Overview
This web service (set of services) is designed to provide access to specific episode of care and all its child entities for those users who has appropriate privileges
- User who has active declaration with patient is "authorized" to manage all patient's data (view history, add new medical events)
- User with active approval to this episode can view episode details and its child entities
Specification
- Get encounters in episode context
- Get encounter details in episode context
- Get conditions in episode context
- Get condition details in episode context
- Get observations in episode context
- Get observation details in episode context
- Get allergy intolerances in episode context
- Get allergy intolerance details in episode context
- Get immunizations in episode context
- Get immunization details in episode context
Service logic
Validate token
- Verify the validity of access token
- Return 401 in case of validation fails
- Verify that token is not expired
- in case of error - return 401
Validate scopes
- Check user scopes in order to perform this action (scope = 'episode_of_care:read')
- Return 403 in case of invalid scope(s)
Check user privileges
User who has active declaration with patient is "authorized" to manage all patient's data
1. Get token metadata
- Extract user_id, client_id, client_type
2. Determine the party_id associated with this user_id
SELECT pu.party_id FROM party_users pu WHERE pu.user_id = :user_id;
3. Determine employees related to this party_id in current MSP
SELECT e.id FROM employees e WHERE e.party_id = :party_id AND e.legal_entity_id = :client_id;