Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

 

...

Rule: @rule_-2 | Action: @read | (GraphQL only)

...

Scenario: 

...

Base

...

Resource

...

Routes

...

Context

...

Source of context

...

Logic

...

NHS employee can read patient’s data if he has Justification for monitoring 

 

Given Justification on monitoring patient's data given by the user (works only from Admin panel, graphql api)
When I require read access
Then I can read

...

Based on user token

...

episode

...

JustificationFilter schema

...

patient_id

...

person_id from JustificationFilter schema

...

There is an active token & an active justification 

...

encounter

...

observation

...

condition

...

allergy_intolerance

...

immunization

...

risk_assessment

...

device

...

medication_statement

...

medication_request

...

medication_dispense

...

service_request

...

diagnostic_report

...

procedure

...

medication_administration

...

care_plan

...

activity

 

...

Rule: @rule_-1 | Action: @read 

...

Scenario: 

...

Base

...

Resource

...

Routes

...

Context

...

Source of context

...

Logic

...

Employee can read insensitive patient’s data
Given User access token with client_type not equal to cabinet

When I require read access

Then I can read

...

Based on user token

...

allergy_intolerance

...

by id
by search params

...

 

...

 

...

There is an active token for client_type.name != CABINET

...

immunization

...

risk_assessment

...

device

...

medication_statement

...

Rule: @rule_0 | Action: @read 

...

Scenario: 

...

Base

...

Resource

...

Routes

...

Context

...

Source of context

...

Logic

...

Patient can read it's own data 
Given Patient has access_token given by Cabinet

When I require read access

Then I can read

...

Based on patient token

...

episode

...

by id
by search params

...

patient_id

...

patient_id from URL 

...

There is an active token given by Cabinet to a patient

...

encounter

...

observation

...

condition

...

allergy_intolerance

...

immunization

...

risk_assessment

...

device

...

medication_statement

...

service_request

...

diagnostic_report

...

procedure

...

medication_administration

...

care_plan

...

activity

...

clinical_impression

...

Table of Contents

...

Rule base type

...

Description

...

Based on declaration

...

Employee with an active declaration can access all the patient's medical data.

...

Based on managing organization

...

Employee can read entities, created in his MSP

...

Based on context episode

...

Employee can read medical data, that was collected during an episode of care, that employee has access to.

...

Based on diagnostic report

...

Employee can read medical data, that was collected as a part of a diagnostic report, managed by the employee's legal entity.

...

Based on origin episode

...

Employee can read medical data, that was collected as a part of a diagnostic report or episode of care, that employee has access to.
Episode of care, that contains this service request,  is considered as an origin episode in that case. 

...

Based on care plan

...

Employee with active approval on the care plan can read or write the data based on this care plan

...

Based on patient

...

Employee with active approval on the patient can read the data related to this patient

Table of Contents

 

Rule base type

Description

Based on declaration

Employee with an active declaration can access all the patient's medical data (including person's/preperson's medical data which were merged with person with active declaration).

Based on managing organization

Employee can read entities, created in his legal entity

Based on context episode

Employee can read medical data, that was collected during an episode of care, that employee has access to.

Based on diagnostic report

Employee can read medical data, that was collected as a part of a diagnostic report, managed by the employee's legal entity.

Based on origin episode

Employee can read medical data, that was collected as a part of a diagnostic report or episode of care, that employee has access to.
Episode of care, that contains this service request,  is considered as an origin episode in that case. 

Based on care plan

Employee with active approval on the care plan can read or write the data based on this care plan

Based on patient

Employee with active approval on the patient can read the data related to this patient (including person's/preperson's medical data which were merged with person )

 

Rule: @rule_-2 | Action: @read | (GraphQL only)

Scenario: 

Base

Resource

Routes

Context

Source of context

Logic

NHS employee can read patient’s data if he has Justification for monitoring 

 

Given Justification on monitoring patient's data given by the user (works only from Admin panel, graphql api)
When I require read access
Then I can read

Based on user token

episode

JustificationFilter schema

patient_id

person_id from JustificationFilter schema

There is an active token & an active justification 

encounter

observation

condition

allergy_intolerance

immunization

risk_assessment

device

medication_statement

medication_request

medication_dispense

service_request

diagnostic_report

procedure

medication_administration

care_plan

activity

 

Rule: @rule_-1 | Action: @read 

Scenario: 

Base

Resource

Routes

Context

Source of context

Logic

Employee can read insensitive patient’s data
Given User access token with client_type not equal to cabinet

