ЕСОЗ - публічна документація
RC_(CSI-2483,CR-441)_Approvals
- Viacheslav Tybin (SoE eHealth)
Description
Service to manage time-limited access to users or legal entities resources.
All the approvals are stored centralized. Unfortunately we cannot use JWT because of the patient use cases.
Approvals are used by ABAC service as a data source to make decisions based on rules
Approvals are stored in the medical events MongoDB.
There should be no MPI_id in DB, only mpi-hash.
Approval can be granted as to user (employee), so to legal_entity (to all employees of the legal_entity).
Approval can be granted not only for particular medical event of the patient, but also for all medical events (incl. MR, MRR, MD) of the patient at once.
Use cases
As a doctor I want to be able to get access to some specific patient resources So that I can provide the healthcare services for any patient that has asked me to help
As a doctor I want to be able to get access to the patient resources that has been included in the Service Request So that I can provide the healthcare services and process service request
As a doctor I want to be able to get access to the patient resources that are the context of granted resource So that I can provide the healthcare services and process child_resources
As a doctor I want to be able to get access for legal_entity to the patient resources that has been included in the Service Request So that all employees of legal_entity can provide the healthcare services and process service request
As a Patient I want to provide access to my medical data resources for the specific eHealth user So that I can get the healthcare consultation from whoever I want
As a Patient I want to authorize all the grant access to my profile actions using the authorization methods that I have chosen in the declaration So that I can be sure that my medical data is protected.
Data model
Approvals
Object name: approvals
Name | Type | M/O | Description and constraints |
|---|---|---|---|
id | string | m | id of approval |
patient_id | string | m | mpi_id hash |
granted_resources | Reference | m | list of resources that are allowed by approval |
granted_to | Reference | m | type and identifier of entity to whom access has been granted (employee or legal_entity) |
expires_at | timestamp | m | expiration date-time timestamp |
granted_by | Reference | m | type and identifier of entity who has granted access. It can be MPI_id |
reason | Reference | o | type and identifier of entity based on which approval has been created |
access_level | string | m | `read` or 'write' |
urgent | Object | m | authentication_type and phone number |
inserted_at | datetime | m |
|
inserted_by | guid | m |
|
updated_at | datetime | m |
|
updated_by | guid | m |
|
is_verified | bool | m | identifies if Verify approval was called for record |
created_by | Reference | m | type and identifier of entity who has created approval. Reference on prm.employees.id |
authorize_with | string | o | persons auth method id hash |
Data example:
approval
{
"_id" : UUID("fc15b8a3-d7cb-41f7-8cbc-7317e9ad515f"),
"access_level" : "read",
"expires_at" : ISODate("2019-12-27T12:54:27.000Z"),
"granted_by" : {
"display_value" : null,
"identifier" : {
"type" : {
"coding" : [
{
"code" : "mpi-hash",
"system" : "eHealth/resources"
}
],
"text" : null
},
"value" : "E7F9B8B5D5F1779A83CE29DC2E2A3F0BA525A31C75E645092AAD3A67B8B56291"
}
},
"granted_resources" : [
{
"display_value" : null,
"identifier" : {
"type" : {
"coding" : [
{
"code" : "episode_of_care",
"system" : "eHealth/resources"
}
],
"text" : null
},
"value" : UUID("17f31552-f4f1-4bf1-bd49-5da282e517bf")
}
}
],
"granted_to" : {
"display_value" : null,
"identifier" : {
"type" : {
"coding" : [
{
"code" : "employee",
"system" : "eHealth/resources"
}
],
"text" : null
},
"value" : UUID("7583111f-7c90-4cb0-9941-b5414bb71ca0")
}
},
"inserted_at" : ISODate("2019-12-26T12:54:27.379Z"),
"inserted_by" : UUID("20349bbf-726c-4d13-9f6a-b8a1bcdfd2b5"),
"patient_id" : "E7F9B8B5D5F1779A83CE29DC2E2A3F0BA525A31C75E645092AAD3A67B8B56291",
"reason" : {
"display_value" : null,
"identifier" : {
"type" : {
"coding" : [
{
"code" : "service_request",
"system" : "eHealth/resources"
}
],
"text" : null
},
"value" : UUID("d8cf4081-eaf4-4039-8248-a00a0d44481f")
}
},
"is_verified" : "true",
"updated_at" : ISODate("2019-12-26T12:55:11.944Z"),
"updated_by" : UUID("20349bbf-726c-4d13-9f6a-b8a1bcdfd2b5"),
"urgent" : {
"phone_number" : "+38095*****95",
"type" : "OTP"
}
}
ЕСОЗ - публічна документація