Page Comparison

...

Тип правила

Опис

Based on declaration

Лікар з активною декларацією має доступ до всіх даних пацієнта.

Based on managing organization

Користувач може переглядати сутності, створені в даній MSP

Based on context episode

Користувач може переглядати дані, які створені в рамках епізоду лікування, до яких користувач має доступ.

Based on diagnostic report

Користувач може переглядати дані, які є складовою діагностичного звіту, який керується юридичною особою користувача.

Based on origin episode

Лікар може переглядати дані, які бути створені як частина діагностичного звіту або епізоду лікування, до яких користувач має доступ.
Епізод лікування, що містить запит на даний сервіс, розглядається як унікальний епізод в даному випадку.

Based on care plan

Користувач з діючим дозволом на план лікування може переглядати та редагувати дані на основі даного плану лікування

Правило

На чому основано

Ресурс

Посилання

Контекст

Логіка

Джерело контенту

@rule_-2

@read @episode @encounter @observation @condition @allergy_intolerance @immunization @risk_assessment @device @medication_statement @service_request @diagnostic_report @procedure @medication_administration @care_plan @activity

Scenario: NHS employee can read patient’s data if he has Justification for monitoring

Given Justification on monitoring patient's data given by the user (works only from Admin panel, graphql api)

When I require read access

Then I can read

На токені користувача

by id

patient_id

Це активний токен

by search params

Це активний токен

@rule_-1

@read @allergy_intolerance @immunization @risk_assessment @device @medication_statement

Scenario: Employee can read insensitive patient’s data

Given User access token with client_type not equal to cabinet

When I require read access

Then I can read

На токені користувача

by id

Це активний токен

by search params

Це активний токен

@rule_0

@read @episode @encounter @observation @condition @allergy_intolerance @immunization @risk_assessment @device @medication_statement @service_request @diagnostic_report @procedure @medication_administration @care_plan @activity

@clinical_impression

Scenario: Patient can read it's own data

Given Patient has access_token given by Cabinet

When I require read access

Then I can read

На токені користувача

by id

patient_id

Це активний токен наданий до кабінету пацієнта

by search params

@rule_1

@read @episode @encounter @observation @condition @service_request @diagnostic_report @procedure @medication_administration @care_plan @activity @approval@clinical_impression

Scenario: Doctor with active declaration can read all patient data

Given Active declaration with patient

And declaration from the same MSP

When I require read access

Then I can read

На основі декларації

episode

by id

patient_id

Це активна декларація між пацієнтом та лікарем OPS

patient_id from URL

by search params

encounter

by id

by search params

by id in episode context

by search params in episode context

observation

by id

by search params

by id in episode context

by search params in episode context

condition

by id

by search params

by id in episode context

by search params in episode context

service_request

by id

by search params

diagnostic_report

by id

by search params

care_plan

by id

by search params

activity

by id

by search params

approval

by id

by search params

clinical_impression

by id

by search params

@rule_2

@read @episode @service_request @diagnostic_report @procedures

Scenario: Doctor can read entity created in the doctors MSP

Given Entity has been created on my MSP

When I require read access

Then I can read

На основі керуючої організації

episode

by id

episode

managing_organization==token.client_id

DB.episode.managing_organization

by search params

search param {managing_organization} from URL

service_request

by id

service request

DB.service_request.managing_organization

by search params

search param {requester_legal_entity} from URL

diagnostic_report

by id

diagnostic_report

DB.diagnostic_report.managing_organization

by search params

search param {managing_organization} from URL

procedures

by search params

managing_organization

search param {managing_organization} from URL

@rule_3

@read @encounter @observation @condition @service_request @diagnostic_report @device @medication_statement @immunization @risk_assessment @medication_administration @procedure @allergy_intolerance@clinical_impression