When I require read access

Then I can read

Based on user token

allergy_intolerance

by id
by search params

 

There is an active token for client_type.name != CABINET

immunization

risk_assessment

device

medication_statement

specimen

Rule: @rule_0 | Action: @read 

Scenario: 

Base

Resource

Routes

Context

Source of context

Logic

Patient can read it's own data 
Given Patient has access_token given by Cabinet

When I require read access

Then I can read

Based on patient token

episode

by id
by search params

patient_id

patient_id from URL 

There is an active token given by Cabinet to a patient

encounter

observation

condition

allergy_intolerance

immunization

risk_assessment

device

medication_statement

service_request

diagnostic_report

procedure

medication_administration

care_plan

activity

clinical_impression

specimen

Rule: @rule_1 | Action: @read 

Scenario: 

Base

Resource

Routes

Context

Source of context

Logic

Employee with active declaration can read all patient data (including merged persons/prepersons data)

Given Active declaration with patientin the MSP from token

And declaration from the same legal entity

When I require read access

Then I can read

Based on  declaration and user token

episode

by id

person_id

person_id from URL

There is an active declaration between the patient and the employee in OPS from the same legal entity from token

by search params

encounter

by id

by search params

by id in episode context

by search params in episode context

observation

by id

by search params

by id in episode context

by search params in episode context

condition

by id

by search params

by id in episode context

by search params in episode context

service_request

by id

by search params

diagnostic_report

by id

by search params

procedure

by id

by search params

medication_administration

by id

by search params

care_plan

by id

by search params

activity

by id

by search params

approval

by id

by search params

clinical_impression

by id

by search params

medication_request_request 

& medication_request &
medication_dispense

by id

by search params

device_request

by search params

by id (details in person context)

device_dispense

by search params in patient context

by id (details in person context)

Rule: @rule_2 | Action: @read 

Scenario: 

Base

Resource

Routes

Context

Source of context

Logic

Employee can read entity created in the employee's legal entity 


Given Entity has been created on my legal entity

When I require read access

Then I can read

Based on managing organization

service_request

by id

requester_legal_entity 
+ patient_id

DB.service_request.managing_organization

managing_organization==id

by search param

search param {managing_organization} from URL

managing_organization (requester_legal_entity, )==token.client_id

episode
diagnostic_report
procedures
encounter
condition
observation

by id

managing_organisation + patient_id

DB.episode.managing_organization OR DB.diagnostic_report.managing_organization

managing_organization==id

by search param

search param {requester_legal_entity} from URL

managing_organization (requester_legal_entity, )==token.client_id

care_plan

by id

 managing_organisation

DB.care_plan.managing_organization

managing_organization ==token.client_id

activity

by activity id

managing_organisation

DB.care_plan.managing_organization

managing_organization ==token.client_id

by search params

search param {managing_organization_id} from URL

medication_request_request

& medication_request &
medication_dispense

by id

legal_entity + patient_id

search param {legal_entity_id} from URL

legal_entity_id==id

by search param

legal_entity_id==token.client_id

device_request

by search params

requester_legal_entity

search param {requester_legal_entity} from URL

requester_legal_entity==token.client_id

by id (details in person context)

DB.device_requests.requester_legal_entity

requester_legal_entity==token.client_id

device_dispenses

by search params in patient context

performer_legal_entity

search param {performer_legal_entity} from URL

performer_legal_entity==token.client_id

by id (details in person context)

DB.device_requests.performer_legal_entity

performer_legal_entity==token.client_id

Rule: @rule_3 | Action: @read 

Scenario: 

Base

Resource

Routes

Context*

Source of context

Logic

Employee can read all the data of episodes created in the employee's legal entity

Given Episode context has been created on my legal entity

When I require read access

Then I can read

Based on context episode

encounter

by id

episode

DB.encounter.episode

episode.managing_organization==token.client_id

by search params

search param {episode_id} from URL

by id in episode context

episode_id from URL (path)

by search params in episode context

observation

by id

episode

DB.observation.episode

by search params

search param {episode_id} from URL

by id in episode context

episode_id from URL (path)

by search params in episode context

condition

by id

episode

DB.condition.episode

by search params

search param {episode_id} from URL

by id in episode context

episode_id from URL (path)

by search params in episode context

service_request

by id

episode

DB.service_request.encounter.episode

by search params

search param {episode_id} from URL

by id in episode context

episode_id from URL (path)

by search params in episode context

diagnostic_report

by id

episode

DB.diagnostic_report.encounter.episode

by search params

context_episode_id from URL (path)

