...
Rule: @rule_-2 | Action: @read | (GraphQL only)
...
Scenario:
...
Base
...
Resource
...
Routes
...
Context
...
Source of context
...
Logic
...
NHS employee can read patient’s data if he has Justification for monitoring
Given Justification on monitoring patient's data given by the user (works only from Admin panel, graphql api)
When I require read access
Then I can read
...
Based on user token
...
episode
...
JustificationFilter schema
...
patient_id
...
person_id from JustificationFilter schema
...
There is an active token & an active justification
...
encounter
...
observation
...
condition
...
allergy_intolerance
...
immunization
...
risk_assessment
...
device
...
medication_statement
...
medication_request
...
medication_dispense
...
service_request
...
diagnostic_report
...
procedure
...
medication_administration
...
care_plan
...
activity
...
Rule: @rule_-1 | Action: @read
...
Scenario:
...
Base
...
Resource
...
Routes
...
Context
...
Source of context
...
Logic
...
Employee can read insensitive patient’s data
Given User access token with client_type not equal to cabinet
When I require read access
Then I can read
...
Based on user token
...
allergy_intolerance
...
by id
by search params
...
...
...
There is an active token for client_type.name != CABINET
...
immunization
...
risk_assessment
...
device
...
medication_statement
...
Table of Contents |
---|
...
Rule base type
...
Description
...
Based on declaration
...
Employee with an active declaration can access all the patient's medical data.
...
Based on managing organization
...
Employee can read entities, created in his MSP
...
Based on context episode
...
Employee can read medical data, that was collected during an episode of care, that employee has access to.
...
Based on diagnostic report
...
Employee can read medical data, that was collected as a part of a diagnostic report, managed by the employee's legal entity.
...
Based on origin episode
...
Employee can read medical data, that was collected as a part of a diagnostic report or episode of care, that employee has access to.
Episode of care, that contains this service request, is considered as an origin episode in that case.
...
Based on care plan
...
Employee with active approval on the care plan can read or write the data based on this care plan
...
Based on patient
...
Employee with active approval on the patient can read the data related to this patient
Table of Contents |
---|
Rule base type | Description |
---|---|
Based on declaration | Employee with an active declaration can access all the patient's medical data (including person's/preperson's medical data which were merged with person with active declaration). |
Based on managing organization | Employee can read entities, created in his legal entity |
Based on context episode | Employee can read medical data, that was collected during an episode of care, that employee has access to. |
Based on diagnostic report | Employee can read medical data, that was collected as a part of a diagnostic report, managed by the employee's legal entity. |
Based on origin episode | Employee can read medical data, that was collected as a part of a diagnostic report or episode of care, that employee has access to. |
Based on care plan | Employee with active approval on the care plan can read or write the data based on this care plan |
Based on patient | Employee with active approval on the patient can read the data related to this patient (including person's/preperson's medical data which were merged with person ) |
Rule: @rule_-2 | Action: @read | (GraphQL only) | ||||||
Scenario: | Base | Resource | Routes | Context | Source of context | Logic |
NHS employee can read patient’s data if he has Justification for monitoring
Given Justification on monitoring patient's data given by the user (works only from Admin panel, graphql api) | Based on user token | episode | JustificationFilter schema | patient_id | person_id from JustificationFilter schema | There is an active token & an active justification |
encounter | ||||||
observation | ||||||
condition | ||||||
allergy_intolerance | ||||||
immunization | ||||||
risk_assessment | ||||||
device | ||||||
medication_statement | ||||||
medication_request | ||||||
medication_dispense | ||||||
service_request | ||||||
diagnostic_report | ||||||
procedure | ||||||
medication_administration | ||||||
care_plan | ||||||
activity |
Rule: @rule_-1 | Action: @read | ||||||
Scenario: | Base | Resource | Routes | Context | Source of context | Logic |
Employee can read insensitive patient’s data When I require read access Then I can read | Based on user token | allergy_intolerance | by id |