Scenario: Doctor can read all the data of episodes created in the doctors MSP

Given Episode context has been created on my MSP

When I require read access

Then I can read

На основі контексту епізоду

encounter

by id

episode

episode.managing_organization==token.client_id

DB.encounter.episode

by search params

search param {episode_id} from URL

by id in episode context

episode_id from URL (path)

by search params in episode context

observation

by id

DB.observation.episode

by search params

search param {episode_id} from URL

by id in episode context

episode_id from URL (path)

by search params in episode context

condition

by id

DB.condition.episode

by search params

search param {episode_id} from URL

by is in episode context

episode_id from URL (path)

by search params in episode context

service_request

by id

DB.service_request.encounter.episode.managing_organization

by search params

search param {episode_id} from URL

by id in episode context

episode_id from URL (path)

diagnostic_report

by id

DB.diagnostic_report.encounter.episode.managing_organization

by search params

context_episode_id from URL (path)

medication_statement

by id

IF context is encounter THEN:
DB.medication_statements.context.episode.managing_organization

by search params

search param {episode_id} from URL

immunization

by id

IF context is encounter THEN:
DB.immunizations.context.episode.managing_organization

by search params

search param {episode_id} from URL

by id in episode context

episode_id from URL (path)

by search params in episode context

device

by id

IF context is encounter THEN:
DB.devices.context.episode.managing_organization

by search params

search param {episode_id} from URL

risk_assessment

by id

IF context is encounter THEN:
DB.risk_assessments.context.episode.managing_organization

by search params

search param {episode_id} from URL

medication_administration

by id

IF context is encounter THEN:
DB.medication_administrations.context.episode.managing_organization

by search params

search param {episode_id} from URL

procedure

by id

DB.procedures.encounter.episode.managing_organization

by search params

search param {episode_id} from URL

allergy_intolerance

by id

IF context is encounter THEN:
DB.allergy_intolerances.context.episode.managing_organization

by search params

search param {episode_id} from URL

by id in episode context

episode_id from URL (path)

by search params in episode context

clinical_impression

by id

DB.clinical_impression.episode

by search params

search param {episode_id} from URL

@rule_4

@read @episode @encounter @observation @condition @allergy_intolerance @immunization @risk_assessment @device @medication_statement @service_request @diagnostic_report @medication_administration

Scenario: Doctor with active approval can read all the data of specified in approval patient

Given Active approval on patient

When I require read access

Then I can read

Не реілазовано

@rule_5

@read @episode @encounter @observation @condition @allergy_intolerance @immunization @risk_assessment @device @medication_statement @service_request @diagnostic_report @procedure @medication_administration@clinical_impression

Scenario: Doctor with active approval can read all the data of specified in approval episodes

Given Active approval on episode

When I require read access

Then I can read

На основі контексту епізоду

episode

by id

episode

Наявний активний дозвіл на епізод виданий співробітником (одним із співробітник користувача) в MongoDB

DB.episode.id

encounter

by id

DB.encounter.episode

Тип правила	Опис
Based on declaration	Лікар з активною декларацією має доступ до всіх даних пацієнта.
Based on managing organization	Користувач може переглядати сутності, створені в даній MSP
Based on context episode	Користувач може переглядати дані, які створені в рамках епізоду лікування, до яких користувач має доступ.
Based on diagnostic report	Користувач може переглядати дані, які є складовою діагностичного звіту, який керується юридичною особою користувача.
Based on origin episode	Лікар може переглядати дані, які бути створені як частина діагностичного звіту або епізоду лікування, до яких користувач має доступ. Епізод лікування, що містить запит на даний сервіс, розглядається як унікальний епізод в даному випадку.
Based on care plan	Користувач з діючим дозволом на план лікування може переглядати та редагувати дані на основі даного плану лікування
Based on care patient	Користувач з діючим дозволом на дані пацієнта може переглядати дані пацієнта