procedure

by id

episode

DB.procedures.encounter.episode

by search params

search param {episode_id} from URL

medication_administration

by id

episode

IF context is encounter THEN:
DB.medication_administrations.context.episode

by search params

search param {episode_id} from URL

device

by id

episode

IF context is encounter THEN:
DB.devices.context.episode

by search params

search param {episode_id} from URL

risk_assessment

by id

episode

IF context is encounter THEN:
DB.risk_assessments.context.episode

by search params

search param {episode_id} from URL

medication_statement

by id

episode

IF context is encounter THEN:
DB.medication_statements.context.episode

by search params

search param {episode_id} from URL

immunization

by id

episode

IF context is encounter THEN:
DB.immunizations.context.episode

by search params

search param {episode_id} from URL

allergy_intolerance

by id

episode

IF context is encounter THEN:
DB.allergy_intolerances.context.episode

by search params

search param {episode_id} from URL

medication_request

by id

episode

DB.medication_request.context_episode_id

by search params

search param {episode_id} from URL

medication_dispense

by id

episode

DB.medication_request.context_episode_id

by search params

search param {episode_id} from URL

medication_request_request

by id

episode

DB.medication_request_request.context_episode_id

by search params

search param {episode_id} from URL

clinical_impression

by id

episode

DB.clinical_impression.context_episode_id

by search params

search param {episode_id} from URL

device_request

by search params

episode

search param {context_episode_id} from URL

episode.managing_organization==token.client_id

by id (details in person context)

DB.device_requests.context_episode_id

device_requests.context_episode_id.managing_organization==token.client_id

device_dispense

by search params in patient context

episode

search param {context_episode_id} from URL

episode.managing_organization==token.client_id

by id (details in person context)

DB.device_dispenses.context_episode_id

device_dispenses.context_episode_id.managing_organization==token.client_id

Rule: @rule_4 | Action: @read 

Scenario: 

Base

Resource

Routes

Context

Source of context

Logic

Employee with active

declaration

approval can read all

patient data
Given Active declaration with patient
And declaration from the same MSPWhen I

the data (including merged persons/prepersons data) of specified in approval patient

Given Active approval on patient

When I require read access

Then I

Then I can read

Based

on  declaration and user token

on patient_id

 

 

 

 

 

episode

by id

person

 patient_id

person

 

 

 

 

patient_id from URL

 

 

 

 

There is an active

declaration between the patient and the employee in OPS from the same MSP from token

by search params

encounter

by id

by search params

by id in episode context

approval on patient’s data granted to the to the employee (one of user's employee) in MongoDB

 

by search params

in episode context

observation

active diagnosis

short episodes by

idby

search params

by patient_id in

episode

observation context

by

search params in episode context

condition

by id

by search params

by id in episode context

by search params in episode context

service_request

by id

by search params

diagnostic_report

by id

by search params

procedure

by id

by search params

medication_administration

by id

by search params

care_plan

by id

by search params

activity

patient_id in condition context

by patient_id in procedure context

by patient_id in diagnostic_report context

encounter

by id

by search params

approval

by id in episode context

by search params

clinical_impression

by id

in episode context

short encounters by search params

medication_request_request 

& medication_request &
medication_dispenseBased on managing organization

short encounters by ID

observation

by id

by search params

Rule: @rule_2 | Action: @read 

Scenario: 

Base

Resource

Routes

Context

Source of context

Logic

Employee can read entity created in the employee's MSP
Given Entity has been created on my MSP

When I require read access

Then I can read

short observations by search params

short observation by id

condition

by id

by search params

short conditions by search params

short conditions by id

service_request

list in episode context

by search params

by id

requester_legal_entity 
+ patient_id

DB.service_request.managing_organization

managing_organization==

in episode context

by id

by requisition

procedure

by id

by search

param

search param {managing_organization} from URL

managing_organization (requester_legal_entity, )==token.client_id

episode
managing_organization (requester_legal_entity, )==token.client_id

params

short procedures by id

short procedures by search params

diagnostic_report

procedures
encounter
condition
observation

by id

managing_organisation + patient_id

DB.episode.managing_organization OR DB.diagnostic_report.managing_organization

managing_organization==id

by search param

search param {requester_legal_entity} from URL

 by id

by search params

approved by patient_id

short diagnostic_reports by search params

by patient_id in observation context

short diagnostic_reports by id

care_plan

by id

by search params

by requisition

by activity id

activity

by id

by search params

clinical_impression

by id

by search params

medication_request_request

by id

by search params

&

medication_request

&

by id

by search params

medication_dispense

by id

legal_entity + patient_id

search param {legal_entity_id} from URL

legal_entity_id==id

by search param

legal_entity_id==token.client_id

(details in person context)

by search params (by medication request id)

device_request

by search params

by id (details in person context)

device_dispense

by search params in patient context

by id (details in person context)