| There is an active token for client_type.name != CABINET | |
immunization | ||||||
risk_assessment | ||||||
device | ||||||
medication_statement | ||||||
specimen |
Rule: @rule_0 | Action: @read | ||||||
Scenario: | Base | Resource | Routes | Context | Source of context | Logic |
Patient can read it's own data When I require read access Then I can read | Based on patient token | episode | by id | patient_id | patient_id from URL | There is an active token given by Cabinet to a patient |
encounter | ||||||
observation | ||||||
condition | ||||||
allergy_intolerance | ||||||
immunization | ||||||
risk_assessment | ||||||
device | ||||||
medication_statement | ||||||
service_request | ||||||
diagnostic_report | ||||||
procedure | ||||||
medication_administration | ||||||
care_plan | ||||||
activity | ||||||
clinical_impression | ||||||
specimen |
Rule: @rule_1 | Action: @read | ||||||
Scenario: | Base | Resource | Routes | Context | Source of context | Logic |
Employee with active declaration can read all patient data (including merged persons/prepersons data) Given Active declaration with patientin the MSP from token And declaration from the same legal entity When I require read access Then I can read | Based on declaration and user token | episode | by id | person_id | person_id from URL | There is an active declaration between the patient and the employee in OPS from the same legal entity from token |
by search params | ||||||
encounter | by id | |||||
by search params | ||||||
by id in episode context | ||||||
by search params in episode context | ||||||
observation | by id | |||||
by search params | ||||||
by id in episode context | ||||||
by search params in episode context | ||||||
condition | by id | |||||
by search params | ||||||
by id in episode context | ||||||
by search params in episode context | ||||||
service_request | by id | |||||
by search params | ||||||
diagnostic_report | by id | |||||
by search params | ||||||
procedure | by id | |||||
by search params | ||||||
medication_administration | by id | |||||
by search params | ||||||
care_plan | by id | |||||
by search params | ||||||
activity | by id | |||||
by search params | ||||||
approval | by id | |||||
by search params | ||||||
clinical_impression | by id | |||||
by search params | ||||||
medication_request_request & medication_request & | by id | |||||
by search params | ||||||
device_request | ||||||
device_dispense | ||||||
Rule: @rule_2 | Action: @read | ||||||
Scenario: | Base | Resource | Routes | Context | Source of context | Logic |
Employee can read entity created in the employee's legal entity
When I require read access Then I can read | Based on managing organization | service_request | by id | requester_legal_entity | DB.service_request.managing_organization | managing_organization==id |
by search param | search param {managing_organization} from URL | managing_organization (requester_legal_entity, )==token.client_id | ||||
episode | by id | managing_organisation + patient_id | DB.episode.managing_organization OR DB.diagnostic_report.managing_organization | managing_organization==id | ||
by search param | search param {requester_legal_entity} from URL | managing_organization (requester_legal_entity, )==token.client_id | ||||
care_plan | managing_organisation | DB.care_plan.managing_organization | managing_organization ==token.client_id | |||
activity | managing_organisation | DB.care_plan.managing_organization | managing_organization ==token.client_id | |||
search param {managing_organization_id} from URL | ||||||
medication_request_request & medication_request & | by id | legal_entity + patient_id | search param {legal_entity_id} from URL | legal_entity_id==id | ||
by search param | legal_entity_id==token.client_id | |||||
device_request | requester_legal_entity | search param {requester_legal_entity} from URL | requester_legal_entity==token.client_id | |||
DB.device_requests.requester_legal_entity | requester_legal_entity==token.client_id | |||||
device_dispenses | performer_legal_entity | search param {performer_legal_entity} from URL | performer_legal_entity==token.client_id | |||
DB.device_requests.performer_legal_entity | performer_legal_entity==token.client_id |
Rule: @rule_3 | Action: @read | ||||||
Scenario: | Base | Resource | Routes | Context* | Source of context | Logic |
Employee can read all the data of episodes created in the employee's legal entity Given Episode context has been created on my legal entity When I require read access Then I can read | Based on context episode | encounter | by id | episode | DB.encounter.episode | episode.managing_organization==token.client_id |