Правило	На чому основано	Ресурс	Посилання	Контекст	Джерело контенту	Логіка
Rule: @rule_-2 \| Action: @read \| (GraphQL only)
NHS employee can read patient’s data if he has Justification for monitoring Given Justification on monitoring patient's data given by the user (works only from Admin panel, graphql api) When I require read access Then I can read	На токені користувача	episode	JustificationFilter schema	patient_id	person_id from JustificationFilter schema	Є активний токен & та активне підтвердження
		encounter
		observation
		condition
		allergy_intolerance
		immunization
		risk_assessment
		device
		medication_statement
		medication_request
		medication_dispense
		service_request
		diagnostic_report
		procedure
		medication_administration
		care_plan
		activity

Правило	На чому основано	Ресурс	Посилання	Логіка
Rule: @rule_-1 \| Action: @read
Employee can read insensitive patient’s data Given User access token with client_type not equal to cabinet When I require read access Then I can read	На токені користувача	allergy_intolerance	by id by search params	Є активний токен для client_type.name != CABINET
		immunization
		risk_assessment
		device
		medication_statement

Правило	На чому основано	Ресурс	Посилання	Контекст	Джерело контенту	Логіка
Rule: @rule_0 \| Action: @read
Patient can read it's own data Given Patient has access_token given by Cabinet When I require read access Then I can read	На токені користувача	episode	by id by search params	patient_id	patient_id from URL	Є активний токен виданий пацієнту з Cabinet
		encounter
		observation
		condition
		allergy_intolerance
		immunization
		risk_assessment
		device
		medication_statement
		service_request
		diagnostic_report
		procedure
		medication_administration
		care_plan
		activity
		clinical_impression

Правило	На чому основано	Ресурс	Посилання	Контекст	Джерело контенту	Логіка
Rule: @rule_1 \| Action: @read
Employee with active declaration can read all patient data Given Active declaration with patient And declaration from the same MSP When I require read access Then I can read	На основі декларації та токену користувача	episode	by id	person_id	person_id from URL	Це активна декларація між пацієнтом та лікарем OPS того ж MSP з токену
		episode	by search params
		encounter	by id
			by search params
			by id in episode context
			by search params in episode context
		observation	by id
			by search params
			by id in episode context
			by search params in episode context
		condition	by id
			by search params
			by id in episode context
			by search params in episode context
		service_request	by id
		service_request	by search params
		diagnostic_report	by id
		diagnostic_report	by search params
		procedure	by id
		procedure	by search params
		medication_administration	by id
		medication_administration	by search params
		care_plan	by id
		care_plan	by search params
		activity	by id
		activity	by search params
		approval	by id
		approval	by search params
		clinical_impression	by id
		clinical_impression	by search params
		medication_request_request	by id
		medication_request_request	by search params
		medication_request	by id
		medication_request	by search params
		medication_dispense	by id
		medication_dispense	by search params (Search Medication dispenses by Medication request ID)

Правило	На чому основано	Ресурс	Посилання	Контекст	Джерело контенту	Логіка
Rule: @rule_2 \| Action: @read
Employee can read entity created in the employee's MSP Given Entity has been created on my MSP When I require read access Then I can read	На основі керуючої організації	service_request	by id	requester_legal_entity + patient_id	DB.service_request.managing_organization	managing_organization==id
		service_request	by search param	requester_legal_entity + patient_id	search param {managing_organization} from URL	managing_organization (requester_legal_entity, )==token.client_id
		episode diagnostic_report procedures encounter condition observation	by id	managing_organisation + patient_id	DB.episode.managing_organization OR DB.diagnostic_report.managing_organization	managing_organization==id
			by search param	managing_organisation + patient_id	search param {requester_legal_entity} from URL	managing_organization (requester_legal_entity, )==token.client_id
		medication_request_request	by id	legal_entity + patient_id	search param {legal_entity_id} from URL	legal_entity_id==id
		medication_request_request	by search param	legal_entity + patient_id	search param {legal_entity_id} from URL	legal_entity_id ==token.client_id
		medication_request	by id	legal_entity + patient_id	search param {legal_entity_id} from URL	legal_entity_id==id
		medication_request	by search param	legal_entity + patient_id	search param {legal_entity_id} from URL	legal_entity_id ==token.client_id
		medication_dispense	by id	legal_entity + patient_id	search param {legal_entity_id} from URL	legal_entity_id==id
		medication_dispense	by search param (Search Medication dispenses by Medication request ID)	legal_entity + patient_id	search param {legal_entity_id} from URL	legal_entity_id ==token.client_id