Rule: @rule_

3

5 | Action: @read 

Scenario: 

Base

Resource

Routes

Context*

Source of context

Logic

Employee with active approval or employees from legal_entity with active approval can

read all the data of episodes created in the employee's MSP

Given Episode context has been created on my MSP

When I require read access

Then I can read

Based on context episode

read all the data of specified in approval episodes

Given Active approval on episode

When I require read access

Then I can read

Based on context episode

episode

by id

 

http://DB.episode.id

There is an active approval on the episode granted to the employee (one of user's employee) OR to the legal_entity (one of legal_entity's employee) in MongoDB

encounter

by id

episode

DB.encounter.episode

episode.managing_organization==token.client_id

by search params

search param {episode_id} from URL

by id in episode context

episode_id from URL (path)

by search params in episode context

observation

by id

episode

DB.observation.episode

by search params

search param {episode_id} from URL

by id in episode context

episode_id from URL (path)

by search params in episode context

condition

by id

episode

DB.condition.episode

by search params

search param {episode_id} from URL

by id in episode context

episode_id from URL (path)

by search params in episode context

service

_

request

by id

episode

DB.service_

request

requset.encounter.episode

by search params

search param {episode_id} from URL

by id in episode context

episode_id from URL (path)

by search params in episode context

diagnostic_report

diagnostic_report

by id

episode

DB.diagnostic_report.encounter.episode

by search params

search param {episode_id} from URL

medication_administration

by id

episode

IF context is encounter THEN:
DB.

diagnostic

medication_

report

administrations.

encounter

context.episode

by search params

context_

search param {episode_id} from URL

(path)

procedure

by id

episode

DB.procedures.encounter.episode

by search params

search param {episode_id} from URL

medication_

administration

request & medication_dispense

by id

episode

IF context is encounter THEN:

DB.medication_

administrations

request.context

.

_episode_id

by search params

search param {episode_id} from URL

device

(can be used with {encounter_id} search param for sort by encounter)

medication_request_request

by id

episode

IF context is encounter THEN:

DB.

devices

medication_request_request.context

.

_episode_id

by search params

search param

{episode

{episode_id} from URL (can be used with {encounter_id}

from URLrisk_assessment

search param for sort by encounter)

clinical_impression

by id

episode

IF context is encounter THEN:

DB.

risk

clinical_

assessments

impression.context

.

_episode_id

by search params

search param {episode_id} from URL

medication_statement

by id

episode

IF context is encounter THEN:
DB.medication_statements.context.episode

(can be used with {encounter_id} search param for sort by encounter)

device_request

by search params

episode

search param {context_episode_id} from URL

immunization

by id

episode

IF context is encounter THEN:

(details in person context)

DB.

immunizations

device_requests.context

.episode

_episode_id

device_dispense

by search params in patient context

episode

search param {context_episode_id} from URL

allergy_intolerance

by id

episode

IF context is encounter THEN:

(details in person context)

DB.

allergy

device_

intolerances.context.episode

by search params

search param {episode_id} from URL

medication_request

by id

episode

DB.medication_request.context_episode_id

by search params

search param {episode_id} from URL

medication_dispense

by id

episode

DB.medication_request.context_episode

dispenses.context_episode_id

Rule: @rule_6 | Action: @read 

Scenario: 

Base

Resource

Routes

Context*

Source of context

Logic

Employee can read entity originated by episode created in the employee's legal entity

Given Entity has been originated by mine legal entity episode

When I require read access

Then I can read

Based on origin episode

encounter

by id

origin_episode

DB.encounter.origin_episode

origin_episode.managing_organization==token.client_id

by search params

search param

Search param {origin_episode_id} from URL

medication_request_request

diagnostic repost

by id

origin_episode

DB.

medication

diagnostic_

request_request

report.

context

origin_episode

_id

by search params

search param

Search param {origin_episode_id} from URL

clinical_impression

procedures

by id

origin_episode

DB.

clinical_impression.context_episode_id

Rule: @rule_5 | Action: @read 

Scenario: 

Base

Resource

Routes

Context*

Source of context

Logic

Employee with active approval can read all the data of specified in approval episodes

Given Active approval on episode

When I require read access

Then I can read

Based on context episode

episode

by id

 