by search params | search param {episode_id} from URL | |||||
by id in episode context | episode_id from URL (path) | |||||
by search params in episode context | ||||||
observation | by id | episode | DB.observation.episode | |||
by search params | search param {episode_id} from URL | |||||
by id in episode context | episode_id from URL (path) | |||||
by search params in episode context | ||||||
condition | by id | episode | DB.condition.episode | |||
by search params | search param {episode_id} from URL | |||||
by id in episode context | episode_id from URL (path) | |||||
by search params in episode context | ||||||
service_request | by id | episode | DB.service_request.encounter.episode | |||
by search params | search param {episode_id} from URL | |||||
by id in episode context | episode_id from URL (path) | |||||
by search params in episode context | ||||||
diagnostic_report | by id | episode | DB.diagnostic_report.encounter.episode | |||
by search params | context_episode_id from URL (path) | |||||
procedure | by id | episode | DB.procedures.encounter.episode | |||
by search params | search param {episode_id} from URL | |||||
medication_administration | by id | episode | IF context is encounter THEN: | |||
by search params | search param {episode_id} from URL | |||||
device | by id | episode | IF context is encounter THEN: | |||
by search params | search param {episode_id} from URL | |||||
risk_assessment | by id | episode | IF context is encounter THEN: | |||
by search params | search param {episode_id} from URL | |||||
medication_statement | by id | episode | IF context is encounter THEN: | |||
by search params | search param {episode_id} from URL | |||||
immunization | by id | episode | IF context is encounter THEN: | |||
by search params | search param {episode_id} from URL | |||||
allergy_intolerance | by id | episode | IF context is encounter THEN: | |||
by search params | search param {episode_id} from URL | |||||
medication_request | by id | episode | DB.medication_request.context_episode_id | |||
by search params | search param {episode_id} from URL | |||||
medication_dispense | by id | episode | DB.medication_request.context_episode_id | |||
by search params | search param {episode_id} from URL | |||||
medication_request_request | by id | episode | DB.medication_request_request.context_episode_id | |||
by search params | search param {episode_id} from URL | |||||
clinical_impression | by id | episode | DB.clinical_impression.context_episode_id | |||
by search params | search param {episode_id} from URL | |||||
device_request | episode | search param {context_episode_id} from URL | episode.managing_organization==token.client_id | |||
DB.device_requests.context_episode_id | device_requests.context_episode_id.managing_organization==token.client_id | |||||
device_dispense | episode | search param {context_episode_id} from URL | episode.managing_organization==token.client_id | |||
DB.device_dispenses.context_episode_id | device_dispenses.context_episode_id.managing_organization==token.client_id |
Rule: @rule_4 | Action: @read | ||||||
Scenario: | Base | Resource | Routes | Context | Source of context | Logic |
Patient can read it's own data
Given Patient has access_token given by Cabinet
Employee with active approval can read all the data (including merged persons/prepersons data) of specified in approval patient Given Active approval on patient When I require read access |
Then I can read | Based on patient |
_id
| episode |
patient_id
| patient_id from |
URL
| There is an active |
encounter
observation
condition
allergy_intolerance
immunization
risk_assessment
device
medication_statement
service_request
diagnostic_report
procedure
medication_administration
care_plan
activity
clinical_impression
Rule: @rule_1 | Action: @read
Scenario:
Base
Resource
Routes
Context
Source of context
Logic
Employee with active declaration can read all patient data
Given Active declaration with patient
And declaration from the same MSP
When I require read access
Then I can read
Based on declaration and user token
episode
by id
person_id
person_id from URL
There is an active declaration between the patient and the employee in OPS from the same MSP from token
by search params
encounter
by id
by search params
approval on patient’s data granted to the to the employee (one of user's employee) in MongoDB
| |
encounter | |
observation | |
condition | |
service_request | |
procedure | |
condition
diagnostic_report | |
by search params
care_plan | |
by search params
activity | |
clinical_ |
impression | by id |
by search params |
medication_request_request | by id |
by search params |
medication_request | by id |
