/wiki/spaces/EN/pages/17591304241 (remove the link block before publishing the document)
Properties of a REST API method document
Purpose
This WS is designed to reject previously created Medication Request
Key points
Only authenticated and authorized user with an appropriate scope can reject Medication Request.
Medication Request can be rejected only from ‘ACTIVE' status.
Logic
Save signed content to media storage.
Update Medication request in OPS DB:
set status = 'REJECTED'
set reject_reason_code = $.reject_reason_code
set reject_reason = $.reject_reason
set updated_by = user_id
set updated_at = now()
Send SMS for person
If Medication request has program with medical program setting medication_request_notification_disabled = true, then don't send SMS.
Else:
Get authentication_method of person from MPI
If authentication_method == OTP, then send SMS to a person from Medication request:
Generate SMS text (
get template from reject_template_sms parameter
enrich template with data from Medication request
Send SMS to a person
Add new status to event manager
field | value |
---|---|
|
|
|
|
| $.id |
| $.status |
| $.update_at |
| $.changed_by |
f the medication request is based on the activity with quantity:
Recalculate and set remaining_quantity for the activity as described at Create Medication Request: Validate based_on (p. 2.d.1 ) and do not include current MR but include all MD which related to current MR
Процеси роботи з випискою електронних рецептів
Configuration parameters
Access to the method is defined by the scope medication_request:reject. Permission for this scope is determined by the System administrator by configuring scopes in the context of clients and roles.
Dictionaries
eHealth/SNOMED/anatomical_structure_administration_site_codes
eHealth/SNOMED/dose_and_rate
Input parameters
Description of input parameters
Input parameter | Mandatory | Type | Description | Example | |
---|---|---|---|---|---|
1 | id | M | String | medication request identifier | a89f6a26-4221-4597-a1d2-542d5e40b565 |
2 |
Request structure
See on API-specification (посилання на сторінку з API-специфікацією)
Description of the REST API request structure, example
Key | Value | Mandatory | Description | Example | |
---|---|---|---|---|---|
1 | Content-Type | application/json | M | Тип контенту | Content-Type:application/json |
2 | Authorization | Bearer c2778f3064753ea70de870a53795f5c9 | M | Перевірка користувача | Authorization:Bearer c2778f3064753ea70de870a53795f5c9 |
3 |
Request data validation
Authorize
Verify the validity of access token
in case of error - return 401 (“Invalid access token”) in case of validation fails
Verify that token is not expired
in case of error - return 401 (“Invalid access token”)
Check user scopes in order to perform this action (scope = 'medication_request:reject')
return 403 (“Your scope does not allow to access this resource. Missing allowances: medication_request:reject”) in case of invalid scope(s)
If BLOCK_UNVERIFIED_PARTY_USERS is true, then check party's data match following condition: verification_status != NOT_VERIFIED or (verification_status = NOT_VERIFIED and updated_at <= current_date - UNVERIFIED_PARTY_PERIOD_DAYS_ALLOWED):
in case not match - return 403 ("Access denied. Party is not verified")
Check signed content
Check that signed content contains all required fields and is equal to stored object:
Decode signed content.
Render requested medication request.
Check that rendered and decoded data matches.
Note! Medication request with intent plan and order has different structure
Medical program is optional object in order.
Medical program is absent in plan.
Validate Digital Sign
Validate request is signed
in case of error - return 400 (“document must be signed by 1 signer but contains 0 signatures”).
Check DS is valid and not expired.
Validate that DS belongs to the user
in case of error - return 400 (“Invalid signature“).
Check that DRFO from DS and party.tax_id matches
in case of error - return 422 (“Does not match the signer drfo“).
Validate Medication request
Get Medication request identifier from the URL. Check Medication request exists in OPS DB
in case of error - return 404 (“Not found“).
Validate user
Medication Request rejection is allowed for user if he has one of the following active and approved employee that:
is an author of the Medication request Request (medication_request.employee_id);
has an approval on write Care plan if Medication Request based on the Care plan (medication_request.based_on);
is Med_Admin from legal entity where Medication Request is created
in case of error - return 409 ("Employee is not author of medication request, doesn't have approval or required employee type").
Validate content
Validate request using JSON schema
in case of error - return 422 ('schema does not allow additional properties' OR 'required property type was not present').
Check that signed content contains all required fields and is equal to stored object
Decode signed content.
Render requested medication request.
Check that rendered and decoded data matches (except for reject_reason_code and reject_reason fields)
in case of error - return 422 ("Signed content does not match the previously created content").
Note! Medication Request with intent plan and order has different structure:
Medical program is required in order.
Medical program is absent in plan.
Validation transition
Get status of Medication request by $.id in OPS DB. Check that Medication request is in status ‘ACTIVE’
if invalid - return 409 ("Invalid status Medication request for reject transition!").
For more information look at Medication request status model .
Validate reject reason code
Validate $.reject_reason_code is a value from MEDICATION_REQUEST_REJECT_REASON dictionary
in case of error - return 422 ("value is not allowed in enum")
Processing
A list of processes related to receiving, changing or transmitting data according to the logic defined in the REST API
Response structure examples
See on API-specification (посилання на сторінку з API-специфікацією)
Description of the REST API response structure, example
HTTP status codes
Response code | HTTP Status code | Message | Internal name | Description | |
---|---|---|---|---|---|
1 | Базові | ||||
2 | 400 | document must be signed by 1 signer but contains 0 signatures | На документ має бути накладено 1 цифровий підпис за допомогою КЕП, проте маємо 0 цифрових підписів | ||
3 | 400 | Invalid signature | Некоректний КЕП | ||
4 | 401 | Invalid access token | Недійсний токен доступу | ||
5 | 403 | Your scope does not allow to access this resource. Missing allowances: medication_request:reject | Для вашої ролі відсутній доступ до цього ресурсу. Необхідний доступ на відхилення рецепта | ||
6 | 403 | Access denied. Party is not verified | Доступ заборонено. Працівник не перевірений | ||
7 | 404 | Not found | не знайдено | ||
8 | 409 | Employee is not author of medication request, doesn't have approval or required employee type | Співробітник не є автором електронного рецепта, не має доступу до нього або не належить до необхідного типу працівника | ||
9 | 409 | Invalid status Medication request for reject transition! | Некоректний статус електронного рецепта для його відхилення | ||
10 | Специфічні | ||||
11 | 422 | Does not match the signer drfo | РНОКПП користувача не співпадає з РНОКПП, зазначеним у КЕП | ||
12 | 422 | schema does not allow additional properties' OR 'required property type was not present | схема не допускає додаткових властивостей АБО не вказано ТИП | ||
13 | 422 | Signed content does not match the previously created content | Підписані дані не відповідають раніше створеним | ||
14 | 422 | value is not allowed in enum | Недопустиме значення |
Post-processing processes
Description of actions performed on data after processing
Technical modules where the method is used
List of pages describing technical modules where the method is used