DB.episode.id

There is an active approval on the episode granted to the employee (one of user's employee) in MongoDB

encounter

by id

episode

DB.encounter.episode

procedures.encounter.episode

by search params

search param {episode_id} from URL

Rule: @rule_4 | Action: @read 

Scenario: 

Base

Resource

Routes

Context

Source of context

Logic

Employee with active approval can read all the data of specified in approval patient

Given Active approval on patient

When I require read access

Then I can read

Based on patient_id

 

 

 

 

 

episode

by id

 patient_id

 

 

 

 

patient_id from URL

 

 

 

 

There is an active approval on patient’s data granted to the to the employee (one of user's employee) in MongoDB

 

by search params

active diagnosis

short episodes by search params

by patient_id in observation context

by patient_id in condition context

by patient_id in procedure context

by patient_id in diagnostic_report context

encounter

by id

by search params

by id in episode context

by search params in episode context

short encounters by search params

short encounters by ID

observation

by id

by search params

short observations by search params

short observation by id

condition

by id

by search params

short conditions by search params

short conditions by id

service_request

list in episode context

by search params

by id in episode context

by id

by requisition

procedure

by id

by search params

short procedures by id

short procedures by search params

diagnostic_report

 by id

by search params

approved by patient_id

short diagnostic_reports by search params

by patient_id in observation context

short diagnostic_reports by id

care_plan

by id

by search params

by requisition

by activity id

activity

by id

by search params

clinical_impression

by id

by search params

device_dispense

by search params in patient context

origin_episode

Search param {origin_episode_id} from URL

by id (details in person context)

DB.device_dispense.origin_episode_id

Rule: @rule_7 | Action: @read 

Scenario: 

Base

Resource

Routes

Context*

Source of context

Logic

Employee can read all the data of diagnostic report originated by episode created in the employee's legal entity

Given Diagnostic report context has been originated by mine legal entity episode

When I require read access

Then I can read

Based on origin episode

observation

by id

diagnostic_report

DB.observation.diagnostic_report.origin_episode

origin_episode.managing_organization==token.client_id

by search params

Search param {diagnostic_report_id} from URL

Rule: @rule_8 | Action: @read 

Scenario: 

Base

Resource

Routes

Context*

Source of context

Logic

Employee can read all the data of encounter originated by episode created in the employee's legal entity

Given Encounter context has been originated by mine legal entity episode

When I require read access

Then I can read

Based on origin episode

observation

by id

encounter

DB.observation.context.origin_episode

origin_episode.managing_organization==token.client_id

by search params

Search param {encounter_id} from URL

condition

by id

encounter

DB.condition.context.origin_episode

by search params

Search param {encounter_id} from URL

diagnostic_report

by id

encounter

DB.diagnostic_report.encounter.origin_episode

by search params

Search param {encounter_id} from URL

medication_administration

by id

encounter

IF context is encounter THEN:
DB.medication_administrations.context.encounter

by search params

search param {encounter_id} from URL

procedure

by id

encounter

DB.procedures.encounter.episode

by search params

search param {encounter_id} from URL

medication_request

by id

encounter

DB.medication_request.context

by search params

search param {

episode

observation

by id

episode

DB.observation.episode

encounter_id} from URL

by id in episode context

episode_id from URL (path)

by search params in episode context

medication_request_request

by id

encounter

DB.medication_request_request.context

by search params

search param {

episode

encounter_id} from URL

device_dispense

by

id

search params in

episode

patient context

episode

encounter

Search param {encounter_id} from URL

(path)

by search params in episode context

condition

by id

episode

DB.condition.episode

by search params

search param {episode_id} from URL

by id in episode context

episode_id from URL (path)

by search params in episode context

service request

by id

episode

DB.service_requset.encounter.episode

by search params

search param {episode_id} from URL

by id in episode context

episode_id from URL (path)

by search params in episode context

diagnostic_report

by id

episode

DB.diagnostic_report.encounter.episode

by search params

search param {episode_id} from URL

medication_administration

by id

episode

IF context is encounter THEN:
DB.medication_administrations.context.episode

by search params

search param {episode_id} from URL

procedure

by id

episode

DB.procedures.encounter.episode

by search params

search param {episode_id} from URL

medication_request & medication_dispense

by id

episode

DB.medication_request.context_episode_id

by search params

search param {episode_id} from URL (can be used with {encounter_id} search param for sort by encounter)

medication_request_request

by id

episode

DB.medication_request_request.context_episode_id

by search params

search param {episode_id} from URL (can be used with {encounter_id} search param for sort by encounter)

clinical_impression

by id

episode

DB.clinical_impression.context_episode_id

by search params

search param {episode_id} from URL (can be used with {encounter_id} search param for sort by encounter)

