| Table of Contents | ||||
|---|---|---|---|---|
|
...
if episode_of_care is presented in request as the code of resource
Check episode_of_care in the request exists and is in active or closed status in DB
in case of error return - 422 (Episode is canceled)
Check if resource from granted_to = 'employee':
in case of error return - 422 ("$.resource. value is not allowed in enum")
if diagnostic_report is presented in request as the code of resource
Check diagnostic_report block in the request exists and is in final status in DB
in case of error return - 422 (Diagnostic report in \"entered_in_error\" status can not be referenced or Diagnostic report with such id is not found)
Check if resource from granted_to = 'employee':
in case of error return - 422 ("$.resource. value is not allowed in enum")
if care_plan is presented in request as the code of resource
Check care_plan in the request exists in DB
in case of error return - 422 (Care plan with such id is not found)
Check there no other objects in request
in case of error return - 422 (Approval for care plan can not contain other entities)
Check if resource from granted_to = 'employee':
in case of error return - 422 ("$.resource. value is not allowed in enum")
if access_level = 'write':
Check if care_plans.managing_organization = granted_to.employees.legal_entity_id:
in case of error return - 422 ('User is not allowed to write care plan from another legal_entity')
if encounter is presented in request as the code of resource
Check encounter in the request exists in DB
in case of error return - 422 (not found)
Check if resource from granted_to = 'employee':
in case of error return - 422 ("$.resource. value is not allowed in enum")
Check is status of episode from encounter = 'active'
in case of error return - 422 ("Encounter refers to episode that is not active")
Validate episode related to the encounter:
exists
in case of error - return
422 (
'Encounter refers to episode that does not exist')
is “active” or “closed”
in case of error - return
422 (
'Encounter refers to episode that is not active
or closed')
it’s managing organization matches with author’s legal entity (client_id)
in case of error - return 422 ('Encounter is from another legal entity')
Add label
if procedure is presented in request as the code of resource
Check procedure in the request exists in DB
in case of error return - 422 (not found)
Check if resource from granted_to = 'employee':
in case of error return - 422 ("$.resource. value is not allowed in enum")
if specimen is presented in request as the code of resource
Check specimen in the request exists in DB and is notin “entered_in_error” status in DB
in case of error return - 422 (Invalid specimen status)
Check if resource from granted_to = 'employee':
in case of error return - 422 ("$.resource. value is not allowed in enum")
Validate service_request
If service_request block is presented in request
Get Service_request details (only in active status)
use Response.permitted_resources as resources for approval(could be episode or diagnostic_report).
If resource from granted_to = 'legal_entity':
Check if status of legal_entity in (ACTIVE, SUSPENDED):
in case of error return - 422 (Legal entity should be active)
...
Validate that access_level correspond to granted_resources:
In case error return 422 ("Resource types [\"$.granted_resources[].code\"] not allowed to use write access_level")
If employee_type of granted_to.identifier.value employee == ASSISTANT:
Check that access_level == ‘read’:
In case error return 422 ("Role ASSISTANT is not allowed to use write access_level for approval")
block | granted_resources | context | access_level | access to | reason |
|---|---|---|---|---|---|
resources | episode_of_care | read | Reading all the data of specified in approval episode | null or child_resource | |
diagnostic_report | read | Reading all the data of specified in approval diagnostic report | |||
diagnostic_report | write | Canceling diagnostic report package | |||
care_plan | read | Reading all the data of specified in approval care plan | |||
care_plan | write | Creating activities for care plan, cancelling medication requests or recalling/cancelling service requests based on care plan | |||
encounter | write | Canceling encounter data package | |||
procedure | write | Canceling procedure | |||
specimen | write | Canceling specimen | |||
child_resources | diagnostic_report | episode_of_care | read | Reading all the data of specified in context for diagnostic_report | null |
encounter | episode_of_care | Reading all the data of specified in context for encounter | null | ||
condition | episode_of_care | Reading all the data of specified in context for condition | null | ||
observation | episode_of_care diagnostic_report | Reading all the data of specified in context for observation | null | ||
activity | care_plan | Reading all the data of specified in context for activity | null | ||
clinical_impression | episode_of_care | Reading all the data of specified in context for clinical_impression | null | ||
allergy_intolerance | episode_of_care | Reading all the data of specified in context for allergy_intolerance | null | ||
immunization | episode_of_care | Reading all the data of specified in context for immunization | null | ||
device | episode_of_care | Reading all the data of specified in context for device | null | ||
risk_assessment | episode_of_care | Reading all the data of specified in context for risk_assessment | null | ||
procedure | episode_of_care | Reading all the data of specified in context for procedure | null | ||
service_request | episode_of_care | read | Reading data from granted_resources in approval service request | service_request | |
diagnostic_report | read | ||||
forbidden_group | forbidden_group | read | Reading all the medical events with items (codes/services/service_groups) of specified in approval forbidden groups | null | |
diagnoses_group | episode_of_care array | read | Reading all data of episodes with current_diagnoses.codes that specified in approval diagnoses group | null | |
services_group | diagnostic_reports and procedures array | read | Reading all data of diagnostic reports and procedures with code.identifier.value that specified in approval service group | null | |
patient_id | patient_id | read | Reading all the data of specified patient | null |
...
granted_to | block | granted_resources | Sms | |
items with FG | w\o items with FG | |||
employee | resources | episode_of_care | Код <code> для доступу до даних про <forbidden_groups.short_name> <forbidden_groups.sms_url>
If there are codes from more than 1 group:
Код <code> для доступу до даних про ВІЛ, | Код авторизації дій в системі eHealth: <code> |
diagnostic_report | ||||
care_plan | ||||
encounter | ||||
procedure | ||||
specimen | ||||
child_resources | diagnostic_report | |||
encounter | ||||
condition | ||||
observation | ||||
activity | ||||
clinical_impression | ||||
allergy_intolerance | ||||
immunization | ||||
device | ||||
risk_assessment | ||||
procedure | ||||
service_request | episode_of_care | |||
diagnostic_report | ||||
forbidden_group | forbidden_group | -(only with FG) | ||
diagnoses_group | diagnoses_group | ICD10: Код <code>: доступ на групу діагнозів {diagnoses_group_code} http://bit.ly/nszu1677b ICPC2: Код <code>: доступ на групу діагнозів {diagnoses_group_code} http://bit.ly/nszu1677e | ||
services_group |
| Код ****: доступ на групу сервісів {service_group_code} http://bit.ly/nszu1677e | ||
patient_id | patient_id | Код авторизації дій в системі eHealth: <code> | ||
granted_to | block | granted_resources | Sms | |
items with FG | w\o items with FG | |||
legal_entity | service_request | episode_of_care | -(only w/o FG) | Код <code>: згода на обробку персональних даних https://bit.ly/nszu1677i) |
diagnostic_report | ||||
...