REST API method / Метод REST API (настанова) (remove the link block before publishing the document)

Properties of a REST API method document

Document type	Метод REST API
Document title	[Document status] REST API [Назва методу] [ID методу]
Guideline ID	GUI-0011
Author	@
Document version	1
Document status	DRAFT
Date of creation	ХХ.ХХ.ХХХХ (дата фінальної версії документа – RC або PROD)
Date of update	ХХ.ХХ.ХХХХ (дата зміни версії)
Method API ID	API-007-006-001-0271
Microservices (namespace)	ME
Component	Episode
Component ID	COM-007-006
Link на API-специфікацію	https://ehealthmedicaleventsapi.docs.apiary.io/#reference/medical-events/episode-of-care/update-episode
Resource	{{host}}/api/patients/{{patient_id}}/episodes/{{episode_id}}
Scope	episode:write
Protocol type	REST
Request type	PATCH
Sync/Async	Async
Public/Private	Public

Purpose

This web service is designed to update existing episode of care for the patient

Logic

This web service is designed to update existing episode of care for the patient

Configuration parameters

Medical Events Dictionaries and configurations | ALLOWED_EPISODE_CARE_MANAGER_EMPLOYEE_TYPES

Dictionaries

Provides a list of links to dictionaries that are available in Confluence

Input parameters

	Input parameter	Mandatory	Type	Description	Example
1	patient_id		String	Patient identifier	`70a9e15b-b71b-4caf-8f2e-ff247e8a5677`
2	episode_id		String	Episode identifier	`a10aeafb-0df2-4091-bc83-f07e92a100ae`

Request structure

See on Apiary

See on API-specification

Example

{
  "name": "Інсулінонезалежний діабет",
  "care_manager": {
    "identifier": {
      "type": {
        "coding": [
          {
            "system": "eHealth/resources",
            "code": "employee"
          }
        ]
      },
      "value": "9183a36b-4d45-4244-9339-63d81cd08d9c"
    }
  }
}Headers

Headers

	Key	Value	Mandatory	Description	Example
1	Content-Type	application/json	M	Тип контенту	Content-Type:application/json
2	Authorization	Bearer {{access_token}}			Authorization:Bearer {{access_token}}
3	API-key	{{secret}}			API-key:{{secret}}

Request data validation

Authorize

Request to process the request using a token in the headers

Verify the validity of access token
- Return 401 in case validation fails
Verify token is not expired
- in case of error return 401
Check user scopes in order to perform this action (scope = 'episode:write')
- Return 403 in case invalid scope(s)

Validate token

check value of ALLOW_OTHER_LE_EMPLOYEES_TO_MANAGE_EPISODE variable in charts configuration
- if its value is equal to false, verify that user’s employees from care_manager belongs to one of the user_id from token
  - in case of error - return 422 ('User is not allowed to perform this action')
- otherwise, verify that user’s employees from care_manager belongs to the same Legal Entity as author of the episode
  - in case of error - return 422 ('User is not allowed to perfom this action')

Validate legal entity

Validate episode belongs to the legal entity where the current user works
- ME.episode.managing_organization==token.client_id
  - in case of error return 422 "Managing_organization in the episode does not correspond to user`s legal_entity"

Validate request

ME.episode.status == "active"
1. in case of error "Episode in status {episode_status} can not be updated"
Validate care_manager
1. $.care_manager.identifier.type.coding.[0].code = "employee"
  1. in case of error return 422 "Submitted code is not allowed for this field"
2. $.care_manager.identifier.type.coding.[0].system = "eHealth/resources"
  1. in case of error return 422 "Submitted system is not allowed for this field"
3. $.care_manager.identifier.value must meet the following requirements
  1. PRM.employee.type = value from list of employee_types in configuration:
    ALLOWED_EPISODE_CARE_MANAGER_EMPLOYEE_TYPES
    1. in case of error return 409 "Employee submitted as a care_manager is not a not in the list of allowed employee types"
  2. PRM.employee.status= "active"
    1. in case of error return 409 "Employee submitted as a care_manager is not active "
  3. PRM.employee.legal_entity = token.client_id=ME.episode.care_manager.identifier.value
    1. in case of error return 409 "User doesn`t have permitions to set the employee as a care_manager of the episode"

Processing

Set patients.episodes.#{id}.care_manager.display_value= ((PRM.parties.first_name + PRM.parties.second_name + PRM.parties.last_name) where PRM.parties.id == PRM.employees.party_id) where PRM.employees.id== $.care_manager.identifier.value
Set episodes.managing_organization.display_value = PRM.legal_entities.public_name where ( PRM.legal_entities.id == $.managing_organization.identifier.value)

Response structure examples