.sms_url> If there are codes from more than 1 group: Код <code> для доступу до даних про ВІЛ, ~~РПП~~ психіатріюhttps://bit.ly/nszu1677f	Код авторизації дій в системі eHealth: <code>
		diagnostic_report
		care_plan
		encounter
		procedure
		specimen
		child_resources	diagnostic_report
			encounter
			condition
			observation
			activity
			clinical_impression
			allergy_intolerance
			immunization
			device
			risk_assessment
			procedure
		service_request	episode_of_care
		service_request	diagnostic_report
	forbidden_group	forbidden_group	-(only with FG)
	diagnoses_group	diagnoses_group	ICD10: Код <code>: доступ на групу діагнозів {diagnoses_group_code} http://bit.ly/nszu1677b ICPC2: Код <code>: доступ на групу діагнозів {diagnoses_group_code} http://bit.ly/nszu1677e
	services_group	~~diagnostic_reports and procedures array~~	Код ****: доступ на групу сервісів {service_group_code} http://bit.ly/nszu1677e
	patient_id	patient_id	Код авторизації дій в системі eHealth: <code>
	resource_types	device	Код <code>: доступ до інформації про медичні вироби пацієнта
		device_association
		detected_issue
granted_to	block	granted_resources	Sms
granted_to	block	granted_resources	items with FG	w\o items with FG
legal_entity	service_request	episode_of_care	-(only w/o FG)	Код <code>: згода на обробку персональних даних https://bit.ly/nszu1677i)

Response structure examples

See on API-specification

Expand

title	Example

Code Block

HTTP status codes

	Response code	HTTP Status code	Message
1	Базові
2		401	Invalid access token
3		403	Access denied
4		403	Your scope does not allow to access this resource. Missing allowances: approval:create
5		404	Approval for one patient can not be created in another patient’s context
6		404	not found
7		409	Person does not have active authentication method
8		422	Authentication method with type THIRD_PERSON must be submitted for this person
9		422	Authentication method doesn't exist, is inactive or does not belong to this person
10		422	$.access_level. value is not allowed in enum
11		422	Approval for care plan can not contain other entities
12		422	Сannot be confirmed by a method with type= NA. Use a different method.
13		422	Child resource context id is not equal to granted resource id
14		422	Care plan with such id is not found
15		422	Composition in \"entered_in_error\" status can not be referenced
16		422	Diagnostic report in \"entered_in_error\" status can not be referenced or Diagnostic report with such id is not found
17		422	Episode is canceled
18		422	Employee <employee_id> doesn't belong to your legal entity
19		422	Invalid employee type
20		422	Legal entity should be active
21		422	Procedure in \"entered_in_error\" status can not be referenced
22		422	$.resource. value is not allowed in enum
23		422	$.resource_types device and device_association are required
24		422	$.resources.expected a maximum of 1 items but got 2
25		422	Resource types [\"$.granted_resources[].code\"] not allowed to use write access_level
26		422	Role ASSISTANT is not allowed to use write access_level for approval
27		422	such authentication method doesn't exist
28		422	such authentication method does not belong to this person
29		422	Should be active
30		422	schema does not allow additional properties
31		422	Specimen in \"entered_in_error\" status can not be referenced
32		422	User is not allowed to write care plan from another legal_entity
33		422	User is not allowed to create approval for the employee
34	Специфічні
35

...

Versions Compared

Old Version 3

New Version Current

Key

Properties of a REST API method document

Properties of a REST API method document

Configuration parameters

Dictionaries

Input parameters

Request structure

Configuration parameters

Dictionaries

Input parameters

Request structure

Headers

Request data validation

Validate service_request

Validate composition

Validate patient

Validate block child_resource

Validate access_level

Validate authorize_with

Response structure examples

Response structure examples

HTTP status codes

Page Comparison

Versions Compared

Old Version 3

New Version Current

Key

Properties of a REST API method document

Properties of a REST API method document

Configuration parameters

Dictionaries

Input parameters

Request structure

Configuration parameters

Dictionaries

Input parameters

Request structure

Headers

Request data validation

Validate service_request

Validate composition

Validate patient

Validate block child_resource

Validate access_level

Validate authorize_with

Response structure examples

Response structure examples

HTTP status codes