by search params |
medication_ |
dispense | by id (details in person context) |
by search params |
(by medication |
request |
id) |
device_request |
medication_dispense
device_dispense | |
Rule: @rule_ |
5 | Action: @read | ||||||
Scenario: | Base | Resource | Routes | Context* | Source of context | Logic |
Employee |
Given Entity has been created on my MSPWhen I
with active approval or employees from legal_entity with active approval can read all the data of specified in approval episodes Given Active approval on episode When I require read access |
Then I can read | Based on |
service_request
by id
requester_legal_entity
+ patient_id
DB.service_request.managing_organization
managing_organization==id
by search param
search param {managing_organization} from URL
managing_organization (requester_legal_entity, )==token.client_id
episode
diagnostic_report
procedures
encounter
condition
observation
by id
managing_organisation + patient_id
DB.episode.managing_organization OR DB.diagnostic_report.managing_organization
managing_organization==id
by search param
search param {requester_legal_entity} from URL
managing_organization (requester_legal_entity, )==token.client_id
medication_request_request
& medication_request &
medication_dispense
by id
legal_entity + patient_id
search param {legal_entity_id} from URL
legal_entity_id==id
by search param
legal_entity_id==token.client_id
Rule: @rule_3 | Action: @read
Scenario:
Base
Resource
Routes
Context*
Source of context
Logic
Employee can read all the data of episodes created in the employee's MSP
Given Episode context has been created on my MSP
When I require read access
Then I can read
Based on context episode
context episode | episode | by id |
| There is an active approval on the episode granted to the employee (one of user's employee) OR to the legal_entity (one of legal_entity's employee) in MongoDB | |
encounter | by id | episode | DB.encounter.episode | ||
by search params | search param {episode_id} from URL | ||||
by id in episode context | episode_id from URL (path) | ||||
by search params in episode context | |||||
observation | by id | episode | DB.observation.episode | ||
by search params | search param {episode_id} from URL | ||||
by id in episode context | episode_id from URL (path) | ||||
by search params in episode context | |||||
condition | by id | episode | DB.condition.episode | ||
by search params | search param {episode_id} from URL | ||||
by id in episode context | episode_id from URL (path) | ||||
by search params in episode context | |||||
service request | by id | episode | DB.service_requset.encounter.episode |
episode.managing_organization==token.client_id
by search params | search param {episode_id} from URL |
by id in episode context | episode_id from URL (path) |
by search params in episode context |
diagnostic_report | by id | episode | DB.diagnostic_report.encounter.episode |
by search params | search param {episode_id} from URL | ||
medication_administration | by id | episode | IF context is encounter THEN: |
context.episode | |
by search params | search param {episode_id} from URL |
by id in episode context
episode_id from URL (path)
by search params in episode context
condition
procedure | by id | episode | DB.procedures. |
encounter.episode | |
by search params | search param {episode_id} from URL |
by id in episode context
episode_id from URL (path)
by search params in episode context
medication_request & medication_dispense | by id | episode | DB. |
medication_request. |
context_episode_id | |
by search params | search param {episode_id} from URL |
by id in episode context
episode_id from URL (path)
by search params in episode context
(can be used with {encounter_id} search param for sort by encounter) | |||
medication_request_request | by id | episode | DB. |
medication_request_ |
request. |
context_episode_id |
by search params |
search param {episode_id} from URL ( |
can be used with {encounter_id} search param for sort by encounter) | |||
clinical_impression | by id | episode | DB. |
clinical_impression.context_episode_id | |
by search params | search param {episode_id} from URL |
medication_administration
by id
episode
DB.medication_administrations.context.episode
(can be used with {encounter_id} search param for sort by encounter) | |||
device_request | episode | search param {context_episode_id} from URL |
device
episode
DB. |
device_requests.context |
_episode_id | |||
device_dispense | episode | search param {context_episode_id} from URL |
risk_assessment
episode
DB. |
device_ |
dispenses.context |
by search params
_episode_id |
medication_statement
by id
episode
IF context is encounter THEN:
DB.medication_statements.context.episode
by search params
search param {episode_id} from URL
immunization
by id
episode
IF context is encounter THEN:
DB.immunizations.context.episode
by search params
search param {episode_id} from URL
allergy_intolerance
by id
episode
IF context is encounter THEN:
DB.allergy_intolerances.context.episode
by search params
search param {episode_id} from URL
medication_request
by id
episode
Rule: @rule_6 | Action: @read | ||||||
Scenario: | Base | Resource | Routes | Context* | Source of context | Logic |
Employee can read entity originated by episode created in the employee's legal entity Given Entity has been originated by mine legal entity episode When I require read access Then I can read | Based on origin episode | encounter | by id | origin_episode | DB.encounter.origin_episode | origin_episode.managing_organization==token.client_id |
by search params |
Search param {origin_episode_id} from URL |
diagnostic repost | by id | origin_episode | DB. |
diagnostic_ |
report. |
origin_episode |
by search params |
Search param {origin_episode_id} from URL |
procedures | by id | origin_episode |
DB.procedures.encounter.episode | |
by search params | search param {episode_id} from URL |
device_ |
dispense |
episode
origin_episode | Search param {origin_episode_id} from URL | |
DB.device_dispense.origin_episode_id |
Rule: @rule_ |
7 | Action: @read | ||||||
Scenario: | Base | Resource | Routes | Context* | Source of context | Logic |
Employee |
can read all the data of |
Given Active approval on patient
When Idiagnostic report originated by episode created in the employee's legal entity Given Diagnostic report context has been originated by mine legal entity episode When I require read access |
Then I can read | Based on |
episode
origin episode | observation | by id |
diagnostic_ |
patient_id from URL
There is an active approval on patient’s data granted to the to the employee (one of user's employee) in MongoDB
encounter
observation
condition
service_request
procedure
diagnostic_report
care_plan
activity
clinical_impression
by id
by search params
Rule: @rule_5 | Action: @read
Scenario:
Base
Resource
Routes
Context*
Source of context
Logic
Employee with active approval or employees from legal_entity with active approval can read all the data of specified in approval episodes
Given Active approval on episode
When I require read access
Then I can read
Based on context episode
episode
by id
DB.episode.id
There is an active approval on the episode granted to the employee (one of user's employee) OR to the legal_entity (one of legal_entity's employee) in MongoDB
encounter
by id
episode
report | DB.observation.diagnostic_report.origin_episode | origin_episode.managing_organization==token.client_id |
by search params | Search param {diagnostic_report_id} from URL |
Rule: @rule_8 | Action: @read | ||||||
Scenario: | Base | Resource | Routes | Context* | Source of context | Logic |
Employee can read all the data of encounter originated by episode created in the employee's legal entity Given Encounter context has been originated by mine legal entity episode When I require read access Then I can read | Based on origin episode | observation | by id | encounter | DB.observation.context.origin_episode | origin_episode.managing_organization==token.client_id |
by search params | Search param {encounter_id} from URL | |||||
condition | by id | encounter | DB.condition.context.origin_episode | |||
by search params | Search param {encounter_id} from URL | |||||
diagnostic_report | by id | encounter | DB.diagnostic_report.encounter.origin_episode | |||
by search params | Search param {encounter_id} from URL | |||||
medication_administration | by id | encounter | IF context is encounter THEN: | |||
by search params | search param {encounter_id} from URL | |||||
procedure | by id | encounter | DB.procedures.encounter.episode | |||
by search params | search param {encounter_id} from URL | |||||
|
|
|
| |||
|
| |||||
|
|
|
| |||
|
|
|
by id in episode context
device_dispense |
observation
by id
episode
DB.observation.episode
by search params
encounter | Search param {encounter_id} from URL | |
DB.device_dispense.encounter.origin_episode_id |
by search params in episode context
condition
by id
episode
DB.condition.episode
by search params
search param {episode_id} from URL
by id in episode context
episode_id from URL (path)
by search params in episode context
service request
by id
episode
DB.service_requset.encounter.episode
by search params
search param {episode_id} from URL
by id in episode context
episode_id from URL (path)
by search params in episode context
diagnostic_report