Rule: @rule_6 | Action: @read 

by id (details in person context)

DB.device_dispense.encounter.origin_episode_id

Rule: @rule_9 | Action: @read | NOT IMPLEMENTED YET

Scenario: 

Base

Resource

Routes

Context

Source of context

Logic

Employee with active approval can read data, originated by the episode

Given Active approval on patient

When I require read access

Then I can read

 

encounter

 

 

 

 

 

observation

 

 

 

 

 

condition

 

 

 

 

 

service_request

 

 

 

 

 

diagnostic_report

 

 

 

 

Rule: @rule_10 | Action: @read 

Scenario: 

Base

Resource

Routes

Context*

Source of context

Logic

Employee can read all the data of diagnostic report created in the employee's legal entity

Given Diagnostic report context has been originated by mine legal entity

When I require read access

Then I can read

Based on diagnostic report

observation

by id

diagnostic_report

DB.observation.diagnostic_report.managing_organization

diagnostic_report.managing_organization==token.client_id

by search params

Search param {diagnostic_report_id} from URL

Rule: @rule_11 | Action: @read 

Scenario: 

Base

Resource

Routes

Context*

Source of context

Logic

Employee

can read entity originated by episode created in the employee's MSP

Given Entity has been originated by mine MSP episode

When I require read access

Then I

with active approval or employees from legal_entity with active approval can read all the data of specified in approval diagnostic report

Given Active approval on diagnostic report

When I require read access

Then I can read

Based on

origin episodeencounter

diagnostic report

diagnostic_report

by id

origin

diagnostic_

episode

report

DB.

encounter.origin

diagnostic_

episode

origin_episode.managing_organization==token.client_id

by search params

Search param {origin_episode_id} from URL

diagnostic repost

by id

origin_episode

DB.diagnostic_report.origin_episode

report

There is an active approval on the diagnostic report granted to the employee (one of user's employee) OR to the legal_entity (one of legal_entity's employee) in MongoDB

observation

by id

diagnostic_report

DB.observation.diagnostic_report.managing_organization

by search params

Search param {

origin

diagnostic_

episode

report_id} from URL

procedures

by id

origin_episode

DB.procedures.encounter.episode

by search params

search param {episode_id} from URL

Rule: @rule_7 | Action: @read 

Scenario: 

Base

Resource

Routes

Context*

Source of context

Logic

Employee can read all the data of diagnostic report originated by episode created in the employee's MSP

Given Diagnostic report context has been originated by mine MSP episode

When I require read access

Then I can read

Based on origin episode

observation

by id

diagnostic_report

DB.observation.diagnostic_report.origin_episode

origin_episode.managing_organization==token.client_id

by search params

Search param {diagnostic_report_id} from URL

Rule: @rule_8 | Action: @read 

Scenario: 

Base

Resource

Routes

Context*

Source of context

Logic

Employee can read all the data of encounter originated by episode created in the employee's MSP

Given Encounter context has been originated by mine MSP episode

When I require read access

Then I can read

Based on origin episode

observation

by id

encounter

DB.observation.context.origin_episode

origin_episode.managing_organization==token.client_id

by search params

Search param {encounter_id} from URL

condition

by id

encounter

DB.condition.context.origin_episode

by search params

Search param {encounter_id} from URL

diagnostic_report

by id

encounter

DB.diagnostic_report.encounter.origin_episode

by search params

Search param {encounter_id} from URL

medication_administration

by id

encounter

IF context is encounter THEN:
DB.medication_administrations.context.encounter

by search params

search param {encounter_id} from URL

procedure

by id

encounter

DB.procedures.encounter.episode

by search params

search param {encounter_id} from URL

medication_request

by id

encounter

DB.medication_request.context

by search params

search param {encounter_id} from URL

medication_request_request

by id

encounter

DB.medication_request_request.context

by search params

search param {encounter_id} from URL

Rule: @rule_9| Action: @read | NOT IMPLEMENTED YET

Scenario: 

Base

Resource

Routes

Context

Source of context

Logic

Employee with active approval can read data, originated by the episode Given Active approval on patient

When I require read access

Then I can read

 

encounter

 

 

 

 

 

observation

 

 

 

 

 

condition

 

 

 

 

 

service_request

 

 

 

 

 

diagnostic_report

 

 

 

 

Rule: @rule_10 | Action: @read 

Rule: @rule_12 | Action: @read 

Scenario: 

