Introduction

There are several types of access to patient medical data in eHealth, such as:

Primary care doctor

1. Authorization

   1. Authorize user using standard flow (Auth)

2. Search for declarations using token 

   1. Select party_id from PRM.Party_users where  user_id = token.user_id 
   2. Select id from PRM.Employee where
      1. party_id = a.
      2. legal_entitty_id= token.client_id
   3. Select patient_id from OPS.Declarations where  
      1. employee_id = b.
      2. status = active
   4. Write selected records into Redis 

3. Refresh record in Redis

   1. Delete record from Redis after N minutes (N = 15 by default)  
   2. If new declaration was signed with the Doctor, delete the record from Redis where key = declarations.employee_id

4. Declarations validation

   1. Search for a record in Redis where the key = token.user_id 
      1. If there is no record, perform point 2 - Search for declarations using token 
      2. If there is a record, search for patient_id in array
         
         1. If there are no records with such patient_id return error -"Access denied - you have no active declaration with the patient"
         2. If there is a record - grand access

Secondary care doctor

Will be implemented in next phases

Emergency room

Will be implemented in next phases

Public information

A set of public patient medical data such as blood type, allergies intolerances, medications intolerances e.t.c are known as Patient Summary. Patient Summary could be requested by any doctor.