by id
episode
DB.diagnostic_report.encounter.episode
by search params
search param {episode_id} from URL
medication_administration
by id
episode
IF context is encounter THEN:
DB.medication_administrations.context.episode
by search params
search param {episode_id} from URL
procedure
by id
episode
DB.procedures.encounter.episode
by search params
search param {episode_id} from URL
medication_request & medication_dispense
by id
episode
DB.medication_request.context_episode_id
by search params
search param {episode_id} from URL (can be used with {encounter_id} search param for sort by encounter)
medication_request_request
by id
episode
DB.medication_request_request.context_episode_id
by search params
search param {episode_id} from URL (can be used with {encounter_id} search param for sort by encounter)
clinical_impression
by id
episode
DB.clinical_impression.context_episode_id
by search params
search param {episode_id} from URL (can be used with {encounter_id} search param for sort by encounter)
Rule: @rule_9 | Action: @read | NOT IMPLEMENTED YET | ||||||
Scenario: | Base | Resource | Routes | Context | Source of context | Logic |
Employee with active approval can read data, originated by the episode Given Active approval on patient When I require read access Then I can read |
| encounter |
|
|
|
|
| observation |
|
|
|
| |
| condition |
|
|
|
| |
| service_request |
|
|
|
| |
| diagnostic_report |
|
|
|
|
Rule: @rule_10 | Action: @read | ||||||
Scenario: | Base | Resource | Routes | Context* | Source of context | Logic |
Employee can read all the data of diagnostic report created in the employee's legal entity Given Diagnostic report context has been originated by mine legal entity When I require read access Then I can read | Based on diagnostic report | observation | by id | diagnostic_report | DB.observation.diagnostic_report.managing_organization | diagnostic_report.managing_organization==token.client_id |
by search params | Search param {diagnostic_report_id} from URL |
Rule: @rule_11 | Action: @read | ||||||
Scenario: | Base | Resource | Routes | Context* | Source of context | Logic |
Employee |
Given Entity has been originated by mine MSP episode
When I require read access
Then Iwith active approval or employees from legal_entity with active approval can read all the data of specified in approval diagnostic report Given Active approval on diagnostic report When I require read access Then I can read | Based on |
diagnostic report | diagnostic_report | by id |
diagnostic_ |
report | DB. |
diagnostic_ |
origin_episode.managing_organization==token.client_id
by search params
Search param {origin_episode_id} from URL
diagnostic repost
by id
origin_episode
report | There is an active approval on the diagnostic report granted to the employee (one of user's employee) OR to the legal_entity (one of legal_entity's employee) in MongoDB | ||
observation | by id | diagnostic_report | DB.observation.diagnostic_report.managing_organization |
by search params | Search param { |
diagnostic_ |
report_id} from URL |
procedures
by id
DB.procedures.encounter.episode
by search params
search param {episode_id} from URL
Rule: @rule_ |
12 | Action: @read | ||||||
Scenario: | Base |
Resource
Routes
Context*
Source of context
Logic
Employee can read all the data of diagnostic report originated by episode created in the employee's MSP
Given Diagnostic report context has been originated by mine MSP episode
When I require read access
Then I can read
Based on origin episode
observation
by id
diagnostic_report
DB.observation.diagnostic_report.origin_episode
origin_episode.managing_organization==token.client_id
by search params
Search param {diagnostic_report_id} from URL
Rule: @rule_8 | Action: @read
Scenario:
Base
Resource
Routes
Context*
Source of context
Logic
Employee can read all the data of encounter originated by episode created in the employee's MSP
Given Encounter context has been originated by mine MSP episode
When I require read access
Then I can read
Based on origin episode
observation
by id
encounter
DB.observation.context.origin_episode
origin_episode.managing_organization==token.client_id
by search params
Search param {encounter_id} from URL
condition
by id
encounter
DB.condition.context.origin_episode
by search params
Search param {encounter_id} from URL
diagnostic_report
by id
encounter
DB.diagnostic_report.encounter.origin_episode
by search params
Search param {encounter_id} from URL
medication_administration
by id
encounter
IF context is encounter THEN:
DB.medication_administrations.context.encounter
by search params
search param {encounter_id} from URL
procedure
by id
encounter