Base

Resource

Routes

Context

Source of context

Logic

Employee with active approval can read the data associated with the care plan

Given Active approval on care_plan

When I require read access

Then I can read

Based on care plan

care_plan

by id

care_plan + patient_id

DB.care_plan.id=approvals.granted_resources[].value

There is an active approval (access_level=read) on the care_plan granted to the employee by the patient (one of user's employee) in MongoDB

activity

by id

care_plan + patient_id

care_plan_id & patient_id from URL (path) 

by search params

medication_request_request

by id

care_plan + patient_id

care_plan_id & patient_id from URL (path) 

by search params

medication_request

by id

care_plan + patient_id

care_plan_id & patient_id from URL (path) 

by search params

medication_dispense

by id

care_plan + patient_id

care_plan_id & patient_id from URL (path) 

by search params

device_request

by id

care_plan

DB.device_request.based_on.care_plan[].id=approvals.granted_resources[].value

by search params

care_plan & patient_id from URL (path)=approvals.granted_resources[].value.care_plan

Rule: @rule_13 | Action: @write

Scenario: 

Base

Resource

Routes

Context

Source of context

Logic

Employee with active write approval can write the data associated with the care plan

Given Active write approval on care_plan

When I require write access

Then I can write

Based on care plan

care_plan

by id

Cancel

care_plan + patient_id

DB.care_plan.id=approvals.granted_resources[].value

There is an active approval (access_level=write) on the care_plan granted to the employee by the patient (one of user's employee) in MongoDB

Complete

activity

by id

Prequalify

care_plan_id & patient_id from URL (path) 

care_plan_id from URL (path) =approvals.granted_resources[].value 

by search params

Create

Cancel

Complete

medication_request_request

by id

care_plan + patient_id

care_plan_id & patient_id from URL (path) 

by search params

medication_request

by id

care_plan + patient_id

care_plan_id & patient_id from URL (path) 

by search params

medication_dispense

by id

care_plan + patient_id

care_plan_id & patient_id from URL (path) 

by search params

device_request

by id

care_plan

DB.device_request.based_on.care_plan[].id=approvals.granted_resources[].value

by search params

care_plan & patient_id from URL (path)=approvals.granted_resources[].value.care_plan

Rule: @rule_14 | Action: @read

Scenario: 

Base

Resource

Routes

Context

*

Source of context

Logic

Employee with active approval on the care plan can read

all

the data

of diagnostic report created in the employee's MSP

Given Diagnostic report context has been originated by mine MSP

When I

based on this care plan

Given Entity based on care_plan

When I require read access

Then I

Then I can read

Based on

diagnostic reportobservation

care plan

service_request

by id

diagnostic_report

care_plan (based_on)  + patient_id

DB.

observation

service_request.

diagnostic

based_

report

on.

managing_organization

diagnostic_report.managing_organization==token.client_id

by search params

Search param {diagnostic_report_id} from URL

Rule: @rule_11 | Action: @read 

Scenario: 

Base

Resource

Routes

Context*

Source of context

Logic

Employee with active approval can read all the data of specified in approval diagnostic report

Given Active approval on diagnostic report

When I require read access

Then I can read

Based on diagnostic report

observation

by id

diagnostic_report

DB.observation.diagnostic_report.managing_organization

There is an active approval on the diagnostic report granted to the employee (one of user's employee) in MongoDB

by search params

Search param {diagnostic_report_id} from URL

Rule: @rule_12 | Action: @read 

Scenario: 

Base

Resource

Routes

Context

Source of context

Logic

Employee with active approval can read the data associated with the care plan

Given Active approval on care_plan

When I require read access

Then I can read

Based on care plan

care_plan

by id

care_plan + patient_id

DB.care_plan

care_plan[].id=approvals.granted_resources[].value

There is an active approval (access_level=read/write) on the care_plan granted to the employee by the patient (one of user's employee) in MongoDB

by search params

care_plan + patient_id

care_plan_id from URL (search param) & patient_id from path 

encounter

by id

patient_id ->.  care_plan (based_on service_request)

DB.encounter.based_on.service_request.based_on.care_plan[].id=approvals.granted_resources[].value OR DB.diagnostic_report.based_on.service_request.based_on.care_plan[].id=approvals.granted_resources[].value OR DB.procedure.based_on.service_request.based_on.care_plan[].id=approvals.granted_resources[].value

diagnostic_report

by id

procedure

by id

device_dispense

by id (details in person context)

care_plan (based_on device_request)

