ЕСОЗ - публічна документація

RC_[UPD] Get Observation by id (GraphQL)

Owned by Oleksandr Zhuk (SoE eHealth)
Apr 21, 2024
2 min read

Purpose

This WS allows to get detailed observation info from Admin panel.

Key points

  1. This is a graphQl query used in Administration panel only

  2. Only authenticated and authorized NHS employee with appropriate scope can get observation details.

  3. Query returns single observation by person (mpi id) and observation identifier.

  4. Filtration with forbidden group items not implemented for observations, so it not used here.

  5. Query should be invoked only if Justification for monitoring exists for current user and corresponding patient (ABAC rule_-2).

Specification

"Reads a single `Observation` using its globally unique ID and person's mpi id." observation(personId: ID!, id: ID!): Observation
""" Observation data contains all information about patient observation. Described by https://www.hl7.org/fhir/observation.html In order to obtain this data user must have a scopes: **observation:practical_monitor**, **observation:clinical_monitor** """ type Observation implements Node { "The ID of an object." id: ID! "Primary key identifier from the database." databaseId: UUID! "Reference on ServiceRequest resource" basedOn: [Reference] "Observation status" status: ObservationStatus! "Classification of type of observation" categories: [CodeableConcept!]! "Reference on Encounter resource" context: Reference "Reference on DiagnosticReport resource" diagnosticReport: Reference "Observation effective time in DateTime or Period format" effective: Effective! "Date and time observation was made available" issued: DateTime! "If observation belongs to primary source" primarySource: Boolean! "Performer of the observation" performer: Reference "Observation report origin" reportOrigin: CodeableConcept "Type of observation (code/type)" code: CodeableConcept! "Observation interpretation" interpretation: CodeableConcept "Observation notes" comment: String "Observed body part" bodySite: CodeableConcept "How observation was done" method: CodeableConcept "Provides guide for interpretation" referenceRanges: [ReferenceRange] "Component results" components: [Component] "Actual result" value: ObservationValue! "Date and time when record was inserted" insertedAt: DateTime! "Date and time when record was updated" updatedAt: DateTime! }

Authorization

  • Verify the validity of access token

    • in case of error - return 401 (“Invalid access token”) in case of validation fails

  • Verify that token is not expired

    • in case of error - return 401 (“Invalid access token”)

  • Check user scopes in order to perform this action (scope = 'observation:practical_monitor')

    • return 403 (“Your scope does not allow to access this resource. Missing allowances: observation:practical_monitor”) in case of invalid scope(s)

  • Check user has access to resource according to @rule_-2 in ABAC

    • return 403 (“Access denied. Justification required“) in case of error

Validate legal entity

  • Extract client_id from token.

  • Check client scopes in order to perform this action (scope = 'observation:practical_monitor')

    • in case of error - return 403 (“Your scope does not allow to access this resource. Missing allowances: observation:practical_monitor”)

  • Check legal entity type (type = NHS)

    • In case of error - return 403 ('You don't have permission to access this resource')

  • Check legal entity status (status = ACTIVE)

    • In case of error - return 409 ('client_id refers to legal entity that is not active')

Validate request

  • Check required personId submitted.

    • return 404 (“not found“) in case not exist

  • Check required observation Id submitted.

    • return 404 (“not found“) in case not exist or not related to person

Service logic

  1. Get observation by id and patient_id

  2. Render detailed observation data according to schema

ЕСОЗ - публічна документація