DB.procedures.encounter.episode
by search params
search param {encounter_id} from URL
medication_request
by id
encounter
DB.medication_request.context
by search params
search param {encounter_id} from URL
medication_request_request
by id
encounter
DB.medication_request_request.context
by search params
search param {encounter_id} from URL
Scenario:
Base
Resource
Routes
Context
Source of context
Logic
Employee with active approval can read data, originated by the episode Given Active approval on patient
When I require read access
Then I can read
encounter
observation
condition
service_request
diagnostic_report
Resource | Routes | Context | Source of context | Logic | ||
Employee with active approval can read the data associated with the care plan Given Active approval on care_plan When I require read access Then I can read | Based on care plan | care_plan | by id | care_plan + patient_id | DB.care_plan.id=approvals.granted_resources[].value | There is an active approval (access_level=read) on the care_plan granted to the employee by the patient (one of user's employee) in MongoDB |
activity | by id | care_plan + patient_id | care_plan_id & patient_id from URL (path) | |||
by search params | ||||||
medication_request_request | by id | care_plan + patient_id | care_plan_id & patient_id from URL (path) | |||
by search params | ||||||
medication_request | by id | care_plan + patient_id | care_plan_id & patient_id from URL (path) | |||
by search params | ||||||
medication_dispense | by id | care_plan + patient_id | care_plan_id & patient_id from URL (path) | |||
by search params | ||||||
device_request | by id | care_plan | DB.device_request.based_on.care_plan[].id=approvals.granted_resources[].value | |||
by search params | care_plan & patient_id from URL (path)=approvals.granted_resources[].value.care_plan |
Rule: @rule_13 | Action: @write | |||||||
Scenario: | Base | Resource | Routes | Context | Source of context | Logic | |
Employee with active write approval can write the data associated with the care plan Given Active write approval on care_plan When I require write access Then I can write | Based on care plan | care_plan |
Cancel | care_plan | DB.care_plan.id=approvals.granted_resources[].value | There is an active approval (access_level=write) on the care_plan granted to the employee by the patient (one of user's employee) in MongoDB | |
Complete | |||||||
activity |
Prequalify |
care_plan_id from URL (path) =approvals.granted_resources[].value | |||||
Create | |||||||
Cancel | |||||||
Complete | |||||||
|
|
|
| ||||
| |||||||
|
|
|
| ||||
| |||||||
|
|
|
| ||||
| |||||||
device_request | by id | care_plan | DB.device_request.based_on.care_plan[].id=approvals.granted_resources[].value | ||||
by search params | care_plan & patient_id from URL (path)=approvals.granted_resources[].value.care_plan |
Rule: @rule_14 | Action: @read | ||||||
Scenario: | Base | Resource | Routes | Context |
Source of context | Logic | |
Employee with active approval on the care plan can read |
the data |
Given Diagnostic report context has been originated by mine MSP
When Ibased on this care plan Given Entity based on care_plan When I require read access |
Then I can read | Based on |
care plan | service_request | by id |
care_plan (based_on) + patient_id | DB. |
service_request. |
based_ |
on. |
diagnostic_report.managing_organization==token.client_id
by search params
Search param {diagnostic_report_id} from URL
Rule: @rule_11 | Action: @read
Scenario:
Base
Resource
Routes
Context*
Source of context
Logic
Employee with active approval or employees from legal_entity with active approval can read all the data of specified in approval diagnostic report
Given Active approval on diagnostic report
When I require read access
Then I can read
Based on diagnostic report
observation
by id
diagnostic_report
DB.observation.diagnostic_report.managing_organization
There is an active approval on the diagnostic report granted to the employee (one of user's employee) OR to the legal_entity (one of legal_entity's employee) in MongoDB
by search params
Search param {diagnostic_report_id} from URL
Rule: @rule_12 | Action: @read
Scenario:
Base
Resource
Routes
Context
Source of context
Logic
Employee with active approval can read the data associated with the care plan
Given Active approval on care_plan
When I require read access
Then I can read
Based on care plan
care_plan
by id
care_plan + patient_id
care_plan[].id=approvals.granted_resources[].value | There is an active approval (access_level=read/ | ||
by search params | care_plan + patient_id | care_plan_id from URL (search param) & patient_id from path | |