DB.device_dispense.based_on.device_request.based_on.care_plan[].id=approvals.granted_resources[].

value

There is an active approval (access_level=read) on the care_plan granted to the employee by the patient (one of user's employee) in MongoDB

activity

by id

care_plan + patient_id

care_plan_id & patient_id from URL (path) 

by search params

medication_request_request

by id

care_plan + patient_id

care_plan_id & patient_id from URL (path) 

by search params

medication_request

by id

care_plan + patient_id

care_plan_id & patient_id from URL (path) 

by search params

medication_dispense

by id

care_plan + patient_id

care_plan_id & patient_id from URL (path) 

by search params

Rule: @rule_13 | Action: @write

value

Rule: @rule_15 | Action: @read 

Scenario: 

Base

Resource

Routes

Context*

Source of context

Logic

Employee with verified unexpired approval on procedure can read all the data of this procedure

Given Active approval on procedure

When I require read access

Then I can read

Based on procedure

procedure

by id

procedure

DB.procedures._id

There is a verified unexpired approval on procedure granted to the employee (one of user's employee) in MongoDB

 

Rule: @rule_16 | Action: @read 

Scenario: 

Base

Resource

Routes

Context*

Source of context

Logic

 

Rule: @rule_17 | Action: @read 

Scenario: 

Base

Resource

Routes

Context*

Source of context

Logic

Employee

with active approval

can

write

read all the data associated with the care plan

Given Active approval on care_plan

When I require write access

Then I can write

Based on care plan

care_plan

by id

care_plan + patient_id

DB.care_plan.id=approvals.granted_resources[].value

There is an active approval (access_level=write) on the care_plan granted to the employee by the patient (one of user's employee) in MongoDB

activity

by id

care_plan + patient_id

created in the employee's legal entity

Given Care plan has been created on my legal entity

When I require read access

Then I can read

 

 

Based on care plan

activity

by id

care_plan+ patient_id

DB.activities.care_plan[].id

care_plan.managing_organization.id==token.client_id

by search params

care_plan_id from URL (search param) & patient_id from path

medication_request_request

by id

 

DB.medication_request_request.based_on.care_plan[].id

by search params

care_plan_id from URL (search param) & patient_id from path

list in care plan context

care_plan_id &

patient

person_id from URL (

path) 

search param)

medication_request

by

search params

id

DB.medication_request

_request

.based_on.care_plan[].id

by

id

search params

care_plan

+

_id from URL (search param) & patient_id from path

list in care plan context

care_plan_id &

patient

person_id from URL (

path

search param)

 medication

by search params

service_request

by id

DB.service_request.based_on.care_plan

+ patient_id

[].id

by search params

care_plan_id from URL (search param) & patient_id from

URL (path) 

by search params

medication_dispense

path 

device_request

by id

DB.device_request.based_on.care_plan

+ patient_id

[].id

by search params

care_plan_id from URL ('based_on' search param) & patient_id from

URL (

path

by search params

Rule: @rule_14 | Action: @read

Scenario: 

Base

Resource

Routes

Context

Source of context

Logic

Employee with active approval on the care plan can read the data based on this care plan

Given Entity based on care_plan

When I require read access

Then I can read

Based on care plan

service_request

by id

care_plan (based_on)  + patient_id

DB

encounter

by id

care_plan (based_on service_request)+ patient_id

DB.encounter.based_on.service_request.based_on.care_plan[].id

diagnostic_report

by id

DB.diagnostic_report.based_on.service_request.based_on.care_plan[].id

procedure

by id

DB.procedure.based_on.service_request.based_on.care_plan[].id

=approvals.granted_resources[].value

There is an active approval (access_level=read/write) on the care_plan granted to the employee by the patient (one of user's employee) in MongoDB

by search params

care_plan + patient_id

care_plan_id from URL (search param) & patient_id from path 

encounter

by id

patient_id ->. 

medication_dispense

by id (details in person context)

care_plan (based_on

service

medication_request)+ patient_id

DB.

encounter

medication_dispense.based_on.

service

medication_request.based_on

.

_care_plan

[].id=approvals.granted_resources[].value OR DB.diagnostic_report.based_on.service_request.based_on.care_plan[].id=approvals.granted_resources[].value OR DB.procedure

_id

device_dispense

by id (details in person context)

care_plan (based_on device_request)+ patient_id

DB.device_dispense.based_on.

service

device_request.based_on.care_plan

[].id=approvals.granted_resources

[].

value

diagnostic_report

by

id

procedure

by id

 

  • - all routes need to have patient_id in context as an additional parameter