Правило	На чому основано	Ресурс	Посилання	Контекст	Джерело контенту	Логіка
Rule: @rule_3 \| Action: @read
Employee can read all the data of episodes created in the employee's MSP Given Episode context has been created on my MSP When I require read access Then I can read	На основі контексту епізоду	encounter	by id	episode	DB.encounter.episode	episode.managing_organization==token.client_id
			by search params		search param {episode_id} from URL
			by id in episode context		episode_id from URL (path)
			by search params in episode context		episode_id from URL (path)
		observation	by id	episode	DB.observation.episode
			by search params		search param {episode_id} from URL
			by id in episode context		episode_id from URL (path)
			by search params in episode context		episode_id from URL (path)
		condition	by id	episode	DB.condition.episode
			by search params		search param {episode_id} from URL
			by id in episode context		episode_id from URL (path)
			by search params in episode context		episode_id from URL (path)
		service_request	by id	episode	DB.service_request.encounter.episode
			by search params		search param {episode_id} from URL
			by id in episode context		episode_id from URL (path)
			by search params in episode context		episode_id from URL (path)
		diagnostic_report	by id	episode	DB.diagnostic_report.encounter.episode
		diagnostic_report	by search params	episode	context_episode_id from URL (path)
		procedure	by id	episode	DB.procedures.encounter.episode
		procedure	by search params	episode	search param {episode_id} from URL
		medication_administration	by id	episode	IF context is encounter THEN: DB.medication_administrations.context.episode
		medication_administration	by search params	episode	search param {episode_id} from URL
		device	by id	episode	IF context is encounter THEN: DB.devices.context.episode
		device	by search params	episode	search param {episode_id} from URL
		risk_assessment	by id	episode	IF context is encounter THEN: DB.risk_assessments.context.episode
		risk_assessment	by search params	episode	search param {episode_id} from URL
		medication_statement	by id	episode	IF context is encounter THEN: DB.medication_statements.context.episode
		medication_statement	by search params	episode	search param {episode_id} from URL
		immunization	by id	episode	IF context is encounter THEN: DB.immunizations.context.episode
		immunization	by search params	episode	search param {episode_id} from URL
		allergy_intolerance	by id	episode	IF context is encounter THEN: DB.allergy_intolerances.context.episode
		allergy_intolerance	by search params	episode	search param {episode_id} from URL
		medication_request	by id	episode	DB.medication_request.context_episode_id
		medication_request	by search params	episode	search param {episode_id} from URL
		medication_dispense	by id	episode	DB.medication_request.context_episode_id
		medication_dispense	by search params (Search Medication dispenses by Medication request ID)	episode	search param {episode_id} from URL
		medication_request_request	by id	episode	DB.medication_request_request.context_episode_id
		medication_request_request	by search params	episode	search param {episode_id} from URL
		clinical_impression	by id	episode	DB.clinical_impression.context_episode_id
		clinical_impression	by search params	episode	search param {episode_id} from URL