encounter | by id | patient_id ->. care_plan (based_on service_request) | DB.encounter.based_on.service_request.based_on.care_plan[].id=approvals.granted_resources[].value OR DB.diagnostic_report.based_on.service_request.based_on.care_plan[].id=approvals.granted_resources[].value OR DB.procedure.based_on.service_request.based_on.care_plan[].id=approvals.granted_resources[].value |
diagnostic_report | by id | ||
procedure | by id | ||
device_dispense | care_plan (based_on device_request) | DB.device_dispense.based_on.device_request.based_on.care_plan[].id=approvals.granted_resources[]. |
There is an active approval (access_level=read) on the care_plan granted to the employee by the patient (one of user's employee) in MongoDB
activity
by id
care_plan + patient_id
care_plan_id & patient_id from URL (path)
by search params
medication_request_request
by id
care_plan + patient_id
care_plan_id & patient_id from URL (path)
by search params
medication_request
by id
care_plan + patient_id
care_plan_id & patient_id from URL (path)
by search params
medication_dispense
by id
care_plan + patient_id
care_plan_id & patient_id from URL (path)
by search params
value |
Rule: @rule_15 | Action: @read | ||||||
Scenario: | Base | Resource | Routes | Context* | Source of context | Logic |
Employee with verified unexpired approval on procedure can read all the data of this procedure Given Active approval on procedure When I require read access Then I can read | Based on procedure | procedure | by id | procedure | DB.procedures._id | There is a verified unexpired approval on procedure granted to the employee (one of user's employee) in MongoDB |
Rule: @rule_16 | Action: @read | ||||||
Scenario: | Base | Resource | Routes | Context* | Source of context | Logic |
Rule: @rule_17 | Action: @read | ||||||
Scenario: | Base | Resource | Routes | Context* | Source of context | Logic |
Employee |
can |
read all the data associated with the care plan |
Given Active approval on care_plan
When I require write access
Then I can write
Based on care plan
care_plan
by id
care_plan + patient_id
DB.care_plan.id=approvals.granted_resources[].value
There is an active approval (access_level=write) on the care_plan granted to the employee by the patient (one of user's employee) in MongoDB
activity
by id
created in the employee's legal entity Given Care plan has been created on my legal entity When I require read access Then I can read
| Based on care plan | activity | care_plan+ patient_id | DB.activities.care_plan[].id | care_plan.managing_organization.id==token.client_id | |
care_plan_id from URL (search param) & patient_id from path | ||||||
medication_request_request |
| DB.medication_request_request.based_on.care_plan[].id | ||||
care_plan_id from URL (search param) & patient_id from path | ||||||
care_plan_id & |
person_id from URL ( |
search param) | |
medication_request |
DB.medication_request |
.based_on.care_plan[].id |
care_plan |
_id from URL (search param) & patient_id from path | |
care_plan_id & |
person_id from URL ( |
search param) |
by search params
service_request | DB.service_request.based_on.care_plan |
[].id | |
care_plan_id from URL (search param) & patient_id from |
by search params
path | ||
device_request | DB.device_request.based_on.care_plan |
[].id | |
care_plan_id from URL ('based_on' search param) & patient_id from |
path |
by search params
Rule: @rule_14 | Action: @read
Scenario:
Base
Resource
Routes
Context
Source of context
Logic
Employee with active approval on the care plan can read the data based on this care plan
Given Entity based on care_plan
When I require read access
Then I can read
Based on care plan
service_request
by id
care_plan (based_on) + patient_id
encounter | care_plan (based_on service_request)+ patient_id | DB.encounter.based_on.service_request.based_on.care_plan[].id | |
diagnostic_report | DB.diagnostic_report.based_on.service_request.based_on.care_plan[].id | ||
procedure | DB.procedure.based_on.service_request.based_on.care_plan[].id |
There is an active approval (access_level=read/write) on the care_plan granted to the employee by the patient (one of user's employee) in MongoDB
by search params
care_plan + patient_id
care_plan_id from URL (search param) & patient_id from path
encounter
by id
medication_dispense | care_plan (based_on |
medication_request)+ patient_id | DB. |
medication_dispense.based_on. |
medication_request.based_on |
_care_plan |
_id | |||
device_dispense | care_plan (based_on device_request)+ patient_id | DB.device_dispense.based_on. |
device_request.based_on.care_plan |
[]. |
diagnostic_report
id |
procedure
- all routes need to have patient_id in context as an additional parameter