Rule: @rule_4 \| Action: @read
Правило	На чому основано	Ресурс	Посилання	Контекст	Джерело контенту	Логіка
Employee with active approval can read all the data of specified in approval patient Given Active approval on patient When I require read access Then I can read	На основі patient_id	episode	by id	patient_id	patient_id з URL	Наявний активний дозвіл на дані пацієнта, який наданий співробітнику (одниз зі співробітників користувача) в MongoDB
			by search params
			active diagnosis
			short episodes by search params
			by patient_id in observation context
			by patient_id in condition context
			by patient_id in procedure context
			by patient_id in diagnostic_report context
		encounter	by id
			by search params
			by id in episode context
			by search params in episode context
			short encounters by search params
			short encounters by ID
		observation	by id
			by search params
			short observations by search params
			short observation by id
		condition	by id
			by search params
			short conditions by search params
			short conditions by id
		service_request	list in episode context
			by search params
			by id in episode context
			by id
			by requisition
		procedure	by id
			by search params
			short procedures by id
			short procedures by search params
		diagnostic_report	by id
			by search params
			approved by patient_id
			short diagnostic_reports by search params
			by patient_id in observation context
			short diagnostic_reports by id
		care_plan	by id
			by search params
			by requisition
			by activity id
		activity	by id
		activity	by search params
		clinical_impression	by id
		clinical_impression	by search params
		medication_request_request	by id
		medication_request_request	by search params
		medication_request	by id
		medication_request	by search params
		medication_dispense	by id (details in person context)
		medication_dispense	by search params (by medication request id)

by search params

search param {

Правило	На чому основано	Ресурс	Посилання	Контекст	Джерело контенту	Логіка
Rule: @rule_5 \| Action: @read
Employee with active approval OR to the legal_entity (one of legal_entity's employee) can read all the data of specified in approval episodes Given Active approval on episode When I require read access Then I can read	На основі контексту епізоду	episode	by id		http://DB.episode.id	Наявний активний дозвіл на епізод виданий співробітником (одним із співробітників користувача) в MongoDB
		encounter	by id	episode	DB.encounter.episode
			by search params		search param {episode_id} from URL
			by id in episode context		episode_id from URL (path)
			by search params in episode context		episode_id from URL (path)
		observation	by id	episode	DB.observation.episode
			by search params		search param {episode_id} from URL
			by id in episode context		episode_id from URL (path)
			by search params in episode context		episode_id from URL (path)
		condition	by id	episode	DB.condition.episode
			by search params		search param {episode_id} from URL
			by id in episode context		episode_id from URL (path)
			by search params in episode context		episode_id from URL (path)
		service request	by id	episode	DB.service_requset.encounter.episode
			by search params		search param {episode_id} from URL
			by id in episode context		episode_id from URL (path)
			by search params in episode context		episode_id from URL (path)
		diagnostic_report	by id	episode	DB.diagnostic_report.encounter.episode
		diagnostic_report	by search params	episode	search param {episode_id} from URL
		medication_administration	by id	episode	IF context is encounter THEN: DB.medication_administrations.context.episode
		medication_administration	by search params	episode	search param {episode_id} from URL
		procedure	by id	episode	DB.procedures.encounter.episode
		procedure	by search params	episode	search param {episode_id} from URL
		medication_request	by id	episode	DB.medication_request.context_episode_id
		medication_request	by search params	episode	search param {episode_id} from URL (can be used with {encounter_id} search param for sort by encounter)
		medication_dispense	by id	episode	DB.medication_request.context_episode_id
		medication_dispense	by search param (Search Medication dispenses by Medication request ID)	episode	search param {episode_id} from URL (can be used with {encounter_id} search param for sort by encounter)
		medication_request_request	by id	episode	DB.medication_request_request.context_episode_id
		medication_request_request	by search params	episode	search param {episode_id} from URL (can be used with {encounter_id} search param for sort by encounter)
		clinical_impression	by id	episode	DB.clinical_impression.context_episode_id
		clinical_impression	by search params	episode	search param {episode_id} from URL

by id in episode context

episode_id from URL (path)

by search params in episode context

observation

by id

DB.observation.episode

by search params

search param {episode_id} from URL

by id in episode context

episode_id from URL (path)

by search params in episode context

condition

by id

DB.condition.episode

(can be used with {encounter_id} search param for sort by encounter)

Правило	На чому основано	Ресурс	Посилання	Контекст	Джерело контенту	Логіка
Rule: @rule_6 \| Action: @read
Employee can read entity originated by episode created in the employee's MSP Given Entity has been originated by mine MSP episode When I require read access Then I can read	На основі первинного епізоду	encounter	by id	origin_episode	DB.encounter.origin_episode	origin_episode.managing_organization==token.client_id
		encounter	by search params	origin_episode	Search param {origin_episode_id} from URL
		diagnostic repost	by id

in episode context

service request

by id

episode_id from URL (path)

by search params in episode context

origin_episode

DB.

service

diagnostic_

requset

report.

encounter.

origin_episode

by search params

search param diagnostic report

Search param {origin_episode_id} from URL

by id in episode context

episode_id from URL (path)

procedures

by id

origin_episode

DB.

diagnostic_report

procedures.encounter.episode
by search params	search param {episode_id} from URL

procedure

by id

DB.procedures.encounter.episode

by search params

search param {episode_id} from URL

clinical_impression

by id

DB.clinical_impression.episode

by search params

search param {episode

Rule: @rule_7 | Action: @read

Правило

На чому основано

Ресурс

Посилання

Контекст

Джерело контенту

Логіка

Employee can read all the data of diagnostic report originated by episode created in the employee's MSP

Given Diagnostic report context has been originated by mine MSP episode

When I require read access

Then I can read

На основі первинного епізоду

observation

by id

diagnostic_report

DB.observation.diagnostic_report.origin_episode

origin_episode.managing_organization==token.client_id

by search params

Search param {diagnostic_report_id} from URL

Rule: @rule_

6

@read @diagnostic_report @encounter @procedure

Scenario: Doctor can read entity

Правило	На чому основано	Ресурс	Посилання	Контекст	Джерело контенту	Логіка
8 \| Action: @read
Employee can read all the data of encounter originated by episode created in the

doctors

employee's MSP

Given

Entity

Encounter context has been originated by mine MSP episode

When

I

I require read access

Then

I

I can read

На основі первинного епізоду

encounter

by id

origin_episode

origin_episode.managing_organization==token.client_id

DB.

observation	by id	encounter	DB.observation.context.origin_episode	origin_episode.managing_organization==token.client_id
	by search params		Search param {encounter_id} from URL
condition	by id	encounter	DB.condition.context.origin_episode
	by search params		Search param {encounter_id} from URL
diagnostic_report	by id	encounter	DB.diagnostic_report.encounter.origin_episode
	by search params		Search param {

origin

encounter_

episode_

id} from URL

diagnostic repost

medication_administration

by id

encounter

IF context is encounter THEN:
DB.

diagnostic

medication_

report.origin_

administrations.context.encounter
by search params	search param {encounter_id} from URL
procedure	by id	encounter	DB.procedures.encounter.episode
procedure	by search params	encounter

Search param

search param {

origin

encounter_

episode_

id} from URL

procedures

~~medication_request~~

by

search params

id

~~encounter~~

~~DB.~~

diagnostic

~~medication_~~

report.origin_episode

@rule_7

@read @observation

Scenario: Doctor can read all the data of diagnostic report originated by episode created in the doctors MSP

Given Diagnostic report context has been originated by mine MSP episode

When I require read access

Then I can read

На основі первинного епізоду

observation

by id

diagnostic_report

origin_episode.managing_organization==token.client_id

DB.observation.diagnostic_report.origin_episode

by search params

Search param {diagnostic_report

~~request.context~~
~~by search params~~	~~search param {encounter_id} from URL~~
~~medication_request_request~~	~~by id~~	~~encounter~~	~~DB.medication_request_request.context~~
~~medication_request_request~~	~~by search params~~	~~encounter~~	~~search param {encounter_id} from URL~~

Rule: @rule_

8

@read @observation @condition @allergy_intolerance @immunization @risk_assessment @device @medication_statement @service_request @diagnostic_report @procedure @medication_administration@clinical_impression

Scenario: Doctor can read all the data of encounter originated by episode created in the doctors MSP

Given Encounter context has been originated by mine MSP episode

When I

9 | Action: @read | NOT IMPLEMENTED YET

Правило

На чому основано

Ресурс

Посилання

Контекст

Джерело контенту

Логіка

Employee with active approval can read data, originated by the episode Given Active approval on patient

When I require read access

Then

I can read

На основі первинного епізоду

observation

by id

encounter

origin_episode.managing_organization==token.client_id

I can read		encounter

DB.

observation

.context.origin_episode

by search params

Search param {encounter_id} from URL

condition

by id

DB.condition.context.origin_episode

by search params

Search param {encounter_id} from URL

service request

by id

DB.service_request.encounter.origin_episode

by search params

Search param {encounter_id} from URL

diagnostic_report

by id

DB.diagnostic_report.encounter.origin_episode

by search params

Search param {encounter_id} from URL

procedure

by id

DB.procedure.origin_episode

by search params

Search param {encounter_id} from URL

@rule_9

@read @encounter @observation @condition @service_request @diagnostic_report

Scenario: Doctor with active approval can read data, originated by the episode

Given Active approval on episode

When I require read access

Then I can read

Не реалізовано

@rule_10

@read @observation

Scenario: Doctor


	condition
	service_request
	diagnostic_report

Правило	На чому основано	Ресурс	Посилання	Контекст	Джерело контенту	Логіка
Rule: @rule_10 \| Action: @read
Employee can read all the data of diagnostic report created in the

doctors

employee's MSP

Given

Diagnostic

Diagnostic report context has been originated by mine MSP

When

I

I require read access

Then

I

I can read

На основі діагностичного звіту

observation

by id

diagnostic_report

DB.observation.diagnostic_report.managing_organization

==token.client_id

DB.observation.

diagnostic_report.managing_organization==token.client_id
	by search params	Search param {diagnostic_report_id} from URL

Rule: @rule_

11

@read @observation

Scenario: Doctor

11 | Action: @read

Правило

На чому основано

Ресурс

Посилання

Контекст

Джерело контенту

Логіка

Employee with active approval can read all the data of specified in approval diagnostic report

Given

Active

Active approval on diagnostic report

When

I

I require read access

Then

I

I can read

На основі діагностичного звіту

observation

by id

diagnostic_report

DB.observation.diagnostic_report.managing_organization

Наявний активний дозвід на діагностичний звіт наданий співробітником (одним з співробітників користувача) в MongoDB

DB.observation.diagnostic_report

by search params

Search param {diagnostic_report

_id} from URL

@rule_12

@read @care_plan @activity @medication_request @medication_request_request

Scenario: Doctor

_id} from URL

Правило	На чому основано	Ресурс	Посилання	Контекст	Джерело контенту	Логіка
Rule: @rule_12 \| Action: @read
Employee with active approval can read the data associated with the care plan

.

Given

Active

Active approval on care_plan

When

I

I require read access

Then

I

I can read

На основі плану лікування

care_plan

by id

care_plan

+ patient_id

DB.care_plan.id=approvals.granted_resources[].value

Наявний активний

дозвіл

апрувал (access_level=read)

на

на care_plan, наданий

співробітнику (одним з співробітників користувача) в MongoDB

DB.care_plan.id=approvals.granted_resources[].value

пацієнтом співробітнику (один з співробітників користувача) в MongoDB
	activity	by id	care_plan + patient_id

from URL (path)

DB.activities.

care_plan

[].id=approvals.granted_resources[].value

_id & patient_id from URL (path)
	by search params
medication_request_

requests

request

by

search params

id	care_plan + patient_id

from URL (path)

DB.medication_request_requests.based_on.

care_plan

[].id=approvals.granted_resources[].value

_id & patient_id from URL (path)
	by search params
medication_

requests

request

by

search params

id

care_plan + patient_id

care_plan_id & patient_id from URL (path)

DB.medication_requests.based_on.care_plan[].id=approvals.granted_resources[].value

@rule_13

@write @care_plan @activity @medication_request @medication_request_request

Scenario: Doctor


	by search params
medication_dispense	by id	care_plan + patient_id	care_plan_id & patient_id from URL (path)
	by search params (Search Medication dispenses by Medication request ID)

Правило	На чому основано	Ресурс	Посилання	Контекст	Джерело контенту	Логіка
Rule: @rule_13 \| Action: @write
Employee with active approval can write the data associated with the care plan

.

Given Active

Given Active approval on care_plan

When

I

I require write access

Then

I can write

На основі плану лікування

care_plan

by id

care_plan + patient_id

DB.care_plan.id=approvals.granted_resources[].value

Наявний активний дозвіл (access_level=write) на care_plan наданий співробітнику (одним з співробітників користувача) в

MongoDBDB.

MongoDB
	activity	by id	care_plan + patient_id	care_plan

.id=approvals.granted_resources[].value

complete

cancel

activity

_id & patient_id from URL (path)
	by search params
medication_request_request	by id	care_plan + patient_id

from URL (path)

DB.activities.

care_plan

[].id=approvals.granted_resources[].value

_id & patient_id from URL (path)
	by search params

create

complete

cancel

medication_request

_requests

by

search params

id

care_plan + patient_id

care_plan_id & patient_id from URL (path)

DB.medication_request_requests.based_on.care_plan[].id=approvals.granted_resources[].value

medication_requests

by search params


	by search params
medication_dispense	by id	care_plan + patient_id	care_plan_id & patient_id from URL (path)

DB.medication_requests.based_on.care_plan[].id=approvals.granted_resources[].value

@rule_14

@read @service_request @encounter @diagnostic_report @procedure @medication_dispense

Scenario: User


	by search params (Search Medication dispenses by Medication request ID)

Правило	На чому основано	Ресурс	Посилання	Контекст	Джерело контенту	Логіка
Rule: @rule_14 \| Action: @read
Employee with active approval on the care plan can read the data based on this care plan

.

Given Entity When I

Given Entity based on care_plan

And Active approval on care_plan

When I require read access

Then

I can read

На основі плану лікування

service_request

by id

care_plan

I can read

На основі плану лікування

service_request

by id

care_plan (based_on) + patient_id

DB.service_request.based_on.care_plan[].id=approvals.granted_resources[].value

Наявний активний дозвіл (access_level=read/write

) на

) на care_plan наданий співробітнику (одним з співробітників користувача) в MongoDB
	by search params	care_plan + patient_id	care_plan_id from URL (search param) & patient_id from path
	encounter	by id	patient_id ->. care_plan

наданий співробітнику (одним з співробітників користувача) в MongoDB

DB.

(based_on service_request)

DB.encounter.based_on.service_request.based_on.care_plan[].id=approvals.granted_resources[].value

by search params

care_plan_id from URL (search param)

DB

OR DB.diagnostic_report.based_on.service_request.based_on.care_plan[].id=approvals.granted_resources[].value

encounter

by id

care_plan_id from URL (search param)

DB

OR DB.procedure.based_on.service_

requests

request.based_on.care_plan[].id=approvals.granted_resources[].value
	diagnostic_report	by id
	procedure	by id

- Для всіх ресурсів повинен бути вказаний patient_id в контексті додаткого параметру

Versions Compared

Old Version 9

New Version Current

Key

Rule: @rule_-2 | Action: @read | (GraphQL only)

Rule: @rule_-1 | Action: @read

Rule: @rule_0 | Action: @read

Rule: @rule_1 | Action: @read

Rule: @rule_2 | Action: @read

Rule: @rule_3 | Action: @read

Rule: @rule_4 | Action: @read

Rule: @rule_5 | Action: @read

Rule: @rule_6 | Action: @read

Rule: @rule_7 | Action: @read

Rule: @rule_

8 | Action: @read

Rule: @rule_

9 | Action: @read | NOT IMPLEMENTED YET

Rule: @rule_10 | Action: @read

Rule: @rule_

11 | Action: @read

Rule: @rule_12 | Action: @read

Rule: @rule_13 | Action: @write

Rule: @rule_14 | Action: @read